github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-12-15 16:42:34 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

merge into: github:v4.0
Branches Tags
github:dev github:pr@dev@add_custom_model github:pr@dev@perf_translate_diff github:pr@dev@change_word_spell github:refactor_permtree github:pr@dev@fix_remove_receptor github:pr@v5@mcp github:v3 github:v5 github:pr@dev@top_session_asset_user_cache github:dependabot/pip/ansible-12.2.0 github:pr@dev@perf_mfa_backend_setting github:dependabot/pip/werkzeug-3.1.4 github:master github:v4.10.13-lts github:ibuler-patch-1 github:debug_mcp github:revert-16209-pr@dev@perf_bump_django github:v4.10.11-lts github:v4.10.12-lts github:v3.10.21-lts github:origin/dev github:v4.10.10-lts github:v3.10.20-lts github:ccrc_v4 github:v4.10.8-lts github:v4.10.9-lts github:pr@dev@terminal_notification_add_org github:pr@dev@feat_web_automations github:v4.10.7-lts github:v4.10.6-lts github:v4.10.5-lts github:v3.10.19-lts github:ccrc_v3 github:v4.10.4-lts github:v4.10.3-lts github:v4.10.2-lts github:BaiJiangJie-patch-1 github:v4.10.0-lts github:v4.10.1-lts github:v4.9 github:v3.10.18-lts github:v4.8 github:v4.7 github:v4.6 github:v3.10.17-lts github:v2.28 github:v4.5 github:v4.4 github:v3.10.16-lts github:v4.3 github:v3.10.14-lts github:v3.10.15-lts github:v4.2 github:v4.1 github:v3.10.13-lts github:v4.0 github:v3.10.12-lts github:v3.10.11-lts github:dev-fce github:v3.10.10-lts github:v3.10.9-lts github:v3.10.8-lts github:v3.10.0-7-lts github:v3.9 github:v3.8 github:v3.7 github:v3.5 github:v3.6 github:v3.4 github:v3.3 github:v3.2 github:v2.22 github:v3.1 github:v3.0 github:v2.26 github:v2.27 github:v2.25 github:v2.24 github:v2.23 github:v2.21 github:v1.5 github:v2.20 github:v2.19 github:v2.16 github:v2.18 github:v2.17 github:v2.11 github:v2.14 github:v2.15 github:v2.13 github:v2.12 github:v2.10 github:v2.9 github:v2.8 github:v2.7 github:v2.6 github:v2.4 github:v2.5 github:v2.3 github:v2.2 github:v2.1 github:v2.0 github:v0.4
github:v4.10.13 github:v4.10.12 github:v3.10.21 github:v3.10.20 github:v4.10.11 github:v4.10.10 github:v4.10.9 github:v4.10.8 github:v4.10.7 github:v4.10.6 github:v3.10.19 github:v4.10.5 github:v4.10.4 github:v4.10.3 github:v4.10.2 github:v4.10.1 github:v4.10.0 github:v4.9.0 github:v4.8.1 github:v3.10.18 github:v4.8.0 github:v4.7.0 github:v4.6.0 github:v3.10.17 github:v4.5.0 github:v4.4.0 github:v3.10.16 github:v4.4.1 github:v4.3.1 github:v3.10.15 github:v3.10.14 github:v4.3.0 github:v4.2.0 github:v4.1.0 github:v3.10.13 github:v4.0.1 github:v4.0.2 github:v4.0.0 github:v3.10.12 github:v3.10.11 github:v3.10.10 github:v3.10.9 github:v3.10.8 github:v3.10.7 github:v3.10.6 github:v3.10.5 github:v3.10.4 github:v3.10.3 github:v3.10.2 github:v3.10.1 github:v3.10.0 github:v3.9.3 github:v3.9.2 github:v3.9.1 github:v3.9.0 github:v3.8.2 github:v2.28.21 github:v3.8.1 github:v3.8.0 github:v3.7.2 github:v3.5.7 github:v3.6.6 github:v2.28.20 github:v3.7.1 github:v2.28.19 github:v3.6.5 github:v3.7.0 github:v3.5.6 github:v3.5.5 github:v3.6.4 github:v3.6.3 github:v3.6.2 github:v3.6.1 github:v3.6.0 github:v3.5.4 github:v2.28.18 github:v3.5.3 github:v3.5.2 github:v3.5.1 github:v2.28.17 github:v3.5.0 github:v3.4.3 github:v3.4.2 github:v3.4.1 github:v2.28.16 github:v3.4.0 github:v3.3.1 github:v2.28.15 github:v3.3.0 github:v3.2.2 github:v2.28.14 github:v3.2.1 github:v2.28.13 github:v3.2.0 github:v3.1.2 github:v2.28.12 github:v3.1.1 github:v2.28.11 github:v3.1.0 github:v2.28.10 github:v3.0.4 github:v2.28.9 github:v3.0.3 github:v2.28.8 github:v3.0.2 github:v3.0.1 github:v3.0.0 github:v2.28.7 github:v2.28.6 github:v2.28.5 github:v2.28.4 github:v2.28.3 github:v2.28.2 github:v2.28.1 github:v2.28.0 github:v2.27.0 github:v2.26.1 github:v2.26.0 github:v2.25.5 github:v2.25.4 github:v2.25.3 github:v2.25.2 github:v2.25.1 github:v2.25.0 github:v2.24.2 github:v2.24.1 github:v2.24.0 github:v2.23.4 github:v2.23.3 github:v2.23.2 github:v2.22.4 github:v2.23.1 github:v2.23.0 github:v2.22.3 github:v2.22.2 github:v2.22.1 github:v2.22.0 github:v2.21.4 github:v2.21.3 github:v2.21.2 github:v2.21.1 github:v2.21.0 github:v2.20.3 github:v2.20.2 github:v2.20.1 github:v2.20.0 github:v2.18.3 github:v2.19.2 github:v2.19.1 github:v2.19.0 github:v2.17.5 github:v2.18.2 github:v2.17.4 github:v2.18.0 github:v2.18.1 github:v2.17.2 github:v2.17.3 github:v2.17.1 github:v2.17.0 github:v2.16.3 github:v2.16.2 github:v2.16.1 github:v2.16.0 github:v2.15.5 github:v2.15.4 github:v2.15.2 github:v2.15.3 github:v2.15.1 github:v2.15.0 github:v2.14.2 github:v2.14.1 github:v2.14.0 github:v2.13.1 github:v2.13.2 github:v2.13.0 github:v2.12.2 github:v2.12.1 github:v2.10.5 github:v2.12.0 github:v2.11.3 github:v2.11.4 github:v2.11.2 github:v2.11.1 github:v2.11.0 github:v2.10.4 github:v2.10.2 github:v2.10.3 github:v2.10.1 github:v2.10.0 github:v2.9.2 github:v2.7.3 github:v2.9.1 github:v2.9.0 github:v2.8.4 github:v2.8.3 github:v2.8.2 github:v2.8.1 github:v2.8.0 github:v2.7.2 github:v2.7.1 github:v2.7.0 github:v2.6.2 github:v2.4.5 github:v2.5.4 github:v2.6.1 github:v2.6.0 github:v2.5.3 github:v2.5.2 github:v2.5.1 github:v2.5.0 github:v2.4.4 github:v2.4.3 github:v2.4.2 github:v2.4.1 github:v2.4.0 github:v2.3.3 github:v2.3.2 github:v2.3.0 github:v2.3.1 github:v2.2.3 github:v2.2.2 github:v2.2.1 github:v2.2.0 github:v2.1.2 github:v2.1.1 github:v2.1.0 github:v2.0.2 github:2.0.1 github:2.0.0 github:1.5.9 github:1.5.8 github:1.5.7 github:1.5.6 github:1.5.5 github:1.5.4 github:1.5.3 github:1.5.2 github:1.5.1 github:1.5.0 github:1.4.10 github:v1.4.10 github:1.4.9 github:1.4.8 github:1.4.7 github:v1.4.7 github:1.4.6 github:1.4.5 github:1.4.4 github:v1.4.4 github:1.4.3 github:1.4.2 github:1.4.1 github:1.4.0 github:1.3.3 github:1.3.2 github:1.3.1 github:1.3.0 github:1.2.1 github:1.2.0 github:1.1.1 github:1.1.0 github:1.0.0 github:0.3.3 github:0.3.2-rc2 github:0.3.2 github:0.3.1 github:0.3.0-beta github:0.2.1 github:0.2.0 github:0.1.1 github:0.1.0
...
pull from: github:v4.3
Branches Tags
github:pr@dev@add_custom_model github:dev github:pr@dev@perf_translate_diff github:pr@dev@change_word_spell github:refactor_permtree github:pr@dev@fix_remove_receptor github:pr@v5@mcp github:v3 github:v5 github:pr@dev@top_session_asset_user_cache github:dependabot/pip/ansible-12.2.0 github:pr@dev@perf_mfa_backend_setting github:dependabot/pip/werkzeug-3.1.4 github:master github:v4.10.13-lts github:ibuler-patch-1 github:debug_mcp github:revert-16209-pr@dev@perf_bump_django github:v4.10.11-lts github:v4.10.12-lts github:v3.10.21-lts github:origin/dev github:v4.10.10-lts github:v3.10.20-lts github:ccrc_v4 github:v4.10.8-lts github:v4.10.9-lts github:pr@dev@terminal_notification_add_org github:pr@dev@feat_web_automations github:v4.10.7-lts github:v4.10.6-lts github:v4.10.5-lts github:v3.10.19-lts github:ccrc_v3 github:v4.10.4-lts github:v4.10.3-lts github:v4.10.2-lts github:BaiJiangJie-patch-1 github:v4.10.0-lts github:v4.10.1-lts github:v4.9 github:v3.10.18-lts github:v4.8 github:v4.7 github:v4.6 github:v3.10.17-lts github:v2.28 github:v4.5 github:v4.4 github:v3.10.16-lts github:v4.3 github:v3.10.14-lts github:v3.10.15-lts github:v4.2 github:v4.1 github:v3.10.13-lts github:v4.0 github:v3.10.12-lts github:v3.10.11-lts github:dev-fce github:v3.10.10-lts github:v3.10.9-lts github:v3.10.8-lts github:v3.10.0-7-lts github:v3.9 github:v3.8 github:v3.7 github:v3.5 github:v3.6 github:v3.4 github:v3.3 github:v3.2 github:v2.22 github:v3.1 github:v3.0 github:v2.26 github:v2.27 github:v2.25 github:v2.24 github:v2.23 github:v2.21 github:v1.5 github:v2.20 github:v2.19 github:v2.16 github:v2.18 github:v2.17 github:v2.11 github:v2.14 github:v2.15 github:v2.13 github:v2.12 github:v2.10 github:v2.9 github:v2.8 github:v2.7 github:v2.6 github:v2.4 github:v2.5 github:v2.3 github:v2.2 github:v2.1 github:v2.0 github:v0.4
github:v4.10.13 github:v4.10.12 github:v3.10.21 github:v3.10.20 github:v4.10.11 github:v4.10.10 github:v4.10.9 github:v4.10.8 github:v4.10.7 github:v4.10.6 github:v3.10.19 github:v4.10.5 github:v4.10.4 github:v4.10.3 github:v4.10.2 github:v4.10.1 github:v4.10.0 github:v4.9.0 github:v4.8.1 github:v3.10.18 github:v4.8.0 github:v4.7.0 github:v4.6.0 github:v3.10.17 github:v4.5.0 github:v4.4.0 github:v3.10.16 github:v4.4.1 github:v4.3.1 github:v3.10.15 github:v3.10.14 github:v4.3.0 github:v4.2.0 github:v4.1.0 github:v3.10.13 github:v4.0.1 github:v4.0.2 github:v4.0.0 github:v3.10.12 github:v3.10.11 github:v3.10.10 github:v3.10.9 github:v3.10.8 github:v3.10.7 github:v3.10.6 github:v3.10.5 github:v3.10.4 github:v3.10.3 github:v3.10.2 github:v3.10.1 github:v3.10.0 github:v3.9.3 github:v3.9.2 github:v3.9.1 github:v3.9.0 github:v3.8.2 github:v2.28.21 github:v3.8.1 github:v3.8.0 github:v3.7.2 github:v3.5.7 github:v3.6.6 github:v2.28.20 github:v3.7.1 github:v2.28.19 github:v3.6.5 github:v3.7.0 github:v3.5.6 github:v3.5.5 github:v3.6.4 github:v3.6.3 github:v3.6.2 github:v3.6.1 github:v3.6.0 github:v3.5.4 github:v2.28.18 github:v3.5.3 github:v3.5.2 github:v3.5.1 github:v2.28.17 github:v3.5.0 github:v3.4.3 github:v3.4.2 github:v3.4.1 github:v2.28.16 github:v3.4.0 github:v3.3.1 github:v2.28.15 github:v3.3.0 github:v3.2.2 github:v2.28.14 github:v3.2.1 github:v2.28.13 github:v3.2.0 github:v3.1.2 github:v2.28.12 github:v3.1.1 github:v2.28.11 github:v3.1.0 github:v2.28.10 github:v3.0.4 github:v2.28.9 github:v3.0.3 github:v2.28.8 github:v3.0.2 github:v3.0.1 github:v3.0.0 github:v2.28.7 github:v2.28.6 github:v2.28.5 github:v2.28.4 github:v2.28.3 github:v2.28.2 github:v2.28.1 github:v2.28.0 github:v2.27.0 github:v2.26.1 github:v2.26.0 github:v2.25.5 github:v2.25.4 github:v2.25.3 github:v2.25.2 github:v2.25.1 github:v2.25.0 github:v2.24.2 github:v2.24.1 github:v2.24.0 github:v2.23.4 github:v2.23.3 github:v2.23.2 github:v2.22.4 github:v2.23.1 github:v2.23.0 github:v2.22.3 github:v2.22.2 github:v2.22.1 github:v2.22.0 github:v2.21.4 github:v2.21.3 github:v2.21.2 github:v2.21.1 github:v2.21.0 github:v2.20.3 github:v2.20.2 github:v2.20.1 github:v2.20.0 github:v2.18.3 github:v2.19.2 github:v2.19.1 github:v2.19.0 github:v2.17.5 github:v2.18.2 github:v2.17.4 github:v2.18.0 github:v2.18.1 github:v2.17.2 github:v2.17.3 github:v2.17.1 github:v2.17.0 github:v2.16.3 github:v2.16.2 github:v2.16.1 github:v2.16.0 github:v2.15.5 github:v2.15.4 github:v2.15.2 github:v2.15.3 github:v2.15.1 github:v2.15.0 github:v2.14.2 github:v2.14.1 github:v2.14.0 github:v2.13.1 github:v2.13.2 github:v2.13.0 github:v2.12.2 github:v2.12.1 github:v2.10.5 github:v2.12.0 github:v2.11.3 github:v2.11.4 github:v2.11.2 github:v2.11.1 github:v2.11.0 github:v2.10.4 github:v2.10.2 github:v2.10.3 github:v2.10.1 github:v2.10.0 github:v2.9.2 github:v2.7.3 github:v2.9.1 github:v2.9.0 github:v2.8.4 github:v2.8.3 github:v2.8.2 github:v2.8.1 github:v2.8.0 github:v2.7.2 github:v2.7.1 github:v2.7.0 github:v2.6.2 github:v2.4.5 github:v2.5.4 github:v2.6.1 github:v2.6.0 github:v2.5.3 github:v2.5.2 github:v2.5.1 github:v2.5.0 github:v2.4.4 github:v2.4.3 github:v2.4.2 github:v2.4.1 github:v2.4.0 github:v2.3.3 github:v2.3.2 github:v2.3.0 github:v2.3.1 github:v2.2.3 github:v2.2.2 github:v2.2.1 github:v2.2.0 github:v2.1.2 github:v2.1.1 github:v2.1.0 github:v2.0.2 github:2.0.1 github:2.0.0 github:1.5.9 github:1.5.8 github:1.5.7 github:1.5.6 github:1.5.5 github:1.5.4 github:1.5.3 github:1.5.2 github:1.5.1 github:1.5.0 github:1.4.10 github:v1.4.10 github:1.4.9 github:1.4.8 github:1.4.7 github:v1.4.7 github:1.4.6 github:1.4.5 github:1.4.4 github:v1.4.4 github:1.4.3 github:1.4.2 github:1.4.1 github:1.4.0 github:1.3.3 github:1.3.2 github:1.3.1 github:1.3.0 github:1.2.1 github:1.2.0 github:1.1.1 github:1.1.0 github:1.0.0 github:0.3.3 github:0.3.2-rc2 github:0.3.2 github:0.3.1 github:0.3.0-beta github:0.2.1 github:0.2.0 github:0.1.1 github:0.1.0

298 Commits
v4.0 ... v4.3

Author SHA1 Message Date
ibuler
3153458fce fix: oracle platform create error 2024-10-30 16:33:42 +08:00
feng
4b981fd93c fix: Error subpub_msg log 2024-10-17 15:17:12 +08:00
Bryan
6720ecc6e0 Merge pull request #14319 from jumpserver/dev 
v4.3.0
 2024-10-17 14:55:38 +08:00
feng
b0f86e43a6 perf: Translate 2024-10-17 12:05:25 +08:00
ibuler
9b0c81333f perf: debug pub sub 2024-10-17 10:16:44 +08:00
Eric
05fc966444 perf: add koko i18n 2024-10-16 18:25:42 +08:00
Eric
b87650038f perf: update code 2024-10-16 18:11:00 +08:00
wangruidong
d4f69a7ff8 perf: Translate 2024-10-16 17:59:18 +08:00
ibuler
0e1e26c29c perf: disable f1 key 2024-10-16 17:01:10 +08:00
Huaqing Chen
1b8cdbc4dd 修复websocket不能使用Authorization Header的问题 2024-10-15 14:13:38 +08:00
feng
2a781c228f perf: Cas user cannot bind organization 2024-10-15 10:50:20 +08:00
ZhaoJiSen
35d6b0f16a Merge pull request #14299 from jumpserver/pr@dev@change_password_length 
perf: Change secret remove redundant checks
 2024-10-14 16:45:27 +08:00
feng
ca8987fef6 perf: Change secret remove redundant checks 2024-10-14 16:39:31 +08:00
ZhaoJiSen
b385133071 Merge pull request #14297 from jumpserver/pr@dev@translate 
perf: Translate
 2024-10-14 16:09:21 +08:00
feng
aa78a03efa perf: Translate 2024-10-14 16:05:38 +08:00
wangruidong
31f8a19392 perf: Translate account history 2024-10-14 15:31:17 +08:00
wangruidong
7a528b499a perf: import data validate platform 2024-10-14 14:05:24 +08:00
Eric
1c6ce422cf perf: update tinker v0.1.9 2024-10-12 16:30:28 +08:00
Eric
f9cf2ea2e5 perf: fix api error when deleting offline panda components 2024-10-12 16:15:23 +08:00
Aaron3S
575b3a617f feat: 添加 chen 翻译 2024-10-12 15:44:38 +08:00
wangruidong
b7362d3f51 fix: adhoc execute alert msg 2024-10-12 15:43:03 +08:00
ZhaoJiSen
6ee3860124 Merge pull request #14287 from jumpserver/pr@dev@translate 
perf: Translate
 2024-10-12 14:40:23 +08:00
feng
7e111da529 perf: Translate 2024-10-12 14:35:18 +08:00
wangruidong
578458f734 perf: site msg content optimize 2024-10-11 11:28:56 +08:00
Bai
bd56697d6d perf: DEFAULT_PAGE_SIZE same as MAX_LIMIT_PER_PAGE 2024-10-10 18:00:01 +08:00
wangruidong
aad824d127 perf: add created_by field 2024-10-09 16:14:22 +08:00
wangruidong
63f828da0b perf: Default endpoint cannot be disabled 2024-10-09 16:12:37 +08:00
wangruidong
7c211b3fb6 perf: Translate 2024-10-08 15:01:53 +08:00
feng
3881edd2ba perf: Optimize file audit download prompt 2024-09-29 16:12:49 +08:00
feng
b882b12d04 perf: Check the validity of the connection token 2024-09-27 17:10:08 +08:00
wangruidong
addd2e7d1c perf: Endpoint add is_active field 2024-09-27 16:00:05 +08:00
Bai
ad6d2e1cd7 fix: Fixed the issue that the workbench user login log only displays failed logs 2024-09-27 14:34:23 +08:00
github-actions[bot]
5f07271afa perf: Update Dockerfile with new base image tag 2024-09-27 14:30:48 +08:00
Bai
efdcd4c708 perf: upgrade geoip2 and .mmdb 2024-09-27 14:30:48 +08:00
jiangweidong
b62763bca3 perf: Cloud Sync IP Policy Updated to Preferred Option i18n 2024-09-27 14:29:09 +08:00
wangruidong
e95da730f2 perf: Koko can display assets custom name 2024-09-27 14:25:55 +08:00
fit2bot
43fa3f420a fix: Addressing the issue of unauthorized execution of system tools (#14209) 
* fix: Addressing the issue of unauthorized execution of system tools

* perf: Optimization conditions

---------

Co-authored-by: jiangweidong <1053570670@qq.com>
 2024-09-27 14:17:16 +08:00
wangruidong
0311446384 perf: playbook clone with file 2024-09-27 14:13:35 +08:00
feng
f7030e4fee perf: Login encryption key cache added 2024-09-26 15:11:35 +08:00
ZhaoJiSen
fce8cc375f Merge pull request #14230 from jumpserver/pr@dev@max_password_length 
perf: The maximum length of the randomly generated password is changed to 36
 2024-09-25 11:00:45 +08:00
feng
920199c6df perf: The maximum length of the randomly generated password is changed to 36 2024-09-25 10:52:16 +08:00
feng
d09eb3c4fa perf: Lock username is not case sensitive 2024-09-23 14:11:55 +08:00
ibuler
6e8affcdd6 perf: ops db migrate 2024-09-19 21:39:55 +08:00
老广
0b3a7bb020 Merge pull request #14203 from jumpserver/dev 
merge: from dev to master
 2024-09-19 19:37:19 +08:00
wangruidong
647736f4e3 fix: SAML2 500 error caused by duplicate email or username 2024-09-19 17:49:53 +08:00
ZhaoJiSen
cbc09d84df Merge pull request #14202 from jumpserver/pr@dev@password_rule 
perf: Password rule import csv help_text
 2024-09-19 16:54:52 +08:00
feng
4c957dd03b perf: Password rule import csv help_text 2024-09-19 16:51:43 +08:00
wangruidong
d34b65890f fix: import account failed 2024-09-19 15:12:05 +08:00
Bai
b53968ac00 delete: ansible log in logging.py 2024-09-19 15:11:31 +08:00
ZhaoJiSen
f2ccb15101 Merge pull request #14198 from jumpserver/pr@dev@saml 
perf: Bind user group support str
 2024-09-19 12:01:20 +08:00
feng
db5bf046fc perf: Bind user group support str 2024-09-19 11:58:45 +08:00
ibuler
59c87483e6 perf: filter gateway with new params 2024-09-19 11:33:02 +08:00
github-actions[bot]
26420b78f8 perf: Update Dockerfile with new base image tag 2024-09-19 11:18:04 +08:00
wangruidong
e47bdc093e perf: trigger core base image build 2024-09-19 11:18:04 +08:00
wangruidong
3dde80a60a fix: Password reset is only required for AUTH_BACKEND_MODEL 2024-09-19 11:08:11 +08:00
feng
e373a79d63 perf: Gateway type asset filter 2024-09-19 10:45:59 +08:00
wangruidong
744a5cd0e3 perf: Modify relative file path 2024-09-19 10:41:12 +08:00
wangruidong
37ca4a46ee perf: add clean_site_packages.sh file path to build-base-image.yml 2024-09-19 10:25:08 +08:00
wangruidong
0dc9214f98 fix: LDAP HA the login log did not record the authentication backend 2024-09-18 18:53:03 +08:00
wangruidong
513508654b fix: minio test failed 2024-09-18 18:51:25 +08:00
feng
ef2b12fa0f perf: Export template with prompts 2024-09-18 18:26:38 +08:00
feng
4e719ecacd perf: TimerExecution translate 2024-09-18 15:02:17 +08:00
ibuler
755a124b50 perf: checkout repo 2024-09-14 18:32:23 +08:00
zhaojisen
d6888776e7 perf: translate 2024-09-14 18:20:46 +08:00
wangruidong
29e233e715 perf: RemoteApp machine deployOption translate 2024-09-14 18:19:22 +08:00
wangruidong
99c3696d96 fix: Failed to import csv data 2024-09-14 18:17:15 +08:00
ibuler
ed6de83e8c perf: workflow push with full name 2024-09-14 18:09:30 +08:00
Eric
134f1a440c perf: replay part file download 2024-09-14 18:06:05 +08:00
ibuler
7da82242fe perf: github action workflow 2024-09-14 17:47:34 +08:00
Eric
2fd50d2425 perf: update compilemessages check ci 2024-09-14 17:38:07 +08:00
fit2bot
41a3e89248 chore: using pull pull request not push event (#14164) 
* perf: diff with head not dev

* chore: using pull pull request not push event

---------

Co-authored-by: ibuler <ibuler@qq.com>
 2024-09-14 17:21:49 +08:00
Bai
b125297c37 feat: GitHub Actions add compilemessages checked 2024-09-14 17:04:35 +08:00
ibuler
24255b69ee perf: diff with head not dev 2024-09-14 17:01:02 +08:00
ibuler
3bb51b39c4 perf: github action fetch branches 2024-09-14 16:51:25 +08:00
ibuler
b54da7d3b3 perf: workflow build base image 2024-09-14 16:42:06 +08:00
ibuler
534af0abf0 perf: build workflow 2024-09-14 16:32:15 +08:00
ibuler
8b0073333b perf: change git workflow 2024-09-14 16:25:06 +08:00
ZhaoJiSen
d8af2274f4 Merge pull request #14154 from jumpserver/pr@dev@koko_zh_translate 
perf: KOKO zh translate
 2024-09-14 15:34:27 +08:00
ibuler
3dd828d703 perf: workflow build base image 2024-09-14 15:34:20 +08:00
feng
fa6b4a5b63 perf: KOKO zh translate 2024-09-14 15:32:52 +08:00
ZhaoJiSen
8bd86c77f9 Merge pull request #14151 from jumpserver/pr@dev@win_rdp_ping 
fix: Windows rdp ping fail
 2024-09-14 14:48:17 +08:00
feng
3828e89cf8 fix: Windows rdp ping fail 2024-09-14 14:47:14 +08:00
wangruidong
e531b040ef fix: compilemessages error 2024-09-13 22:38:58 +08:00
wangruidong
3eee84a34e fix: delete ReplayStorage error 2024-09-13 19:09:21 +08:00
wangruidong
ab29df5991 fix: command search input error 2024-09-13 19:05:38 +08:00
wangruidong
b042f00688 fix: command search input error 2024-09-13 19:05:11 +08:00
github-actions[bot]
5beebaf51c perf: Update Dockerfile with new base image tag 2024-09-13 19:03:39 +08:00
wangruidong
50f075cc7e fix: Historical sessions download failed 2024-09-13 19:03:39 +08:00
Bai
e997236159 perf: Modify gunicorn log file rotate yesterday dir 2024-09-13 18:37:13 +08:00
ZhaoJiSen
c8b1d892e3 Merge pull request #14145 from jumpserver/pr@dev@account_already_exists 
fix: Translate Account already exists
 2024-09-13 18:33:25 +08:00
feng
9cb9e7328b fix: Translate Account already exists 2024-09-13 18:32:06 +08:00
feng
85129da942 perf: Postgresql add ssl mode 2024-09-13 17:49:14 +08:00
ZhaoJiSen
1cb00b1db4 Merge pull request #14138 from jumpserver/pr@dev@markdown_html 
fix: Internal letter hyperlinks cannot be redirected
 2024-09-13 11:07:08 +08:00
feng
c3798bfa95 fix: Internal letter hyperlinks cannot be redirected 2024-09-13 11:05:22 +08:00
github-actions[bot]
1d280599ae perf: Update Dockerfile with new base image tag 2024-09-12 18:55:01 +08:00
feng
ee8d7cdcac perf: Upgrade ansible postgresql 2024-09-12 18:55:01 +08:00
Aaron3S
1b4114fd5f perf: Optimize chen translation 2024-09-12 18:49:04 +08:00
Chenyang Shen
3c6c476f2e Merge pull request #14135 from jumpserver/pr@dev@feat_add_some_chen_i18n 
feat: add chen i18n
 2024-09-12 18:41:47 +08:00
Aaron3S
f19e3fedbd feat: add chen i18n 2024-09-12 18:38:16 +08:00
Bai
542e64278f perf: fix migrate adhoc playbook 2024-09-12 16:33:36 +08:00
wangruidong
cd76294e81 fix: migrate ops adhoc and playbook unique_together error 2024-09-12 16:33:36 +08:00
wangruidong
4f9158b2ad fix: ldap test config msg error 2024-09-12 10:41:17 +08:00
ZhaoJiSen
e319f20296 Merge pull request #14126 from jumpserver/pr@dev@third_party_user_login_failed 
perf: Third-party user login failed
 2024-09-12 10:23:05 +08:00
feng
b00f3a851c perf: Third-party user login failed 2024-09-12 10:19:40 +08:00
wangruidong
ab529fd22c fix: i18n compilemessages error 2024-09-12 10:07:12 +08:00
wangruidong
c2784c44ad feat: LDAP HA 2024-09-11 18:26:11 +08:00
feng
512e727ac6 feat: Postgresql support ssl 2024-09-11 18:12:25 +08:00
wangruidong
2dd0154967 perf: modify only_myself to only_mine 2024-09-11 18:02:35 +08:00
wangruidong
f55869a449 feat: Support playbook, adhoc share 2024-09-11 17:52:06 +08:00
wangruidong
b6f3c23787 perf: task description translate 2024-09-11 14:57:07 +08:00
github-actions[bot]
6982ab1efc perf: Update Dockerfile with new base image tag 2024-09-10 15:54:05 +08:00
wangruidong
db4d841bb0 perf: add xpack task description 2024-09-10 15:54:05 +08:00
wangruidong
ef91ebb468 perf: clean expired and account is null SyncInstanceTask record 2024-09-10 15:50:11 +08:00
fit2bot
6264319c51 perf: When connected through a gateway, you can use nc to forward data (#14110) 
Co-authored-by: feng <1304903146@qq.com>
Co-authored-by: Bryan <jiangjie.bai@fit2cloud.com>
 2024-09-09 19:00:48 +08:00
fit2bot
1417abecfb perf: Add task description (#14033) 
Co-authored-by: ZhaoJiSen <97007455+ZhaoJiSen@users.noreply.github.com>
 2024-09-09 18:54:33 +08:00
老广
bd548b3fe2 Revert "perf: update deps" 
This reverts commit 76b6489636.
 2024-09-09 15:33:57 +08:00
ZhaoJiSen
94cef9ea6e Merge pull request #14106 from jumpserver/pr@dev@translate 
perf: Translate
 2024-09-09 14:29:04 +08:00
feng626
a338613b5a Merge branch 'dev' into pr@dev@translate 2024-09-09 14:27:38 +08:00
feng
0d833a966c perf: Translate 2024-09-09 14:15:16 +08:00
ibuler
76b6489636 perf: update deps 2024-09-09 11:39:51 +08:00
fit2bot
763fe778d5 perf: finish this feat (#14079) 
* perf: basic finished

* perf: finish this feat

* perf: add datetime demo

---------

Co-authored-by: ibuler <ibuler@qq.com>
 2024-09-09 11:26:24 +08:00
ibuler
cf1dc79c68 perf: applet host tips 2024-09-09 10:25:01 +08:00
ibuler
7973239424 perf: support change gateway platform 2024-09-06 17:35:57 +08:00
feng
1baacd0b2c perf: Disable delete admin user 2024-09-06 15:37:12 +08:00
feng
054d385ffc perf: Acl action add notify and warn 2024-09-06 11:07:30 +08:00
wangruidong
50d3a4906a feat: Add announcement start and end dates 2024-09-06 10:54:27 +08:00
wangruidong
c8b7008d42 perf: Translate 2024-09-06 10:54:12 +08:00
kebyn
e94520a3fd fix: 修复非标准实现 X-Forwarded-For 时的问题 2024-09-06 10:31:58 +08:00
wangruidong
55e8e34226 fix: 500 error caused by duplicate email or username 2024-09-06 10:22:37 +08:00
wangruidong
8755ece633 perf: Translate 2024-09-05 19:24:19 +08:00
feng
c545e2a3aa perf: Support SAML2, OIDC user authentication services, mapping user group field information 2024-09-04 18:42:47 +08:00
wangruidong
1068662ab1 perf: Optimize asset connection speed with es command storage 2024-09-02 13:52:23 +08:00
ZhaoJiSen
75141741a1 Merge pull request #14062 from jumpserver/pr@dev@translate 
perf: Translate
 2024-08-30 15:18:45 +08:00
feng
9da507bb62 perf: Translate 2024-08-30 15:16:44 +08:00
fit2bot
160293365a perf: Regularly delete useless password change push records (#14026) 
* perf: If the user Home page does not exist, push will fail

* perf: Change secret add uid parameter

* perf: Regularly delete useless password change push records

---------

Co-authored-by: feng <1304903146@qq.com>
 2024-08-30 15:01:40 +08:00
wangruidong
7a19007aba perf: ldap import user error msg 2024-08-30 14:55:22 +08:00
ibuler
f866b93f96 perf: refresh oracle ports if need 2024-08-29 19:06:55 +08:00
feng
b9e64747ac perf: View the internal message and convert the content into markdown 2024-08-29 17:28:12 +08:00
fit2bot
25a473dc99 chore: update checkout action 2024-08-29 17:22:25 +08:00
Bai
e3bf015aa9 fix: user role can't open page of password & ssh key 2024-08-29 14:44:36 +08:00
Bryan
6d3d4a08af Update README.md (#14043) 
* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md
 2024-08-28 17:55:56 +08:00
Bai
9554de4ea6 fix: User check password need reset 2024-08-28 15:08:24 +08:00
ZhaoJiSen
6157ff7b7d Merge pull request #14032 from jumpserver/pr@dev@koko_translate 
perf: Koko translate
 2024-08-27 17:41:30 +08:00
feng
774fd176fd perf: Koko translate 2024-08-27 17:39:37 +08:00
ibuler
b489db8054 perf: add a script activate user manually 2024-08-21 14:55:57 +08:00
ZhaoJiSen
6b9fa6e01f Merge pull request #14010 from jumpserver/pr@dev@view_asset 
perf: View asset mini api add domain platform field
 2024-08-21 11:34:20 +08:00
ZhaoJiSen
9b59954393 Merge pull request #14011 from jumpserver/pr@dev@test_asset 
perf: No permission to test asset connectivity
 2024-08-21 11:33:55 +08:00
feng
ecaf19563f perf: No permission to test asset connectivity 2024-08-21 11:28:39 +08:00
feng
c431e96eaf perf: View asset mini api add domain platform field 2024-08-21 10:35:07 +08:00
ZhaoJiSen
d86f241450 Merge pull request #14005 from jumpserver/pr@dev@translate 
perf: Translate
 2024-08-20 11:30:37 +08:00
feng
3252db31fe perf: Translate 2024-08-20 11:28:30 +08:00
Bai
dac118dd26 perf: delete organization message 2024-08-19 16:06:37 +08:00
fit2bot
181eb621c0 perf: Remove kubernetes tree api (#13995) 
* perf: Remove kubernetes tree api

* perf: Update Dockerfile with new base image tag

---------

Co-authored-by: feng <1304903146@qq.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com>
 2024-08-19 16:04:00 +08:00
ibuler
828582333d perf: remove ansible receptcel 2024-08-19 11:16:58 +08:00
github-actions[bot]
657f7f822b perf: Update Dockerfile with new base image tag 2024-08-19 10:50:39 +08:00
ibuler
93627e4f9d perf: clean site packages 2024-08-19 10:50:39 +08:00
feng
2adb2519fa perf: Push password change and select finally use rdp to test connectivity. rdp does not support gateway 2024-08-19 10:20:33 +08:00
Bryan
56373e362b Merge pull request #13988 from jumpserver/dev 
v4.1.0
 2024-08-16 18:40:35 +08:00
wangruidong
32ec48ac14 perf: Improve performance by optimizing ES index creation 2024-08-16 18:19:04 +08:00
Bai
b3a0d81740 fix: job periodic task double run 2024-08-15 20:17:20 +08:00
ibuler
2b160fbbc2 revert: entrypoint.sh 2024-08-15 20:14:24 +08:00
wangruidong
60fcf5fcd3 perf: luna connect asset name set custom value 2024-08-15 19:47:56 +08:00
Bai
7c2e50435d perf: i18n for ldap user import 2024-08-15 15:50:56 +08:00
ZhaoJiSen
57f91d0973 Merge pull request #13980 from jumpserver/pr@dev@no_account_found 
perf: Lina translate
 2024-08-15 14:49:41 +08:00
feng
49c033e003 perf: Lina translate 2024-08-15 14:47:55 +08:00
Ewall555
6476a8fee8 perf: Translate ticket cancel button 2024-08-15 14:35:43 +08:00
wangruidong
c10db2ab0f perf: LDAP import user Translate 2024-08-15 14:35:06 +08:00
wangruidong
647beffc01 fix: no accounts no send msg 2024-08-14 19:25:11 +08:00
feng
ac0c6ef3d5 perf: Storage update comment failed 2024-08-14 19:18:10 +08:00
feng
e13741827d fix: Domain detail asset amount mistake 2024-08-14 17:37:03 +08:00
wangruidong
29caf0154e perf: Translate batch approval 2024-08-14 17:36:23 +08:00
wangruidong
fbdcc437e6 perf: ticket msg field value set truncate string length 2024-08-14 16:45:43 +08:00
feng
b38e5df1aa perf: Translate 2024-08-14 16:37:57 +08:00
feng
0a39ba0a75 fix: Use only_sudo failed 2024-08-14 16:15:57 +08:00
wangruidong
c56e1bdbbe fix: call get_verify_state_failed_response NotImplementedError 2024-08-13 18:51:15 +08:00
feng
6b00ba271f perf: Replace Feishu to obtain user information interface 2024-08-13 18:13:08 +08:00
wangruidong
bddb1de2f8 perf: Comment translate 2024-08-13 18:04:29 +08:00
wangruidong
32ae77c42d perf: add TERMINAL_SSH_KEY_LIMIT_COUNT conf 2024-08-13 17:39:03 +08:00
feng
3b1701b1aa perf: Translate 2024-08-12 18:41:05 +08:00
feng
3b9bcc719e perf: Reset password: optimize form frame 2024-08-12 15:16:06 +08:00
feng
8e6aa4524d perf: Ip type translate 2024-08-09 17:10:11 +08:00
feng
cea63e6083 perf: Setting user attributes is invalid 2024-08-09 16:53:13 +08:00
feng
5d2d8ca487 perf: Translate 2024-08-08 19:17:34 +08:00
fit2bot
81146f44f7 perf: set default version 2024-08-08 17:54:43 +08:00
fit2bot
9adaa27f6c perf: Luna login expire message (#13917) 
* perf: Luna login expire message

* perf: Login timeout open in a new window

---------

Co-authored-by: feng <1304903146@qq.com>
 2024-08-08 17:54:02 +08:00
feng
01c565f93f perf: Activity log no display 2024-08-08 16:39:44 +08:00
fit2bot
cb97afffab chore: remove build test 2024-08-08 16:06:51 +08:00
github-actions[bot]
1b55bf1670 perf: Update Dockerfile with new base image tag 2024-08-08 16:06:28 +08:00
fit2bot
b1c68165bb perf: update check version to v1.0.3 2024-08-08 16:06:28 +08:00
wangruidong
5d3e633e83 perf: ldap import msg modify 2024-08-07 19:12:42 +08:00
Eric
c863bf63b1 perf: update lina i18n 2024-08-07 17:45:55 +08:00
wangruidong
c71a6ae4ba fix: ssh_key search failed 2024-08-07 17:04:38 +08:00
wangruidong
38e3d9de8b feat: Allow users to customize asset name and comment 2024-08-07 16:44:01 +08:00
Eric
0c73acd4b9 perf: support only su or sudo 2024-08-07 10:57:09 +08:00
wangruidong
581a5c73a6 perf: object storage builtin comment i18n 2024-08-06 10:44:15 +08:00
feng
e1ed1d7c4c perf: Reset password remove sensitive data 2024-08-05 18:25:11 +08:00
Eric
805e7d1d5f perf: Check whether the applet is available. 2024-08-05 18:18:54 +08:00
feng
1957c2983b perf: Ticket set serial number add lock 2024-08-05 17:53:43 +08:00
Bai
6b1ceae6c5 perf: delete blank line 2024-08-05 16:29:54 +08:00
wangruidong
2a5c41dfaf feat: support configuring multiple SSH keys for users 2024-08-05 15:22:54 +08:00
wangruidong
7a38c9136e feat: Allow users to customize asset name and comment 2024-08-05 14:50:24 +08:00
ZhaoJiSen
9a3fdf76fc Merge pull request #13876 from jumpserver/pr@dev@translate 
perf: Translate
 2024-08-05 14:33:41 +08:00
feng
136db61011 perf: Translate 2024-08-05 14:31:08 +08:00
ibuler
0d338f80c5 perf: ee dockerfile 2024-08-05 14:23:32 +08:00
feng
bd3909ad27 perf: Third-party user login settings default organization 2024-08-02 15:52:05 +08:00
Eric
96399f8315 perf: update tinker v0.1.7 2024-08-02 14:10:03 +08:00
ibuler
4e90d17484 perf: poetry mirror 2024-08-01 18:18:08 +08:00
ibuler
13de75c41f perf: docker file poetry mirror 2024-08-01 17:37:15 +08:00
ibuler
a77ebc5fee perf: pkg download 
perf: resource download

perf: resource download
 2024-08-01 16:15:36 +08:00
ibuler
99ce82a6a0 perf: build 2024-08-01 16:15:16 +08:00
wangruidong
ec95d25704 perf: Remove applets, no longer display remote application connection methods 2024-08-01 15:59:00 +08:00
Eric
7c6e83d124 perf: reformat code 2024-07-31 15:09:53 +08:00
ibuler
ad5e88f1e3 perf: display migrate log 2024-07-31 15:09:33 +08:00
wangruidong
b1e958d806 fix: stop job failed 2024-07-30 18:53:16 +08:00
feng
8506ae9edd perf: When account push change secret windows only modify the type equal to password 2024-07-30 18:33:42 +08:00
wangruidong
ceb2a9bb17 fix: Arbitrary File Read in Ansible Play 2024-07-30 18:19:01 +08:00
feng
8d83c953d3 perf: Support WeCom DingTalk FeiShu Lark Slack attribute mapping 2024-07-30 17:48:26 +08:00
Eric
9825f9fbd2 perf: Check if CORE_HOST should ignore SSL 2024-07-30 16:57:04 +08:00
feng
41b2ce06a8 perf: Approval process role selection supports multiple strategies 2024-07-30 16:06:01 +08:00
feng
920cfdac5c perf: Saml2 callback url miss port 2024-07-26 18:17:40 +08:00
Bai
8abf7876cc perf: graceful restart gunicorn worker timeout 30 2024-07-26 14:05:27 +08:00
wangruidong
2e625f2c33 feat: add assets amount field to platform page 2024-07-26 13:45:05 +08:00
halo
88037b2038 perf: Email service authentication username is optional 2024-07-26 11:23:15 +08:00
Bai
457021040a perf: Modifying the label matching logic of an AppletHost (random) 2024-07-25 19:04:57 +08:00
fit2bot
4887b21d35 fix: message publish_task args,kwargs can json encode (#13797) 
* fix: message publish_task args,kwargs can json encode

* perf: Update Dockerfile with new base image tag

---------

Co-authored-by: wangruidong <940853815@qq.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2024-07-24 15:45:27 +08:00
fit2bot
03a66fd563 perf: Modify error message for desktop client login (#13763) 
* perf: Modify error message for desktop client login

* perf: Update Dockerfile with new base image tag

---------

Co-authored-by: wangruidong <940853815@qq.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2024-07-24 10:59:54 +08:00
fit2bot
ef656a8dfd perf: change docker file build (#13761) 
* perf: change docker file build

* perf: Update Dockerfile with new base image tag

---------

Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2024-07-23 16:38:00 +08:00
Eric
5e45129e32 perf: add luna i18n 2024-07-23 15:40:32 +08:00
feng
ea64b01da6 perf: You can modify sudo permissions multiple times 2024-07-22 17:27:20 +08:00
feng
c3b863c2be perf: You can modify sudo permissions multiple times 2024-07-22 17:27:20 +08:00
feng
6a7896b712 perf: Gpt3 to gpt-4o-mini 2024-07-19 11:56:07 +08:00
feng
83c1f8e4d3 perf: The gateway password contains ! Password parsing failed 2024-07-19 10:41:54 +08:00
Bai
9d3fdd37a3 perf: user authentication supports configuration redirection 2024-07-19 10:37:52 +08:00
Bai
419195895e perf: update readme 2024-07-18 19:43:38 +08:00
feng
c92188887d perf: Create authorization to add template account Push account parameters 2024-07-18 19:15:46 +08:00
feng
dcfc4e6e7b perf: The locked IP shows the username + translate 2024-07-17 18:10:22 +08:00
feng
836adab5d0 perf: Feishu lark support attributes settings 2024-07-17 16:59:57 +08:00
wangruidong
e93227a53c fix: The asset cannot be obtained during online synchronization 2024-07-17 15:52:40 +08:00
fit2bot
d6f6bb9c1b fix: session viewset api permission validation (#13750) 
* fix: session viewset api permission validation

* fix: some api permission validation

---------

Co-authored-by: Bai <baijiangjie@gmail.com>
 2024-07-17 15:35:34 +08:00
feng
85825165fc perf: Translate 2024-07-17 11:37:19 +08:00
fit2bot
66047c7926 perf: Migrate (#13741) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-17 10:18:53 +08:00
Bai
456bcd2d3f fix: i18n error 2024-07-17 10:01:21 +08:00
Bai
259f68a806 fix: i18n error 2024-07-17 09:54:47 +08:00
feng
4e6231ab19 perf: Notification remove kael magnus 2024-07-16 19:34:18 +08:00
fit2bot
d7bbfdcce6 perf: Translate (#13731) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-16 18:38:47 +08:00
吴小白
a0cc9e5db5 fix: deploy applet host 2024-07-16 12:49:33 +08:00
wangruidong
ea6cd853de perf: 社区版移除magnus 2024-07-16 10:40:33 +08:00
fit2bot
53a388a7e0 fix: View user perms bug (#13721) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-15 17:50:37 +08:00
fit2bot
13b1938efb perf: Community supports custom platforms (#13719) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-15 17:31:44 +08:00
ibuler
6677985e4a perf: support user email login 2024-07-15 16:23:52 +08:00
ibuler
cfa1034161 perf: community add postgre support 2024-07-15 16:19:24 +08:00
ibuler
815973fb63 perf: split user model to many file 2024-07-15 10:54:17 +08:00
吴小白
92d369aaca perf: remove receptor 2024-07-12 18:38:26 +08:00
jiangweidong
281a2d9679 fix: custom sms send success but prompt fails 2024-07-12 18:37:46 +08:00
feng
e9f4615caa perf: Optimize the password reset page experience for new users (the password field will be lengthened) 2024-07-12 15:17:49 +08:00
jiangweidong
c0d2efa72a perf: async sms task params can json 2024-07-12 15:16:41 +08:00
gerry-fit
247f4d5c19 perf: Enterprise Edition Hide Footer Copyright Content 2024-07-11 16:10:42 +08:00
fit2bot
29c29b17d4 perf: Translate (#13686) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-10 19:03:19 +08:00
wangruidong
5608f7d20d fix: 定时清理任务不生效问题 2024-07-10 16:13:47 +08:00
Bai
aa8ae36255 perf: README 2024-07-10 14:55:46 +08:00
feng
2292e6f2eb perf: save_passwd_change filter user source local and passwords not emtpy 2024-07-10 14:20:33 +08:00
fit2bot
bf82a1c721 fix: Operator write failed (#13677) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-10 11:24:26 +08:00
Bryan
8ef84bbc03 Update README.md 2024-07-10 11:13:42 +08:00
fit2bot
e36d51cc0b perf: country code api (#13672) 
* perf: remove notification migrations

* perf: country code api

---------

Co-authored-by: ibuler <ibuler@qq.com>
 2024-07-09 19:23:41 +08:00
feng
5c1d0238e1 39.102.214.101 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOzDdXgVjgKrT+ZF5DXcNZqJnkjwvt0M5FbVpvbTOU/v 
perf: save_passwd_change filter user source local and passwords not emtpy
 2024-07-09 19:08:22 +08:00
wangruidong
c6befe4c4b fix: creat linux asset protocol default value is sftp 2024-07-09 19:04:19 +08:00
Bai
5a57c296a1 feat: add db table data analyzer util 2024-07-09 18:49:51 +08:00
wangruidong
34ddfd24be fix: import role template csv failed 2024-07-09 18:15:44 +08:00
wangruidong
39051ef0fd fix: import role template csv failed 2024-07-09 17:04:59 +08:00
fit2bot
ddd813241c perf: JobExecutionViewSet add SECURITY_COMMAND_EXECUTION permission (#13662) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-09 16:34:15 +08:00
mmagi
60f7cbef9a fix: 主机硬件信息硬盘大小避免多次挂载重复计入 2024-07-09 15:52:15 +08:00
wangruidong
4adc981a21 perf: update date_updated when update user roles 2024-07-09 15:51:15 +08:00
mmagi
c42913c15e fix: win主机硬件信息内存单位与其他主机一致;cpu信息字段与其他主机一致 2024-07-09 15:49:35 +08:00
halo
bb6d60b46d perf: 优化创建子节点时锁置后 2024-07-09 15:15:06 +08:00
fit2bot
afe7f03c16 perf: login style change (#13539) 
* perf: login style change

* perf: login style change

* perf: login style change

---------

Co-authored-by: zhaojisen <1301338853@qq.com>
 2024-07-09 15:02:37 +08:00
fit2bot
ba8d3be9a6 fix: Operatelog plaintext storage AKSK (#13506) 
* fix: Operatelog plaintext storage AKSK

* perf: Encrypt some field when saving operatelog

* fix: Operatelog plaintext storage AKSK

---------

Co-authored-by: jiangweidong <1053570670@qq.com>
 2024-07-09 14:52:00 +08:00
Eric
d14d8869ac perf: add connection options for mongodb 2024-07-09 14:00:59 +08:00
wangruidong
2f7391efc3 perf: modify migrations 2024-07-09 11:38:47 +08:00
ibuler
75fa96b29c perf: remove notification migrations 2024-07-09 11:25:49 +08:00
maninhill
c56ab9bc1e chore: Update README.zh-CN.md 2024-07-09 11:11:20 +08:00
fit2bot
443e492fd4 perf: Asset type cloud add community version (#13640) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-09 10:59:56 +08:00
ibuler
b8c223d525 perf: can set xpack disable force 2024-07-09 10:56:20 +08:00
吴小白
a509afe24b fix: FromAsCasing keywords 2024-07-09 10:35:59 +08:00
fit2bot
9654add528 perf: Translate (#13633) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-08 15:43:56 +08:00
Bryan
d0a9409078 Update README.md 2024-07-08 14:51:07 +08:00
fit2bot
5836583490 fix: The account gather results do not have the last login time (#13625) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-08 11:42:24 +08:00
fit2bot
57d689bee6 perf: Translate (#13620) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-05 18:09:39 +08:00
ZhaoJiSen
8a3fb6bd4d Merge pull request #13616 from jumpserver/pr@dev@translate 
perf: Translate
 2024-07-05 16:50:00 +08:00
feng
78bd3f581a perf: Translate 2024-07-05 16:36:55 +08:00
fit2bot
d07c476507 perf: Translate (#13612) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-04 18:14:34 +08:00
fit2bot
50d196eda4 perf: Job api add filter options (#13610) 
Co-authored-by: feng <1304903146@qq.com>
 2024-07-04 16:03:51 +08:00
ibuler
823d9af91d perf: upgrade to v4, more international and more standardized. 2024-07-04 10:06:43 +08:00
Bryan
3731123369 Update README.md 2024-07-04 09:47:56 +08:00
Bryan
1a68c4b44a Update README.md 2024-07-04 09:47:56 +08:00
Bryan
0f79006b59 Update README.md 2024-07-04 09:47:56 +08:00
maninhill
c95ad5a31c chore: Update README.md 2024-07-04 09:44:01 +08:00
maninhill
e25a96d359 chore: Update README.md 2024-07-03 22:56:08 +08:00
maninhill
04284adc87 chore: Update README.md 2024-07-03 22:40:32 +08:00
351 changed files with 15118 additions and 8097 deletions
Expand all files Collapse all files

1
.dockerignore
View File

@@ -8,3 +8,4 @@ celerybeat.pid
.vagrant/
apps/xpack/.git
.history/
.idea

72
.github/workflows/build-base-image.yml vendored Normal file
View File

@@ -0,0 +1,72 @@
name: Build and Push Base Image
on:
pull_request:
branches:
- 'dev'
- 'v*'
paths:
- poetry.lock
- pyproject.toml
- Dockerfile-base
- package.json
- go.mod
- yarn.lock
- pom.xml
- install_deps.sh
- utils/clean_site_packages.sh
types:
- opened
- synchronize
- reopened
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract date
id: vars
run: echo "IMAGE_TAG=$(date +'%Y%m%d_%H%M%S')" >> $GITHUB_ENV
- name: Extract repository name
id: repo
run: echo "REPO=$(basename ${{ github.repository }})" >> $GITHUB_ENV
- name: Build and push multi-arch image
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
push: true
file: Dockerfile-base
tags: jumpserver/core-base:${{ env.IMAGE_TAG }}
- name: Update Dockerfile
run: |
sed -i 's|-base:.* AS stage-build|-base:${{ env.IMAGE_TAG }} AS stage-build|' Dockerfile
- name: Commit changes
run: |
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
git add Dockerfile
git commit -m "perf: Update Dockerfile with new base image tag"
git push origin ${{ github.event.pull_request.head.ref }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

31
.github/workflows/check-compilemessages.yml vendored Normal file
View File

@@ -0,0 +1,31 @@
name: Check I18n files CompileMessages
on:
pull_request:
branches:
- 'dev'
paths:
- 'apps/i18n/core/**/*.po'
types:
- opened
- synchronize
- reopened
jobs:
compile-messages-check:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and check compilemessages
uses: docker/build-push-action@v6
with:
platforms: linux/amd64
push: false
file: Dockerfile
target: stage-build
tags: jumpserver/core:stage-build

0
.github/workflows/jms-build-test.yml → .github/workflows/jms-build-test.yml.disabled vendored
View File

1
.isort.cfg
View File

@@ -1,3 +1,4 @@
[settings]
line_length=120
known_first_party=common,users,assets,perms,authentication,jumpserver,notification,ops,orgs,rbac,settings,terminal,tickets

103
Dockerfile
View File

@@ -1,101 +1,25 @@
FROM debian:bullseye-slim as stage-1
ARG TARGETARCH
ARG DEPENDENCIES=" \
ca-certificates \
wget"
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
set -ex \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
&& sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& echo "no" | dpkg-reconfigure dash
WORKDIR /opt
ARG CHECK_VERSION=v1.0.2
RUN set -ex \
&& wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& mv check /usr/local/bin/ \
&& chown root:root /usr/local/bin/check \
&& chmod 755 /usr/local/bin/check \
&& rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
ARG RECEPTOR_VERSION=v1.4.5
RUN set -ex \
&& wget -O /opt/receptor.tar.gz https://github.com/ansible/receptor/releases/download/${RECEPTOR_VERSION}/receptor_${RECEPTOR_VERSION/v/}_linux_${TARGETARCH}.tar.gz \
&& tar -xf /opt/receptor.tar.gz -C /usr/local/bin/ \
&& chown root:root /usr/local/bin/receptor \
&& chmod 755 /usr/local/bin/receptor \
&& rm -f /opt/receptor.tar.gz
FROM jumpserver/core-base:20240924_031841 AS stage-build
ARG VERSION
WORKDIR /opt/jumpserver
ADD . .
RUN echo > /opt/jumpserver/config.yml \
&& \
if [ -n "${VERSION}" ]; then \
sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \
fi
FROM python:3.11-slim-bullseye as stage-2
ARG TARGETARCH
ARG BUILD_DEPENDENCIES=" \
g++ \
make \
pkg-config"
ARG DEPENDENCIES=" \
default-libmysqlclient-dev \
freetds-dev \
gettext \
libkrb5-dev \
libldap2-dev \
libsasl2-dev"
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
set -ex \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
&& sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& echo "no" | dpkg-reconfigure dash
WORKDIR /opt/jumpserver
ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple
RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \
--mount=type=bind,source=poetry.lock,target=poetry.lock \
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
set -ex \
&& python3 -m venv /opt/py3 \
&& pip install poetry -i ${PIP_MIRROR} \
&& poetry config virtualenvs.create false \
&& . /opt/py3/bin/activate \
&& poetry install --only main
COPY --from=stage-1 /opt/jumpserver /opt/jumpserver
RUN set -ex \
&& export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \
&& . /opt/py3/bin/activate \
&& cd apps \
&& python manage.py compilemessages
FROM python:3.11-slim-bullseye
ARG TARGETARCH
ENV LANG=en_US.UTF-8 \
PATH=/opt/py3/bin:$PATH
@@ -110,32 +34,27 @@ ARG TOOLS=" \
sshpass \
bubblewrap"
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
set -ex \
ARG APT_MIRROR=http://deb.debian.org
RUN set -ex \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
&& sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& apt-get update \
&& apt-get update > /dev/null \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& apt-get -y install --no-install-recommends ${TOOLS} \
&& apt-get clean \
&& mkdir -p /root/.ssh/ \
&& echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
&& echo "no" | dpkg-reconfigure dash \
&& sed -i "s@# export @export @g" ~/.bashrc \
&& sed -i "s@# alias @alias @g" ~/.bashrc
COPY --from=stage-2 /opt /opt
COPY --from=stage-1 /usr/local/bin /usr/local/bin
COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/
COPY --from=stage-build /opt /opt
COPY --from=stage-build /usr/local/bin /usr/local/bin
COPY --from=stage-build /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/
WORKDIR /opt/jumpserver
ARG VERSION
ENV VERSION=$VERSION
VOLUME /opt/jumpserver/data
ENTRYPOINT ["./entrypoint.sh"]

60
Dockerfile-base Normal file
View File

@@ -0,0 +1,60 @@
FROM python:3.11-slim-bullseye
ARG TARGETARCH
# Install APT dependencies
ARG DEPENDENCIES=" \
ca-certificates \
wget \
g++ \
make \
pkg-config \
default-libmysqlclient-dev \
freetds-dev \
gettext \
libkrb5-dev \
libldap2-dev \
libsasl2-dev"
ARG APT_MIRROR=http://deb.debian.org
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
set -ex \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache \
&& sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
&& apt-get update > /dev/null \
&& apt-get -y install --no-install-recommends ${DEPENDENCIES} \
&& echo "no" | dpkg-reconfigure dash
# Install bin tools
ARG CHECK_VERSION=v1.0.3
RUN set -ex \
&& wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
&& mv check /usr/local/bin/ \
&& chown root:root /usr/local/bin/check \
&& chmod 755 /usr/local/bin/check \
&& rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
# Install Python dependencies
WORKDIR /opt/jumpserver
ARG PIP_MIRROR=https://pypi.org/simple
ENV ANSIBLE_COLLECTIONS_PATHS=/opt/py3/lib/python3.11/site-packages/ansible_collections
RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \
--mount=type=bind,source=poetry.lock,target=poetry.lock \
--mount=type=bind,source=pyproject.toml,target=pyproject.toml \
--mount=type=bind,source=utils/clean_site_packages.sh,target=clean_site_packages.sh \
--mount=type=bind,source=requirements/collections.yml,target=collections.yml \
set -ex \
&& python3 -m venv /opt/py3 \
&& pip install poetry -i ${PIP_MIRROR} \
&& poetry config virtualenvs.create false \
&& . /opt/py3/bin/activate \
&& poetry install --only main \
&& ansible-galaxy collection install -r collections.yml --force --ignore-certs \
&& bash clean_site_packages.sh

59
Dockerfile-ee
View File

@@ -1,38 +1,12 @@
ARG VERSION
ARG VERSION=dev
FROM registry.fit2cloud.com/jumpserver/xpack:${VERSION} as build-xpack
FROM python:3.11-slim-bullseye as build-core
ARG BUILD_DEPENDENCIES=" \
g++"
FROM registry.fit2cloud.com/jumpserver/xpack:${VERSION} AS build-xpack
FROM jumpserver/core:${VERSION}-ce
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
set -ex \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
&& sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
&& echo "no" | dpkg-reconfigure dash
WORKDIR /opt/jumpserver
ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple
RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \
--mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \
--mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \
set -ex \
&& python3 -m venv /opt/py3 \
&& pip install poetry -i ${PIP_MIRROR} \
&& poetry config virtualenvs.create false \
&& . /opt/py3/bin/activate \
&& poetry install --only xpack
FROM registry.fit2cloud.com/jumpserver/core:${VERSION}-ce
ARG TARGETARCH
COPY --from=build-xpack /opt/xpack /opt/jumpserver/apps/xpack
ARG TOOLS=" \
g++ \
curl \
iputils-ping \
netcat-openbsd \
@@ -41,12 +15,21 @@ ARG TOOLS=" \
vim \
wget"
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
set -ex \
ARG APT_MIRROR=http://deb.debian.org
RUN set -ex \
&& rm -f /etc/apt/apt.conf.d/docker-clean \
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache \
&& sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
&& apt-get update \
&& apt-get -y install --no-install-recommends ${TOOLS}
&& apt-get -y install --no-install-recommends ${TOOLS} \
&& echo "no" | dpkg-reconfigure dash
WORKDIR /opt/jumpserver
ARG PIP_MIRROR=https://pypi.org/simple
COPY poetry.lock pyproject.toml ./
RUN set -ex \
&& . /opt/py3/bin/activate \
&& pip install poetry -i ${PIP_MIRROR} \
&& poetry install --only xpack
COPY --from=build-core /opt/py3 /opt/py3
COPY --from=build-xpack /opt/xpack /opt/jumpserver/apps/xpack

43
README.md
View File

@@ -10,15 +10,29 @@
[![][github-release-shield]][github-release-link]
[![][github-stars-shield]][github-stars-link]
**English** · [简体中文](./README.zh-CN.md) · [Documents][docs-link] · [Report Bug][github-issues-link] · [Request Feature][github-issues-link]
**English** · [简体中文](./README.zh-CN.md)
</div>
<br/>
## What is JumpServer?
JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and Remote App endpoints through a web browser.
JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser.
![JumpServer Overview](https://github.com/jumpserver/jumpserver/assets/41712985/eb9e6f39-3911-4d4a-bca9-aa50cc3b761d)
![JumpServer Overview](https://github.com/jumpserver/jumpserver/assets/32935519/35a371cb-8590-40ed-88ec-f351f8cf9045)
## Quickstart
Prepare a clean Linux Server ( 64 bit, >= 4c8g )
```sh
curl -sSL https://github.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash
```
Access JumpServer in your browser at `http://your-jumpserver-ip/`
- Username: `admin`
- Password: `ChangeMe`
[![JumpServer Quickstart](https://github.com/user-attachments/assets/0f32f52b-9935-485e-8534-336c63389612)](https://www.youtube.com/watch?v=UlGYRbKrpgY "JumpServer Quickstart")
## Screenshots
@@ -43,15 +57,6 @@ JumpServer is an open-source Privileged Access Management (PAM) tool that provid
</tr>
</table>
## Quick Start
Prepare a clean Linux Server ( 64bit, >= 4c8g )
```
curl -sSL https://github.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash
```
Access JumpServer in your browser at `http://your-ip/`, `admin`/`admin`
## Components
JumpServer consists of multiple key components, which collectively form the functional framework of JumpServer, providing users with comprehensive capabilities for operations management and security control.
@@ -63,12 +68,10 @@ JumpServer consists of multiple key components, which collectively form the func
| [KoKo](https://github.com/jumpserver/koko) | <a href="https://github.com/jumpserver/koko/releases"><img alt="Koko release" src="https://img.shields.io/github/release/jumpserver/koko.svg" /></a> | JumpServer Character Protocol Connector |
| [Lion](https://github.com/jumpserver/lion) | <a href="https://github.com/jumpserver/lion/releases"><img alt="Lion release" src="https://img.shields.io/github/release/jumpserver/lion.svg" /></a> | JumpServer Graphical Protocol Connector |
| [Chen](https://github.com/jumpserver/chen) | <a href="https://github.com/jumpserver/chen/releases"><img alt="Chen release" src="https://img.shields.io/github/release/jumpserver/chen.svg" /> | JumpServer Web DB |
| [Razor](https://github.com/jumpserver/razor) | <img alt="Chen" src="https://img.shields.io/badge/release-private-red" /> | JumpServer RDP Proxy Connector |
| [Tinker](https://github.com/jumpserver/tinker) | <img alt="Tinker" src="https://img.shields.io/badge/release-private-red" /> | JumpServer Remote Application Connector (Windows) |
| [Panda](https://github.com/jumpserver/Panda) | <img alt="Panda" src="https://img.shields.io/badge/release-private-red" /> | JumpServer Remote Application Connector (Linux) |
| [Magnus](https://github.com/jumpserver/magnus) | <img alt="Magnus" src="https://img.shields.io/badge/release-private-red" /> | JumpServer Database Proxy Connector |
| [Razor](https://github.com/jumpserver/razor) | <img alt="Chen" src="https://img.shields.io/badge/release-private-red" /> | JumpServer EE RDP Proxy Connector |
| [Tinker](https://github.com/jumpserver/tinker) | <img alt="Tinker" src="https://img.shields.io/badge/release-private-red" /> | JumpServer EE Remote Application Connector (Windows) |
| [Panda](https://github.com/jumpserver/Panda) | <img alt="Panda" src="https://img.shields.io/badge/release-private-red" /> | JumpServer EE Remote Application Connector (Linux) |
| [Magnus](https://github.com/jumpserver/magnus) | <img alt="Magnus" src="https://img.shields.io/badge/release-private-red" /> | JumpServer EE Database Proxy Connector |
## Contributing
@@ -91,8 +94,8 @@ https://www.gnu.org/licenses/gpl-3.0.html
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an " AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
<!-- JumpServer official link -->
[docs-link]: https://en-docs.jumpserver.org/
[discord-link]: https://discord.com/invite/jcM5tKWJ
[docs-link]: https://jumpserver.com/docs
[discord-link]: https://discord.com/invite/W6vYXmAQG2
[contributing-link]: https://github.com/jumpserver/jumpserver/blob/dev/CONTRIBUTING.md
<!-- JumpServer Other link-->

48
README.zh-CN.md
View File

@@ -12,13 +12,13 @@
<p align="center">
9 年时间,倾情投入,用心做好一款开源堡垒机。
10 年时间,倾情投入,用心做好一款开源堡垒机。
</p>
------------------------------
JumpServer 是广受欢迎的开源堡垒机,是符合 4A 规范的专业运维安全审计系统。
## JumpServer 是什么?
JumpServer 堡垒机帮助企业以更安全的方式管控和登录各种类型的资产,包括:
JumpServer 是广受欢迎的开源堡垒机,是符合 4A 规范的专业运维安全审计系统。JumpServer 堡垒机帮助企业以更安全的方式管控和登录各种类型的资产,包括:
- **SSH**: Linux / Unix / 网络设备 等;
- **Windows**: Web 方式连接 / 原生 RDP 连接;
@@ -38,6 +38,13 @@ JumpServer 堡垒机帮助企业以更安全的方式管控和登录各种类型
- **多租户**: 一套系统,多个子公司或部门同时使用;
- **云端存储**: 审计录像云端存储,永不丢失;
## 快速开始
- [快速入门](https://docs.jumpserver.org/zh/v3/quick_start/)
- [产品文档](https://docs.jumpserver.org)
- [在线学习](https://edu.fit2cloud.com/page/2635362)
- [知识库](https://kb.fit2cloud.com/categories/jumpserver)
## UI 展示
![UI展示](https://docs.jumpserver.org/zh/v3/img/dashboard.png)
@@ -52,13 +59,6 @@ JumpServer 堡垒机帮助企业以更安全的方式管控和登录各种类型
| 请勿修改体验环境用户的密码! |
| 请勿在环境中添加业务生产环境地址、用户名密码等敏感信息! |
## 快速开始
- [快速入门](https://docs.jumpserver.org/zh/v3/quick_start/)
- [产品文档](https://docs.jumpserver.org)
- [在线学习](https://edu.fit2cloud.com/page/2635362)
- [知识库](https://kb.fit2cloud.com/categories/jumpserver)
## 案例研究
- [腾讯音乐娱乐集团基于JumpServer的安全运维审计解决方案](https://blog.fit2cloud.com/?p=a04cdf0d-6704-4d18-9b40-9180baecd0e2)
@@ -81,28 +81,24 @@ JumpServer 堡垒机帮助企业以更安全的方式管控和登录各种类型
您也可以到我们的 [社区论坛](https://bbs.fit2cloud.com/c/js/5) 当中进行交流沟通。
### 参与贡献
## 参与贡献
欢迎提交 PR 参与贡献。 参考 [CONTRIBUTING.md](https://github.com/jumpserver/jumpserver/blob/dev/CONTRIBUTING.md)
## 组件项目
| 项目 | 状态 | 描述 |
|--------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|
| [Lina](https://github.com/jumpserver/lina) | <a href="https://github.com/jumpserver/lina/releases"><img alt="Lina release" src="https://img.shields.io/github/release/jumpserver/lina.svg" /></a> | JumpServer Web UI 项目 |
| [Luna](https://github.com/jumpserver/luna) | <a href="https://github.com/jumpserver/luna/releases"><img alt="Luna release" src="https://img.shields.io/github/release/jumpserver/luna.svg" /></a> | JumpServer Web Terminal 项目 |
| [KoKo](https://github.com/jumpserver/koko) | <a href="https://github.com/jumpserver/koko/releases"><img alt="Koko release" src="https://img.shields.io/github/release/jumpserver/koko.svg" /></a> | JumpServer 字符协议 Connector 项目 |
| [Lion](https://github.com/jumpserver/lion-release) | <a href="https://github.com/jumpserver/lion-release/releases"><img alt="Lion release" src="https://img.shields.io/github/release/jumpserver/lion-release.svg" /></a> | JumpServer 图形协议 Connector 项目,依赖 [Apache Guacamole](https://guacamole.apache.org/) |
| [Razor](https://github.com/jumpserver/razor) | <img alt="Chen" src="https://img.shields.io/badge/release-私有发布-red" /> | JumpServer RDP 代理 Connector 项目 |
| [Tinker](https://github.com/jumpserver/tinker) | <img alt="Tinker" src="https://img.shields.io/badge/release-私有发布-red" /> | JumpServer 远程应用 Connector 项目 (Windows) |
| [Panda](https://github.com/jumpserver/Panda) | <img alt="Panda" src="https://img.shields.io/badge/release-私有发布-red" /> | JumpServer 远程应用 Connector 项目 (Linux) |
| [Magnus](https://github.com/jumpserver/magnus-release) | <a href="https://github.com/jumpserver/magnus-release/releases"><img alt="Magnus release" src="https://img.shields.io/github/release/jumpserver/magnus-release.svg" /> | JumpServer 数据库代理 Connector 项目 |
| [Chen](https://github.com/jumpserver/chen-release) | <a href="https://github.com/jumpserver/chen-release/releases"><img alt="Chen release" src="https://img.shields.io/github/release/jumpserver/chen-release.svg" /> | JumpServer Web DB 项目,替代原来的 OmniDB |
| [Kael](https://github.com/jumpserver/kael) | <a href="https://github.com/jumpserver/kael/releases"><img alt="Kael release" src="https://img.shields.io/github/release/jumpserver/kael.svg" /> | JumpServer 连接 GPT 资产的组件项目 |
| [Wisp](https://github.com/jumpserver/wisp) | <a href="https://github.com/jumpserver/wisp/releases"><img alt="Magnus release" src="https://img.shields.io/github/release/jumpserver/wisp.svg" /> | JumpServer 各系统终端组件和 Core API 通信的组件项目 |
| [Clients](https://github.com/jumpserver/clients) | <a href="https://github.com/jumpserver/clients/releases"><img alt="Clients release" src="https://img.shields.io/github/release/jumpserver/clients.svg" /> | JumpServer 客户端 项目 |
| [Installer](https://github.com/jumpserver/installer) | <a href="https://github.com/jumpserver/installer/releases"><img alt="Installer release" src="https://img.shields.io/github/release/jumpserver/installer.svg" /> | JumpServer 安装包 项目 |
| Project | Status | Description |
|--------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| [Lina](https://github.com/jumpserver/lina) | <a href="https://github.com/jumpserver/lina/releases"><img alt="Lina release" src="https://img.shields.io/github/release/jumpserver/lina.svg" /></a> | JumpServer Web UI |
| [Luna](https://github.com/jumpserver/luna) | <a href="https://github.com/jumpserver/luna/releases"><img alt="Luna release" src="https://img.shields.io/github/release/jumpserver/luna.svg" /></a> | JumpServer Web Terminal |
| [KoKo](https://github.com/jumpserver/koko) | <a href="https://github.com/jumpserver/koko/releases"><img alt="Koko release" src="https://img.shields.io/github/release/jumpserver/koko.svg" /></a> | JumpServer Character Protocol Connector |
| [Lion](https://github.com/jumpserver/lion) | <a href="https://github.com/jumpserver/lion/releases"><img alt="Lion release" src="https://img.shields.io/github/release/jumpserver/lion.svg" /></a> | JumpServer Graphical Protocol Connector |
| [Chen](https://github.com/jumpserver/chen) | <a href="https://github.com/jumpserver/chen/releases"><img alt="Chen release" src="https://img.shields.io/github/release/jumpserver/chen.svg" /> | JumpServer Web DB |
| [Razor](https://github.com/jumpserver/razor) | <img alt="Chen" src="https://img.shields.io/badge/release-private-red" /> | JumpServer EE RDP Proxy Connector |
| [Tinker](https://github.com/jumpserver/tinker) | <img alt="Tinker" src="https://img.shields.io/badge/release-private-red" /> | JumpServer EE Remote Application Connector (Windows) |
| [Panda](https://github.com/jumpserver/Panda) | <img alt="Panda" src="https://img.shields.io/badge/release-private-red" /> | JumpServer EE Remote Application Connector (Linux) |
| [Magnus](https://github.com/jumpserver/magnus) | <img alt="Magnus" src="https://img.shields.io/badge/release-private-red" /> | JumpServer EE Database Proxy Connector |
## 安全说明
JumpServer是一款安全产品请参考 [基本安全建议](https://docs.jumpserver.org/zh/master/install/install_security/)

21
apps/accounts/automations/change_secret/database/mysql/main.yml
View File

@@ -4,6 +4,9 @@
ansible_python_interpreter: /opt/py3/bin/python
db_name: "{{ jms_asset.spec_info.db_name }}"
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Test MySQL connection
@@ -13,9 +16,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
filter: version
register: db_info
@@ -30,9 +33,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
name: "{{ account.username }}"
password: "{{ account.secret }}"
host: "%"
@@ -47,7 +50,7 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
filter: version

16
apps/accounts/automations/change_secret/database/postgresql/main.yml
View File

@@ -2,6 +2,10 @@
gather_facts: no
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Test PostgreSQL connection
@@ -11,6 +15,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: result
failed_when: not result.is_available
@@ -28,6 +36,10 @@
db: "{{ jms_asset.spec_info.db_name }}"
name: "{{ account.username }}"
password: "{{ account.secret }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
role_attr_flags: LOGIN
ignore_errors: true
when: result is succeeded
@@ -39,3 +51,7 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"

102
apps/accounts/automations/change_secret/host/aix/main.yml
View File

@@ -14,51 +14,15 @@
- name: "Add {{ account.username }} user"
ansible.builtin.user:
name: "{{ account.username }}"
shell: "{{ params.shell }}"
home: "{{ params.home | default('/home/' + account.username, true) }}"
groups: "{{ params.groups }}"
uid: "{{ params.uid | int if params.uid | length > 0 else omit }}"
shell: "{{ params.shell if params.shell | length > 0 else omit }}"
home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}"
groups: "{{ params.groups if params.groups | length > 0 else omit }}"
append: yes
expires: -1
state: present
when: user_info.failed
- name: "Add {{ account.username }} group"
ansible.builtin.group:
name: "{{ account.username }}"
state: present
when: user_info.failed
- name: "Add {{ account.username }} user to group"
ansible.builtin.user:
name: "{{ account.username }}"
groups: "{{ params.groups }}"
when:
- user_info.failed
- params.groups
- name: "Change {{ account.username }} password"
ansible.builtin.user:
name: "{{ account.username }}"
password: "{{ account.secret | password_hash('des') }}"
update_password: always
ignore_errors: true
when: account.secret_type == "password"
- name: remove jumpserver ssh key
ansible.builtin.lineinfile:
dest: "{{ ssh_params.dest }}"
regexp: "{{ ssh_params.regexp }}"
state: absent
when:
- account.secret_type == "ssh_key"
- ssh_params.strategy == "set_jms"
- name: "Change {{ account.username }} SSH key"
ansible.builtin.authorized_key:
user: "{{ account.username }}"
key: "{{ account.secret }}"
exclusive: "{{ ssh_params.exclusive }}"
when: account.secret_type == "ssh_key"
- name: "Set {{ account.username }} sudo setting"
ansible.builtin.lineinfile:
dest: /etc/sudoers
@@ -67,9 +31,59 @@
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
validate: visudo -cf %s
when:
- user_info.failed
- user_info.failed or params.modify_sudo
- params.sudo
- name: "Change {{ account.username }} password"
ansible.builtin.user:
name: "{{ account.username }}"
password: "{{ account.secret | password_hash('des') }}"
update_password: always
ignore_errors: true
when: account.secret_type == "password"
- name: "Get home directory for {{ account.username }}"
ansible.builtin.shell: "getent passwd {{ account.username }} | cut -d: -f6"
register: home_dir
when: account.secret_type == "ssh_key"
ignore_errors: yes
- name: "Check if home directory exists for {{ account.username }}"
ansible.builtin.stat:
path: "{{ home_dir.stdout.strip() }}"
register: home_dir_stat
when: account.secret_type == "ssh_key"
ignore_errors: yes
- name: "Ensure {{ account.username }} home directory exists"
ansible.builtin.file:
path: "{{ home_dir.stdout.strip() }}"
state: directory
owner: "{{ account.username }}"
group: "{{ account.username }}"
mode: '0750'
when:
- account.secret_type == "ssh_key"
- home_dir_stat.stat.exists == false
ignore_errors: yes
- name: Remove jumpserver ssh key
ansible.builtin.lineinfile:
dest: "{{ home_dir.stdout.strip() }}/.ssh/authorized_keys"
regexp: "{{ ssh_params.regexp }}"
state: absent
when:
- account.secret_type == "ssh_key"
- ssh_params.strategy == "set_jms"
ignore_errors: yes
- name: "Change {{ account.username }} SSH key"
ansible.builtin.authorized_key:
user: "{{ account.username }}"
key: "{{ account.secret }}"
exclusive: "{{ ssh_params.exclusive }}"
when: account.secret_type == "ssh_key"
- name: Refresh connection
ansible.builtin.meta: reset_connection
@@ -79,7 +93,7 @@
login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
become: "{{ account.become.ansible_become | default(False) }}"
become_method: su
become_user: "{{ account.become.ansible_user | default('') }}"
@@ -95,7 +109,7 @@
login_port: "{{ jms_asset.port }}"
login_user: "{{ account.username }}"
login_private_key_path: "{{ account.private_key_path }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
when: account.secret_type == "ssh_key"
delegate_to: localhost

31
apps/accounts/automations/change_secret/host/aix/manifest.yml
View File

@@ -5,6 +5,12 @@ type:
- AIX
method: change_secret
params:
- name: modify_sudo
type: bool
label: "{{ 'Modify sudo label' | trans }}"
default: False
help_text: "{{ 'Modify params sudo help text' | trans }}"
- name: sudo
type: str
label: 'Sudo'
@@ -28,12 +34,23 @@ params:
default: ''
help_text: "{{ 'Params groups help text' | trans }}"
- name: uid
type: str
label: "{{ 'Params uid label' | trans }}"
default: ''
help_text: "{{ 'Params uid help text' | trans }}"
i18n:
AIX account change secret:
zh: '使用 Ansible 模块 user 执行账号改密 (DES)'
ja: 'Ansible user モジュールを使用してアカウントのパスワード変更 (DES)'
en: 'Using Ansible module user to change account secret (DES)'
Modify params sudo help text:
zh: '如果用户存在可以修改sudo权限'
ja: 'ユーザーが存在する場合、sudo権限を変更できます'
en: 'If the user exists, sudo permissions can be modified'
Params sudo help text:
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
@@ -49,6 +66,16 @@ i18n:
ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)'
en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)'
Params uid help text:
zh: '请输入用户ID'
ja: 'ユーザーIDを入力してください'
en: 'Please enter the user ID'
Modify sudo label:
zh: '修改 sudo 权限'
ja: 'sudo 権限を変更'
en: 'Modify sudo'
Params home label:
zh: '家目录'
ja: 'ホームディレクトリ'
@@ -59,3 +86,7 @@ i18n:
ja: 'グループ'
en: 'Groups'
Params uid label:
zh: '用户ID'
ja: 'ユーザーID'
en: 'User ID'

102
apps/accounts/automations/change_secret/host/posix/main.yml
View File

@@ -14,51 +14,15 @@
- name: "Add {{ account.username }} user"
ansible.builtin.user:
name: "{{ account.username }}"
shell: "{{ params.shell }}"
home: "{{ params.home | default('/home/' + account.username, true) }}"
groups: "{{ params.groups }}"
uid: "{{ params.uid | int if params.uid | length > 0 else omit }}"
shell: "{{ params.shell if params.shell | length > 0 else omit }}"
home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}"
groups: "{{ params.groups if params.groups | length > 0 else omit }}"
append: yes
expires: -1
state: present
when: user_info.failed
- name: "Add {{ account.username }} group"
ansible.builtin.group:
name: "{{ account.username }}"
state: present
when: user_info.failed
- name: "Add {{ account.username }} user to group"
ansible.builtin.user:
name: "{{ account.username }}"
groups: "{{ params.groups }}"
when:
- user_info.failed
- params.groups
- name: "Change {{ account.username }} password"
ansible.builtin.user:
name: "{{ account.username }}"
password: "{{ account.secret | password_hash('sha512') }}"
update_password: always
ignore_errors: true
when: account.secret_type == "password"
- name: remove jumpserver ssh key
ansible.builtin.lineinfile:
dest: "{{ ssh_params.dest }}"
regexp: "{{ ssh_params.regexp }}"
state: absent
when:
- account.secret_type == "ssh_key"
- ssh_params.strategy == "set_jms"
- name: "Change {{ account.username }} SSH key"
ansible.builtin.authorized_key:
user: "{{ account.username }}"
key: "{{ account.secret }}"
exclusive: "{{ ssh_params.exclusive }}"
when: account.secret_type == "ssh_key"
- name: "Set {{ account.username }} sudo setting"
ansible.builtin.lineinfile:
dest: /etc/sudoers
@@ -67,9 +31,59 @@
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
validate: visudo -cf %s
when:
- user_info.failed
- user_info.failed or params.modify_sudo
- params.sudo
- name: "Change {{ account.username }} password"
ansible.builtin.user:
name: "{{ account.username }}"
password: "{{ account.secret | password_hash('sha512') }}"
update_password: always
ignore_errors: true
when: account.secret_type == "password"
- name: "Get home directory for {{ account.username }}"
ansible.builtin.shell: "getent passwd {{ account.username }} | cut -d: -f6"
register: home_dir
when: account.secret_type == "ssh_key"
ignore_errors: yes
- name: "Check if home directory exists for {{ account.username }}"
ansible.builtin.stat:
path: "{{ home_dir.stdout.strip() }}"
register: home_dir_stat
when: account.secret_type == "ssh_key"
ignore_errors: yes
- name: "Ensure {{ account.username }} home directory exists"
ansible.builtin.file:
path: "{{ home_dir.stdout.strip() }}"
state: directory
owner: "{{ account.username }}"
group: "{{ account.username }}"
mode: '0750'
when:
- account.secret_type == "ssh_key"
- home_dir_stat.stat.exists == false
ignore_errors: yes
- name: Remove jumpserver ssh key
ansible.builtin.lineinfile:
dest: "{{ home_dir.stdout.strip() }}/.ssh/authorized_keys"
regexp: "{{ ssh_params.regexp }}"
state: absent
when:
- account.secret_type == "ssh_key"
- ssh_params.strategy == "set_jms"
ignore_errors: yes
- name: "Change {{ account.username }} SSH key"
ansible.builtin.authorized_key:
user: "{{ account.username }}"
key: "{{ account.secret }}"
exclusive: "{{ ssh_params.exclusive }}"
when: account.secret_type == "ssh_key"
- name: Refresh connection
ansible.builtin.meta: reset_connection
@@ -79,7 +93,7 @@
login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
become: "{{ account.become.ansible_become | default(False) }}"
become_method: su
become_user: "{{ account.become.ansible_user | default('') }}"
@@ -95,7 +109,7 @@
login_port: "{{ jms_asset.port }}"
login_user: "{{ account.username }}"
login_private_key_path: "{{ account.private_key_path }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
when: account.secret_type == "ssh_key"
delegate_to: localhost

31
apps/accounts/automations/change_secret/host/posix/manifest.yml
View File

@@ -6,6 +6,12 @@ type:
- linux
method: change_secret
params:
- name: modify_sudo
type: bool
label: "{{ 'Modify sudo label' | trans }}"
default: False
help_text: "{{ 'Modify params sudo help text' | trans }}"
- name: sudo
type: str
label: 'Sudo'
@@ -30,12 +36,23 @@ params:
default: ''
help_text: "{{ 'Params groups help text' | trans }}"
- name: uid
type: str
label: "{{ 'Params uid label' | trans }}"
default: ''
help_text: "{{ 'Params uid help text' | trans }}"
i18n:
Posix account change secret:
zh: '使用 Ansible 模块 user 执行账号改密 (SHA512)'
ja: 'Ansible user モジュールを使用して アカウントのパスワード変更 (SHA512)'
en: 'Using Ansible module user to change account secret (SHA512)'
Modify params sudo help text:
zh: '如果用户存在可以修改sudo权限'
ja: 'ユーザーが存在する場合、sudo権限を変更できます'
en: 'If the user exists, sudo permissions can be modified'
Params sudo help text:
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
@@ -51,6 +68,16 @@ i18n:
ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)'
en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)'
Params uid help text:
zh: '请输入用户ID'
ja: 'ユーザーIDを入力してください'
en: 'Please enter the user ID'
Modify sudo label:
zh: '修改 sudo 权限'
ja: 'sudo 権限を変更'
en: 'Modify sudo'
Params home label:
zh: '家目录'
ja: 'ホームディレクトリ'
@@ -61,3 +88,7 @@ i18n:
ja: 'グループ'
en: 'Groups'
Params uid label:
zh: '用户ID'
ja: 'ユーザーID'
en: 'User ID'

4
apps/accounts/automations/change_secret/host/windows_rdp_verify/main.yml
View File

@@ -25,11 +25,11 @@
- name: Verify password (pyfreerdp)
rdp_ping:
login_host: "{{ jms_asset.address }}"
login_host: "{{ jms_asset.origin_address }}"
login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'rdp') | map(attribute='port') | first }}"
login_user: "{{ account.username }}"
login_password: "{{ account.secret }}"
login_secret_type: "{{ account.secret_type }}"
login_private_key_path: "{{ account.private_key_path }}"
gateway_args: "{{ jms_gateway | default(None) }}"
when: account.secret_type == "password"
delegate_to: localhost

18
apps/accounts/automations/change_secret/manager.py
View File

@@ -8,7 +8,7 @@ from django.utils.translation import gettext_lazy as _
from xlsxwriter import Workbook
from accounts.const import AutomationTypes, SecretType, SSHKeyStrategy, SecretStrategy, ChangeSecretRecordStatusChoice
from accounts.models import ChangeSecretRecord
from accounts.models import ChangeSecretRecord, BaseAccountQuerySet
from accounts.notifications import ChangeSecretExecutionTaskMsg, ChangeSecretFailedMsg
from accounts.serializers import ChangeSecretRecordBackUpSerializer
from assets.const import HostTypes
@@ -50,9 +50,6 @@ class ChangeSecretManager(AccountBasePlaybookManager):
kwargs['exclusive'] = 'yes' if kwargs['strategy'] == SSHKeyStrategy.set else 'no'
if kwargs['strategy'] == SSHKeyStrategy.set_jms:
username = account.username
path = f'/{username}' if username == "root" else f'/home/{username}'
kwargs['dest'] = f'{path}/.ssh/authorized_keys'
kwargs['regexp'] = '.*{}$'.format(secret.split()[2].strip())
return kwargs
@@ -68,10 +65,10 @@ class ChangeSecretManager(AccountBasePlaybookManager):
else:
return self.secret_generator(secret_type).get_secret()
def get_accounts(self, privilege_account):
def get_accounts(self, privilege_account) -> BaseAccountQuerySet | None:
if not privilege_account:
print(f'not privilege account')
return []
print('Not privilege account')
return
asset = privilege_account.asset
accounts = asset.accounts.all()
@@ -108,6 +105,9 @@ class ChangeSecretManager(AccountBasePlaybookManager):
print(f'Windows {asset} does not support ssh key push')
return inventory_hosts
if asset.type == HostTypes.WINDOWS:
accounts = accounts.filter(secret_type=SecretType.PASSWORD)
host['ssh_params'] = {}
for account in accounts:
h = deepcopy(host)
@@ -127,6 +127,7 @@ class ChangeSecretManager(AccountBasePlaybookManager):
recorder = ChangeSecretRecord(
asset=asset, account=account, execution=self.execution,
old_secret=account.secret, new_secret=new_secret,
comment=f'{account.username}@{asset.address}'
)
records.append(recorder)
else:
@@ -226,6 +227,9 @@ class ChangeSecretManager(AccountBasePlaybookManager):
def run(self, *args, **kwargs):
if self.secret_type and not self.check_secret():
self.execution.status = 'success'
self.execution.date_finished = timezone.now()
self.execution.save()
return
super().run(*args, **kwargs)
recorders = list(self.name_recorder_mapper.values())

9
apps/accounts/automations/gather_accounts/database/mysql/main.yml
View File

@@ -3,6 +3,9 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Get info
@@ -12,9 +15,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
filter: users
register: db_info

8
apps/accounts/automations/gather_accounts/database/postgresql/main.yml
View File

@@ -2,6 +2,10 @@
gather_facts: no
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Get info
@@ -11,6 +15,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
filter: "roles"
register: db_info

5
apps/accounts/automations/gather_accounts/filter.py
View File

@@ -31,7 +31,7 @@ class GatherAccountsFilter:
def posix_filter(info):
username_pattern = re.compile(r'^(\S+)')
ip_pattern = re.compile(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})')
login_time_pattern = re.compile(r'\w{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}')
login_time_pattern = re.compile(r'\w{3} \w{3}\s+\d{1,2} \d{2}:\d{2}:\d{2} \d{4}')
result = {}
for line in info:
usernames = username_pattern.findall(line)
@@ -46,7 +46,8 @@ class GatherAccountsFilter:
result[username].update({'address': ip_addr})
login_times = login_time_pattern.findall(line)
if login_times:
date = timezone.datetime.strptime(f'{login_times[0]} +0800', '%b %d %H:%M:%S %Y %z')
datetime_str = login_times[0].split(' ', 1)[1] + " +0800"
date = timezone.datetime.strptime(datetime_str, '%b %d %H:%M:%S %Y %z')
result[username].update({'date': date})
return result

18
apps/accounts/automations/gather_accounts/manager.py
View File

@@ -95,12 +95,14 @@ class GatherAccountsManager(AccountBasePlaybookManager):
return None, None
users = User.objects.filter(id__in=recipients)
if not users:
if not users.exists():
return users, None
asset_ids = self.asset_username_mapper.keys()
assets = Asset.objects.filter(id__in=asset_ids)
assets = Asset.objects.filter(id__in=asset_ids).prefetch_related('accounts')
gather_accounts = GatheredAccount.objects.filter(asset_id__in=asset_ids, present=True)
asset_id_map = {str(asset.id): asset for asset in assets}
asset_id_username = list(assets.values_list('id', 'accounts__username'))
asset_id_username.extend(list(gather_accounts.values_list('asset_id', 'username')))
@@ -109,26 +111,24 @@ class GatherAccountsManager(AccountBasePlaybookManager):
for asset_id, username in asset_id_username:
system_asset_username_mapper[str(asset_id)].add(username)
change_info = {}
change_info = defaultdict(dict)
for asset_id, usernames in self.asset_username_mapper.items():
system_usernames = system_asset_username_mapper.get(asset_id)
if not system_usernames:
continue
add_usernames = usernames - system_usernames
remove_usernames = system_usernames - usernames
k = f'{asset_id_map[asset_id]}[{asset_id}]'
if not add_usernames and not remove_usernames:
continue
change_info[k] = {
'add_usernames': ', '.join(add_usernames),
'remove_usernames': ', '.join(remove_usernames),
change_info[str(asset_id_map[asset_id])] = {
'add_usernames': add_usernames,
'remove_usernames': remove_usernames
}
return users, change_info
return users, dict(change_info)
@staticmethod
def send_email_if_need(users, change_info):

21
apps/accounts/automations/push_account/database/mysql/main.yml
View File

@@ -4,6 +4,9 @@
ansible_python_interpreter: /opt/py3/bin/python
db_name: "{{ jms_asset.spec_info.db_name }}"
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Test MySQL connection
@@ -13,9 +16,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
filter: version
register: db_info
@@ -30,9 +33,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
name: "{{ account.username }}"
password: "{{ account.secret }}"
host: "%"
@@ -47,7 +50,7 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
filter: version

16
apps/accounts/automations/push_account/database/postgresql/main.yml
View File

@@ -2,6 +2,10 @@
gather_facts: no
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Test PostgreSQL connection
@@ -11,6 +15,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: result
failed_when: not result.is_available
@@ -28,6 +36,10 @@
db: "{{ jms_asset.spec_info.db_name }}"
name: "{{ account.username }}"
password: "{{ account.secret }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
role_attr_flags: LOGIN
ignore_errors: true
when: result is succeeded
@@ -40,6 +52,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
when:
- result is succeeded
- change_info is succeeded

102
apps/accounts/automations/push_account/host/aix/main.yml
View File

@@ -14,51 +14,15 @@
- name: "Add {{ account.username }} user"
ansible.builtin.user:
name: "{{ account.username }}"
shell: "{{ params.shell }}"
home: "{{ params.home | default('/home/' + account.username, true) }}"
groups: "{{ params.groups }}"
uid: "{{ params.uid | int if params.uid | length > 0 else omit }}"
shell: "{{ params.shell if params.shell | length > 0 else omit }}"
home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}"
groups: "{{ params.groups if params.groups | length > 0 else omit }}"
append: yes
expires: -1
state: present
when: user_info.failed
- name: "Add {{ account.username }} group"
ansible.builtin.group:
name: "{{ account.username }}"
state: present
when: user_info.failed
- name: "Add {{ account.username }} user to group"
ansible.builtin.user:
name: "{{ account.username }}"
groups: "{{ params.groups }}"
when:
- user_info.failed
- params.groups
- name: "Change {{ account.username }} password"
ansible.builtin.user:
name: "{{ account.username }}"
password: "{{ account.secret | password_hash('des') }}"
update_password: always
ignore_errors: true
when: account.secret_type == "password"
- name: remove jumpserver ssh key
ansible.builtin.lineinfile:
dest: "{{ ssh_params.dest }}"
regexp: "{{ ssh_params.regexp }}"
state: absent
when:
- account.secret_type == "ssh_key"
- ssh_params.strategy == "set_jms"
- name: "Change {{ account.username }} SSH key"
ansible.builtin.authorized_key:
user: "{{ account.username }}"
key: "{{ account.secret }}"
exclusive: "{{ ssh_params.exclusive }}"
when: account.secret_type == "ssh_key"
- name: "Set {{ account.username }} sudo setting"
ansible.builtin.lineinfile:
dest: /etc/sudoers
@@ -67,9 +31,59 @@
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
validate: visudo -cf %s
when:
- user_info.failed
- user_info.failed or params.modify_sudo
- params.sudo
- name: "Change {{ account.username }} password"
ansible.builtin.user:
name: "{{ account.username }}"
password: "{{ account.secret | password_hash('des') }}"
update_password: always
ignore_errors: true
when: account.secret_type == "password"
- name: "Get home directory for {{ account.username }}"
ansible.builtin.shell: "getent passwd {{ account.username }} | cut -d: -f6"
register: home_dir
when: account.secret_type == "ssh_key"
ignore_errors: yes
- name: "Check if home directory exists for {{ account.username }}"
ansible.builtin.stat:
path: "{{ home_dir.stdout.strip() }}"
register: home_dir_stat
when: account.secret_type == "ssh_key"
ignore_errors: yes
- name: "Ensure {{ account.username }} home directory exists"
ansible.builtin.file:
path: "{{ home_dir.stdout.strip() }}"
state: directory
owner: "{{ account.username }}"
group: "{{ account.username }}"
mode: '0750'
when:
- account.secret_type == "ssh_key"
- home_dir_stat.stat.exists == false
ignore_errors: yes
- name: Remove jumpserver ssh key
ansible.builtin.lineinfile:
dest: "{{ home_dir.stdout.strip() }}/.ssh/authorized_keys"
regexp: "{{ ssh_params.regexp }}"
state: absent
when:
- account.secret_type == "ssh_key"
- ssh_params.strategy == "set_jms"
ignore_errors: yes
- name: "Change {{ account.username }} SSH key"
ansible.builtin.authorized_key:
user: "{{ account.username }}"
key: "{{ account.secret }}"
exclusive: "{{ ssh_params.exclusive }}"
when: account.secret_type == "ssh_key"
- name: Refresh connection
ansible.builtin.meta: reset_connection
@@ -79,7 +93,7 @@
login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
become: "{{ account.become.ansible_become | default(False) }}"
become_method: su
become_user: "{{ account.become.ansible_user | default('') }}"
@@ -95,7 +109,7 @@
login_port: "{{ jms_asset.port }}"
login_user: "{{ account.username }}"
login_private_key_path: "{{ account.private_key_path }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
when: account.secret_type == "ssh_key"
delegate_to: localhost

31
apps/accounts/automations/push_account/host/aix/manifest.yml
View File

@@ -5,6 +5,12 @@ type:
- AIX
method: push_account
params:
- name: modify_sudo
type: bool
label: "{{ 'Modify sudo label' | trans }}"
default: False
help_text: "{{ 'Modify params sudo help text' | trans }}"
- name: sudo
type: str
label: 'Sudo'
@@ -28,12 +34,23 @@ params:
default: ''
help_text: "{{ 'Params groups help text' | trans }}"
- name: uid
type: str
label: "{{ 'Params uid label' | trans }}"
default: ''
help_text: "{{ 'Params uid help text' | trans }}"
i18n:
Aix account push:
zh: '使用 Ansible 模块 user 执行 Aix 账号推送 (DES)'
ja: 'Ansible user モジュールを使用して Aix アカウントをプッシュする (DES)'
en: 'Using Ansible module user to push account (DES)'
Modify params sudo help text:
zh: '如果用户存在可以修改sudo权限'
ja: 'ユーザーが存在する場合、sudo権限を変更できます'
en: 'If the user exists, sudo permissions can be modified'
Params sudo help text:
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
@@ -49,6 +66,16 @@ i18n:
ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)'
en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)'
Params uid help text:
zh: '请输入用户ID'
ja: 'ユーザーIDを入力してください'
en: 'Please enter the user ID'
Modify sudo label:
zh: '修改 sudo 权限'
ja: 'sudo 権限を変更'
en: 'Modify sudo'
Params home label:
zh: '家目录'
ja: 'ホームディレクトリ'
@@ -59,3 +86,7 @@ i18n:
ja: 'グループ'
en: 'Groups'
Params uid label:
zh: '用户ID'
ja: 'ユーザーID'
en: 'User ID'

102
apps/accounts/automations/push_account/host/posix/main.yml
View File

@@ -14,51 +14,15 @@
- name: "Add {{ account.username }} user"
ansible.builtin.user:
name: "{{ account.username }}"
shell: "{{ params.shell }}"
home: "{{ params.home | default('/home/' + account.username, true) }}"
groups: "{{ params.groups }}"
uid: "{{ params.uid | int if params.uid | length > 0 else omit }}"
shell: "{{ params.shell if params.shell | length > 0 else omit }}"
home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}"
groups: "{{ params.groups if params.groups | length > 0 else omit }}"
append: yes
expires: -1
state: present
when: user_info.failed
- name: "Add {{ account.username }} group"
ansible.builtin.group:
name: "{{ account.username }}"
state: present
when: user_info.failed
- name: "Add {{ account.username }} user to group"
ansible.builtin.user:
name: "{{ account.username }}"
groups: "{{ params.groups }}"
when:
- user_info.failed
- params.groups
- name: "Change {{ account.username }} password"
ansible.builtin.user:
name: "{{ account.username }}"
password: "{{ account.secret | password_hash('sha512') }}"
update_password: always
ignore_errors: true
when: account.secret_type == "password"
- name: remove jumpserver ssh key
ansible.builtin.lineinfile:
dest: "{{ ssh_params.dest }}"
regexp: "{{ ssh_params.regexp }}"
state: absent
when:
- account.secret_type == "ssh_key"
- ssh_params.strategy == "set_jms"
- name: "Change {{ account.username }} SSH key"
ansible.builtin.authorized_key:
user: "{{ account.username }}"
key: "{{ account.secret }}"
exclusive: "{{ ssh_params.exclusive }}"
when: account.secret_type == "ssh_key"
- name: "Set {{ account.username }} sudo setting"
ansible.builtin.lineinfile:
dest: /etc/sudoers
@@ -67,9 +31,59 @@
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
validate: visudo -cf %s
when:
- user_info.failed
- user_info.failed or params.modify_sudo
- params.sudo
- name: "Change {{ account.username }} password"
ansible.builtin.user:
name: "{{ account.username }}"
password: "{{ account.secret | password_hash('sha512') }}"
update_password: always
ignore_errors: true
when: account.secret_type == "password"
- name: "Get home directory for {{ account.username }}"
ansible.builtin.shell: "getent passwd {{ account.username }} | cut -d: -f6"
register: home_dir
when: account.secret_type == "ssh_key"
ignore_errors: yes
- name: "Check if home directory exists for {{ account.username }}"
ansible.builtin.stat:
path: "{{ home_dir.stdout.strip() }}"
register: home_dir_stat
when: account.secret_type == "ssh_key"
ignore_errors: yes
- name: "Ensure {{ account.username }} home directory exists"
ansible.builtin.file:
path: "{{ home_dir.stdout.strip() }}"
state: directory
owner: "{{ account.username }}"
group: "{{ account.username }}"
mode: '0750'
when:
- account.secret_type == "ssh_key"
- home_dir_stat.stat.exists == false
ignore_errors: yes
- name: Remove jumpserver ssh key
ansible.builtin.lineinfile:
dest: "{{ home_dir.stdout.strip() }}/.ssh/authorized_keys"
regexp: "{{ ssh_params.regexp }}"
state: absent
when:
- account.secret_type == "ssh_key"
- ssh_params.strategy == "set_jms"
ignore_errors: yes
- name: "Change {{ account.username }} SSH key"
ansible.builtin.authorized_key:
user: "{{ account.username }}"
key: "{{ account.secret }}"
exclusive: "{{ ssh_params.exclusive }}"
when: account.secret_type == "ssh_key"
- name: Refresh connection
ansible.builtin.meta: reset_connection
@@ -79,7 +93,7 @@
login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
become: "{{ account.become.ansible_become | default(False) }}"
become_method: su
become_user: "{{ account.become.ansible_user | default('') }}"
@@ -95,7 +109,7 @@
login_port: "{{ jms_asset.port }}"
login_user: "{{ account.username }}"
login_private_key_path: "{{ account.private_key_path }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
when: account.secret_type == "ssh_key"
delegate_to: localhost

34
apps/accounts/automations/push_account/host/posix/manifest.yml
View File

@@ -6,6 +6,12 @@ type:
- linux
method: push_account
params:
- name: modify_sudo
type: bool
label: "{{ 'Modify sudo label' | trans }}"
default: False
help_text: "{{ 'Modify params sudo help text' | trans }}"
- name: sudo
type: str
label: 'Sudo'
@@ -30,12 +36,23 @@ params:
default: ''
help_text: "{{ 'Params groups help text' | trans }}"
- name: uid
type: str
label: "{{ 'Params uid label' | trans }}"
default: ''
help_text: "{{ 'Params uid help text' | trans }}"
i18n:
Posix account push:
zh: '使用 Ansible 模块 user 执行账号推送 (sha512)'
ja: 'Ansible user モジュールを使用してアカウントをプッシュする (sha512)'
en: 'Using Ansible module user to push account (sha512)'
Modify params sudo help text:
zh: '如果用户存在可以修改sudo权限'
ja: 'ユーザーが存在する場合、sudo権限を変更できます'
en: 'If the user exists, sudo permissions can be modified'
Params sudo help text:
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
@@ -51,6 +68,16 @@ i18n:
ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)'
en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)'
Params uid help text:
zh: '请输入用户ID'
ja: 'ユーザーIDを入力してください'
en: 'Please enter the user ID'
Modify sudo label:
zh: '修改 sudo 权限'
ja: 'sudo 権限を変更'
en: 'Modify sudo'
Params home label:
zh: '家目录'
ja: 'ホームディレクトリ'
@@ -59,4 +86,9 @@ i18n:
Params groups label:
zh: '用户组'
ja: 'グループ'
en: 'Groups'
en: 'Groups'
Params uid label:
zh: '用户ID'
ja: 'ユーザーID'
en: 'User ID'

4
apps/accounts/automations/push_account/host/windows_rdp_verify/main.yml
View File

@@ -25,11 +25,11 @@
- name: Verify password (pyfreerdp)
rdp_ping:
login_host: "{{ jms_asset.address }}"
login_host: "{{ jms_asset.origin_address }}"
login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'rdp') | map(attribute='port') | first }}"
login_user: "{{ account.username }}"
login_password: "{{ account.secret }}"
login_secret_type: "{{ account.secret_type }}"
login_private_key_path: "{{ account.private_key_path }}"
gateway_args: "{{ jms_gateway | default(None) }}"
when: account.secret_type == "password"
delegate_to: localhost

9
apps/accounts/automations/remove_account/database/mysql/main.yml
View File

@@ -3,6 +3,9 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: "Remove account"
@@ -12,8 +15,8 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
name: "{{ account.username }}"
state: absent

8
apps/accounts/automations/remove_account/database/postgresql/main.yml
View File

@@ -2,6 +2,10 @@
gather_facts: no
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: "Remove account"
@@ -12,4 +16,8 @@
login_port: "{{ jms_asset.port }}"
db: "{{ jms_asset.spec_info.db_name }}"
name: "{{ account.username }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
state: absent

1
apps/accounts/automations/verify_account/custom/rdp/main.yml
View File

@@ -13,4 +13,3 @@
login_user: "{{ account.username }}"
login_password: "{{ account.secret }}"
login_secret_type: "{{ account.secret_type }}"
login_private_key_path: "{{ account.private_key_path }}"

9
apps/accounts/automations/verify_account/database/mysql/main.yml
View File

@@ -3,6 +3,9 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Verify account
@@ -12,7 +15,7 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
filter: version

8
apps/accounts/automations/verify_account/database/postgresql/main.yml
View File

@@ -2,6 +2,10 @@
gather_facts: no
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Verify account
@@ -11,5 +15,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: result
failed_when: not result.is_available

4
apps/accounts/automations/verify_gateway_account/manager.py
View File

@@ -1,3 +1,5 @@
from django.utils.translation import gettext_lazy as _
from accounts.const import AutomationTypes
from assets.automations.ping_gateway.manager import PingGatewayManager
from common.utils import get_logger
@@ -13,7 +15,7 @@ class VerifyGatewayAccountManager(PingGatewayManager):
@staticmethod
def before_runner_start():
logger.info(">>> 开始执行测试网关账号可连接性任务")
logger.info(_(">>> Start executing the task to test gateway account connectivity"))
def get_accounts(self, gateway):
account_ids = self.execution.snapshot['accounts']

73
apps/accounts/migrations/0001_initial.py
View File

@@ -10,7 +10,6 @@ import common.db.fields
class Migration(migrations.Migration):
initial = True
dependencies = [
@@ -26,13 +25,19 @@ class Migration(migrations.Migration):
('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('connectivity', models.CharField(choices=[('-', 'Unknown'), ('ok', 'OK'), ('err', 'Error')], default='-', max_length=16, verbose_name='Connectivity')),
('org_id',
models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('connectivity',
models.CharField(choices=[('-', 'Unknown'), ('ok', 'OK'), ('err', 'Error')], default='-',
max_length=16, verbose_name='Connectivity')),
('date_verified', models.DateTimeField(null=True, verbose_name='Date verified')),
('_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
('name', models.CharField(max_length=128, verbose_name='Name')),
('username', models.CharField(blank=True, db_index=True, max_length=128, verbose_name='Username')),
('secret_type', models.CharField(choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'), ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16, verbose_name='Secret type')),
('secret_type', models.CharField(
choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'),
('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16,
verbose_name='Secret type')),
('privileged', models.BooleanField(default=False, verbose_name='Privileged')),
('is_active', models.BooleanField(default=True, verbose_name='Is active')),
('version', models.IntegerField(default=0, verbose_name='Version')),
@@ -41,7 +46,11 @@ class Migration(migrations.Migration):
],
options={
'verbose_name': 'Account',
'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account'), ('remove_account', 'Can remove account')],
'permissions': [('view_accountsecret', 'Can view asset account secret'),
('view_historyaccount', 'Can view asset history account'),
('view_historyaccountsecret', 'Can view asset history account secret'),
('verify_account', 'Can verify account'), ('push_account', 'Can push account'),
('remove_account', 'Can remove account')],
},
),
migrations.CreateModel(
@@ -53,16 +62,21 @@ class Migration(migrations.Migration):
('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('org_id',
models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('name', models.CharField(max_length=128, verbose_name='Name')),
('is_periodic', models.BooleanField(default=False, verbose_name='Periodic run')),
('interval', models.IntegerField(blank=True, default=24, null=True, verbose_name='Interval')),
('crontab', models.CharField(blank=True, max_length=128, null=True, verbose_name='Crontab')),
('types', models.JSONField(default=list)),
('backup_type', models.CharField(choices=[('email', 'Email'), ('object_storage', 'SFTP')], default='email', max_length=128, verbose_name='Backup type')),
('backup_type',
models.CharField(choices=[('email', 'Email'), ('object_storage', 'SFTP')], default='email',
max_length=128, verbose_name='Backup type')),
('is_password_divided_by_email', models.BooleanField(default=True, verbose_name='Password divided')),
('is_password_divided_by_obj_storage', models.BooleanField(default=True, verbose_name='Password divided')),
('zip_encrypt_password', common.db.fields.EncryptCharField(blank=True, max_length=4096, null=True, verbose_name='Zip encrypt password')),
('is_password_divided_by_obj_storage',
models.BooleanField(default=True, verbose_name='Password divided')),
('zip_encrypt_password', common.db.fields.EncryptCharField(blank=True, max_length=4096, null=True,
verbose_name='Zip encrypt password')),
],
options={
'verbose_name': 'Account backup plan',
@@ -72,12 +86,16 @@ class Migration(migrations.Migration):
migrations.CreateModel(
name='AccountBackupExecution',
fields=[
('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('org_id',
models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
('date_start', models.DateTimeField(auto_now_add=True, verbose_name='Date start')),
('timedelta', models.FloatField(default=0.0, null=True, verbose_name='Time')),
('snapshot', models.JSONField(blank=True, default=dict, encoder=common.db.encoder.ModelJSONFieldEncoder, null=True, verbose_name='Account backup snapshot')),
('trigger', models.CharField(choices=[('manual', 'Manual trigger'), ('timing', 'Timing trigger')], default='manual', max_length=128, verbose_name='Trigger mode')),
('snapshot',
models.JSONField(blank=True, default=dict, encoder=common.db.encoder.ModelJSONFieldEncoder, null=True,
verbose_name='Account backup snapshot')),
('trigger', models.CharField(choices=[('manual', 'Manual trigger'), ('timing', 'Timing trigger')],
default='manual', max_length=128, verbose_name='Trigger mode')),
('reason', models.CharField(blank=True, max_length=1024, null=True, verbose_name='Reason')),
('is_success', models.BooleanField(default=False, verbose_name='Is success')),
],
@@ -95,13 +113,19 @@ class Migration(migrations.Migration):
('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('org_id',
models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
('secret_strategy', models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')], default='specific', max_length=16, verbose_name='Secret strategy')),
('secret_strategy',
models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')],
default='specific', max_length=16, verbose_name='Secret strategy')),
('password_rules', models.JSONField(default=dict, verbose_name='Password rules')),
('name', models.CharField(max_length=128, verbose_name='Name')),
('username', models.CharField(blank=True, db_index=True, max_length=128, verbose_name='Username')),
('secret_type', models.CharField(choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'), ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16, verbose_name='Secret type')),
('secret_type', models.CharField(
choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'),
('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16,
verbose_name='Secret type')),
('privileged', models.BooleanField(default=False, verbose_name='Privileged')),
('is_active', models.BooleanField(default=True, verbose_name='Is active')),
('auto_push', models.BooleanField(default=False, verbose_name='Auto push')),
@@ -142,7 +166,8 @@ class Migration(migrations.Migration):
('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('org_id',
models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('present', models.BooleanField(default=True, verbose_name='Present')),
('date_last_login', models.DateTimeField(null=True, verbose_name='Date login')),
('username', models.CharField(blank=True, db_index=True, max_length=32, verbose_name='Username')),
@@ -158,12 +183,16 @@ class Migration(migrations.Migration):
fields=[
('id', models.UUIDField(db_index=True, default=uuid.uuid4)),
('_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
('secret_type', models.CharField(choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'), ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16, verbose_name='Secret type')),
('secret_type', models.CharField(
choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'),
('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16,
verbose_name='Secret type')),
('version', models.IntegerField(default=0, verbose_name='Version')),
('history_id', models.AutoField(primary_key=True, serialize=False)),
('history_date', models.DateTimeField(db_index=True)),
('history_change_reason', models.CharField(max_length=100, null=True)),
('history_type', models.CharField(choices=[('+', 'Created'), ('~', 'Changed'), ('-', 'Deleted')], max_length=1)),
('history_type',
models.CharField(choices=[('+', 'Created'), ('~', 'Changed'), ('-', 'Deleted')], max_length=1)),
],
options={
'verbose_name': 'historical Account',
@@ -181,9 +210,13 @@ class Migration(migrations.Migration):
('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('alias', models.CharField(choices=[('@INPUT', 'Manual input'), ('@USER', 'Dynamic user'), ('@ANON', 'Anonymous account'), ('@SPEC', 'Specified account')], max_length=128, verbose_name='Alias')),
('org_id',
models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
('alias', models.CharField(
choices=[('@INPUT', 'Manual input'), ('@USER', 'Dynamic user'), ('@ANON', 'Anonymous account'),
('@SPEC', 'Specified account')], max_length=128, verbose_name='Alias')),
('secret_from_login', models.BooleanField(default=None, null=True, verbose_name='Secret from login')),
],
options={'verbose_name': 'Virtual account'},
),
]

30
apps/accounts/migrations/0004_alter_changesecretrecord_account_and_more.py Normal file
View File

@@ -0,0 +1,30 @@
# Generated by Django 4.1.13 on 2024-08-26 09:05
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('assets', '0005_myasset'),
('accounts', '0003_automation'),
]
operations = [
migrations.AlterField(
model_name='changesecretrecord',
name='account',
field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='accounts.account'),
),
migrations.AlterField(
model_name='changesecretrecord',
name='asset',
field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='assets.asset'),
),
migrations.AlterField(
model_name='changesecretrecord',
name='execution',
field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='accounts.automationexecution'),
),
]

6
apps/accounts/models/account.py
View File

@@ -53,7 +53,8 @@ class Account(AbsConnectivity, LabeledMixin, BaseAccount):
on_delete=models.SET_NULL, verbose_name=_("Su from")
)
version = models.IntegerField(default=0, verbose_name=_('Version'))
history = AccountHistoricalRecords(included_fields=['id', '_secret', 'secret_type', 'version'])
history = AccountHistoricalRecords(included_fields=['id', '_secret', 'secret_type', 'version'],
verbose_name=_("historical Account"))
source = models.CharField(max_length=30, default=Source.LOCAL, verbose_name=_('Source'))
source_id = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('Source ID'))
@@ -119,7 +120,8 @@ class Account(AbsConnectivity, LabeledMixin, BaseAccount):
return auth
auth.update(self.make_account_ansible_vars(su_from))
become_method = platform.su_method if platform.su_method else 'sudo'
become_method = platform.ansible_become_method
password = su_from.secret if become_method == 'sudo' else self.secret
auth['ansible_become'] = True
auth['ansible_become_method'] = become_method

11
apps/accounts/models/automations/change_secret.py
View File

@@ -33,16 +33,15 @@ class ChangeSecretAutomation(ChangeSecretMixin, AccountBaseAutomation):
class ChangeSecretRecord(JMSBaseModel):
execution = models.ForeignKey('accounts.AutomationExecution', on_delete=models.CASCADE)
asset = models.ForeignKey('assets.Asset', on_delete=models.CASCADE, null=True)
account = models.ForeignKey('accounts.Account', on_delete=models.CASCADE, null=True)
execution = models.ForeignKey('accounts.AutomationExecution', on_delete=models.SET_NULL, null=True)
asset = models.ForeignKey('assets.Asset', on_delete=models.SET_NULL, null=True)
account = models.ForeignKey('accounts.Account', on_delete=models.SET_NULL, null=True)
old_secret = fields.EncryptTextField(blank=True, null=True, verbose_name=_('Old secret'))
new_secret = fields.EncryptTextField(blank=True, null=True, verbose_name=_('New secret'))
date_started = models.DateTimeField(blank=True, null=True, verbose_name=_('Date started'))
date_finished = models.DateTimeField(blank=True, null=True, verbose_name=_('Date finished'))
status = models.CharField(
max_length=16, verbose_name=_('Status'),
default=ChangeSecretRecordStatusChoice.pending.value
max_length=16, verbose_name=_('Status'), default=ChangeSecretRecordStatusChoice.pending.value
)
error = models.TextField(blank=True, null=True, verbose_name=_('Error'))
@@ -51,4 +50,4 @@ class ChangeSecretRecord(JMSBaseModel):
verbose_name = _("Change secret record")
def __str__(self):
return self.account.__str__()
return f'{self.account.username}@{self.asset}'

46
apps/accounts/serializers/account/account.py
View File

@@ -81,21 +81,28 @@ class AccountCreateUpdateSerializerMixin(serializers.Serializer):
@staticmethod
def get_template_attr_for_account(template):
# Set initial data from template
field_names = [
'name', 'username', 'secret', 'push_params',
'secret_type', 'privileged', 'is_active'
'name', 'username',
'secret_type', 'secret',
'privileged', 'is_active'
]
field_map = {
'push_params': 'params',
'auto_push': 'push_now'
}
field_names.extend(field_map.keys())
attrs = {}
for name in field_names:
value = getattr(template, name, None)
if value is None:
continue
if name == 'push_params':
attrs['params'] = value
else:
attrs[name] = value
attr_name = field_map.get(name, name)
attrs[attr_name] = value
attrs['secret'] = template.get_secret()
return attrs
@@ -171,14 +178,15 @@ class AccountCreateUpdateSerializerMixin(serializers.Serializer):
instance.save()
return instance, 'updated'
else:
raise serializers.ValidationError('Account already exists')
raise serializers.ValidationError(_('Account already exists'))
def create(self, validated_data):
push_now = validated_data.pop('push_now', None)
params = validated_data.pop('params', None)
self.clean_auth_fields(validated_data)
instance, stat = self.do_create(validated_data)
self.push_account_if_need(instance, push_now, params, stat)
if instance.source == Source.LOCAL:
self.push_account_if_need(instance, push_now, params, stat)
return instance
def update(self, instance, validated_data):
@@ -239,6 +247,7 @@ class AccountSerializer(AccountCreateUpdateSerializerMixin, BaseAccountSerialize
'name': {'required': False},
'source_id': {'required': False, 'allow_null': True},
}
fields_unimport_template = ['params']
@classmethod
def setup_eager_loading(cls, queryset):
@@ -280,8 +289,8 @@ class AssetAccountBulkSerializer(
fields = [
'name', 'username', 'secret', 'secret_type', 'passphrase',
'privileged', 'is_active', 'comment', 'template',
'on_invalid', 'push_now', 'assets', 'su_from_username',
'source', 'source_id',
'on_invalid', 'push_now', 'params', 'assets',
'su_from_username', 'source', 'source_id',
]
extra_kwargs = {
'name': {'required': False},
@@ -419,16 +428,23 @@ class AssetAccountBulkSerializer(
return results
@staticmethod
def push_accounts_if_need(results, push_now):
def push_accounts_if_need(results, push_now, params):
if not push_now:
return
accounts = [str(v['instance']) for v in results if v.get('instance')]
push_accounts_to_assets_task.delay(accounts)
account_ids = [v['instance'] for v in results if v.get('instance')]
accounts = Account.objects.filter(id__in=account_ids, source=Source.LOCAL)
if not accounts.exists():
return
account_ids = [str(_id) for _id in accounts.values_list('id', flat=True)]
push_accounts_to_assets_task.delay(account_ids, params)
def create(self, validated_data):
params = validated_data.pop('params', None)
push_now = validated_data.pop('push_now', False)
results = self.perform_bulk_create(validated_data)
self.push_accounts_if_need(results, push_now)
self.push_accounts_if_need(results, push_now, params)
for res in results:
res['asset'] = str(res['asset'])
return results

13
apps/accounts/serializers/account/template.py
View File

@@ -10,7 +10,7 @@ from .base import BaseAccountSerializer
class PasswordRulesSerializer(serializers.Serializer):
length = serializers.IntegerField(min_value=8, max_value=30, default=16, label=_('Password length'))
length = serializers.IntegerField(min_value=8, max_value=36, default=16, label=_('Password length'))
lowercase = serializers.BooleanField(default=True, label=_('Lowercase'))
uppercase = serializers.BooleanField(default=True, label=_('Uppercase'))
digit = serializers.BooleanField(default=True, label=_('Digit'))
@@ -19,6 +19,16 @@ class PasswordRulesSerializer(serializers.Serializer):
default='', allow_blank=True, max_length=16, label=_('Exclude symbol')
)
@staticmethod
def get_render_help_text():
return _("""length is the length of the password, and the range is 8 to 30.
lowercase indicates whether the password contains lowercase letters,
uppercase indicates whether it contains uppercase letters,
digit indicates whether it contains numbers, and symbol indicates whether it contains special symbols.
exclude_symbols is used to exclude specific symbols. You can fill in the symbol characters to be excluded (up to 16).
If you do not need to exclude symbols, you can leave it blank.
default: {"length": 16, "lowercase": true, "uppercase": true, "digit": true, "symbol": true, "exclude_symbols": ""}""")
class AccountTemplateSerializer(BaseAccountSerializer):
password_rules = PasswordRulesSerializer(required=False, label=_('Password rules'))
@@ -46,6 +56,7 @@ class AccountTemplateSerializer(BaseAccountSerializer):
'required': False
},
}
fields_unimport_template = ['push_params']
@staticmethod
def generate_secret(attrs):

13
apps/accounts/serializers/automations/change_secret.py
View File

@@ -75,19 +75,6 @@ class ChangeSecretAutomationSerializer(AuthValidateMixin, BaseAutomationSerializ
if self.initial_data.get('secret_strategy') == SecretStrategy.custom:
return password_rules
length = password_rules.get('length')
try:
length = int(length)
except Exception as e:
logger.error(e)
msg = _("* Please enter the correct password length")
raise serializers.ValidationError(msg)
if length < 6 or length > 30:
msg = _('* Password length range 6-30 bits')
raise serializers.ValidationError(msg)
return password_rules
def validate(self, attrs):

5
apps/accounts/signal_handlers.py
View File

@@ -6,6 +6,7 @@ from django.dispatch import receiver
from django.utils.translation import gettext_noop
from accounts.backends import vault_client
from accounts.const import Source
from audits.const import ActivityChoices
from audits.signal_handlers import create_activities
from common.decorators import merge_delay_run
@@ -32,7 +33,7 @@ def push_accounts_if_need(accounts=()):
template_accounts = defaultdict(list)
for ac in accounts:
# 再强调一次吧
if ac.source != 'template':
if ac.source != Source.TEMPLATE:
continue
template_accounts[ac.source_id].append(ac)
@@ -61,7 +62,7 @@ def create_accounts_activities(account, action='create'):
@receiver(post_save, sender=Account)
def on_account_create_by_template(sender, instance, created=False, **kwargs):
if not created or instance.source != 'template':
if not created or instance.source != Source.TEMPLATE:
return
push_accounts_if_need.delay(accounts=(instance,))
create_accounts_activities(instance, action='create')

56
apps/accounts/tasks/automation.py
View File

@@ -1,9 +1,15 @@
import datetime
from celery import shared_task
from django.db.models import Q
from django.utils import timezone
from django.utils.translation import gettext_lazy as _, gettext_noop
from accounts.const import AutomationTypes
from accounts.tasks.common import quickstart_automation_by_snapshot
from common.utils import get_logger, get_object_or_none
from common.const.crontab import CRONTAB_AT_AM_THREE
from common.utils import get_logger, get_object_or_none, get_log_keep_day
from ops.celery.decorator import register_as_period_task
from orgs.utils import tmp_to_org, tmp_to_root_org
logger = get_logger(__file__)
@@ -22,8 +28,14 @@ def task_activity_callback(self, pid, trigger, tp, *args, **kwargs):
@shared_task(
queue='ansible', verbose_name=_('Account execute automation'),
activity_callback=task_activity_callback
queue='ansible',
verbose_name=_('Account execute automation'),
activity_callback=task_activity_callback,
description=_(
"""Unified execution entry for account automation tasks: when the system performs tasks
such as account push, password change, account verification, account collection,
and gateway account verification, all tasks are executed through this unified entry"""
)
)
def execute_account_automation_task(pid, trigger, tp):
model = AutomationTypes.get_type_model(tp)
@@ -48,8 +60,12 @@ def record_task_activity_callback(self, record_ids, *args, **kwargs):
@shared_task(
queue='ansible', verbose_name=_('Execute automation record'),
activity_callback=record_task_activity_callback
queue='ansible',
verbose_name=_('Execute automation record'),
activity_callback=record_task_activity_callback,
description=_(
"""When manually executing password change records, this task is used"""
)
)
def execute_automation_record_task(record_ids, tp):
from accounts.models import ChangeSecretRecord
@@ -74,3 +90,33 @@ def execute_automation_record_task(record_ids, tp):
}
with tmp_to_org(record.execution.org_id):
quickstart_automation_by_snapshot(task_name, tp, task_snapshot)
@shared_task(
verbose_name=_('Clean change secret and push record period'),
description=_(
"""The system will periodically clean up unnecessary password change and push records,
including their associated change tasks, execution logs, assets, and accounts. When any
of these associated items are deleted, the corresponding password change and push records
become invalid. Therefore, to maintain a clean and efficient database, the system will
clean up expired records at 2 a.m daily, based on the interval specified by
PERM_EXPIRED_CHECK_PERIODIC in the config.txt configuration file. This periodic cleanup
mechanism helps free up storage space and enhances the security and overall performance
of data management"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_THREE)
def clean_change_secret_and_push_record_period():
from accounts.models import ChangeSecretRecord
print('Start clean change secret and push record period')
with tmp_to_root_org():
now = timezone.now()
days = get_log_keep_day('ACCOUNT_CHANGE_SECRET_RECORD_KEEP_DAYS')
expired_day = now - datetime.timedelta(days=days)
records = ChangeSecretRecord.objects.filter(
date_updated__lt=expired_day
).filter(
Q(execution__isnull=True) | Q(asset__isnull=True) | Q(account__isnull=True)
)
records.delete()

8
apps/accounts/tasks/backup_account.py
View File

@@ -22,7 +22,13 @@ def task_activity_callback(self, pid, trigger, *args, **kwargs):
return resource_ids, org_id
@shared_task(verbose_name=_('Execute account backup plan'), activity_callback=task_activity_callback)
@shared_task(
verbose_name=_('Execute account backup plan'),
activity_callback=task_activity_callback,
description=_(
"When performing scheduled or manual account backups, this task is used"
)
)
def execute_account_backup_task(pid, trigger, **kwargs):
from accounts.models import AccountBackupAutomation
with tmp_to_root_org():

6
apps/accounts/tasks/gather_accounts.py
View File

@@ -26,8 +26,10 @@ def gather_asset_accounts_util(nodes, task_name):
@shared_task(
queue="ansible", verbose_name=_('Gather asset accounts'),
activity_callback=lambda self, node_ids, task_name=None, *args, **kwargs: (node_ids, None)
queue="ansible",
verbose_name=_('Gather asset accounts'),
activity_callback=lambda self, node_ids, task_name=None, *args, **kwargs: (node_ids, None),
description=_("Unused")
)
def gather_asset_accounts_task(node_ids, task_name=None):
if task_name is None:

8
apps/accounts/tasks/push_account.py
View File

@@ -12,8 +12,12 @@ __all__ = [
@shared_task(
queue="ansible", verbose_name=_('Push accounts to assets'),
activity_callback=lambda self, account_ids, *args, **kwargs: (account_ids, None)
queue="ansible",
verbose_name=_('Push accounts to assets'),
activity_callback=lambda self, account_ids, *args, **kwargs: (account_ids, None),
description=_(
"When creating or modifying an account requires account push, this task is executed"
)
)
def push_accounts_to_assets_task(account_ids, params=None):
from accounts.models import PushAccountAutomation

19
apps/accounts/tasks/remove_account.py
View File

@@ -21,8 +21,13 @@ __all__ = ['remove_accounts_task']
@shared_task(
queue="ansible", verbose_name=_('Remove account'),
activity_callback=lambda self, gather_account_ids, *args, **kwargs: (gather_account_ids, None)
queue="ansible",
verbose_name=_('Remove account'),
activity_callback=lambda self, gather_account_ids, *args, **kwargs: (gather_account_ids, None),
description=_(
"""When clicking "Sync deletion" in 'Console - Gather Account - Gathered accounts' this
task will be executed"""
)
)
def remove_accounts_task(gather_account_ids):
from accounts.models import GatheredAccount
@@ -41,7 +46,15 @@ def remove_accounts_task(gather_account_ids):
quickstart_automation_by_snapshot(task_name, tp, task_snapshot)
@shared_task(verbose_name=_('Clean historical accounts'))
@shared_task(
verbose_name=_('Clean historical accounts'),
description=_(
"""Each time an asset account is updated, a historical account is generated, so it is
necessary to clean up the asset account history. The system will clean up excess account
records at 2 a.m. daily based on the configuration in the "System settings - Features -
Account storage - Record limit"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)
@tmp_to_root_org()
def clean_historical_accounts():

6
apps/accounts/tasks/template.py
View File

@@ -9,7 +9,11 @@ from orgs.utils import tmp_to_root_org, tmp_to_org
@shared_task(
verbose_name=_('Template sync info to related accounts'),
activity_callback=lambda self, template_id, *args, **kwargs: (template_id, None)
activity_callback=lambda self, template_id, *args, **kwargs: (template_id, None),
description=_(
"""When clicking 'Sync new secret to accounts' in 'Console - Account - Templates -
Accounts' this task will be executed"""
)
)
def template_sync_related_accounts(template_id, user_id=None):
from accounts.models import Account, AccountTemplate

7
apps/accounts/tasks/vault.py
View File

@@ -28,7 +28,12 @@ def sync_instance(instance):
return "succeeded", msg
@shared_task(verbose_name=_('Sync secret to vault'))
@shared_task(
verbose_name=_('Sync secret to vault'),
description=_(
"When clicking 'Sync' in 'System Settings - Features - Account Storage' this task will be executed"
)
)
def sync_secret_to_vault():
if not vault_client.enabled:
# 这里不能判断 settings.VAULT_ENABLED, 必须判断当前 vault_client 的类型

13
apps/accounts/tasks/verify_account.py
View File

@@ -4,7 +4,6 @@ from django.utils.translation import gettext_noop
from accounts.const import AutomationTypes
from accounts.tasks.common import quickstart_automation_by_snapshot
from assets.const import GATEWAY_NAME
from common.utils import get_logger
from orgs.utils import org_aware_func
@@ -32,13 +31,13 @@ def verify_accounts_connectivity_util(accounts, task_name):
asset_ids = [a.asset_id for a in accounts]
assets = Asset.objects.filter(id__in=asset_ids)
gateways = assets.filter(platform__name=GATEWAY_NAME)
gateways = assets.gateways()
verify_connectivity_util(
gateways, AutomationTypes.verify_gateway_account,
accounts, task_name
)
common_assets = assets.exclude(platform__name=GATEWAY_NAME)
common_assets = assets.gateways(0)
verify_connectivity_util(
common_assets, AutomationTypes.verify_account,
accounts, task_name
@@ -46,8 +45,12 @@ def verify_accounts_connectivity_util(accounts, task_name):
@shared_task(
queue="ansible", verbose_name=_('Verify asset account availability'),
activity_callback=lambda self, account_ids, *args, **kwargs: (account_ids, None)
queue="ansible",
verbose_name=_('Verify asset account availability'),
activity_callback=lambda self, account_ids, *args, **kwargs: (account_ids, None),
description=_(
"When clicking 'Test' in 'Console - Asset details - Accounts' this task will be executed"
)
)
def verify_accounts_connectivity_task(account_ids):
from accounts.models import Account, VerifyAccountAutomation

29
apps/accounts/templates/accounts/asset_account_change_info.html
View File

@@ -1,18 +1,29 @@
{% load i18n %}
<h3>{% trans 'Gather account change information' %}</h3>
<table style="width: 100%; border-collapse: collapse; max-width: 100%; text-align: left; margin-top: 20px;">
<h3></h3>
<table style="width: 100%; border-collapse: collapse; table-layout: fixed; text-align: left; margin-top: 20px;">
<caption></caption>
<tr style="background-color: #f2f2f2;">
<th style="border: 1px solid #ddd; padding: 10px;">{% trans 'Asset' %}</th>
<th style="border: 1px solid #ddd; padding: 10px;">{% trans 'Added account' %}</th>
<th style="border: 1px solid #ddd; padding: 10px;">{% trans 'Deleted account' %}</th>
<th style="border: 1px solid #ddd; padding: 15px; text-align: left; vertical-align: top; line-height: 1.5;">
{% trans 'Asset' %}
</th>
<th style="border: 1px solid #ddd; padding: 15px; text-align: left; vertical-align: top; line-height: 1.5;">
{% trans 'Added account' %}
</th>
<th style="border: 1px solid #ddd; padding: 15px; text-align: left; vertical-align: top; line-height: 1.5;">
{% trans 'Deleted account' %}
</th>
</tr>
{% for name, change in change_info.items %}
<tr style="{% cycle 'background-color: #ebf5ff;' 'background-color: #fff;' %}">
<td style="border: 1px solid #ddd; padding: 10px;">{{ name }}</td>
<td style="border: 1px solid #ddd; padding: 10px;">{{ change.add_usernames }}</td>
<td style="border: 1px solid #ddd; padding: 10px;">{{ change.remove_usernames }}</td>
<td style="border: 1px solid #ddd; padding: 10px; text-align: left; vertical-align: top;">
{{ name | safe }}
</td>
<td style="border: 1px solid #ddd; padding: 10px; text-align: left; vertical-align: top;">
{{ change.add_usernames | join:" " | safe }}
</td>
<td style="border: 1px solid #ddd; padding: 10px; text-align: left; vertical-align: top;">
{{ change.remove_usernames | join:" " | safe }}
</td>
</tr>
{% endfor %}
</table>

1
apps/acls/const.py
View File

@@ -8,3 +8,4 @@ class ActionChoices(models.TextChoices):
review = 'review', _('Review')
warning = 'warning', _('Warn')
notice = 'notice', _('Notify')
notify_and_warn = 'notify_and_warn', _('Notify and warn')

2
apps/acls/serializers/base.py
View File

@@ -62,7 +62,7 @@ class ActionAclSerializer(serializers.Serializer):
self.set_action_choices()
class Meta:
action_choices_exclude = [ActionChoices.warning]
action_choices_exclude = [ActionChoices.warning, ActionChoices.notify_and_warn]
def set_action_choices(self):
field_action = self.fields.get("action")

1
apps/assets/api/__init__.py
View File

@@ -7,3 +7,4 @@ from .node import *
from .platform import *
from .protocol import *
from .tree import *
from .my_asset import *

38
apps/assets/api/asset/asset.py
View File

@@ -2,10 +2,10 @@
#
from collections import defaultdict
import django_filters
from django.conf import settings
from django.shortcuts import get_object_or_404
from django.utils.translation import gettext as _
from django_filters import rest_framework as drf_filters
from rest_framework import status
from rest_framework.decorators import action
from rest_framework.response import Response
@@ -22,6 +22,7 @@ from common.drf.filters import BaseFilterSet, AttrRulesFilterBackend
from common.utils import get_logger, is_uuid
from orgs.mixins import generics
from orgs.mixins.api import OrgBulkModelViewSet
from ...const import GATEWAY_NAME
from ...notifications import BulkUpdatePlatformSkipAssetUserMsg
logger = get_logger(__file__)
@@ -32,31 +33,32 @@ __all__ = [
class AssetFilterSet(BaseFilterSet):
platform = django_filters.CharFilter(method='filter_platform')
exclude_platform = django_filters.CharFilter(field_name="platform__name", lookup_expr='exact', exclude=True)
domain = django_filters.CharFilter(method='filter_domain')
type = django_filters.CharFilter(field_name="platform__type", lookup_expr="exact")
category = django_filters.CharFilter(field_name="platform__category", lookup_expr="exact")
protocols = django_filters.CharFilter(method='filter_protocols')
domain_enabled = django_filters.BooleanFilter(
platform = drf_filters.CharFilter(method='filter_platform')
is_gateway = drf_filters.BooleanFilter(method='filter_is_gateway')
exclude_platform = drf_filters.CharFilter(field_name="platform__name", lookup_expr='exact', exclude=True)
domain = drf_filters.CharFilter(method='filter_domain')
type = drf_filters.CharFilter(field_name="platform__type", lookup_expr="exact")
category = drf_filters.CharFilter(field_name="platform__category", lookup_expr="exact")
protocols = drf_filters.CharFilter(method='filter_protocols')
domain_enabled = drf_filters.BooleanFilter(
field_name="platform__domain_enabled", lookup_expr="exact"
)
ping_enabled = django_filters.BooleanFilter(
ping_enabled = drf_filters.BooleanFilter(
field_name="platform__automation__ping_enabled", lookup_expr="exact"
)
gather_facts_enabled = django_filters.BooleanFilter(
gather_facts_enabled = drf_filters.BooleanFilter(
field_name="platform__automation__gather_facts_enabled", lookup_expr="exact"
)
change_secret_enabled = django_filters.BooleanFilter(
change_secret_enabled = drf_filters.BooleanFilter(
field_name="platform__automation__change_secret_enabled", lookup_expr="exact"
)
push_account_enabled = django_filters.BooleanFilter(
push_account_enabled = drf_filters.BooleanFilter(
field_name="platform__automation__push_account_enabled", lookup_expr="exact"
)
verify_account_enabled = django_filters.BooleanFilter(
verify_account_enabled = drf_filters.BooleanFilter(
field_name="platform__automation__verify_account_enabled", lookup_expr="exact"
)
gather_accounts_enabled = django_filters.BooleanFilter(
gather_accounts_enabled = drf_filters.BooleanFilter(
field_name="platform__automation__gather_accounts_enabled", lookup_expr="exact"
)
@@ -71,9 +73,16 @@ class AssetFilterSet(BaseFilterSet):
def filter_platform(queryset, name, value):
if value.isdigit():
return queryset.filter(platform_id=value)
elif value == GATEWAY_NAME:
return queryset.filter(platform__name__istartswith=GATEWAY_NAME)
else:
return queryset.filter(platform__name=value)
@staticmethod
def filter_is_gateway(queryset, name, value):
queryset = queryset.gateways(value)
return queryset
@staticmethod
def filter_domain(queryset, name, value):
if is_uuid(value):
@@ -298,6 +307,7 @@ class AssetsTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView):
def check_permissions(self, request):
action_perm_require = {
"refresh": "assets.refresh_assethardwareinfo",
"test": "assets.test_assetconnectivity",
}
_action = request.data.get("action")
perm_required = action_perm_require.get(_action)

3
apps/assets/api/mixin.py
View File

@@ -2,7 +2,7 @@ from typing import List
from rest_framework.request import Request
from assets.models import Node, Platform, Protocol
from assets.models import Node, Platform, Protocol, MyAsset
from assets.utils import get_node_from_request, is_query_node_all_assets
from common.utils import lazyproperty, timeit
@@ -82,6 +82,7 @@ class SerializeToTreeNodeMixin:
data = []
root_assets_count = 0
MyAsset.set_asset_custom_value(assets, self.request.user)
for asset in assets:
platform = platform_map.get(asset.platform_id)
if not platform:

13
apps/assets/api/my_asset.py Normal file
View File

@@ -0,0 +1,13 @@
# -*- coding: utf-8 -*-
#
from common.api import GenericViewSet
from rest_framework.mixins import CreateModelMixin
from common.permissions import IsValidUser
from ..serializers import MyAssetSerializer
__all__ = ['MyAssetViewSet']
class MyAssetViewSet(CreateModelMixin, GenericViewSet):
serializer_class = MyAssetSerializer
permission_classes = (IsValidUser,)

19
apps/assets/api/platform.py
View File

@@ -1,3 +1,5 @@
from django.db.models import Count
from django_filters import rest_framework as filters
from rest_framework import generics
from rest_framework import serializers
from rest_framework.decorators import action
@@ -5,7 +7,7 @@ from rest_framework.response import Response
from assets.const import AllTypes
from assets.models import Platform, Node, Asset, PlatformProtocol
from assets.serializers import PlatformSerializer, PlatformProtocolSerializer
from assets.serializers import PlatformSerializer, PlatformProtocolSerializer, PlatformListSerializer
from common.api import JMSModelViewSet
from common.permissions import IsValidUser
from common.serializers import GroupedChoiceSerializer
@@ -13,13 +15,22 @@ from common.serializers import GroupedChoiceSerializer
__all__ = ['AssetPlatformViewSet', 'PlatformAutomationMethodsApi', 'PlatformProtocolViewSet']
class PlatformFilter(filters.FilterSet):
name__startswith = filters.CharFilter(field_name='name', lookup_expr='istartswith')
class Meta:
model = Platform
fields = ['name', 'category', 'type']
class AssetPlatformViewSet(JMSModelViewSet):
queryset = Platform.objects.all()
serializer_classes = {
'default': PlatformSerializer,
'list': PlatformListSerializer,
'categories': GroupedChoiceSerializer,
}
filterset_fields = ['name', 'category', 'type']
filterset_class = PlatformFilter
search_fields = ['name']
ordering = ['-internal', 'name']
rbac_perms = {
@@ -31,8 +42,8 @@ class AssetPlatformViewSet(JMSModelViewSet):
def get_queryset(self):
# 因为没有走分页逻辑,所以需要这里 prefetch
queryset = super().get_queryset().prefetch_related(
'protocols', 'automation', 'labels', 'labels__label',
queryset = super().get_queryset().annotate(assets_amount=Count('assets')).prefetch_related(
'protocols', 'automation', 'labels', 'labels__label'
)
queryset = queryset.filter(type__in=AllTypes.get_types_values())
return queryset

18
apps/assets/api/tree.py
View File

@@ -39,16 +39,16 @@ class NodeChildrenApi(generics.ListCreateAPIView):
self.instance = self.get_object()
def perform_create(self, serializer):
data = serializer.validated_data
_id = data.get("id")
value = data.get("value")
if value:
children = self.instance.get_children()
if children.filter(value=value).exists():
raise JMSException(_('The same level node name cannot be the same'))
else:
value = self.instance.get_next_child_preset_name()
with NodeAddChildrenLock(self.instance):
data = serializer.validated_data
_id = data.get("id")
value = data.get("value")
if value:
children = self.instance.get_children()
if children.filter(value=value).exists():
raise JMSException(_('The same level node name cannot be the same'))
else:
value = self.instance.get_next_child_preset_name()
node = self.instance.create_child(value=value, _id=_id)
# 避免查询 full value
node._full_value = node.value

7
apps/assets/automations/base/manager.py
View File

@@ -113,11 +113,7 @@ class BasePlaybookManager:
if not data:
data = automation_params.get(method_id, {})
params = serializer(data).data
return {
field_name: automation_params.get(field_name, '')
if not params[field_name] else params[field_name]
for field_name in params
}
return params
@property
def platform_automation_methods(self):
@@ -174,6 +170,7 @@ class BasePlaybookManager:
result = self.write_cert_to_file(
os.path.join(cert_dir, f), specific.get(f)
)
os.chmod(result, 0o600)
host['jms_asset']['secret_info'][f] = result
return host

9
apps/assets/automations/gather_facts/database/mysql/main.yml
View File

@@ -3,6 +3,9 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Get info
@@ -12,9 +15,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
filter: version
register: db_info

8
apps/assets/automations/gather_facts/database/postgresql/main.yml
View File

@@ -2,6 +2,10 @@
gather_facts: no
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Get info
@@ -11,6 +15,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: db_info
- name: Define info by set_fact

7
apps/assets/automations/gather_facts/host/posix/main.yml
View File

@@ -12,7 +12,12 @@
cpu_cores: "{{ ansible_processor_cores }}"
cpu_vcpus: "{{ ansible_processor_vcpus }}"
memory: "{{ ansible_memtotal_mb / 1024 | round(2) }}"
disk_total: "{{ (ansible_mounts | map(attribute='size_total') | sum / 1024 / 1024 / 1024) | round(2) }}"
disk_total: |-
{% set ns = namespace(total=0) %}
{%- for name, dev in ansible_devices.items() if dev.removable == '0' and dev.host != '' -%}
{%- set ns.total = ns.total + ( dev.sectors | int * dev.sectorsize | int ) -%}
{%- endfor -%}
{{- (ns.total / 1024 / 1024 / 1024) | round(2) -}}
distribution: "{{ ansible_distribution }}"
distribution_version: "{{ ansible_distribution_version }}"
arch: "{{ ansible_architecture }}"

4
apps/assets/automations/gather_facts/host/windows/main.yml
View File

@@ -11,8 +11,10 @@
vendor: "{{ ansible_system_vendor }}"
model: "{{ ansible_product_name }}"
sn: "{{ ansible_product_serial }}"
cpu_count: "{{ ansible_processor_count }}"
cpu_cores: "{{ ansible_processor_cores }}"
cpu_vcpus: "{{ ansible_processor_vcpus }}"
memory: "{{ ansible_memtotal_mb }}"
memory: "{{ (ansible_memtotal_mb / 1024) | round(2) }}"
- debug:
var: info

1
apps/assets/automations/ping/custom/rdp/main.yml
View File

@@ -13,4 +13,3 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_secret_type: "{{ jms_account.secret_type }}"
login_private_key_path: "{{ jms_account.private_key_path }}"

9
apps/assets/automations/ping/database/mysql/main.yml
View File

@@ -3,6 +3,9 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Test MySQL connection
@@ -12,7 +15,7 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ check_ssl if check_ssl else omit }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
filter: version

8
apps/assets/automations/ping/database/postgresql/main.yml
View File

@@ -2,6 +2,10 @@
gather_facts: no
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
tasks:
- name: Test PostgreSQL connection
@@ -11,5 +15,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: result
failed_when: not result.is_available

2
apps/assets/automations/ping_gateway/manager.py
View File

@@ -115,7 +115,7 @@ class PingGatewayManager:
@staticmethod
def before_runner_start():
print(">>> 开始执行测试网关可连接性任务")
print(_(">>> Start executing the task to test gateway connectivity"))
def get_accounts(self, gateway):
account = gateway.select_account

2
apps/assets/const/__init__.py
View File

@@ -1,6 +1,8 @@
from .automation import *
from .base import *
from .category import *
from .database import *
from .host import *
from .platform import *
from .protocol import *
from .types import *

2
apps/assets/const/base.py
View File

@@ -112,7 +112,7 @@ class BaseType(TextChoices):
@classmethod
def get_choices(cls):
if not settings.XPACK_ENABLED:
if not settings.XPACK_LICENSE_IS_VALID:
choices = [(tp.value, tp.label) for tp in cls.get_community_types()]
else:
choices = cls.choices

12
apps/assets/const/database.py
View File

@@ -1,3 +1,5 @@
from django.db.models import TextChoices
from .base import BaseType
@@ -117,5 +119,13 @@ class DatabaseTypes(BaseType):
@classmethod
def get_community_types(cls):
return [
cls.MYSQL, cls.MARIADB, cls.MONGODB, cls.REDIS
cls.MYSQL, cls.MARIADB, cls.POSTGRESQL,
cls.MONGODB, cls.REDIS,
]
class PostgresqlSSLMode(TextChoices):
PREFER = 'prefer', 'Prefer'
REQUIRE = 'require', 'Require'
VERIFY_CA = 'verify-ca', 'Verify CA'
VERIFY_FULL = 'verify-full', 'Verify Full'

2
apps/assets/const/host.py
View File

@@ -19,7 +19,7 @@ class HostTypes(BaseType):
'charset': 'utf-8', # default
'domain_enabled': True,
'su_enabled': True,
'su_methods': ['sudo', 'su'],
'su_methods': ['sudo', 'su', 'only_sudo', 'only_su'],
},
cls.WINDOWS: {
'su_enabled': False,

11
apps/assets/const/platform.py Normal file
View File

@@ -0,0 +1,11 @@
from django.db.models import TextChoices
class SuMethodChoices(TextChoices):
sudo = "sudo", "sudo su -"
su = "su", "su - "
only_sudo = "only_sudo", "sudo su"
only_su = "only_su", "su"
enable = "enable", "enable"
super = "super", "super 15"
super_level = "super_level", "super level 15"

39
apps/assets/const/protocol.py
View File

@@ -45,6 +45,12 @@ class Protocol(ChoicesMixin, models.TextChoices):
'default': False,
'label': _('Old SSH version'),
'help_text': _('Old SSH version like openssh 5.x or 6.x')
},
'nc': {
'type': 'bool',
'default': False,
'label': 'Netcat (nc)',
'help_text': _('Netcat help text')
}
}
},
@@ -80,7 +86,18 @@ class Protocol(ChoicesMixin, models.TextChoices):
'choices': [('any', _('Any')), ('rdp', 'RDP'), ('tls', 'TLS'), ('nla', 'NLA')],
'default': 'any',
'label': _('Security'),
'help_text': _("Security layer to use for the connection")
'help_text': _("Security layer to use for the connection:<br>"
"Any<br>"
"Automatically select the security mode based on the security protocols "
"supported by both the client and the server<br>"
"RDP<br>"
"Legacy RDP encryption. This mode is generally only used for older Windows "
"servers or in cases where a standard Windows login screen is desired<br>"
"TLS<br>"
"RDP authentication and encryption implemented via TLS.<br>"
"NLA<br>"
"This mode uses TLS encryption and requires the username and password "
"to be given in advance")
},
'ad_domain': {
'type': 'str',
@@ -208,6 +225,12 @@ class Protocol(ChoicesMixin, models.TextChoices):
'default': 'admin',
'label': _('Auth source'),
'help_text': _('The database to authenticate against')
},
'connection_options': {
'type': 'str',
'default': '',
'label': _('Connect options'),
'help_text': _('The connection specific options eg. retryWrites=false&retryReads=false')
}
}
},
@@ -289,23 +312,17 @@ class Protocol(ChoicesMixin, models.TextChoices):
'setting': {
'api_mode': {
'type': 'choice',
'default': 'gpt-3.5-turbo',
'default': 'gpt-4o-mini',
'label': _('API mode'),
'choices': [
('gpt-3.5-turbo', 'GPT-3.5 Turbo'),
('gpt-3.5-turbo-1106', 'GPT-3.5 Turbo 1106'),
('gpt-4o-mini', 'GPT-4o-mini'),
('gpt-4o', 'GPT-4o'),
('gpt-4-turbo', 'GPT-4 Turbo'),
]
}
}
}
}
if settings.XPACK_LICENSE_IS_VALID:
choices = protocols[cls.chatgpt]['setting']['api_mode']['choices']
choices.extend([
('gpt-4', 'GPT-4'),
('gpt-4-turbo', 'GPT-4 Turbo'),
('gpt-4o', 'GPT-4o'),
])
return protocols
@classmethod

16
apps/assets/const/types.py
View File

@@ -3,6 +3,7 @@ from collections import defaultdict
from copy import deepcopy
from django.conf import settings
from django.utils.functional import lazy
from django.utils.translation import gettext as _
from common.db.models import ChoicesMixin
@@ -29,15 +30,15 @@ class AllTypes(ChoicesMixin):
@classmethod
def choices(cls):
return lazy(cls.get_choices, list)()
@classmethod
def get_choices(cls):
choices = []
for tp in cls.includes:
choices.extend(tp.get_choices())
return choices
@classmethod
def get_choices(cls):
return cls.choices()
@classmethod
def filter_choices(cls, category):
choices = dict(cls.category_types()).get(category, cls).get_choices()
@@ -171,12 +172,9 @@ class AllTypes(ChoicesMixin):
(Category.DEVICE, DeviceTypes),
(Category.DATABASE, DatabaseTypes),
(Category.WEB, WebTypes),
(Category.CLOUD, CloudTypes),
(Category.CUSTOM, CustomTypes)
]
if settings.XPACK_ENABLED:
types.extend([
(Category.CLOUD, CloudTypes),
(Category.CUSTOM, CustomTypes),
])
return types
@classmethod

28
apps/assets/migrations/0004_auto_20240709_1819.py Normal file
View File

@@ -0,0 +1,28 @@
# Generated by Django 4.1.13 on 2024-07-09 10:19
from django.db import migrations
def migrate_platform_protocol_primary(apps, schema_editor):
platform_model = apps.get_model('assets', 'Platform')
platforms = platform_model.objects.all()
for platform in platforms:
p = platform.protocols.filter(primary=True).first()
if p:
continue
p = platform.protocols.first()
if not p:
continue
p.primary = True
p.save()
class Migration(migrations.Migration):
dependencies = [
('assets', '0003_auto_20180109_2331'),
]
operations = [
migrations.RunPython(migrate_platform_protocol_primary)
]

35
apps/assets/migrations/0005_myasset.py Normal file
View File

@@ -0,0 +1,35 @@
# Generated by Django 4.1.13 on 2024-08-06 09:11
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
import uuid
class Migration(migrations.Migration):
dependencies = [
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
('assets', '0004_auto_20240709_1819'),
]
operations = [
migrations.CreateModel(
name='MyAsset',
fields=[
('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
('name', models.CharField(default='', max_length=128, verbose_name='Custom Name')),
('comment', models.CharField(default='', max_length=512, verbose_name='Custom Comment')),
('asset', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='my_assets', to='assets.asset')),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
],
options={
'verbose_name': 'My assets',
'unique_together': {('user', 'asset')},
},
),
]

23
apps/assets/migrations/0006_database_pg_ssl_mode.py Normal file
View File

@@ -0,0 +1,23 @@
# Generated by Django 4.1.13 on 2024-09-13 08:22
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('assets', '0005_myasset'),
]
operations = [
migrations.AddField(
model_name='database',
name='pg_ssl_mode',
field=models.CharField(choices=[
('prefer', 'Prefer'),
('require', 'Require'),
('verify-ca', 'Verify CA'),
('verify-full', 'Verify Full')
], default='prefer',
max_length=16, verbose_name='Postgresql SSL mode'),
),
]

1
apps/assets/models/__init__.py
View File

@@ -7,3 +7,4 @@ from .domain import *
from .node import *
from .favorite_asset import *
from .automations import *
from .my_asset import *

23
apps/assets/models/asset/common.py
View File

@@ -38,6 +38,13 @@ class AssetQuerySet(models.QuerySet):
def valid(self):
return self.active()
def gateways(self, is_gateway=1):
kwargs = {'platform__name__startswith': 'Gateway'}
if is_gateway:
return self.filter(**kwargs)
else:
return self.exclude(**kwargs)
def has_protocol(self, name):
return self.filter(protocols__contains=name)
@@ -158,10 +165,16 @@ class Asset(NodesRelationMixin, LabeledMixin, AbsConnectivity, JSONFilterMixin,
name = models.CharField(max_length=128, verbose_name=_('Name'))
address = models.CharField(max_length=767, verbose_name=_('Address'), db_index=True)
platform = models.ForeignKey(Platform, on_delete=models.PROTECT, verbose_name=_("Platform"), related_name='assets')
domain = models.ForeignKey("assets.Domain", null=True, blank=True, related_name='assets',
verbose_name=_("Zone"), on_delete=models.SET_NULL)
nodes = models.ManyToManyField('assets.Node', default=default_node, related_name='assets', verbose_name=_("Nodes"))
platform = models.ForeignKey(
Platform, on_delete=models.PROTECT, verbose_name=_("Platform"), related_name='assets'
)
domain = models.ForeignKey(
"assets.Domain", null=True, blank=True, related_name='assets',
verbose_name=_("Zone"), on_delete=models.SET_NULL
)
nodes = models.ManyToManyField(
'assets.Node', default=default_node, related_name='assets', verbose_name=_("Nodes")
)
is_active = models.BooleanField(default=True, verbose_name=_('Active'))
gathered_info = models.JSONField(verbose_name=_('Gathered info'), default=dict, blank=True) # 资产的一些信息,如 硬件信息
custom_info = models.JSONField(verbose_name=_('Custom info'), default=dict)
@@ -173,7 +186,7 @@ class Asset(NodesRelationMixin, LabeledMixin, AbsConnectivity, JSONFilterMixin,
def get_labels(self):
from labels.models import Label, LabeledResource
res_type = ContentType.objects.get_for_model(self.__class__)
res_type = ContentType.objects.get_for_model(self.__class__.label_model())
label_ids = LabeledResource.objects.filter(res_type=res_type, res_id=self.id) \
.values_list('label_id', flat=True)
return Label.objects.filter(id__in=label_ids)

5
apps/assets/models/asset/database.py
View File

@@ -1,6 +1,7 @@
from django.db import models
from django.utils.translation import gettext_lazy as _
from assets.const import PostgresqlSSLMode
from common.db.fields import EncryptTextField
from .common import Asset
@@ -12,6 +13,10 @@ class Database(Asset):
client_cert = EncryptTextField(verbose_name=_("Client cert"), blank=True)
client_key = EncryptTextField(verbose_name=_("Client key"), blank=True)
allow_invalid_cert = models.BooleanField(default=False, verbose_name=_('Allow invalid cert'))
pg_ssl_mode = models.CharField(
max_length=16, choices=PostgresqlSSLMode.choices,
default=PostgresqlSSLMode.PREFER, verbose_name=_('Postgresql SSL mode')
)
def __str__(self):
return '{}({}://{}/{})'.format(self.name, self.type, self.address, self.db_name)

2
apps/assets/models/domain.py
View File

@@ -31,7 +31,7 @@ class Domain(LabeledMixin, JMSOrgBaseModel):
@lazyproperty
def assets_amount(self):
return self.assets.count()
return self.assets.gateways(0).count()
def random_gateway(self):
gateways = [gw for gw in self.active_gateways if gw.is_connective]

6
apps/assets/models/gateway.py
View File

@@ -16,7 +16,7 @@ __all__ = ['Gateway']
class GatewayManager(OrgManager):
def get_queryset(self):
queryset = super().get_queryset()
queryset = queryset.filter(platform__name=GATEWAY_NAME)
queryset = queryset.filter(platform__name__startswith=GATEWAY_NAME)
return queryset
def bulk_create(self, objs, batch_size=None, ignore_conflicts=False):
@@ -33,10 +33,6 @@ class Gateway(Host):
proxy = True
verbose_name = _("Gateway")
def save(self, *args, **kwargs):
self.platform = self.default_platform()
return super().save(*args, **kwargs)
@classmethod
def default_platform(cls):
return Platform.objects.get(name=GATEWAY_NAME, internal=True)

43
apps/assets/models/my_asset.py Normal file
View File

@@ -0,0 +1,43 @@
from django.db import models
from django.utils.translation import gettext_lazy as _
from common.db.models import JMSBaseModel
__all__ = ['MyAsset']
class MyAsset(JMSBaseModel):
user = models.ForeignKey('users.User', on_delete=models.CASCADE)
asset = models.ForeignKey('assets.Asset', on_delete=models.CASCADE, related_name='my_assets')
name = models.CharField(verbose_name=_("Custom Name"), max_length=128, default='')
comment = models.CharField(verbose_name=_("Custom Comment"), max_length=512, default='')
custom_fields = ['name', 'comment']
class Meta:
unique_together = ('user', 'asset')
verbose_name = _("My assets")
def custom_to_dict(self):
data = {}
for field in self.custom_fields:
value = getattr(self, field)
if value == "":
continue
data.update({field: value})
return data
@staticmethod
def set_asset_custom_value(assets, user):
my_assets = MyAsset.objects.filter(asset__in=assets, user=user).all()
customs = {my_asset.asset.id: my_asset.custom_to_dict() for my_asset in my_assets}
for asset in assets:
custom = customs.get(asset.id)
if not custom:
continue
for field, value in custom.items():
if not hasattr(asset, field):
continue
setattr(asset, field, value)
def __str__(self):
return f'{self.user}-{self.asset}'

17
apps/assets/models/platform.py
View File

@@ -1,7 +1,7 @@
from django.db import models
from django.utils.translation import gettext_lazy as _
from assets.const import AllTypes, Category, Protocol
from assets.const import AllTypes, Category, Protocol, SuMethodChoices
from common.db.fields import JsonDictTextField
from common.db.models import JMSBaseModel
@@ -111,6 +111,10 @@ class Platform(LabeledMixin, JMSBaseModel):
def type_constraints(self):
return AllTypes.get_constraints(self.category, self.type)
@lazyproperty
def assets_amount(self):
return self.assets.count()
@classmethod
def default(cls):
linux, created = cls.objects.get_or_create(
@@ -127,6 +131,17 @@ class Platform(LabeledMixin, JMSBaseModel):
return True
return False
@property
def ansible_become_method(self):
su_method = self.su_method or SuMethodChoices.sudo
if su_method in [SuMethodChoices.sudo, SuMethodChoices.only_sudo]:
method = SuMethodChoices.sudo
elif su_method in [SuMethodChoices.su, SuMethodChoices.only_su]:
method = SuMethodChoices.su
else:
method = su_method
return method
def __str__(self):
return self.name

1
apps/assets/serializers/__init__.py
View File

@@ -9,3 +9,4 @@ from .favorite_asset import *
from .gateway import *
from .node import *
from .platform import *
from .my_asset import *

39
apps/assets/serializers/asset/common.py
View File

@@ -18,7 +18,7 @@ from common.serializers.fields import LabeledChoiceField
from labels.models import Label
from orgs.mixins.serializers import BulkOrgResourceModelSerializer
from ...const import Category, AllTypes
from ...models import Asset, Node, Platform, Protocol
from ...models import Asset, Node, Platform, Protocol, Host, Device, Database, Cloud, Web, Custom
__all__ = [
'AssetSerializer', 'AssetSimpleSerializer', 'MiniAssetSerializer',
@@ -31,6 +31,12 @@ __all__ = [
class AssetProtocolsSerializer(serializers.ModelSerializer):
port = serializers.IntegerField(required=False, allow_null=True, max_value=65535, min_value=0)
def get_render_help_text(self):
if self.parent and self.parent.many:
return _('Protocols, format is ["protocol/port"]')
else:
return _('Protocol, format is name/port')
def to_file_representation(self, data):
return '{name}/{port}'.format(**data)
@@ -97,6 +103,9 @@ class AssetAccountSerializer(AccountSerializer):
attrs = super().validate(attrs)
return self.set_secret(attrs)
def get_render_help_text(self):
return _('Accounts, format [{"name": "x", "username": "x", "secret": "x", "secret_type": "password"}]')
class Meta(AccountSerializer.Meta):
fields = [
f for f in AccountSerializer.Meta.fields
@@ -121,19 +130,30 @@ class AccountSecretSerializer(SecretReadableMixin, CommonModelSerializer):
}
class NodeDisplaySerializer(serializers.ListField):
def get_render_help_text(self):
return _('Node path, format ["/org_name/node_name"], if node not exist, will create it')
def to_internal_value(self, data):
return data
def to_representation(self, data):
return data
class AssetSerializer(BulkOrgResourceModelSerializer, ResourceLabelsMixin, WritableNestedModelSerializer):
category = LabeledChoiceField(choices=Category.choices, read_only=True, label=_('Category'))
type = LabeledChoiceField(choices=AllTypes.choices(), read_only=True, label=_('Type'))
protocols = AssetProtocolsSerializer(many=True, required=False, label=_('Protocols'), default=())
accounts = AssetAccountSerializer(many=True, required=False, allow_null=True, write_only=True, label=_('Accounts'))
nodes_display = serializers.ListField(read_only=False, required=False, label=_("Node path"))
nodes_display = NodeDisplaySerializer(read_only=False, required=False, label=_("Node path"))
_accounts = None
class Meta:
model = Asset
fields_mini = ['id', 'name', 'address']
fields_small = fields_mini + ['is_active', 'comment']
fields_fk = ['domain', 'platform']
fields_mini = ['id', 'name', 'address'] + fields_fk
fields_small = fields_mini + ['is_active', 'comment']
fields_m2m = [
'nodes', 'labels', 'protocols',
'nodes_display', 'accounts',
@@ -289,6 +309,17 @@ class AssetSerializer(BulkOrgResourceModelSerializer, ResourceLabelsMixin, Writa
})
return protocols_data_map.values()
def validate_platform(self, platform_data):
check_models = {Host, Device, Database, Cloud, Web, Custom}
if self.Meta.model not in check_models:
return platform_data
model_name = self.Meta.model.__name__.lower()
if model_name != platform_data.category:
raise serializers.ValidationError({
'platform': f"Platform does not match: {platform_data.name}"
})
return platform_data
@staticmethod
def update_account_su_from(accounts, include_su_from_accounts):
if not include_su_from_accounts:

1
apps/assets/serializers/asset/custom.py
View File

@@ -16,6 +16,7 @@ class CustomSerializer(AssetSerializer):
class Meta(AssetSerializer.Meta):
model = Custom
fields = AssetSerializer.Meta.fields + ['custom_info']
fields_unimport_template = ['custom_info']
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

7
apps/assets/serializers/asset/database.py
View File

@@ -16,9 +16,14 @@ class DatabaseSerializer(AssetSerializer):
model = Database
extra_fields = [
'db_name', 'use_ssl', 'ca_cert', 'client_cert',
'client_key', 'allow_invalid_cert'
'client_key', 'allow_invalid_cert', 'pg_ssl_mode'
]
fields = AssetSerializer.Meta.fields + extra_fields
extra_kwargs = {
'ca_cert': {'help_text': _('CA cert help text')},
'pg_ssl_mode': {'help_text': _('Postgresql ssl model help text')},
}
extra_kwargs.update(AssetSerializer.Meta.extra_kwargs)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

9
apps/assets/serializers/automations/base.py
View File

@@ -36,6 +36,7 @@ class BaseAutomationSerializer(PeriodTaskSerializerMixin, BulkOrgResourceModelSe
class AutomationExecutionSerializer(serializers.ModelSerializer):
snapshot = serializers.SerializerMethodField(label=_('Automation snapshot'))
status = serializers.SerializerMethodField(label=_("Status"))
trigger = LabeledChoiceField(choices=Trigger.choices, read_only=True, label=_("Trigger mode"))
class Meta:
@@ -45,6 +46,14 @@ class AutomationExecutionSerializer(serializers.ModelSerializer):
]
fields = ['id', 'automation'] + read_only_fields
@staticmethod
def get_status(obj):
if obj.status == 'success':
return _("Success")
elif obj.status == 'pending':
return _("Pending")
return obj.status
@staticmethod
def get_snapshot(obj):
from assets.const import AutomationTypes as AssetTypes

6
apps/assets/serializers/domain.py
View File

@@ -57,9 +57,7 @@ class DomainSerializer(ResourceLabelsMixin, BulkOrgResourceModelSerializer):
@classmethod
def setup_eager_loading(cls, queryset):
queryset = queryset \
.annotate(assets_amount=Count('assets')) \
.prefetch_related('labels', 'labels__label')
queryset = queryset.prefetch_related('labels', 'labels__label')
return queryset
@@ -70,7 +68,7 @@ class DomainListSerializer(DomainSerializer):
@classmethod
def setup_eager_loading(cls, queryset):
queryset = queryset.annotate(
assets_amount=Count('assets', filter=~Q(assets__platform__name='Gateway'), distinct=True),
assets_amount=Count('assets', filter=~Q(assets__platform__name__startswith='Gateway'), distinct=True),
)
return queryset

1
apps/assets/serializers/favorite_asset.py
View File

@@ -3,7 +3,6 @@
from rest_framework import serializers
from orgs.utils import tmp_to_root_org
from common.serializers import BulkSerializerMixin
from ..models import FavoriteAsset

5
apps/assets/serializers/gateway.py
View File

@@ -14,6 +14,11 @@ class GatewaySerializer(HostSerializer):
class Meta(HostSerializer.Meta):
model = Gateway
def validate_platform(self, p):
if not p.name.startswith('Gateway'):
raise serializers.ValidationError(_('The platform must start with Gateway'))
return p
def validate_name(self, value):
queryset = Asset.objects.filter(name=value)
if self.instance:

38
apps/assets/serializers/my_asset.py Normal file
View File

@@ -0,0 +1,38 @@
# -*- coding: utf-8 -*-
#
from rest_framework import serializers
from django.utils.translation import gettext_lazy as _
from ..models import MyAsset
__all__ = ['MyAssetSerializer']
class MyAssetSerializer(serializers.ModelSerializer):
user = serializers.HiddenField(
default=serializers.CurrentUserDefault()
)
name = serializers.CharField(label=_("Custom Name"), max_length=128, allow_blank=True, required=False)
comment = serializers.CharField(label=_("Custom Comment"), max_length=512, allow_blank=True, required=False)
class Meta:
model = MyAsset
fields = ['user', 'asset', 'name', 'comment']
validators = []
def create(self, data):
custom_fields = MyAsset.custom_fields
asset = data['asset']
user = self.context['request'].user
defaults = {field: data.get(field, '') for field in custom_fields}
obj, created = MyAsset.objects.get_or_create(defaults=defaults, user=user, asset=asset)
if created:
return obj
for field in custom_fields:
value = data.get(field)
if value is None:
continue
setattr(obj, field, value)
obj.save()
return obj

33
apps/assets/serializers/platform.py
View File

@@ -3,16 +3,17 @@ from django.utils.translation import gettext_lazy as _
from rest_framework import serializers
from rest_framework.validators import UniqueValidator
from assets.models import Asset
from common.serializers import (
WritableNestedModelSerializer, type_field_map, MethodSerializer,
DictSerializer, create_serializer_class, ResourceLabelsMixin
)
from common.serializers.fields import LabeledChoiceField
from common.serializers.fields import LabeledChoiceField, ObjectRelatedField
from common.utils import lazyproperty
from ..const import Category, AllTypes, Protocol
from ..const import Category, AllTypes, Protocol, SuMethodChoices
from ..models import Platform, PlatformProtocol, PlatformAutomation
__all__ = ["PlatformSerializer", "PlatformOpsMethodSerializer", "PlatformProtocolSerializer"]
__all__ = ["PlatformSerializer", "PlatformOpsMethodSerializer", "PlatformProtocolSerializer", "PlatformListSerializer"]
class PlatformAutomationSerializer(serializers.ModelSerializer):
@@ -146,6 +147,10 @@ class PlatformProtocolSerializer(serializers.ModelSerializer):
name, port = data.split('/')
return {'name': name, 'port': port}
@staticmethod
def get_render_help_text():
return _('Protocols, format is ["protocol/port"]')
class PlatformCustomField(serializers.Serializer):
TYPE_CHOICES = [(t, t) for t, c in type_field_map.items()]
@@ -158,13 +163,6 @@ class PlatformCustomField(serializers.Serializer):
class PlatformSerializer(ResourceLabelsMixin, WritableNestedModelSerializer):
SU_METHOD_CHOICES = [
("sudo", "sudo su -"),
("su", "su - "),
("enable", "enable"),
("super", "super 15"),
("super_level", "super level 15")
]
id = serializers.IntegerField(
label='ID', required=False,
validators=[UniqueValidator(queryset=Platform.objects.all())]
@@ -175,10 +173,12 @@ class PlatformSerializer(ResourceLabelsMixin, WritableNestedModelSerializer):
protocols = PlatformProtocolSerializer(label=_("Protocols"), many=True, required=False)
automation = PlatformAutomationSerializer(label=_("Automation"), required=False, default=dict)
su_method = LabeledChoiceField(
choices=SU_METHOD_CHOICES, label=_("Su method"),
required=False, default="sudo", allow_null=True
choices=SuMethodChoices.choices, label=_("Su method"),
required=False, default=SuMethodChoices.sudo, allow_null=True
)
custom_fields = PlatformCustomField(label=_("Custom fields"), many=True, required=False)
assets = ObjectRelatedField(queryset=Asset.objects, many=True, required=False, label=_('Assets'))
assets_amount = serializers.IntegerField(label=_('Assets amount'), read_only=True)
class Meta:
model = Platform
@@ -191,7 +191,8 @@ class PlatformSerializer(ResourceLabelsMixin, WritableNestedModelSerializer):
'internal', 'date_created', 'date_updated',
'created_by', 'updated_by'
]
fields = fields_small + [
fields_m2m = ['assets', 'assets_amount']
fields = fields_small + fields_m2m + [
"protocols", "domain_enabled", "su_enabled", "su_method",
"automation", "comment", "custom_fields", "labels"
] + read_only_fields
@@ -208,6 +209,7 @@ class PlatformSerializer(ResourceLabelsMixin, WritableNestedModelSerializer):
"help_text": _("Assets can be connected using a zone gateway")
},
"domain_default": {"label": _('Default Domain')},
'assets': {'required': False, 'label': _('Assets')},
}
def __init__(self, *args, **kwargs):
@@ -265,6 +267,11 @@ class PlatformSerializer(ResourceLabelsMixin, WritableNestedModelSerializer):
return automation
class PlatformListSerializer(PlatformSerializer):
class Meta(PlatformSerializer.Meta):
fields = list(set(PlatformSerializer.Meta.fields + ['assets_amount']) - {'assets'})
class PlatformOpsMethodSerializer(serializers.Serializer):
id = serializers.CharField(read_only=True)
name = serializers.CharField(max_length=50, label=_("Name"))

6
apps/assets/tasks/automation.py
View File

@@ -21,8 +21,10 @@ def task_activity_callback(self, pid, trigger, tp, *args, **kwargs):
@shared_task(
queue='ansible', verbose_name=_('Asset execute automation'),
activity_callback=task_activity_callback
queue='ansible',
verbose_name=_('Asset execute automation'),
activity_callback=task_activity_callback,
description=_("Unused")
)
def execute_asset_automation_task(pid, trigger, tp):
model = AutomationTypes.get_type_model(tp)

9
apps/assets/tasks/gather_facts.py
View File

@@ -18,8 +18,13 @@ __all__ = [
@shared_task(
queue="ansible", verbose_name=_('Gather assets facts'),
activity_callback=lambda self, asset_ids, org_id, *args, **kwargs: (asset_ids, org_id)
queue="ansible",
verbose_name=_('Gather assets facts'),
activity_callback=lambda self, asset_ids, org_id, *args, **kwargs: (asset_ids, org_id),
description=_(
"""When clicking 'Refresh hardware info' in 'Console - Asset Details - Basic' this task
will be executed"""
)
)
def gather_assets_facts_task(asset_ids, org_id, task_name=None):
from assets.models import GatherFactsAutomation

28
apps/assets/tasks/nodes_amount.py
View File

@@ -1,19 +1,25 @@
from celery import shared_task
from django.utils.translation import gettext_lazy as _
from assets.utils import check_node_assets_amount
from common.const.crontab import CRONTAB_AT_AM_TWO
from common.utils import get_logger
from common.utils.lock import AcquireFailed
from ops.celery.decorator import register_as_period_task
from orgs.models import Organization
from orgs.utils import tmp_to_org
from ops.celery.decorator import register_as_period_task
from assets.utils import check_node_assets_amount
from common.utils.lock import AcquireFailed
from common.utils import get_logger
from common.const.crontab import CRONTAB_AT_AM_TWO
logger = get_logger(__file__)
@shared_task(verbose_name=_('Check the amount of assets under the node'))
@shared_task(
verbose_name=_('Check the amount of assets under the node'),
description=_(
"""Manually verifying asset quantities updates the asset count for nodes under the
current organization. This task will be called in the following two cases: when updating
nodes and when the number of nodes exceeds 100"""
)
)
def check_node_assets_amount_task(org_id=None):
if org_id is None:
orgs = Organization.objects.all()
@@ -30,7 +36,13 @@ def check_node_assets_amount_task(org_id=None):
logger.error(error)
@shared_task(verbose_name=_('Periodic check the amount of assets under the node'))
@shared_task(
verbose_name=_('Periodic check the amount of assets under the node'),
description=_(
"""Schedule the check_node_assets_amount_task to periodically update the asset count of
all nodes under all organizations"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)
def check_node_assets_amount_period_task():
check_node_assets_amount_task()

8
apps/assets/tasks/ping.py
View File

@@ -17,8 +17,12 @@ __all__ = [
@shared_task(
verbose_name=_('Test assets connectivity'), queue='ansible',
activity_callback=lambda self, asset_ids, org_id, *args, **kwargs: (asset_ids, org_id)
verbose_name=_('Test assets connectivity'),
queue='ansible',
activity_callback=lambda self, asset_ids, org_id, *args, **kwargs: (asset_ids, org_id),
description=_(
"When clicking 'Test Asset Connectivity' in 'Asset Details - Basic Settings' this task will be executed"
)
)
def test_assets_connectivity_task(asset_ids, org_id, task_name=None):
from assets.models import PingAutomation

Some files were not shown because too many files have changed in this diff Show More