diff --git a/cmdb-api/api/lib/cmdb/ci.py b/cmdb-api/api/lib/cmdb/ci.py index 785a2db..f1ef414 100644 --- a/cmdb-api/api/lib/cmdb/ci.py +++ b/cmdb-api/api/lib/cmdb/ci.py @@ -45,8 +45,8 @@ from api.lib.perm.acl.acl import is_app_admin from api.lib.perm.acl.acl import validate_permission from api.lib.secrets.inner import InnerCrypt from api.lib.secrets.vault import VaultClient -from api.lib.utils import Lock from api.lib.utils import handle_arg_list +from api.lib.utils import Lock from api.lib.webhook import webhook_request from api.models.cmdb import AttributeHistory from api.models.cmdb import AutoDiscoveryCI @@ -63,6 +63,7 @@ from api.tasks.cmdb import ci_relation_cache from api.tasks.cmdb import ci_relation_delete PRIVILEGED_USERS = {"worker", "cmdb_agent", "agent"} +PASSWORD_DEFAULT_SHOW = "******" class CIManager(object): @@ -680,7 +681,7 @@ class CIManager(object): return abort(400, ErrFormat.argument_invalid.format("ret_key")) if is_password and value: - ci_dict[attr_key] = '******' + ci_dict[attr_key] = PASSWORD_DEFAULT_SHOW else: value = ValueTypeMap.serialize2[value_type](value) if is_list: @@ -720,35 +721,45 @@ class CIManager(object): @classmethod def save_password(cls, ci_id, attr_id, value, record_id, type_id): - if not value: - return - changed = None - + encrypt_value = None + value_table = ValueTypeMap.table[ValueTypeEnum.PASSWORD] if current_app.config.get('SECRETS_ENGINE') == 'inner': - encrypt_value, status = InnerCrypt().encrypt(value) - if not status: - current_app.logger.error('save password failed: {}'.format(encrypt_value)) - return abort(400, ErrFormat.password_save_failed.format(encrypt_value)) + if value: + encrypt_value, status = InnerCrypt().encrypt(value) + if not status: + current_app.logger.error('save password failed: {}'.format(encrypt_value)) + return abort(400, ErrFormat.password_save_failed.format(encrypt_value)) else: - encrypt_value = '******' + encrypt_value = PASSWORD_DEFAULT_SHOW existed = value_table.get_by(ci_id=ci_id, attr_id=attr_id, first=True, to_dict=False) if existed is None: - value_table.create(ci_id=ci_id, attr_id=attr_id, value=encrypt_value) - changed = [(ci_id, attr_id, OperateType.ADD, '', '******', type_id)] + if value: + value_table.create(ci_id=ci_id, attr_id=attr_id, value=encrypt_value) + changed = [(ci_id, attr_id, OperateType.ADD, '', PASSWORD_DEFAULT_SHOW, type_id)] elif existed.value != encrypt_value: - existed.update(ci_id=ci_id, attr_id=attr_id, value=encrypt_value) - changed = [(ci_id, attr_id, OperateType.UPDATE, '******', '******', type_id)] + if value: + existed.update(ci_id=ci_id, attr_id=attr_id, value=encrypt_value) + changed = [(ci_id, attr_id, OperateType.UPDATE, PASSWORD_DEFAULT_SHOW, PASSWORD_DEFAULT_SHOW, type_id)] + else: + existed.delete() + changed = [(ci_id, attr_id, OperateType.DELETE, PASSWORD_DEFAULT_SHOW, '', type_id)] if current_app.config.get('SECRETS_ENGINE') == 'vault': vault = VaultClient(current_app.config.get('VAULT_URL'), current_app.config.get('VAULT_TOKEN')) - try: - vault.update("/{}/{}".format(ci_id, attr_id), dict(v=value)) - except Exception as e: - current_app.logger.error('save password to vault failed: {}'.format(e)) - return abort(400, ErrFormat.password_save_failed.format('write vault failed')) + if value: + try: + vault.update("/{}/{}".format(ci_id, attr_id), dict(v=value)) + except Exception as e: + current_app.logger.error('save password to vault failed: {}'.format(e)) + return abort(400, ErrFormat.password_save_failed.format('write vault failed')) + else: + try: + vault.delete("/{}/{}".format(ci_id, attr_id)) + except Exception as e: + current_app.logger.warning('delete password to vault failed: {}'.format(e)) if changed is not None: AttributeValueManager.write_change2(changed, record_id) diff --git a/cmdb-ui/src/modules/cmdb/views/ci/index.vue b/cmdb-ui/src/modules/cmdb/views/ci/index.vue index afc0f2d..0b543fa 100644 --- a/cmdb-ui/src/modules/cmdb/views/ci/index.vue +++ b/cmdb-ui/src/modules/cmdb/views/ci/index.vue @@ -533,6 +533,7 @@ export default { Object.keys(this.initialPasswordValue).forEach((key) => { if (this.initialPasswordValue[key] !== this.passwordValue[key]) { data[key] = this.passwordValue[key] + row[key] = this.passwordValue[key] } }) this.isEditActive = false diff --git a/cmdb-ui/src/modules/cmdb/views/relation_views/index.vue b/cmdb-ui/src/modules/cmdb/views/relation_views/index.vue index 3173f3f..8c918ec 100644 --- a/cmdb-ui/src/modules/cmdb/views/relation_views/index.vue +++ b/cmdb-ui/src/modules/cmdb/views/relation_views/index.vue @@ -1137,6 +1137,7 @@ export default { Object.keys(this.initialPasswordValue).forEach((key) => { if (this.initialPasswordValue[key] !== this.passwordValue[key]) { data[key] = this.passwordValue[key] + row[key] = this.passwordValue[key] } }) this.lastEditCiId = null diff --git a/cmdb-ui/src/modules/cmdb/views/tree_views/index.vue b/cmdb-ui/src/modules/cmdb/views/tree_views/index.vue index e17ded7..374fe22 100644 --- a/cmdb-ui/src/modules/cmdb/views/tree_views/index.vue +++ b/cmdb-ui/src/modules/cmdb/views/tree_views/index.vue @@ -979,6 +979,7 @@ export default { Object.keys(this.initialPasswordValue).forEach((key) => { if (this.initialPasswordValue[key] !== this.passwordValue[key]) { data[key] = this.passwordValue[key] + row[key] = this.passwordValue[key] } }) this.lastEditCiId = null