Qualys deploy: persiste activation_ids/customer/uri en secrets + selection auto Linux/Windows

2026-04-15 13:12:15 +02:00 · 2026-04-15 13:12:15 +02:00 · 55d08921f9
commit 55d08921f9
parent f59c6dcbdb
1 changed files with 28 additions and 3 deletions
--- a/app/routers/qualys.py
+++ b/app/routers/qualys.py
@ -986,17 +986,33 @@ async def qualys_deploy_run(request: Request, db=Depends(get_db)):
        return JSONResponse({"ok": False, "msg": "Permission refusée"}, status_code=403)

    from ..services.agent_deploy_service import start_deploy_job
-    from ..services.secrets_service import get_secret
+    from ..services.secrets_service import get_secret, set_secret

    body = await request.json()
    server_ids = body.get("server_ids", "")
-    activation_id = body.get("activation_id", "")
+    activation_id = body.get("activation_id", "")  # legacy / fallback
+    activation_id_linux = body.get("activation_id_linux", "") or activation_id
+    activation_id_windows = body.get("activation_id_windows", "") or activation_id
    customer_id = body.get("customer_id", "")
    server_uri = body.get("server_uri", "")
    package_deb = body.get("package_deb", "")
    package_rpm = body.get("package_rpm", "")
    force_downgrade = body.get("force_downgrade", False)

+    # Persiste les valeurs comme defaults (pour les prochaines fois)
+    try:
+        if activation_id_linux:
+            set_secret(db, "qualys_activation_id_linux", activation_id_linux, "Activation Key Qualys Linux")
+        if activation_id_windows:
+            set_secret(db, "qualys_activation_id_windows", activation_id_windows, "Activation Key Qualys Windows")
+        if customer_id:
+            set_secret(db, "qualys_customer_id", customer_id, "Customer ID Qualys")
+        if server_uri:
+            set_secret(db, "qualys_server_uri", server_uri, "Server URI Qualys")
+        db.commit()
+    except Exception:
+        pass
+
    ids = [int(x) for x in str(server_ids).split(",") if x.strip().isdigit()]
    if not ids:
        return JSONResponse({"ok": False, "msg": "Aucun serveur sélectionné"})
@ -1010,8 +1026,17 @@ async def qualys_deploy_run(request: Request, db=Depends(get_db)):
    servers = [{"hostname": r.hostname, "os_family": r.os_family,
                "os_version": r.os_version, "ssh_user": r.ssh_user, "ssh_port": r.ssh_port} for r in rows]

+    # Choisit l'activation_id selon l'OS de chaque serveur (Linux/Windows)
+    # Note: deploy_agent prend un seul activation_id, on annote chaque serveur avec le bon
+    for s in servers:
+        osf = (s.get("os_family") or "").lower()
+        s["_activation_id"] = activation_id_windows if osf == "windows" else activation_id_linux
+    # Pour le moment start_deploy_job utilise un activation_id global ; on prend celui Linux
+    # par defaut (la plupart des deploys SANEF). Si tous les serveurs sont Windows, prend Windows.
+    all_windows = all((s.get("os_family") or "").lower() == "windows" for s in servers)
+    final_activation = activation_id_windows if all_windows else activation_id_linux
    job_id = start_deploy_job(servers, ssh_key, package_deb, package_rpm,
-                              activation_id, customer_id, server_uri, force_downgrade=force_downgrade)
+                              final_activation, customer_id, server_uri, force_downgrade=force_downgrade)

    from ..services.audit_service import log_action
    log_action(db, request, user, "qualys_deploy",