adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
ba8a969366
patchcenter/app/services/campaign_service.py
Khalid MOUTAOUAKIL ba8a969366 Campagnes: workflow complet, audit serveurs, assignation operateurs 
- Workflow: draft → pending_validation (COMEP) → planned → in_progress → completed
- Prereqs auto: SSH, disque (1.2Go /, 800Mo /var), satellite
- Assignation: operateurs prennent/liberent, coordinateur assigne/force
- Limites par operateur par campagne (max_servers + raison)
- Default intervenant permanent par serveur (auto-assigne)
- Planning jours: lun+mar hors-prod, mer+jeu prod, jamais vendredi
- Preferences serveur: pref_patch_jour, pref_patch_heure (permanents)
- Audit serveurs: import Excel, 29 colonnes, KPIs, detail HTMX
- Jours en francais (Lun, Mar, Mer, Jeu)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 13:06:08 +02:00

339 lines
14 KiB
Python
Raw Blame History

"""Service campagnes — logique metier patching"""
from datetime import datetime, date, timedelta
from sqlalchemy import text
def list_campaigns(db, year=None, status=None):
where = ["1=1"]
params = {}
if year:
where.append("c.year = :year"); params["year"] = year
if status:
where.append("c.status = :status"); params["status"] = status
wc = " AND ".join(where)
return db.execute(text(f"""
SELECT c.*, u.display_name as created_by_name,
(SELECT COUNT(*) FROM patch_sessions ps WHERE ps.campaign_id = c.id) as session_count,
(SELECT COUNT(*) FROM patch_sessions ps WHERE ps.campaign_id = c.id AND ps.status = 'patched') as patched_count,
(SELECT COUNT(*) FROM patch_sessions ps WHERE ps.campaign_id = c.id AND ps.status = 'failed') as failed_count,
(SELECT COUNT(*) FROM patch_sessions ps WHERE ps.campaign_id = c.id AND ps.status = 'pending') as pending_count,
(SELECT COUNT(*) FROM patch_sessions ps WHERE ps.campaign_id = c.id AND ps.status = 'excluded') as excluded_count
FROM campaigns c
LEFT JOIN users u ON c.created_by = u.id
WHERE {wc} ORDER BY c.year DESC, c.week_code DESC
"""), params).fetchall()
def get_campaign(db, campaign_id):
return db.execute(text("""
SELECT c.*, u.display_name as created_by_name
FROM campaigns c LEFT JOIN users u ON c.created_by = u.id
WHERE c.id = :id
"""), {"id": campaign_id}).fetchone()
def get_campaign_sessions(db, campaign_id):
return db.execute(text("""
SELECT ps.*, s.hostname, s.fqdn, s.os_family, s.os_version, s.tier,
s.etat, s.ssh_method, s.licence_support, s.machine_type,
s.pref_patch_jour, s.pref_patch_heure,
d.name as domaine, e.name as environnement,
u.display_name as intervenant_name
FROM patch_sessions ps
JOIN servers s ON ps.server_id = s.id
LEFT JOIN domain_environments de ON s.domain_env_id = de.id
LEFT JOIN domains d ON de.domain_id = d.id
LEFT JOIN environments e ON de.environment_id = e.id
LEFT JOIN users u ON ps.intervenant_id = u.id
WHERE ps.campaign_id = :cid
ORDER BY CASE ps.status
WHEN 'in_progress' THEN 1 WHEN 'pending' THEN 2 WHEN 'prereq_ok' THEN 3
WHEN 'patched' THEN 4 WHEN 'failed' THEN 5 WHEN 'reported' THEN 6
WHEN 'excluded' THEN 7 WHEN 'cancelled' THEN 8 ELSE 9 END,
ps.date_prevue, s.hostname
"""), {"cid": campaign_id}).fetchall()
def get_campaign_stats(db, campaign_id):
return db.execute(text("""
SELECT
COUNT(*) as total,
COUNT(*) FILTER (WHERE status = 'patched') as patched,
COUNT(*) FILTER (WHERE status = 'failed') as failed,
COUNT(*) FILTER (WHERE status = 'pending') as pending,
COUNT(*) FILTER (WHERE status = 'in_progress') as in_progress,
COUNT(*) FILTER (WHERE status = 'skipped') as skipped,
COUNT(*) FILTER (WHERE status = 'excluded') as excluded,
COUNT(*) FILTER (WHERE status = 'reported') as reported,
COUNT(*) FILTER (WHERE status = 'cancelled') as cancelled,
COUNT(*) FILTER (WHERE intervenant_id IS NOT NULL AND status NOT IN ('excluded','cancelled')) as assigned,
COUNT(*) FILTER (WHERE intervenant_id IS NULL AND status NOT IN ('excluded','cancelled')) as unassigned
FROM patch_sessions WHERE campaign_id = :cid
"""), {"cid": campaign_id}).fetchone()
def get_planning_for_week(db, year, week_number):
return db.execute(text("""
SELECT pp.*, d.name as domain_name
FROM patch_planning pp
LEFT JOIN domains d ON pp.domain_code = d.code
WHERE pp.year = :y AND pp.week_number = :wn AND pp.status = 'open'
ORDER BY pp.domain_code
"""), {"y": year, "wn": week_number}).fetchall()
def _week_dates(year, week_number):
"""Retourne lun, mar, mer, jeu de la semaine ISO"""
jan4 = date(year, 1, 4)
start_of_w1 = jan4 - timedelta(days=jan4.isoweekday() - 1)
monday = start_of_w1 + timedelta(weeks=week_number - 1)
return monday, monday + timedelta(1), monday + timedelta(2), monday + timedelta(3)
def get_servers_for_planning(db, year, week_number):
planning = get_planning_for_week(db, year, week_number)
if not planning:
return [], []
domain_envs = []
for p in planning:
if p.domain_code == 'DMZ':
continue
if p.env_scope == 'prod':
domain_envs.append(("d.code = :dc_{0} AND e.name = 'Production'".format(len(domain_envs)), p.domain_code))
elif p.env_scope == 'hprod':
domain_envs.append(("d.code = :dc_{0} AND e.name != 'Production'".format(len(domain_envs)), p.domain_code))
elif p.env_scope == 'prod_pilot':
domain_envs.append(("d.code = :dc_{0}".format(len(domain_envs)), p.domain_code))
else:
domain_envs.append(("d.code = :dc_{0}".format(len(domain_envs)), p.domain_code))
if not domain_envs:
return [], planning
or_clauses = []
params = {}
for i, (clause, dc) in enumerate(domain_envs):
or_clauses.append(clause)
params[f"dc_{i}"] = dc
or_clauses.append("d.code = 'DMZ'")
where = f"""
s.etat = 'en_production' AND s.patch_os_owner = 'secops'
AND s.licence_support IN ('active', 'els') AND s.os_family = 'linux'
AND ({' OR '.join(or_clauses)})
"""
servers = db.execute(text(f"""
SELECT s.id, s.hostname, s.fqdn, s.os_family, s.os_version, s.tier,
s.licence_support, s.ssh_method, s.machine_type,
s.pref_patch_jour, s.pref_patch_heure, s.default_intervenant_id,
d.name as domaine, d.code as domain_code, e.name as environnement
FROM servers s
LEFT JOIN domain_environments de ON s.domain_env_id = de.id
LEFT JOIN domains d ON de.domain_id = d.id
LEFT JOIN environments e ON de.environment_id = e.id
WHERE {where}
ORDER BY e.name, d.name, s.hostname
"""), params).fetchall()
return servers, planning
def create_campaign_from_planning(db, year, week_number, label, user_id, excluded_ids=None):
servers, planning = get_servers_for_planning(db, year, week_number)
if not servers:
return None
wc = f"S{week_number:02d}"
lun, mar, mer, jeu = _week_dates(year, week_number)
p = planning[0] if planning else None
row = db.execute(text("""
INSERT INTO campaigns (week_code, year, label, status, date_start, date_end, created_by)
VALUES (:wc, :y, :label, 'draft', :ds, :de, :uid)
RETURNING id
"""), {"wc": wc, "y": year, "label": label, "ds": lun, "de": jeu, "uid": user_id}).fetchone()
cid = row.id
excluded = set(excluded_ids or [])
for s in servers:
status = 'excluded' if s.id in excluded else 'pending'
# Date par defaut : hors-prod = lun/mar, prod = mer/jeu
is_prod = (s.environnement == 'Production')
if s.pref_patch_jour and s.pref_patch_jour != 'indifferent':
jour_map = {"lundi": lun, "mardi": mar, "mercredi": mer, "jeudi": jeu}
date_prevue = jour_map.get(s.pref_patch_jour, mer if is_prod else lun)
else:
date_prevue = mer if is_prod else lun
heure = s.pref_patch_heure if s.pref_patch_heure and s.pref_patch_heure != 'indifferent' else None
# Auto-assigner le default intervenant si defini
default_op = s.default_intervenant_id if hasattr(s, 'default_intervenant_id') else None
forced = True if default_op else False
db.execute(text("""
INSERT INTO patch_sessions (campaign_id, server_id, status, date_prevue, heure_prevue,
intervenant_id, forced_assignment, assigned_at)
VALUES (:cid, :sid, :st, :dp, :hp, :oid, :forced, CASE WHEN :oid IS NOT NULL THEN now() END)
ON CONFLICT (campaign_id, server_id) DO NOTHING
"""), {"cid": cid, "sid": s.id, "st": status, "dp": date_prevue, "hp": heure,
"oid": default_op, "forced": forced})
count = db.execute(text(
"SELECT COUNT(*) FROM patch_sessions WHERE campaign_id = :cid AND status != 'excluded'"
), {"cid": cid}).scalar()
db.execute(text("UPDATE campaigns SET total_servers = :c WHERE id = :cid"),
{"c": count, "cid": cid})
db.commit()
return cid
def exclude_session(db, session_id, reason, detail, username):
db.execute(text("""
UPDATE patch_sessions SET
status = 'excluded', exclusion_reason = :reason,
exclusion_detail = :detail, excluded_by = :by, excluded_at = now()
WHERE id = :id
"""), {"id": session_id, "reason": reason, "detail": detail, "by": username})
_recalc_total(db, session_id)
db.commit()
def restore_session(db, session_id):
db.execute(text("""
UPDATE patch_sessions SET
status = 'pending', exclusion_reason = NULL,
exclusion_detail = NULL, excluded_by = NULL, excluded_at = NULL
WHERE id = :id
"""), {"id": session_id})
_recalc_total(db, session_id)
db.commit()
def _recalc_total(db, session_id):
row = db.execute(text("SELECT campaign_id FROM patch_sessions WHERE id = :id"),
{"id": session_id}).fetchone()
if row:
count = db.execute(text(
"SELECT COUNT(*) FROM patch_sessions WHERE campaign_id = :cid AND status NOT IN ('excluded','cancelled')"
), {"cid": row.campaign_id}).scalar()
db.execute(text("UPDATE campaigns SET total_servers = :c WHERE id = :cid"),
{"c": count, "cid": row.campaign_id})
def assign_operator(db, session_id, operator_id, forced=False):
"""Assigne un operateur a un serveur"""
db.execute(text("""
UPDATE patch_sessions SET intervenant_id = :oid, assigned_at = now(),
forced_assignment = :forced
WHERE id = :id
"""), {"id": session_id, "oid": operator_id, "forced": forced})
db.commit()
def unassign_operator(db, session_id):
"""Desassigne un operateur"""
db.execute(text("""
UPDATE patch_sessions SET intervenant_id = NULL, assigned_at = NULL, forced_assignment = false
WHERE id = :id
"""), {"id": session_id})
db.commit()
def is_forced(db, session_id):
"""Verifie si l'assignation est forcee"""
row = db.execute(text("SELECT forced_assignment FROM patch_sessions WHERE id = :id"),
{"id": session_id}).fetchone()
return row.forced_assignment if row else False
def get_operator_count(db, campaign_id, operator_id):
"""Nombre de serveurs pris par un operateur dans cette campagne"""
return db.execute(text("""
SELECT COUNT(*) FROM patch_sessions
WHERE campaign_id = :cid AND intervenant_id = :oid AND status NOT IN ('excluded','cancelled')
"""), {"cid": campaign_id, "oid": operator_id}).scalar()
def get_operator_limit(db, campaign_id, operator_id):
"""Limite pour un operateur dans cette campagne (0=illimite)"""
row = db.execute(text("""
SELECT max_servers FROM campaign_operator_limits
WHERE campaign_id = :cid AND user_id = :uid
"""), {"cid": campaign_id, "uid": operator_id}).fetchone()
return row.max_servers if row else 0
def set_operator_limit(db, campaign_id, operator_id, max_servers, note=None):
"""Definit la limite pour un operateur dans cette campagne"""
db.execute(text("""
INSERT INTO campaign_operator_limits (campaign_id, user_id, max_servers, note)
VALUES (:cid, :uid, :max, :note)
ON CONFLICT (campaign_id, user_id) DO UPDATE SET max_servers = EXCLUDED.max_servers, note = EXCLUDED.note
"""), {"cid": campaign_id, "uid": operator_id, "max": max_servers, "note": note})
db.commit()
def get_campaign_operator_limits(db, campaign_id):
"""Retourne les limites de tous les operateurs pour une campagne"""
return db.execute(text("""
SELECT col.*, u.display_name
FROM campaign_operator_limits col
JOIN users u ON col.user_id = u.id
WHERE col.campaign_id = :cid ORDER BY u.display_name
"""), {"cid": campaign_id}).fetchall()
def update_session_schedule(db, session_id, date_prevue, heure_prevue):
"""Coordinateur ajuste la date/heure d'un serveur"""
db.execute(text("""
UPDATE patch_sessions SET date_prevue = :dp, heure_prevue = :hp
WHERE id = :id
"""), {"id": session_id, "dp": date_prevue or None, "hp": heure_prevue or None})
db.commit()
def validate_prereq(db, session_id, ssh, satellite, rollback, rollback_justif, username):
db.execute(text("""
UPDATE patch_sessions SET
prereq_ssh = :ssh, prereq_satellite = :sat,
rollback_method = :rb, rollback_justif = :rbj,
prereq_validated = CASE WHEN :ssh = 'ok' AND :sat = 'ok' AND :rb IS NOT NULL THEN true ELSE false END,
prereq_validated_by = :by, prereq_validated_at = now(), prereq_date = now()
WHERE id = :id
"""), {"id": session_id, "ssh": ssh, "sat": satellite,
"rb": rollback or None, "rbj": rollback_justif or None, "by": username})
db.commit()
def get_prereq_stats(db, campaign_id):
return db.execute(text("""
SELECT
COUNT(*) FILTER (WHERE status = 'pending') as total_pending,
COUNT(*) FILTER (WHERE status = 'pending' AND prereq_validated = true) as prereq_ok,
COUNT(*) FILTER (WHERE status = 'pending' AND prereq_validated = false AND prereq_date IS NOT NULL) as prereq_ko,
COUNT(*) FILTER (WHERE status = 'pending' AND prereq_date IS NULL) as prereq_todo,
COUNT(*) FILTER (WHERE status = 'pending' AND prereq_ssh = 'ok') as ssh_ok,
COUNT(*) FILTER (WHERE status = 'pending' AND prereq_satellite = 'ok') as sat_ok,
COUNT(*) FILTER (WHERE status = 'pending' AND rollback_method IS NOT NULL) as rollback_ok,
COUNT(*) FILTER (WHERE status = 'pending' AND prereq_disk_ok = true) as disk_ok
FROM patch_sessions WHERE campaign_id = :cid
"""), {"cid": campaign_id}).fetchone()
def can_plan_campaign(db, campaign_id):
pending_not_validated = db.execute(text("""
SELECT COUNT(*) FROM patch_sessions
WHERE campaign_id = :cid AND status = 'pending' AND prereq_validated = false
"""), {"cid": campaign_id}).scalar()
return pending_not_validated == 0
def update_campaign_status(db, campaign_id, new_status):
db.execute(text("UPDATE campaigns SET status = :s WHERE id = :id"),
{"s": new_status, "id": campaign_id})
db.commit()
Reference in New Issue View Git Blame Copy Permalink