hcq/openGauss-OM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v6.0.0
openGauss-OM/script/impl/perf_config/tuners/gucs/security.py
gentle_hu 137a8cffba support gs_perfconfig
2023-11-10 09:53:14 +08:00

125 lines
6.2 KiB
Python
Raw Permalink Blame History

#!/usr/bin/env python3
# -*- coding:utf-8 -*-
#############################################################################
# Copyright (c) 2023 Huawei Technologies Co.,Ltd.
#
# openGauss is licensed under Mulan PSL v2.
# You can use this software according to the terms
# and conditions of the Mulan PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
#
# http://license.coscl.org.cn/MulanPSL2
#
# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OF ANY KIND,
# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
# ----------------------------------------------------------------------------
# Description : gs_perfconfg is a utility to optimize system and database configure about openGauss
#############################################################################
from impl.perf_config.basic.project import Project
from impl.perf_config.basic.tuner import Tuner, TunerGroup
from impl.perf_config.basic.guc import GucMap, GUCTuneGroup
from impl.perf_config.probes.business import BsScenario
class SecurityGUC(GUCTuneGroup):
def __init__(self):
super(SecurityGUC, self).__init__()
# connect and timeout
self.authentication_timeout = self.bind('authentication_timeout')
self.auth_iteration_count = self.bind('auth_iteration_count')
self.session_authorization = self.bind('session_authorization')
self.session_timeout = self.bind('session_timeout')
self.idle_in_transaction_session_timeout = self.bind('idle_in_transaction_session_timeout')
# ssl
self.ssl = self.bind('ssl')
self.require_ssl = self.bind('require_ssl')
self.ssl_ciphers = self.bind('ssl_ciphers')
self.ssl_renegotiation_limit = self.bind('ssl_renegotiation_limit')
self.ssl_cert_file = self.bind('ssl_cert_file')
self.ssl_key_file = self.bind('ssl_key_file')
self.ssl_ca_file = self.bind('ssl_ca_file')
self.ssl_crl_file = self.bind('ssl_crl_file')
# krb
self.krb_server_keyfile = self.bind('krb_server_keyfile')
self.krb_srvname = self.bind('krb_srvname')
self.krb_caseins_users = self.bind('krb_caseins_users')
# password
self.password_policy = self.bind('password_policy')
self.password_reuse_time = self.bind('password_reuse_time')
self.password_reuse_max = self.bind('password_reuse_max')
self.password_lock_time = self.bind('password_lock_time')
self.password_encryption_type = self.bind('password_encryption_type')
self.password_min_length = self.bind('password_min_length')
self.password_max_length = self.bind('password_max_length')
self.password_min_uppercase = self.bind('password_min_uppercase')
self.password_min_lowercase = self.bind('password_min_lowercase')
self.password_min_digital = self.bind('password_min_digital')
self.password_min_special = self.bind('password_min_special')
self.password_effect_time = self.bind('password_effect_time')
self.password_notify_time = self.bind('password_notify_time')
self.modify_initial_password = self.bind('modify_initial_password')
# config
self.failed_login_attempts = self.bind('failed_login_attempts')
self.elastic_search_ip_addr = self.bind('elastic_search_ip_addr')
self.enable_security_policy = self.bind('enable_security_policy')
self.use_elastic_search = self.bind('use_elastic_search')
self.is_sysadmin = self.bind('is_sysadmin')
self.enable_tde = self.bind('enable_tde')
self.tde_cmk_id = self.bind('tde_cmk_id')
self.block_encryption_mode = self.bind('block_encryption_mode')
self.enableSeparationOfDuty = self.bind('enableSeparationOfDuty')
self.enable_nonsysadmin_execute_direct = self.bind('enable_nonsysadmin_execute_direct')
self.enable_access_server_directory = self.bind('enable_access_server_directory')
def calculate(self):
infos = Project.getGlobalPerfProbe()
if infos.business.scenario == BsScenario.TP_PERFORMANCE:
self.ssl.turn_off()
self.enable_security_policy.turn_off()
self.use_elastic_search.turn_off()
self.enable_tde.turn_off()
self.enableSeparationOfDuty.turn_off()
class AuditGUC(GUCTuneGroup):
def __init__(self):
super(AuditGUC, self).__init__()
self.audit_enabled = self.bind('audit_enabled')
self.audit_directory = self.bind('audit_directory')
self.audit_data_format = self.bind('audit_data_format')
self.audit_rotation_interval = self.bind('audit_rotation_interval')
self.audit_rotation_size = self.bind('audit_rotation_size')
self.audit_resource_policy = self.bind('audit_resource_policy')
self.audit_file_remain_time = self.bind('audit_file_remain_time')
self.audit_space_limit = self.bind('audit_space_limit')
self.audit_file_remain_threshold = self.bind('audit_file_remain_threshold')
self.audit_thread_num = self.bind('audit_thread_num')
self.audit_login_logout = self.bind('audit_login_logout')
self.audit_database_process = self.bind('audit_database_process')
self.audit_user_locked = self.bind('audit_user_locked')
self.audit_user_violation = self.bind('audit_user_violation')
self.audit_grant_revoke = self.bind('audit_grant_revoke')
self.full_audit_users = self.bind('full_audit_users')
self.no_audit_client = self.bind('no_audit_client')
self.audit_system_object = self.bind('audit_system_object')
self.audit_dml_state = self.bind('audit_dml_state')
self.audit_dml_state_select = self.bind('audit_dml_state_select')
self.audit_function_exec = self.bind('audit_function_exec')
self.audit_system_function_exec = self.bind('audit_system_function_exec')
self.audit_copy_exec = self.bind('audit_copy_exec')
self.audit_set_parameter = self.bind('audit_set_parameter')
self.audit_xid_info = self.bind('audit_xid_info')
def calculate(self):
infos = Project.getGlobalPerfProbe()
if infos.business.scenario == BsScenario.TP_PERFORMANCE:
self.audit_enabled.turn_off()
Reference in New Issue View Git Blame Copy Permalink