From d2aa6dee359b04115ab4b0e5cfb4b2a5bb82ff19 Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Thu, 3 Aug 2023 15:03:25 +0800
Subject: [PATCH 01/17] =?UTF-8?q?feature:=20=E5=9B=BD=E5=AF=86=E6=94=B9?=
 =?UTF-8?q?=E9=80=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/default.py                             | 36 ++++++++++++++++++
 config/sites/community/ver_settings.py        | 23 +++++++++++-
 config/sites/enterprise/ver_settings.py       | 25 ++++++++++++-
 env.py                                        |  4 ++
 env_v2.py                                     |  2 +
 env_v3.py                                     |  2 +
 .../desktop/src/assets/html/index-dev.html    |  3 ++
 frontend/desktop/src/assets/html/index.html   |  3 ++
 gcloud/core/context_processors.py             | 11 +++++-
 gcloud/utils/crypto.py                        | 37 ++++++++++++++++++-
 .../atoms/nodeman/create_task/v4_0.js         |  2 +
 pipeline_plugins/components/utils/common.py   | 16 +-------
 .../variables/collections/common.py           | 13 ++++---
 requirements.txt                              |  1 +
 14 files changed, 153 insertions(+), 25 deletions(-)

diff --git a/config/default.py b/config/default.py
index 8c01f8bdd3..5d302cd9e9 100644
--- a/config/default.py
+++ b/config/default.py
@@ -16,6 +16,8 @@
 from urllib.parse import urlparse
 
 from bamboo_engine.config import Settings as BambooSettings
+from bkcrypto.asymmetric.options import RSAAsymmetricOptions
+from bkcrypto.symmetric.options import AESSymmetricOptions, SM4SymmetricOptions
 from blueapps.conf.default_settings import *  # noqa
 from blueapps.conf.log import get_logging_config_dict
 from blueapps.opentelemetry.utils import inject_logging_trace_info
@@ -25,6 +27,8 @@
 import env
 from gcloud.exceptions import ApiRequestError
 
+from bkcrypto import constants as bkcrypto_constants
+
 # 这里是默认的 INSTALLED_APPS，大部分情况下，不需要改动
 # 如果你已经了解每个默认 APP 的作用，确实需要去掉某些 APP，请去掉下面的注释，然后修改
 # INSTALLED_APPS = (
@@ -789,3 +793,35 @@ def check_engine_admin_permission(request, *args, **kwargs):
 
 
 PIPELINE_ENGINE_ADMIN_API_PERMISSION = "config.default.check_engine_admin_permission"
+
+
+BKCRYPTO = {
+    "ASYMMETRIC_CIPHERS": {
+        "default": {
+            "get_key_config": "gcloud.utils.crypto.get_default_asymmetric_key_config",
+            "cipher_options": {
+                bkcrypto_constants.AsymmetricCipherType.RSA.value: RSAAsymmetricOptions(
+                    padding=bkcrypto_constants.RSACipherPadding.PKCS1_v1_5
+                )
+            },
+        },
+    },
+}
+
+# 加密
+if env.BKAPP_CRYPTO_TYPE == "SHANGMI":
+    BKCRYPTO_ASYMMETRIC_CIPHER_TYPE = bkcrypto_constants.AsymmetricCipherType.SM2.value
+    BKCRYPTO.update(
+        {
+            "ASYMMETRIC_CIPHER_TYPE": BKCRYPTO_ASYMMETRIC_CIPHER_TYPE,
+            "SYMMETRIC_CIPHER_TYPE": bkcrypto_constants.SymmetricCipherType.SM4.value,
+        }
+    )
+else:
+    BKCRYPTO_ASYMMETRIC_CIPHER_TYPE = bkcrypto_constants.AsymmetricCipherType.RSA.value
+    BKCRYPTO.update(
+        {
+            "ASYMMETRIC_CIPHER_TYPE": BKCRYPTO_ASYMMETRIC_CIPHER_TYPE,
+            "SYMMETRIC_CIPHER_TYPE": bkcrypto_constants.SymmetricCipherType.AES.value,
+        }
+    )
diff --git a/config/sites/community/ver_settings.py b/config/sites/community/ver_settings.py
index f799638d9a..307c7af1ba 100644
--- a/config/sites/community/ver_settings.py
+++ b/config/sites/community/ver_settings.py
@@ -37,7 +37,6 @@
 LOah9mmRwLJdcfa3Js+jw2lOCmxzqauYZHVHg/hH7g==
 -----END RSA PRIVATE KEY-----
 """
-RSA_PRIV_KEY = base64.b64decode(env.RSA_PRIV_KEY).decode("utf-8") if env.RSA_PRIV_KEY else DEFAULT_RSA_PRIV_KEY
 
 # PUB_KEY for frontend, which can not use three quotes
 DEFAULT_RSA_PUB_KEY = (
@@ -49,8 +48,30 @@
     + "-----END PUBLIC KEY-----"
 )
 
+RSA_PRIV_KEY = base64.b64decode(env.RSA_PRIV_KEY).decode("utf-8") if env.RSA_PRIV_KEY else DEFAULT_RSA_PRIV_KEY
 RSA_PUB_KEY = base64.b64decode(env.RSA_PUB_KEY).decode("utf-8") if env.RSA_PUB_KEY else DEFAULT_RSA_PUB_KEY
 
+
+DEFAULT_SM2_PRIV_KEY = """
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEICI+zMQDiQ5/xXmnGxGqLSD++Cp+I601cIFLKRd2yrGBoAoGCCqBHM9V
+AYItoUQDQgAE95+i3TAfODAzb9QhJmyUmxH/HocisveqkrafHJ25NO/uCtkb2yXH
+vrZcCDmoxeO+z5vp88jN/ulVsl9qEqm6vQ==
+-----END EC PRIVATE KEY-----
+"""
+
+
+DEFAULT_SM2_PUB_KEY = (
+    "-----BEGIN PUBLIC KEY-----\\n"
+    + "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE95+i3TAfODAzb9QhJmyUmxH/Hoci\\n"
+    + "sveqkrafHJ25NO/uCtkb2yXHvrZcCDmoxeO+z5vp88jN/ulVsl9qEqm6vQ==\\n"
+    + "-----END PUBLIC KEY-----"
+)
+
+
+SM2_PRIV_KEY = base64.b64decode(env.RSA_PRIV_KEY).decode("utf-8") if env.RSA_PRIV_KEY else DEFAULT_RSA_PRIV_KEY
+SM2_PUB_KEY = base64.b64decode(env.RSA_PUB_KEY).decode("utf-8") if env.RSA_PUB_KEY else DEFAULT_SM2_PUB_KEY
+
 # APIGW Auth
 APIGW_APP_CODE_KEY = "bk_app_code"
 APIGW_USER_USERNAME_KEY = "bk_username"
diff --git a/config/sites/enterprise/ver_settings.py b/config/sites/enterprise/ver_settings.py
index 4270ab010c..d109cf0de2 100644
--- a/config/sites/enterprise/ver_settings.py
+++ b/config/sites/enterprise/ver_settings.py
@@ -37,7 +37,6 @@
 T8ow3nMSbvx5X28wOjbk04tmfM/kVqcVhFWhDHjHZzlt
 -----END RSA PRIVATE KEY-----
 """
-RSA_PRIV_KEY = base64.b64decode(env.RSA_PRIV_KEY).decode("utf-8") if env.RSA_PRIV_KEY else DEFAULT_RSA_PRIV_KEY
 
 # PUB_KEY for frontend, which can not use three quotes
 DEFAULT_RSA_PUB_KEY = (
@@ -48,7 +47,31 @@
     + "iymoAVK67gfTOTvckQIDAQAB\\n"
     + "-----END PUBLIC KEY-----"
 )
+
 RSA_PUB_KEY = base64.b64decode(env.RSA_PUB_KEY).decode("utf-8") if env.RSA_PUB_KEY else DEFAULT_RSA_PUB_KEY
+RSA_PRIV_KEY = base64.b64decode(env.RSA_PRIV_KEY).decode("utf-8") if env.RSA_PRIV_KEY else DEFAULT_RSA_PRIV_KEY
+
+
+DEFAULT_SM2_PRIV_KEY = """
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIn5SYKHr3+m/XyC/ECzDJYuwUoTQHDUkIueKFXTjhSBoAoGCCqBHM9V
+AYItoUQDQgAEYxBE08d8yEEK2+DZ7F5RsNrUvCZ578lkYsXFDC1fW2IcRecNz8LG
+ZWSZGFfgYMeK1f3fIuYBAJVuna/V3FP4tA==
+-----END EC PRIVATE KEY-----
+"""
+
+
+DEFAULT_SM2_PUB_KEY = (
+    "-----BEGIN PUBLIC KEY-----\\n"
+    + "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEYxBE08d8yEEK2+DZ7F5RsNrUvCZ5\\n"
+    + "78lkYsXFDC1fW2IcRecNz8LGZWSZGFfgYMeK1f3fIuYBAJVuna/V3FP4tA==\\n"
+    + "-----END PUBLIC KEY-----"
+)
+
+
+SM2_PRIV_KEY = base64.b64decode(env.SM2_PRIV_KEY).decode("utf-8") if env.SM2_PRIV_KEY else DEFAULT_SM2_PRIV_KEY
+SM2_PUB_KEY = base64.b64decode(env.SM2_PUB_KEY).decode("utf-8") if env.SM2_PUB_KEY else DEFAULT_SM2_PUB_KEY
+
 
 # APIGW Auth
 APIGW_APP_CODE_KEY = "bk_app_code"
diff --git a/env.py b/env.py
index f77124aabd..43db006dd3 100644
--- a/env.py
+++ b/env.py
@@ -108,3 +108,7 @@
 
 # 获取 PaaS 注入的蓝鲸域名
 BKPAAS_BK_DOMAIN = os.getenv("BKPAAS_BK_DOMAIN", "") or os.getenv("BK_DOMAIN", "")
+
+
+# 获取加密类型
+BKAPP_CRYPTO_TYPE = os.getenv("BK_CRYPTO_TYPE") or os.getenv("BKAPP_CRYPTO_TYPE") or "CLASSIC"
diff --git a/env_v2.py b/env_v2.py
index 1e1c3d88d2..5d772a65cd 100644
--- a/env_v2.py
+++ b/env_v2.py
@@ -136,6 +136,8 @@
 # RSA KEYS, 保存的是密钥的base64加密形式, 使用base64.b64encode(KEY.encode("utf-8"))进行处理后保存为环境变量
 RSA_PRIV_KEY = os.getenv("BKAPP_RSA_PRIV_KEY", None)
 RSA_PUB_KEY = os.getenv("BKAPP_RSA_PUB_KEY", None)
+SM2_PRIV_KEY = os.getenv("BKAPP_SM2_PRIV_KEY", None)
+SM2_PUB_KEY = os.getenv("BKAPP_SM2_PUB_KEY", None)
 
 # 单业务下最大周期任务数量
 PERIODIC_TASK_PROJECT_MAX_NUMBER = int(os.getenv("BKAPP_PERIODIC_TASK_PROJECT_MAX_NUMBER", 50))
diff --git a/env_v3.py b/env_v3.py
index a3132e3f4a..44a0965753 100644
--- a/env_v3.py
+++ b/env_v3.py
@@ -167,6 +167,8 @@
 # RSA KEYS, 保存的是密钥的base64加密形式, 使用base64.b64encode(KEY.encode("utf-8"))进行处理后保存为环境变量
 RSA_PRIV_KEY = os.getenv("BKAPP_RSA_PRIV_KEY", None)
 RSA_PUB_KEY = os.getenv("BKAPP_RSA_PUB_KEY", None)
+SM2_PRIV_KEY = os.getenv("BKAPP_SM2_PRIV_KEY", None)
+SM2_PUB_KEY = os.getenv("BKAPP_SM2_PUB_KEY", None)
 
 # 单业务下最大周期任务数量
 PERIODIC_TASK_PROJECT_MAX_NUMBER = int(os.getenv("BKAPP_PERIODIC_TASK_PROJECT_MAX_NUMBER", 50))
diff --git a/frontend/desktop/src/assets/html/index-dev.html b/frontend/desktop/src/assets/html/index-dev.html
index 3723ea0d09..27058461c2 100644
--- a/frontend/desktop/src/assets/html/index-dev.html
+++ b/frontend/desktop/src/assets/html/index-dev.html
@@ -32,6 +32,9 @@
         // 是否开启导入 V1 模板的入口
         var IMPORT_V1_FLAG = Number('0');
         var RSA_PUB_KEY = '';
+        var ASYMMETRIC_CIPHER_TYPE = '';
+        var ASYMMETRIC_PUBLIC_KEY = '';
+        var ASYMMETRIC_PREFIX = '';
         var APP_CODE = 'bk_sops';
         var FILE_UPLOAD_ENTRY = '/package/upload/';
         var MAX_NODE_EXECUTE_TIMEOUT = 6000;
diff --git a/frontend/desktop/src/assets/html/index.html b/frontend/desktop/src/assets/html/index.html
index f0ef4bcb16..829cbe110d 100644
--- a/frontend/desktop/src/assets/html/index.html
+++ b/frontend/desktop/src/assets/html/index.html
@@ -42,6 +42,9 @@
         // 是否开启导入 V1 模板的入口
         var IMPORT_V1_FLAG ={{import_v1_flag}};
         var RSA_PUB_KEY = '{{RSA_PUB_KEY}}';
+        var ASYMMETRIC_CIPHER_TYPE = '{{ASYMMETRIC_CIPHER_TYPE}}';
+        var ASYMMETRIC_PUBLIC_KEY = '{{ASYMMETRIC_PUBLIC_KEY}}';
+        var ASYMMETRIC_PREFIX = '{{ASYMMETRIC_PREFIX}}';
         var APP_CODE = '{{APP_CODE}}';
         var FILE_UPLOAD_ENTRY = '{{FILE_UPLOAD_ENTRY}}';
         var MEMBER_SELECTOR_DATA_HOST = '{{MEMBER_SELECTOR_DATA_HOST}}';
diff --git a/gcloud/core/context_processors.py b/gcloud/core/context_processors.py
index c3d1720bc1..e7b14a986a 100644
--- a/gcloud/core/context_processors.py
+++ b/gcloud/core/context_processors.py
@@ -13,9 +13,10 @@
 context_processor for common(setting)
 ** 除setting外的其他context_processor内容，均采用组件的方式(string)
 """
-
+import json
 import logging
 
+from bkcrypto.asymmetric.configs import KeyConfig as AsymmetricKeyConfig
 from django.utils.translation import ugettext_lazy as _
 
 import env
@@ -23,6 +24,7 @@
 from gcloud.core.api_adapter import is_user_auditor, is_user_functor
 from gcloud.core.models import EnvironmentVariables
 from gcloud.core.project import get_default_project_for_user
+from gcloud.utils.crypto import get_default_asymmetric_key_config
 
 logger = logging.getLogger("root")
 
@@ -56,6 +58,9 @@ def mysetting(request):
     project_timezone = request.session.get("blueking_timezone", settings.TIME_ZONE)
     cur_pos = get_cur_pos_from_url(request)
     frontend_entry_url = "{}bk_sops".format(settings.STATIC_URL) if settings.RUN_VER == "open" else "/static/bk_sops"
+    default_asymmetric_key_config: AsymmetricKeyConfig = get_default_asymmetric_key_config(
+        settings.BKCRYPTO_ASYMMETRIC_CIPHER_TYPE
+    )
     ctx = {
         "MEDIA_URL": settings.MEDIA_URL,  # MEDIA_URL
         "STATIC_URL": settings.STATIC_URL,  # 本地静态文件访问
@@ -90,6 +95,10 @@ def mysetting(request):
         "NICK": request.user.username,  # 用户昵称
         "AVATAR": request.session.get("avatar", ""),  # 用户头像
         "CUR_POS": cur_pos,
+        "ASYMMETRIC_CIPHER_TYPE": settings.BKCRYPTO_ASYMMETRIC_CIPHER_TYPE,
+        "ASYMMETRIC_PUBLIC_KEY": json.dumps(default_asymmetric_key_config.public_key_string)[1:-1],
+        "ASYMMETRIC_PREFIX": f"{settings.BKCRYPTO_ASYMMETRIC_CIPHER_TYPE.lower()}_str:::",
+        # TODO 等待移除
         "RSA_PUB_KEY": settings.RSA_PUB_KEY,
         "STATIC_VER": settings.STATIC_VER[settings.RUN_MODE],
         "import_v1_flag": 1 if settings.IMPORT_V1_TEMPLATE_FLAG else 0,
diff --git a/gcloud/utils/crypto.py b/gcloud/utils/crypto.py
index b50266cbde..822a44446d 100644
--- a/gcloud/utils/crypto.py
+++ b/gcloud/utils/crypto.py
@@ -11,10 +11,44 @@
 specific language governing permissions and limitations under the License.
 """
 import base64
+import json
 
+from bkcrypto import constants as crypto_constants
+from bkcrypto.asymmetric.configs import KeyConfig as AsymmetricKeyConfig
+from Crypto import Util
 from Crypto.Cipher import PKCS1_v1_5 as PKCS1_v1_5_cipher
 from Crypto.PublicKey import RSA
-from Crypto import Util
+from django.conf import settings
+
+
+def get_default_asymmetric_key_config(cipher_type: str) -> AsymmetricKeyConfig:
+    """
+    获取项目默认非对称加密配置
+    :param cipher_type:
+    :return:
+    """
+
+    if cipher_type == crypto_constants.AsymmetricCipherType.SM2.value:
+        private_key_string: str = settings.SM2_PRIV_KEY
+        public_key_string: str = json.loads(f'"{settings.SM2_PUB_KEY}"')
+    elif cipher_type == crypto_constants.AsymmetricCipherType.RSA.value:
+        private_key_string: str = settings.RSA_PRIV_KEY
+        public_key_string: str = json.loads(f'"{settings.RSA_PUB_KEY}"')
+    else:
+        raise NotImplementedError(f"cipher_type -> {cipher_type}")
+
+    return AsymmetricKeyConfig(
+        private_key_string=private_key_string.strip("\n"), public_key_string=public_key_string.strip("\n")
+    )
+
+
+def get_nodeman_asymmetric_key_config(cipher_type: str) -> AsymmetricKeyConfig:
+    """
+    获取节点管理非对称加密配置
+    :param cipher_type:
+    :return:
+    """
+    pass
 
 
 def _get_block_size(key_obj, is_encrypt=True) -> int:
@@ -68,6 +102,7 @@ def decrypt_auth_key(encrypt_message, private_key):
     @param private_key: rsa私钥
     @return: 解密后的信息
     """
+    # TODO 要改的
     decrypt_message_bytes = b""
     private_key_obj = RSA.importKey(private_key.strip("\n"))
     encrypt_message_bytes = base64.b64decode(encrypt_message)
diff --git a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
index d0457cf9bf..cd1f2d3668 100644
--- a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
+++ b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
@@ -502,6 +502,8 @@
                                 {
                                     tag_code: "auth_key",
                                     type: "textarea",
+                                    // TODO 能不能加一个动态选项？如果具有加密前缀，默认展示 * 脱敏
+                                    // TODO 如果重新输入保存，可以拉公钥去做加密
                                     attrs: {
                                         name: gettext("认证密钥"),
                                         width: "400px",
diff --git a/pipeline_plugins/components/utils/common.py b/pipeline_plugins/components/utils/common.py
index eb29058bea..35a15c8ccd 100644
--- a/pipeline_plugins/components/utils/common.py
+++ b/pipeline_plugins/components/utils/common.py
@@ -11,15 +11,13 @@
 specific language governing permissions and limitations under the License.
 """
 import logging
+import random
 import re
 import time
-import random
 from copy import deepcopy
 
 from django.utils.translation import ugettext_lazy as _
 
-from pipeline.conf import settings
-from pipeline.utils.crypt import rsa_decrypt_password
 from api.utils.thread import ThreadPool
 
 logger = logging.getLogger("root")
@@ -43,18 +41,6 @@ def loose_strip(data):
         return data
 
 
-def try_decrypt_password(password):
-    """
-    @summary: 尝试解密操作，成功返回明文密码，错误则说明用户使用明文的密码，返回
-    @param password:
-    @return:
-    """
-    try:
-        return rsa_decrypt_password(password, settings.RSA_PRIV_KEY)
-    except Exception:
-        return password
-
-
 def chunk_table_data(column_dict, break_line):
     """
     @summary: 表格参数值支持以break_line为分隔符分隔的多条数据，对一行数据，当有一列有多条数据时（包含换行符），其他列要么也有相等个数的
diff --git a/pipeline_plugins/variables/collections/common.py b/pipeline_plugins/variables/collections/common.py
index 4e8d6494b7..1090af6caa 100644
--- a/pipeline_plugins/variables/collections/common.py
+++ b/pipeline_plugins/variables/collections/common.py
@@ -12,23 +12,23 @@
 """
 
 import datetime
-import logging
 import json
+import logging
 from typing import List
 
 from django.conf import settings
-from django.utils.translation import ugettext_lazy as _
 from django.utils import timezone
+from django.utils.translation import ugettext_lazy as _
+from pipeline.core.data.var import LazyVariable, RegisterVariableMeta, SpliceVariable
+from pipeline.core.flow.io import IntItemSchema, StringItemSchema
 
+from gcloud.conf import settings as gcloud_settings
 from gcloud.constants import Type
 from gcloud.core.models import StaffGroupSet
 from gcloud.exceptions import ApiRequestError
 from gcloud.utils.cmdb import get_notify_receivers
-from gcloud.conf import settings as gcloud_settings
-from pipeline.core.data.var import SpliceVariable, LazyVariable, RegisterVariableMeta
-from pipeline.core.flow.io import StringItemSchema, IntItemSchema
 from pipeline_plugins.base.utils.inject import supplier_account_for_business
-from pipeline_plugins.variables.base import SelfExplainVariable, FieldExplain
+from pipeline_plugins.variables.base import FieldExplain, SelfExplainVariable
 
 logger = logging.getLogger("root")
 get_client_by_user = gcloud_settings.ESB_GET_CLIENT_BY_USER
@@ -92,6 +92,7 @@ def _self_explain(cls, **kwargs) -> List[FieldExplain]:
 
 
 class Password(LazyVariable, SelfExplainVariable):
+    # TODO 需要改的
     code = "password"
     name = _("密码")
     type = "general"
diff --git a/requirements.txt b/requirements.txt
index 48efaa1641..4959f8957d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -19,6 +19,7 @@ django-nose==1.4.5
 coverage==4.5.1
 python-magic==0.4.15
 cryptography==3.3.2
+bk-crypto-python-sdk==1.0.4
 gitdb2==2.0.6
 GitPython==2.1.11
 PyJWT==1.7.1

From b985013d92c595e83dd922374280b6f62a1597c0 Mon Sep 17 00:00:00 2001
From: Luo Fan <44999219+luofann@users.noreply.github.com>
Date: Fri, 4 Aug 2023 17:42:40 +0800
Subject: [PATCH 02/17] =?UTF-8?q?feature:=20=E6=A0=87=E5=87=86=E6=8F=92?=
 =?UTF-8?q?=E4=BB=B6=E5=89=8D=E7=AB=AF=E5=9B=BD=E5=AF=86=E6=94=B9=E9=80=A0?=
 =?UTF-8?q?=20(#6965)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/develop/tag_usage_dev.md                 |   1 +
 en_docs/develop/tag_usage_dev.md              |   2 +
 frontend/desktop/package.json                 |   3 +-
 .../components/common/RenderForm/FormItem.vue |  10 +-
 .../common/RenderForm/RenderForm.vue          |  10 +-
 .../common/RenderForm/tags/TagPassword.vue    | 197 +++++++++++++-----
 frontend/desktop/src/config/i18n/cn.js        |   4 +-
 frontend/desktop/src/config/i18n/en.js        |   4 +-
 frontend/desktop/src/store/index.js           |   1 -
 9 files changed, 177 insertions(+), 55 deletions(-)

diff --git a/docs/develop/tag_usage_dev.md b/docs/develop/tag_usage_dev.md
index 2c43424dab..2f1451f674 100644
--- a/docs/develop/tag_usage_dev.md
+++ b/docs/develop/tag_usage_dev.md
@@ -313,6 +313,7 @@ ip 选择器，支持静态 ip 或动态 ip 的单选和多选。
 
   - `pubKey`: 加密公钥
   - `disabled`：设置是否禁用组件
+  - `canUseVar`: 是否可以使用全局变量，默认为true
   - `value`：加密后的密码值
 
 **方法**
diff --git a/en_docs/develop/tag_usage_dev.md b/en_docs/develop/tag_usage_dev.md
index c79e80508f..cc9649b9a7 100644
--- a/en_docs/develop/tag_usage_dev.md
+++ b/en_docs/develop/tag_usage_dev.md
@@ -313,7 +313,9 @@ Password input box.
 
 **Attributes**
 
+  - `pubKey`: crypto public key
   - `disabled`: set whether this component is disabled.
+  - `canUseVar`: whether global variables can be used, which defaults to true
   - `value`: the encrypted password value
 
 **Methods**
diff --git a/frontend/desktop/package.json b/frontend/desktop/package.json
index 3fff3b3e8f..475b52a17d 100644
--- a/frontend/desktop/package.json
+++ b/frontend/desktop/package.json
@@ -12,8 +12,9 @@
   "license": "ISC",
   "dependencies": {
     "@blueking/bkcharts": "^2.0.11-alpha.5",
-    "@blueking/user-selector": "^1.0.5-beta.2",
     "@blueking/bkui-form": "0.0.35",
+    "@blueking/crypto-js-sdk": "0.0.5",
+    "@blueking/user-selector": "^1.0.5-beta.2",
     "@vue/babel-preset-jsx": "^1.3.0",
     "ajv": "^6.10.2",
     "art-template": "^4.13.0",
diff --git a/frontend/desktop/src/components/common/RenderForm/FormItem.vue b/frontend/desktop/src/components/common/RenderForm/FormItem.vue
index da957c04b7..92a8f2a1f5 100644
--- a/frontend/desktop/src/components/common/RenderForm/FormItem.vue
+++ b/frontend/desktop/src/components/common/RenderForm/FormItem.vue
@@ -369,7 +369,6 @@
                     case 'radio':
                     case 'text':
                     case 'datetime':
-                    case 'password':
                     case 'memberSelector':
                     case 'logDisplay':
                     case 'code_editor':
@@ -465,6 +464,15 @@
                             }
                         }
                         break
+                    case 'password':
+                        valueFormat = {
+                            type: ['String', 'Object'],
+                            value: {
+                                tag: 'value',
+                                value: ''
+                            }
+                        }
+                        break
                     default:
                         valueFormat = {
                             type: 'String',
diff --git a/frontend/desktop/src/components/common/RenderForm/RenderForm.vue b/frontend/desktop/src/components/common/RenderForm/RenderForm.vue
index 0a6a6467c6..8404f68c22 100644
--- a/frontend/desktop/src/components/common/RenderForm/RenderForm.vue
+++ b/frontend/desktop/src/components/common/RenderForm/RenderForm.vue
@@ -233,7 +233,6 @@
                         case 'radio':
                         case 'text':
                         case 'datetime':
-                        case 'password':
                         case 'member_selector':
                         case 'section':
                         case 'code_editor':
@@ -291,6 +290,15 @@
                                 separator: ','
                             }
                             break
+                        case 'password':
+                            val = {
+                                type: 'object',
+                                value: {
+                                    tag: 'value',
+                                    value: ''
+                                }
+                            }
+                            break
                         default:
                             val = ''
                     }
diff --git a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
index 23a4efe4ff..863b55d139 100644
--- a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
+++ b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
@@ -11,25 +11,32 @@
 */
 <template>
     <div class="tag-password">
-        <div v-if="formMode">
-            <el-input
+        <div v-if="formMode" class="password-edit-wrapper">
+            <bk-select v-if="canUseVar" slot="prepend" class="select-type" :clearable="false" :value="localVal.tag" @selected="handleSelectType">
+                <bk-option id="value" :name="$t('password_手动输入')"></bk-option>
+                <bk-option id="variable" :name="$t('password_使用密码变量')"></bk-option>
+            </bk-select>
+            <input
+                v-if="localVal.tag === 'value'"
+                class="value-input"
                 type="password"
-                :disabled="!editable || disabled"
-                :placeholder="i18n.placeholder"
-                v-model="password"
-                @focus="clearPassword"
-                @blur="encryptPassword">
-            </el-input>
+                :value="inputText"
+                :placeholder="inputPlaceholder"
+                @input="handleInput"
+                @focus="handleFocus"
+                @blur="handleBlur" />
+            <bk-select v-else class="select-var" :value="localVal.value" @selected="handleSelectVariable">
+                <bk-option v-for="item in variables" :key="item.id" :id="item.id" :name="item.name"></bk-option>
+            </bk-select>
             <span v-show="!validateInfo.valid" class="common-error-tip error-info">{{validateInfo.message}}</span>
         </div>
-        <span v-else class="rf-view-value">{{(value.password === 'undefined' || value.password === '') ? '--' : passwordPlaceholder}}</span>
+        <span v-else class="rf-view-value">{{(value.password === 'undefined' || value.password === '') ? '--' : '******'}}</span>
     </div>
 </template>
-
 <script>
+    import cryptoJsSdk from '@blueking/crypto-js-sdk'
     import '@/utils/i18n.js'
     import i18n from '@/config/i18n/index.js'
-    import { mapState } from 'vuex'
     import EncryptRSA from '@/utils/encryptRSA.js'
     import { getFormMixins } from '../formMixins.js'
 
@@ -39,6 +46,11 @@
             required: false,
             default: ''
         },
+        canUseVar: {
+            type: Boolean,
+            required: false,
+            default: true
+        },
         disabled: {
             type: Boolean,
             required: false,
@@ -46,67 +58,154 @@
             desc: i18n.t('禁用组件')
         },
         value: {
-            type: [String, Boolean],
+            type: [String, Object],
             required: false,
             default: ''
         }
     }
+
     export default {
         name: 'TagPassword',
         mixins: [getFormMixins(attrs)],
         data () {
             return {
-                encrypted: false,
-                passwordPlaceholder: '*****',
-                i18n: {
-                    placeholder: i18n.t('要修改密码请点击后重新输入密码')
-                }
+                localVal: {
+                    tag: 'value',
+                    value: ''
+                },
+                inputText: '',
+                inputPlaceholder: '',
+                ASYMMETRIC_CIPHER_TYPE: window.ASYMMETRIC_CIPHER_TYPE,
+                ASYMMETRIC_PUBLIC_KEY: window.ASYMMETRIC_PUBLIC_KEY,
+                ASYMMETRIC_PREFIX: window.ASYMMETRIC_PREFIX
             }
         },
         computed: {
-            ...mapState({
-                'rsa_pub_key': state => state.rsa_pub_key
-            }),
-            password: {
-                get () {
-                    return this.encrypted ? this.tempValue : this.value
+            variables () {
+                const constants = $.context.getConstants() || {}
+                return Object.keys(constants).filter(key => {
+                    const item = constants[key]
+                    return item.custom_type === 'password' && key !== this.tagCode
+                }).map(key => {
+                    const item = constants[key]
+                    return { id: key, name: item.name }
+                })
+            }
+        },
+        watch: {
+            value: {
+                handler (val) {
+                    if (Object.prototype.toString.call(val) === '[object Object]') {
+                        this.localVal = { ...val }
+                    } else {
+                        this.localVal = {
+                            tag: 'value',
+                            value: val
+                        }
+                    }
                 },
-                set (val) {
-                    this.tempValue = val
-                    this.updateForm(val)
-                }
+                immediate: true
+            }
+        },
+        mounted () {
+            if (this.localVal?.tag === 'value') {
+                this.inputText = this.localVal.value ? '******' : ''
             }
         },
         methods: {
-            _tag_init () {
-                if (this.value) {
-                    this.encrypted = true
-                    this.tempValue = this.passwordPlaceholder
+            handleSelectType (val) {
+                this.localVal = {
+                    tag: val,
+                    value: ''
                 }
+                this.inputText = ''
+                this.change()
             },
-            clearPassword () {
-                this.password = ''
-                this.tempValue = ''
-                this.encrypted = false
+            handleInput (e) {
+                this.localVal.value = e.target.value
+                this.inputPlaceholder = ''
+            },
+            handleFocus () {
+                if (this.localVal.value.length > 0) {
+                    this.inputPlaceholder = i18n.t('要修改密码请点击后重新输入密码')
+                }
+                this.localVal.value = ''
+                this.inputText = ''
+                this.change()
+            },
+            // 输入框失焦后执行加密逻辑
+            handleBlur () {
+                this.inputText = this.localVal.value
+                const encryptedVal = this.encryptPassword()
+                this.localVal.value = encryptedVal
+                this.change()
+            },
+            handleSelectVariable (val) {
+                this.localVal.value = val
+                this.change()
             },
             encryptPassword () {
-                let val
-                const pubKey = this.pubKey || this.rsa_pub_key
-                if (this.password === this.passwordPlaceholder) {
-                    return
+                if (!this.localVal.value) {
+                    return ''
                 }
-                if (this.password === '' || this.password === undefined) {
-                    val = ''
-                    return
+                const pubKey = this.pubKey || this.ASYMMETRIC_PUBLIC_KEY
+                if (this.ASYMMETRIC_CIPHER_TYPE === 'RSA') {
+                    const crypt = new EncryptRSA()
+                    crypt.setPublicKey(pubKey)
+                    const encryptedStr = crypt.encryptChunk(this.localVal.value)
+                    return `${this.ASYMMETRIC_PREFIX}${encryptedStr}`
+                } else {
+                    const sm2 = new cryptoJsSdk.SM2()
+                    const pkey = cryptoJsSdk.helper.asn1.decode(pubKey)
+                    const cipher = sm2.encrypt(pkey, cryptoJsSdk.helper.encode.strToHex(this.localVal.value))
+                    const base64Ret = cryptoJsSdk.helper.encode.hexToBase64(cipher)
+                    return base64Ret
                 }
-                const crypt = new EncryptRSA()
-                crypt.setPublicKey(pubKey)
-                val = crypt.encryptChunk(this.password)
-
-                this.encrypted = true
-                this.tempValue = this.password
-                this.$emit('change', [this.tagCode], val)
+            },
+            change () {
+                this.$emit('change', [this.tagCode], this.localVal)
             }
         }
     }
 </script>
+<style lang="scss" scoped>
+    .password-edit-wrapper {
+        display: flex;
+        align-items: center;
+        .select-type {
+            flex: 0 0 120px;
+            border-right: none;
+            border-top-right-radius: 0;
+            border-bottom-right-radius: 0;
+        }
+        .value-input {
+            flex: 1;
+            padding: 0 10px;
+            width: 100%;
+            height: 32px;
+            line-height: 32px;
+            color: #63656e;
+            background-color: #fff;
+            border-top-right-radius: 2px;
+            border-bottom-right-radius: 2px;
+            font-size: 12px;
+            border: 1px solid #c4c6cc;
+            vertical-align: middle;
+            text-align: left;
+            outline: none;
+            resize: none;
+            &:focus {
+                border-color: #3a84ff;
+                background-color: #ffffff;
+            }
+        }
+        .select-var {
+            flex: 1;
+            border-top-left-radius: 0;
+            border-bottom-left-radius: 0;
+        }
+        .bk-select {
+            height: 32px;
+        }
+    }
+</style>
diff --git a/frontend/desktop/src/config/i18n/cn.js b/frontend/desktop/src/config/i18n/cn.js
index a25f04a413..eea6b3c4d1 100644
--- a/frontend/desktop/src/config/i18n/cn.js
+++ b/frontend/desktop/src/config/i18n/cn.js
@@ -1749,7 +1749,9 @@ const cn = {
     '添加默认方案成功': '添加默认方案成功',
     '取消默认方案成功': '取消默认方案成功',
     '确认删除执行方案【n】?': '确认删除执行方案【{n}】？',
-    '取消设为默认方案': '取消设为默认方案'
+    '取消设为默认方案': '取消设为默认方案',
+    'password_手动输入': '手动输入',
+    'password_使用密码变量': '使用密码变量'
 }
 
 export default cn
diff --git a/frontend/desktop/src/config/i18n/en.js b/frontend/desktop/src/config/i18n/en.js
index 87da068c89..cb6a2d0e6f 100644
--- a/frontend/desktop/src/config/i18n/en.js
+++ b/frontend/desktop/src/config/i18n/en.js
@@ -1782,7 +1782,9 @@ const en = {
     '添加默认方案成功': 'Default Node-Group Added',
     '取消默认方案成功': 'Default Node-Group Cancelled',
     '确认删除执行方案【n】?': 'Confirm to delete node-group [ {n} ] ?',
-    '取消设为默认方案': 'Unset as Default'
+    '取消设为默认方案': 'Unset as Default',
+    'password_手动输入': 'custom input',
+    'password_使用密码变量': 'use password var.'
 }
 
 export default en
diff --git a/frontend/desktop/src/store/index.js b/frontend/desktop/src/store/index.js
index 81ead32516..06c684759b 100644
--- a/frontend/desktop/src/store/index.js
+++ b/frontend/desktop/src/store/index.js
@@ -38,7 +38,6 @@ const store = new Vuex.Store({
         components: [],
         isSuperUser: window.IS_SUPERUSER === 1,
         v1_import_flag: window.IMPORT_V1_FLAG,
-        rsa_pub_key: window.RSA_PUB_KEY,
         permissionMeta: {
             system: [],
             resources: [],

From f15b60387af76c56bfb0d12b813a5771a60f11aa Mon Sep 17 00:00:00 2001
From: luofann <fannluowork@gmail.com>
Date: Mon, 14 Aug 2023 11:49:58 +0800
Subject: [PATCH 03/17] =?UTF-8?q?optimization:=20password=E7=BB=84?=
 =?UTF-8?q?=E4=BB=B6=E6=94=AF=E6=8C=81texarea=E6=A8=A1=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/develop/tag_usage_dev.md                 |  1 +
 en_docs/develop/tag_usage_dev.md              |  1 +
 .../common/RenderForm/RenderForm.vue          |  7 +-
 .../common/RenderForm/tags/TagPassword.vue    | 66 +++++++++++++++----
 4 files changed, 59 insertions(+), 16 deletions(-)

diff --git a/docs/develop/tag_usage_dev.md b/docs/develop/tag_usage_dev.md
index 2f1451f674..91d69ab65f 100644
--- a/docs/develop/tag_usage_dev.md
+++ b/docs/develop/tag_usage_dev.md
@@ -314,6 +314,7 @@ ip 选择器，支持静态 ip 或动态 ip 的单选和多选。
   - `pubKey`: 加密公钥
   - `disabled`：设置是否禁用组件
   - `canUseVar`: 是否可以使用全局变量，默认为true
+  - `textareaMode`: 手动输入密码时，表单类型为textarea，默认为false
   - `value`：加密后的密码值
 
 **方法**
diff --git a/en_docs/develop/tag_usage_dev.md b/en_docs/develop/tag_usage_dev.md
index cc9649b9a7..2d0568e069 100644
--- a/en_docs/develop/tag_usage_dev.md
+++ b/en_docs/develop/tag_usage_dev.md
@@ -316,6 +316,7 @@ Password input box.
   - `pubKey`: crypto public key
   - `disabled`: set whether this component is disabled.
   - `canUseVar`: whether global variables can be used, which defaults to true
+  - `textareaMode`: When entering a password manually, the form type is textarea and the default is false
   - `value`: the encrypted password value
 
 **Methods**
diff --git a/frontend/desktop/src/components/common/RenderForm/RenderForm.vue b/frontend/desktop/src/components/common/RenderForm/RenderForm.vue
index 8404f68c22..07aff3fa97 100644
--- a/frontend/desktop/src/components/common/RenderForm/RenderForm.vue
+++ b/frontend/desktop/src/components/common/RenderForm/RenderForm.vue
@@ -292,11 +292,8 @@
                             break
                         case 'password':
                             val = {
-                                type: 'object',
-                                value: {
-                                    tag: 'value',
-                                    value: ''
-                                }
+                                tag: 'value',
+                                value: ''
                             }
                             break
                         default:
diff --git a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
index 863b55d139..4f77febd5c 100644
--- a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
+++ b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
@@ -16,15 +16,28 @@
                 <bk-option id="value" :name="$t('password_手动输入')"></bk-option>
                 <bk-option id="variable" :name="$t('password_使用密码变量')"></bk-option>
             </bk-select>
-            <input
-                v-if="localVal.tag === 'value'"
-                class="value-input"
-                type="password"
-                :value="inputText"
-                :placeholder="inputPlaceholder"
-                @input="handleInput"
-                @focus="handleFocus"
-                @blur="handleBlur" />
+            <template v-if="localVal.tag === 'value'">
+                <input
+                    v-if="!textareaMode"
+                    class="value-input"
+                    type="password"
+                    :value="inputText"
+                    :placeholder="inputPlaceholder"
+                    @input="handleInput"
+                    @focus="handleFocus"
+                    @blur="handleBlur" />
+                <textarea
+                    v-else
+                    class="value-textarea"
+                    type="textarea"
+                    rows="4"
+                    :value="inputText"
+                    :placeholder="inputPlaceholder"
+                    @input="handleTextareaInput"
+                    @focus="handleFocus"
+                    @blur="handleBlur">
+                </textarea>
+            </template>
             <bk-select v-else class="select-var" :value="localVal.value" @selected="handleSelectVariable">
                 <bk-option v-for="item in variables" :key="item.id" :id="item.id" :name="item.name"></bk-option>
             </bk-select>
@@ -51,6 +64,11 @@
             required: false,
             default: true
         },
+        textareaMode: {
+            type: Boolean,
+            required: false,
+            default: false
+        },
         disabled: {
             type: Boolean,
             required: false,
@@ -125,6 +143,12 @@
                 this.localVal.value = e.target.value
                 this.inputPlaceholder = ''
             },
+            handleTextareaInput (e) {
+                console.log('textarea input: ', e.target.value)
+                this.localVal.value = e.target.value
+                this.inputPlaceholder = ''
+                e.target.value = e.target.value.replace(/[^\n]/g, '·')
+            },
             handleFocus () {
                 if (this.localVal.value.length > 0) {
                     this.inputPlaceholder = i18n.t('要修改密码请点击后重新输入密码')
@@ -135,7 +159,7 @@
             },
             // 输入框失焦后执行加密逻辑
             handleBlur () {
-                this.inputText = this.localVal.value
+                this.inputText = this.textareaMode ? this.localVal.value.replace(/[^\n]/g, '·') : this.localVal.value
                 const encryptedVal = this.encryptPassword()
                 this.localVal.value = encryptedVal
                 this.change()
@@ -171,7 +195,7 @@
 <style lang="scss" scoped>
     .password-edit-wrapper {
         display: flex;
-        align-items: center;
+        align-items: flex-start;
         .select-type {
             flex: 0 0 120px;
             border-right: none;
@@ -199,6 +223,26 @@
                 background-color: #ffffff;
             }
         }
+        .value-textarea {
+            flex: 1;
+            padding: 6px 10px;
+            width: 100%;
+            line-height: 16px;
+            color: #63656e;
+            background-color: #fff;
+            border-top-right-radius: 2px;
+            border-bottom-right-radius: 2px;
+            font-size: 12px;
+            border: 1px solid #c4c6cc;
+            text-align: left;
+            outline: none;
+            resize: none;
+            // -webkit-text-security: disc !important;
+            &:focus {
+                border-color: #3a84ff;
+                background-color: #ffffff;
+            }
+        }
         .select-var {
             flex: 1;
             border-top-left-radius: 0;

From 76ac804471d4b96309796629b365963705f0171d Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Thu, 10 Aug 2023 10:25:18 +0800
Subject: [PATCH 04/17] =?UTF-8?q?feature:=20=E8=8A=82=E7=82=B9=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86=E3=80=8C=E6=96=B0=E5=BB=BA=E4=BB=BB=E5=8A=A1=E3=80=8D?=
 =?UTF-8?q?=E6=8F=92=E4=BB=B6=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../collections/sites/open/nodeman/base.py    |  71 +-
 .../sites/open/nodeman/create_task/v3_0.py    |  74 +-
 .../sites/open/nodeman/create_task/v4_0.py    | 193 ++---
 .../atoms/nodeman/create_task/v4_0.js         | 812 +++++++-----------
 .../test_nodeman_v3_create_task.py            |   6 +-
 .../test_nodeman_v4_create_task.py            | 142 ++-
 6 files changed, 608 insertions(+), 690 deletions(-)

diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/base.py b/pipeline_plugins/components/collections/sites/open/nodeman/base.py
index 7f69d0d995..93e7133144 100644
--- a/pipeline_plugins/components/collections/sites/open/nodeman/base.py
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/base.py
@@ -13,7 +13,7 @@
 import ujson as json
 from django.utils.translation import ugettext_lazy as _
 from pipeline.core.flow.activity import Service, StaticIntervalGenerator
-from pipeline.core.flow.io import IntItemSchema, StringItemSchema
+from pipeline.core.flow.io import ArrayItemSchema, IntItemSchema, ObjectItemSchema, StringItemSchema
 
 from api.collections.nodeman import BKNodeManClient
 from gcloud.conf import settings
@@ -140,11 +140,11 @@ def get_ip_list(self, ip_str):
     def get_host_id_list(self, ip_str, executor, bk_cloud_id, bk_biz_id):
         # 如果开启了ipv6的逻辑，则执行
         if settings.ENABLE_IPV6:
-            ipv6_list, ipv4_list, _, _ = extract_ip_from_ip_str(ip_str)
+            ipv6_list, ipv4_list, *_ = extract_ip_from_ip_str(ip_str)
             ip_list = ipv4_list + ipv6_list
             bk_host_id_dict_ipv6 = get_host_id_by_inner_ipv6(executor, self.logger, bk_cloud_id, bk_biz_id, ip_list)
-
-            return list(bk_host_id_dict_ipv6.values())
+            bk_host_id_dict = get_host_id_by_inner_ip(executor, self.logger, bk_cloud_id, bk_biz_id, ip_list)
+            return list(set(bk_host_id_dict_ipv6.values()) | set(bk_host_id_dict.values()))
 
         ip_list = get_ip_by_regex(ip_str)
         bk_host_id_dict = get_host_id_by_inner_ip(executor, self.logger, bk_cloud_id, bk_biz_id, ip_list)
@@ -282,3 +282,66 @@ def schedule(self, data, parent_data, callback_data=None):
             data.set_outputs("ex_data", error_log)
             self.finish_schedule()
             return False
+
+
+class NodeManNewBaseService(NodeManBaseService):
+    def inputs_format(self):
+        return [
+            self.InputItem(
+                name=_("业务 ID"),
+                key="bk_biz_id",
+                type="int",
+                schema=IntItemSchema(description=_("当前操作所属的 CMDB 业务 ID")),
+            ),
+            self.InputItem(
+                name=_("节点类型"),
+                key="nodeman_node_type",
+                type="string",
+                schema=StringItemSchema(description=_("AGENT（表示直连区域安装 Agent）、 PROXY（表示安装 Proxy）")),
+            ),
+            self.InputItem(
+                name=_("操作详情"),
+                key="nodeman_op_info",
+                type="object",
+                schema=ObjectItemSchema(
+                    description=_("操作内容信息"),
+                    property_schemas={
+                        "nodeman_ap_id": StringItemSchema(description=_("接入点 ID")),
+                        "nodeman_op_type": StringItemSchema(
+                            description=_(
+                                "任务操作类型，可以是 INSTALL（安装）、  REINSTALL（重装）、" " UNINSTALL （卸载）、 REMOVE （移除）或 UPGRADE （升级）"
+                            )
+                        ),
+                        "nodeman_hosts": ArrayItemSchema(
+                            description=_("需要被操作的主机信息(安装与重装时需要)"),
+                            item_schema=ObjectItemSchema(
+                                description=_("主机相关信息"),
+                                property_schemas={
+                                    "nodeman_bk_cloud_id": StringItemSchema(description=_("管控区域ID")),
+                                    "nodeman_ap_id": StringItemSchema(description=_("接入点")),
+                                    "inner_ip": StringItemSchema(description=_("内网 IP")),
+                                    "login_ip": StringItemSchema(description=_("主机登录 IP，可以为空，适配复杂网络时填写")),
+                                    "data_ip": StringItemSchema(description=_("主机数据 IP，可以为空，适配复杂网络时填写")),
+                                    "outer_ip": StringItemSchema(description=_("外网 IP, 可以为空")),
+                                    "os_type": StringItemSchema(description=_("操作系统类型，可以是 LINUX, WINDOWS, 或 AIX")),
+                                    "port": StringItemSchema(description=_("端口号")),
+                                    "account": StringItemSchema(description=_("登录帐号")),
+                                    "auth_type": StringItemSchema(description=_("认证方式，可以是 PASSWORD 或 KEY")),
+                                    "auth_key": StringItemSchema(description=_("认证密钥,根据认证方式，是登录密码或者登陆密钥")),
+                                },
+                            ),
+                        ),
+                        "nodeman_other_hosts": ArrayItemSchema(
+                            description=_("需要被操作的主机信息(升级，卸载，移除时需要)"),
+                            item_schema=ObjectItemSchema(
+                                description=_("主机相关信息"),
+                                property_schemas={
+                                    "nodeman_bk_cloud_id": StringItemSchema(description=_("管控区域ID")),
+                                    "nodeman_ip_str": StringItemSchema(description=_("IP")),
+                                },
+                            ),
+                        ),
+                    },
+                ),
+            ),
+        ]
diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v3_0.py b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v3_0.py
index 610864ac50..c3c0cb514a 100644
--- a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v3_0.py
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v3_0.py
@@ -14,13 +14,12 @@
 
 from django.utils.translation import ugettext_lazy as _
 from pipeline.component_framework.component import Component
-from pipeline.core.flow.io import ArrayItemSchema, IntItemSchema, ObjectItemSchema, StringItemSchema
 
 from api.collections.nodeman import BKNodeManClient
 from gcloud.conf import settings
 from gcloud.utils.crypto import decrypt_auth_key, encrypt_auth_key
 from pipeline_plugins.components.collections.sites.open.nodeman.base import (
-    NodeManBaseService,
+    NodeManNewBaseService,
     get_host_id_by_inner_ip,
     get_host_id_by_inner_ipv6,
     get_nodeman_rsa_public_key,
@@ -45,7 +44,7 @@
 HOST_EXTRA_PARAMS_IPV6 = ["inner_ipv6", "outer_ipv6"]
 
 
-class NodemanCreateTaskService(NodeManBaseService):
+class NodemanCreateTaskService(NodeManNewBaseService):
     def execute(self, data, parent_data):
         executor = parent_data.inputs.executor
         client = BKNodeManClient(username=executor)
@@ -53,15 +52,6 @@ def execute(self, data, parent_data):
 
         node_type = data.inputs.nodeman_node_type
 
-        nodeman_ticket = data.get_one_of_inputs("nodeman_ticket", {})
-        nodeman_tjj_ticket = nodeman_ticket.get("nodeman_tjj_ticket", "")
-        if nodeman_tjj_ticket:
-            try:
-                nodeman_tjj_ticket = decrypt_auth_key(nodeman_tjj_ticket, settings.RSA_PRIV_KEY)
-            except Exception:
-                # password is not encrypted
-                pass
-
         nodeman_op_info = data.inputs.nodeman_op_info
         op_type = nodeman_op_info.get("nodeman_op_type", "")
         nodeman_hosts = nodeman_op_info.get("nodeman_hosts", [])
@@ -190,8 +180,6 @@ def execute(self, data, parent_data):
 
             kwargs = {"job_type": job_name, "hosts": all_hosts, "action": "job_install"}
 
-            if nodeman_tjj_ticket:
-                kwargs.update({"tcoa_ticket": nodeman_tjj_ticket})
         else:
             data.set_outputs("ex_data", _("无效的操作请求:{}".format(job_name)))
             return False
@@ -201,64 +189,6 @@ def execute(self, data, parent_data):
 
         return self.get_job_result(result, data, action, kwargs)
 
-    def inputs_format(self):
-        return [
-            self.InputItem(
-                name=_("业务 ID"), key="bk_biz_id", type="int", schema=IntItemSchema(description=_("当前操作所属的 CMDB 业务 ID")),
-            ),
-            self.InputItem(
-                name=_("节点类型"),
-                key="nodeman_node_type",
-                type="string",
-                schema=StringItemSchema(description=_("AGENT（表示直连区域安装 Agent）、 PROXY（表示安装 Proxy）")),
-            ),
-            self.InputItem(
-                name=_("操作详情"),
-                key="nodeman_op_info",
-                type="object",
-                schema=ObjectItemSchema(
-                    description=_("操作内容信息"),
-                    property_schemas={
-                        "nodeman_ap_id": StringItemSchema(description=_("接入点 ID")),
-                        "nodeman_op_type": StringItemSchema(
-                            description=_(
-                                "任务操作类型，可以是 INSTALL（安装）、  REINSTALL（重装）、" " UNINSTALL （卸载）、 REMOVE （移除）或 UPGRADE （升级）"
-                            )
-                        ),
-                        "nodeman_hosts": ArrayItemSchema(
-                            description=_("需要被操作的主机信息(安装与重装时需要)"),
-                            item_schema=ObjectItemSchema(
-                                description=_("主机相关信息"),
-                                property_schemas={
-                                    "nodeman_bk_cloud_id": StringItemSchema(description=_("管控区域ID")),
-                                    "nodeman_ap_id": StringItemSchema(description=_("接入点")),
-                                    "inner_ip": StringItemSchema(description=_("内网 IP")),
-                                    "login_ip": StringItemSchema(description=_("主机登录 IP，可以为空，适配复杂网络时填写")),
-                                    "data_ip": StringItemSchema(description=_("主机数据 IP，可以为空，适配复杂网络时填写")),
-                                    "outer_ip": StringItemSchema(description=_("外网 IP, 可以为空")),
-                                    "os_type": StringItemSchema(description=_("操作系统类型，可以是 LINUX, WINDOWS, 或 AIX")),
-                                    "port": StringItemSchema(description=_("端口号")),
-                                    "account": StringItemSchema(description=_("登录帐号")),
-                                    "auth_type": StringItemSchema(description=_("认证方式，可以是 PASSWORD 或 KEY")),
-                                    "auth_key": StringItemSchema(description=_("认证密钥,根据认证方式，是登录密码或者登陆密钥")),
-                                },
-                            ),
-                        ),
-                        "nodeman_other_hosts": ArrayItemSchema(
-                            description=_("需要被操作的主机信息(升级，卸载，移除时需要)"),
-                            item_schema=ObjectItemSchema(
-                                description=_("主机相关信息"),
-                                property_schemas={
-                                    "nodeman_bk_cloud_id": StringItemSchema(description=_("管控区域ID")),
-                                    "nodeman_ip_str": StringItemSchema(description=_("IP")),
-                                },
-                            ),
-                        ),
-                    },
-                ),
-            ),
-        ]
-
 
 class NodemanCreateTaskComponent(Component):
     name = _("新建任务")
diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py
index 43eeb95e4c..bf68a50efd 100644
--- a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py
@@ -10,9 +10,10 @@
 an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 specific language governing permissions and limitations under the License.
 """
+from copy import deepcopy
+
 from django.utils.translation import ugettext_lazy as _
 from pipeline.component_framework.component import Component
-from pipeline.core.flow.io import ArrayItemSchema, IntItemSchema, ObjectItemSchema, StringItemSchema
 
 from api.collections.nodeman import BKNodeManClient
 from gcloud.conf import settings
@@ -20,18 +21,34 @@
 from gcloud.utils.crypto import decrypt_auth_key, encrypt_auth_key
 from pipeline_plugins.base.utils.inject import supplier_account_for_business
 from pipeline_plugins.components.collections.sites.open.nodeman.base import (
-    NodeManBaseService,
+    NodeManNewBaseService,
     get_nodeman_rsa_public_key,
 )
 
 __group_name__ = _("节点管理(Nodeman)")
 VERSION = "v4.0"
 
-# 安装类任务(job_install)
-INSTALL_JOB = ["INSTALL_PROXY", "INSTALL_AGENT", "REINSTALL_PROXY", "REINSTALL_AGENT", "UNINSTALL_AGENT"]
+# 无需认证信息的操作
+NOT_NEED_AUTH_JOB = ["RELOAD_AGENT", "RELOAD_PROXY"]
+
+
+# 无需额外配置信息的操作
+NOT_NEED_EXTRA_CONFIG_JOB = ["UNINSTALL_AGENT"]
 
-# 操作类任务(job_operate)
-OPERATE_JOB = ["UPGRADE_AGENT", "UNINSTALL_PROXY"]
+# 依赖节点管理 job/install 接口的操作
+INSTALL_JOB = (
+    [
+        "INSTALL_PROXY",
+        "INSTALL_AGENT",
+        "REINSTALL_PROXY",
+        "REINSTALL_AGENT",
+    ]
+    + NOT_NEED_EXTRA_CONFIG_JOB
+    + NOT_NEED_AUTH_JOB
+)
+
+# 依赖节点管理 job/details 接口的操作
+OPERATE_JOB = ["UPGRADE_AGENT", "UPGRADE_PROXY", "UNINSTALL_PROXY", "RESTART_AGENT", "RESTART_PROXY"]
 
 # 主机其它参数
 HOST_EXTRA_PARAMS = ["outer_ip", "login_ip", "data_ip", "inner_ipv6", "outer_ipv6"]
@@ -40,21 +57,12 @@
 HOST_EXTRA_PARAMS_IPV6 = ["inner_ipv6", "outer_ipv6"]
 
 
-class NodemanCreateTaskService(NodeManBaseService):
+class NodemanCreateTaskService(NodeManNewBaseService):
     def execute(self, data, parent_data):
         executor = parent_data.inputs.executor
         client = BKNodeManClient(username=executor)
         bk_biz_id = data.inputs.bk_biz_id
 
-        nodeman_ticket = data.get_one_of_inputs("nodeman_ticket", {})
-        nodeman_tjj_ticket = nodeman_ticket.get("nodeman_tjj_ticket", "")
-        if nodeman_tjj_ticket:
-            try:
-                nodeman_tjj_ticket = decrypt_auth_key(nodeman_tjj_ticket, settings.RSA_PRIV_KEY)
-            except Exception:
-                # password is not encrypted
-                pass
-
         nodeman_op_info = data.inputs.nodeman_op_info
         node_type = nodeman_op_info.get("nodeman_node_type")
         op_type = nodeman_op_info.get("nodeman_op_type", "")
@@ -85,10 +93,6 @@ def execute(self, data, parent_data):
             all_hosts, row_host_params_list = [], []
             for host in nodeman_hosts:
                 bk_cloud_id = host["nodeman_bk_cloud_id"]
-                ap_id = host["nodeman_ap_id"]
-                auth_type = host["auth_type"]
-                auth_key = host["auth_key"]
-
                 use_inner_ip = True if host.get("inner_ip") else False
                 # use_inner_ip 判定用户输入的的是ipv4还是ipv6
                 inner_ip_list = self.get_ip_list(
@@ -101,46 +105,71 @@ def execute(self, data, parent_data):
                     data.set_outputs("ex_data", _("请确认内网Ip是否合法host_info:{host}".format(host=host["inner_ip"])))
                     return False
 
-                # 处理表格中每行的key/psw
-                try:
-                    auth_key = decrypt_auth_key(auth_key, settings.RSA_PRIV_KEY)
-                except Exception:
-                    # password is not encrypted
-                    pass
-                # auth_key加密
-                success, ras_public_key = get_nodeman_rsa_public_key(executor, self.logger)
-                if not success:
-                    data.set_outputs("ex_data", _("获取节点管理公钥失败,请查看节点日志获取错误详情."))
-                    return False
-                auth_key = encrypt_auth_key(auth_key, ras_public_key["name"], ras_public_key["content"])
+                auth_params = {}
+                if job_name not in NOT_NEED_AUTH_JOB:
+
+                    # 认证信息
+                    auth_params.update(
+                        {
+                            "port": host["port"],
+                            "auth_type": host["auth_type"],
+                            "account": host["account"],
+                        }
+                    )
+
+                    auth_key = host["auth_key"]
+
+                    # 处理表格中每行的key/psw
+                    try:
+                        auth_key = decrypt_auth_key(auth_key, settings.RSA_PRIV_KEY)
+                    except Exception:
+                        # password is not encrypted
+                        pass
+
+                    # auth_key加密
+                    success, ras_public_key = get_nodeman_rsa_public_key(executor, self.logger)
+                    if not success:
+                        data.set_outputs("ex_data", _("获取节点管理公钥失败,请查看节点日志获取错误详情."))
+                        return False
+                    auth_key = encrypt_auth_key(auth_key, ras_public_key["name"], ras_public_key["content"])
+
+                    if auth_params["auth_type"] == "PASSWORD":
+                        auth_params["password"] = auth_key
+                    else:
+                        auth_params["key"] = auth_key
+
+                # 额外配置参数
+                extra_config_params = {"peer_exchange_switch_for_agent": host.get("peer_exchange_switch_for_agent", 0)}
+                speed_limit = host.get("speed_limit")
+                if speed_limit:
+                    extra_config_params.update({"bt_speed_limit": int(speed_limit)})
+
                 # 表格每行基础参数
                 base_params = {
+                    **auth_params,
                     "bk_biz_id": bk_biz_id,
                     "bk_cloud_id": bk_cloud_id,
+                    "ap_id": host["nodeman_ap_id"],
                     "os_type": host["os_type"],
-                    "port": host["port"],
-                    "account": host["account"],
-                    "auth_type": auth_type,
-                    "ap_id": ap_id,
                     "is_manual": False,
-                    "peer_exchange_switch_for_agent": host.get("peer_exchange_switch_for_agent", 1),
                 }
-                speed_limit = host.get("speed_limit")
-                if speed_limit:
-                    base_params.update({"bt_speed_limit": int(speed_limit)})
 
                 # 支持表格中一行多ip操作, 拼装表格内的inner_ip参数
                 for index, inner_ip in enumerate(inner_ip_list):
-                    one = {}
+
+                    row_host_info = deepcopy(base_params)
                     if use_inner_ip:
-                        one = {"inner_ip": inner_ip}
-                    if auth_type == "PASSWORD":
-                        one["password"] = auth_key
-                    else:
-                        one["key"] = auth_key
+                        row_host_info.update({"inner_ip": inner_ip})
+
+                    # 注入额外 Agent 配置信息
+                    if job_name not in NOT_NEED_EXTRA_CONFIG_JOB:
+                        row_host_info.update(extra_config_params)
 
-                    # 重装必须要bk_host_id
-                    if job_name in ["REINSTALL_PROXY", "REINSTALL_AGENT", "UNINSTALL_AGENT"]:
+                    # 除了安装，其他操作需要 bk_host_id
+                    if (
+                        job_name
+                        in ["REINSTALL_PROXY", "REINSTALL_AGENT"] + NOT_NEED_AUTH_JOB + NOT_NEED_EXTRA_CONFIG_JOB
+                    ):
                         supplier_account = supplier_account_for_business(bk_biz_id)
                         host_fields = ["bk_host_id", "bk_host_innerip"]
                         # 如果开启了ipv6，并且用户输入的是ipv6的地址
@@ -156,7 +185,7 @@ def execute(self, data, parent_data):
                             )
                             bk_host_id_dict = {host["bk_host_innerip"]: host["bk_host_id"] for host in host_list}
                         try:
-                            one["bk_host_id"] = bk_host_id_dict[inner_ip]
+                            row_host_info["bk_host_id"] = bk_host_id_dict[inner_ip]
                         except KeyError:
                             data.set_outputs("ex_data", _("获取bk_host_id失败:{},请确认管控区域是否正确".format(inner_ip)))
                             return False
@@ -169,14 +198,12 @@ def execute(self, data, parent_data):
                         if host.get(ip_type, False):
                             others_ip_list = self.get_ip_list(host[ip_type])
                             if len(others_ip_list) == len(inner_ip_list):
-                                one[ip_type] = others_ip_list[index]
+                                row_host_info[ip_type] = others_ip_list[index]
                             else:
                                 data.set_outputs("ex_data", _("获取{}的{}失败,请确认是否与inner_ip一一对应".format(inner_ip, ip_type)))
                                 return False
 
-                    one.update(base_params)
-
-                    row_host_params_list.append(one)
+                    row_host_params_list.append(row_host_info)
 
             all_hosts.extend(row_host_params_list)
 
@@ -185,8 +212,6 @@ def execute(self, data, parent_data):
             if job_name in ["INSTALL_PROXY", "INSTALL_AGENT", "REINSTALL_PROXY", "REINSTALL_AGENT"]:
                 kwargs.update({"is_install_latest_plugins": nodeman_install_latest_plugins})
 
-            if nodeman_tjj_ticket:
-                kwargs.update({"tcoa_ticket": nodeman_tjj_ticket})
         else:
             data.set_outputs("ex_data", _("无效的操作请求:{}".format(job_name)))
             return False
@@ -196,64 +221,6 @@ def execute(self, data, parent_data):
 
         return self.get_job_result(result, data, action, kwargs)
 
-    def inputs_format(self):
-        return [
-            self.InputItem(
-                name=_("业务 ID"), key="bk_biz_id", type="int", schema=IntItemSchema(description=_("当前操作所属的 CMDB 业务 ID")),
-            ),
-            self.InputItem(
-                name=_("节点类型"),
-                key="nodeman_node_type",
-                type="string",
-                schema=StringItemSchema(description=_("AGENT（表示直连区域安装 Agent）、 PROXY（表示安装 Proxy）")),
-            ),
-            self.InputItem(
-                name=_("操作详情"),
-                key="nodeman_op_info",
-                type="object",
-                schema=ObjectItemSchema(
-                    description=_("操作内容信息"),
-                    property_schemas={
-                        "nodeman_ap_id": StringItemSchema(description=_("接入点 ID")),
-                        "nodeman_op_type": StringItemSchema(
-                            description=_(
-                                "任务操作类型，可以是 INSTALL（安装）、  REINSTALL（重装）、" " UNINSTALL （卸载）、 REMOVE （移除）或 UPGRADE （升级）"
-                            )
-                        ),
-                        "nodeman_hosts": ArrayItemSchema(
-                            description=_("需要被操作的主机信息(安装与重装时需要)"),
-                            item_schema=ObjectItemSchema(
-                                description=_("主机相关信息"),
-                                property_schemas={
-                                    "nodeman_bk_cloud_id": StringItemSchema(description=_("管控区域ID")),
-                                    "nodeman_ap_id": StringItemSchema(description=_("接入点")),
-                                    "inner_ip": StringItemSchema(description=_("内网 IP")),
-                                    "login_ip": StringItemSchema(description=_("主机登录 IP，可以为空，适配复杂网络时填写")),
-                                    "data_ip": StringItemSchema(description=_("主机数据 IP，可以为空，适配复杂网络时填写")),
-                                    "outer_ip": StringItemSchema(description=_("外网 IP, 可以为空")),
-                                    "os_type": StringItemSchema(description=_("操作系统类型，可以是 LINUX, WINDOWS, 或 AIX")),
-                                    "port": StringItemSchema(description=_("端口号")),
-                                    "account": StringItemSchema(description=_("登录帐号")),
-                                    "auth_type": StringItemSchema(description=_("认证方式，可以是 PASSWORD 或 KEY")),
-                                    "auth_key": StringItemSchema(description=_("认证密钥,根据认证方式，是登录密码或者登陆密钥")),
-                                },
-                            ),
-                        ),
-                        "nodeman_other_hosts": ArrayItemSchema(
-                            description=_("需要被操作的主机信息(升级，卸载，移除时需要)"),
-                            item_schema=ObjectItemSchema(
-                                description=_("主机相关信息"),
-                                property_schemas={
-                                    "nodeman_bk_cloud_id": StringItemSchema(description=_("管控区域ID")),
-                                    "nodeman_ip_str": StringItemSchema(description=_("IP")),
-                                },
-                            ),
-                        ),
-                    },
-                ),
-            ),
-        ]
-
 
 class NodemanCreateTaskComponent(Component):
     name = _("新建任务")
diff --git a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
index cd1f2d3668..86dd4b1df5 100644
--- a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
+++ b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
@@ -13,14 +13,289 @@
 (function () {
     function is_display_tag(self, op_type, value) {
         if (op_type.indexOf(value) !== -1) {
-            self.show()
+            self.show();
         } else {
-            self.hide()
+            self.hide();
         }
     }
 
-    let node_type = "AGENT"
-    let NODEMAN_TJJ_IS_HIDDEN = true
+    function is_install_op(self, value) {
+        is_display_tag(self, ["INSTALL", "REINSTALL"], value);
+    }
+
+
+    function init_columns(self, node_type, op_type) {
+        let common_columns = [
+            {
+                tag_code: "nodeman_bk_cloud_id",
+                type: "select",
+                attrs: {
+                    name: gettext("管控区域ID"),
+                    width: "180px",
+                    remote: true,
+                    items: [],
+                    remote_url: $.context.get("site_url") + "pipeline/nodeman_get_cloud_area/",
+                    remote_data_init: function (resp) {
+                        if (resp.result === false) {
+                            show_msg(resp.message, "error");
+                        }
+                        resp.data.unshift({"text": gettext("直连区域"), "value": 0});
+                        return resp.data;
+                    },
+                    validation: [
+                        {
+                            type: "required",
+                        }
+                    ]
+                }
+            },
+            {
+                tag_code: "nodeman_ap_id",
+                type: "select",
+                attrs: {
+                    name: gettext("接入点"),
+                    width: "180px",
+                    remote: true,
+                    items: [],
+                    remote_url: $.context.get("site_url") + "pipeline/nodeman_get_ap_list/",
+                    remote_data_init: function (resp) {
+                        if (resp.result === false) {
+                            show_msg(resp.message, "error");
+                        }
+                        return resp.data;
+                    },
+                    validation: []
+                }
+            },
+            {
+                tag_code: "inner_ip",
+                type: "textarea",
+                attrs: {
+                    name: gettext("内网IP"),
+                    placeholder: gettext("多个用英文逗号 `,` 或换行分隔"),
+                    width: "180px",
+                    editable: true
+                }
+            },
+            {
+                tag_code: "inner_ipv6",
+                type: "textarea",
+                attrs: {
+                    name: gettext("内网IP(IPV6)"),
+                    placeholder: gettext("可为空，如纯ipv6主机，内网ipv和外网IP(IPV6)两个必须填一个"),
+                    width: "180px",
+                    editable: true,
+                }
+            },
+            {
+                tag_code: "os_type",
+                type: "select",
+                attrs: {
+                    name: gettext("操作系统类型"),
+                    width: "180px",
+                    items: [
+                        {value: "LINUX", text: gettext("LINUX")},
+                        {value: "WINDOWS", text: gettext("WINDOWS")},
+                        {value: "AIX", text: gettext("AIX")}
+                    ],
+                    default: "LINUX",
+                    validation: [
+                        {
+                            type: "required"
+                        }
+                    ],
+                }
+            },
+        ];
+
+        let proxy_columns = [
+            {
+                tag_code: "outer_ip",
+                type: "textarea",
+                attrs: {
+                    name: gettext("外网IP"),
+                    placeholder: gettext("可选,如填写需与内网ip一一对应,多个用英文逗号 `,` 或换行分隔"),
+                    width: "180px",
+                    editable: true,
+                    validation: []
+                },
+            },
+            {
+                tag_code: "data_ip",
+                type: "textarea",
+                attrs: {
+                    name: gettext("数据IP"),
+                    placeholder: gettext("可为空，如填写需与内网ip一一对应，适配复杂网络时填写,多个用英文逗号 `,` 或换行分隔"),
+                    width: "180px",
+                    editable: true,
+                }
+            },
+            {
+                tag_code: "outer_ipv6",
+                type: "textarea",
+                attrs: {
+                    name: gettext("外网IP(IPV6)"),
+                    placeholder: gettext("可为空，如纯ipv6主机，外网ipv和外网IP(IPV6)两个必须填一个"),
+                    width: "180px",
+                    editable: true,
+                },
+            },
+        ];
+
+        let auth_columns = [
+            {
+                tag_code: "login_ip",
+                type: "textarea",
+                attrs: {
+                    name: gettext("登录IP"),
+                    placeholder: gettext("可为空，如填写需与内网ip一一对应，适配复杂网络时填写,多个用英文逗号 `,` 或换行分隔"),
+                    width: "180px",
+                    editable: true
+                }
+            },
+            {
+                tag_code: "account",
+                type: "input",
+                attrs: {
+                    name: gettext("登录账号"),
+                    width: "180px",
+                    editable: true,
+                    validation: [
+                        {
+                            type: "required"
+                        }
+                    ],
+                }
+            },
+            {
+                tag_code: "port",
+                type: "input",
+                attrs: {
+                    name: gettext("端口号"),
+                    width: "100px",
+                    editable: true,
+                    validation: [
+                        {
+                            type: "required"
+                        }
+                    ],
+                }
+            },
+            {
+                tag_code: "auth_type",
+                type: "select",
+                attrs: {
+                    name: gettext("认证方式"),
+                    width: "180px",
+                    items: [
+                        {value: "PASSWORD", text: gettext("PASSWORD")},
+                        {value: "KEY", text: gettext("KEY")},
+                        {value: "TJJ_PASSWORD", text: gettext("TJJ")}
+
+                    ],
+                    default: "PASSWORD",
+                    validation: [
+                        {
+                            type: "required"
+                        }
+                    ],
+                }
+            },
+            {
+                tag_code: "auth_key",
+                type: "textarea",
+                // TODO 能不能加一个动态选项？如果具有加密前缀，默认展示 * 脱敏
+                // TODO 如果重新输入保存，可以拉公钥去做加密
+                attrs: {
+                    name: gettext("认证密钥"),
+                    width: "400px",
+                    editable: true,
+                    validation: [
+                        {
+                            type: "custom",
+                            args: function (value, parent_value) {
+                                let auth_type = parent_value.auth_type;
+                                let result = {
+                                    result: true,
+                                    error_message: ""
+                                };
+                                if (auth_type !== "TJJ_PASSWORD" && !value.length) {
+                                    result.result = false;
+                                    result.error_message = gettext("请输入认证密钥");
+                                }
+                                return result;
+                            }
+                        }
+                    ],
+                    showPassword: true
+                },
+            },
+        ];
+
+        let config_columns = [
+            {
+                tag_code: "peer_exchange_switch_for_agent",
+                type: "radio",
+                attrs: {
+                    name: gettext("BT节点探测"),
+                    items: [
+                        {value: 1, name: gettext("是")},
+                        {value: 0, name: gettext("否")}
+                    ],
+                    default: 0,
+                    validation: [
+                        {
+                            type: "required"
+                        },
+                    ]
+                },
+            },
+            {
+                tag_code: "speed_limit",
+                type: "input",
+                attrs: {
+                    name: gettext("传输限速 M/s"),
+                    width: "100px",
+                    placeholder: gettext("请输入"),
+                    validation: [
+                        {
+                            type: "custom",
+                            args: function (value) {
+                                var result = {
+                                    result: true,
+                                    error_message: ""
+                                };
+                                if (value && !Number(value)) {
+                                    result.result = false;
+                                    result.error_message = gettext("请输入数字");
+                                }
+                                return result;
+                            }
+                        }
+                    ]
+                },
+            },
+        ];
+
+        self.columns = common_columns;
+
+        // 如果是 Proxy，补充 Proxy 信息
+        if (node_type === "PROXY") {
+            self.columns.push(...proxy_columns);
+        }
+        // 安装 / 卸载需要认证信息
+        if (op_type === "INSTALL" || op_type === "UNINSTALL") {
+            self.columns.push(...auth_columns);
+        }
+        // 非卸载场景需要配置信息
+        if (op_type !== "UNINSTALL") {
+            self.columns.push(...config_columns);
+        }
+        console.log(node_type, op_type);
+    };
+
+    let NODEMAN_TJJ_IS_HIDDEN = true;
+
     $.ajax({
         url: $.context.get('site_url') + 'pipeline/nodeman_is_support_tjj/',
         type: 'GET',
@@ -28,13 +303,13 @@
         async: false,
         success: function (resp) {
             if (resp.data) {
-                NODEMAN_TJJ_IS_HIDDEN = false
+                NODEMAN_TJJ_IS_HIDDEN = false;
             }
         },
         error: function () {
             show_msg('request nodeman is support tjj error', 'error');
         }
-    })
+    });
     $.atoms.nodeman_create_task = [
         {
             tag_code: "bk_biz_id",
@@ -63,116 +338,10 @@
                     if (this.value) {
                         return
                     }
-                    this._set_value($.context.getBkBizId())
+                    this._set_value($.context.getBkBizId());
                 }
             }
         },
-        {
-            tag_code: "nodeman_ticket",
-            type: "combine",
-            attrs: {
-                name: gettext("ticket信息"),
-                hookable: true,
-                hidden: NODEMAN_TJJ_IS_HIDDEN,
-                children: [{
-                    tag_code: "nodeman_ticket_save",
-                    type: "radio",
-                    attrs: {
-                        name: gettext("ticket获取方式"),
-                        hookable: true,
-                        hidden: false,
-                        value: 2,
-                        disabled: false,
-                        default: 2,
-                        items: [
-                            {
-                                name: gettext("获取ticket"),
-                                value: 0
-                            },
-                            {
-                                name: gettext("实时获取ticket"),
-                                value: 1
-                            },
-                            {
-                                name: gettext("不使用ticket"),
-                                value: 2
-                            }
-                        ],
-                    },
-                },
-                    {
-                        type: "text",
-                        tag_code: "nodeman_tjj_tip",
-                        attrs: {
-                            name: gettext("说明"),
-                            hookable: true,
-                            hidden: false,
-                            raw: false,
-                            value: gettext("TJJ认证需要获取用户的ticket,请选择ticket获取方式")
-                        },
-                        events: [
-                            {
-                                source: "nodeman_ticket_save",
-                                type: "change",
-                                action: function (value) {
-                                    if (value === 0) {
-                                        this._set_value(gettext("此选项将保存ticket到模板,插件长时间未执行可能发生ticket过期失效导致认证失败"))
-                                    }
-                                    if (value === 1) {
-                                        this._set_value(gettext("此选项将在任务执行前获取ticket,选择此选项需要(ticket使用方式)勾选为全局变量"))
-                                    }
-                                    if (value === 2) {
-                                        this._set_value(gettext("TJJ认证需要获取用户的ticket,请选择ticket获取方式"))
-                                    }
-                                }
-                            },]
-                    },
-                    {
-                        tag_code: "nodeman_tjj_ticket",
-                        type: "password",
-                        attrs: {
-                            name: "TJJ认证ticket",
-                            hookable: true,
-                            hidden: true,
-                            placeholder: "用户ticket",
-                            disabled: true,
-                            validation: []
-                        },
-                        events: [
-                            {
-                                source: "nodeman_ticket_save",
-                                type: "change",
-                                action: function (value) {
-                                    if (value === 2) {
-                                        this._set_value("")
-                                        return
-                                    }
-                                    let a = /TCOA_TICKET=\S+/
-                                    let cookieStr = document.cookie
-                                    let ticket = cookieStr.match(a)[0].split(";")[0].split("=")[1]
-                                    this._set_value(ticket)
-                                }
-                            },
-                            {
-                                source: "nodeman_ticket_save",
-                                type: "init",
-                                action: function (value) {
-                                    if (value === 1) {
-                                        let a = /TCOA_TICKET=\S+/
-                                        let cookieStr = document.cookie
-                                        let ticket = cookieStr.match(a)[0].split(";")[0].split("=")[1]
-                                        this._set_value(ticket)
-                                    }
-                                    if (value === 2) {
-                                        this._set_value("")
-                                    }
-                                }
-                            }
-
-                        ],
-                    }]
-            },
-        },
         {
             tag_code: "nodeman_op_info",
             type: "combine",
@@ -195,6 +364,16 @@
                                 {
                                     type: "required"
                                 }
+                            ],
+                            events: [
+                                {
+                                    source: "nodeman_node_type",
+                                    type: "init",
+                                    action: function (value) {
+                                        // 统一以 change 事件抛出
+                                        this.emit_event(this.tagCode, "change", this.value);
+                                    }
+                                },
                             ]
                         }
                     },
@@ -208,6 +387,8 @@
                                 {value: "REINSTALL", text: gettext("重新安装")},
                                 {value: "UNINSTALL", text: gettext("卸载")},
                                 {value: "UPGRADE", text: gettext("升级")},
+                                {value: "RESTART", text: gettext("重启")},
+                                {value: "RELOAD", text: gettext("配置重载")},
                             ],
                             default: "INSTALL",
                             validation: [
@@ -218,51 +399,10 @@
                         },
                         events: [
                             {
-                                source: "nodeman_node_type",
+                                source: "nodeman_op_type",
                                 type: "init",
                                 action: function (value) {
-                                    node_type = value
-                                    if (value == "AGENT") {
-                                        this.items = [
-                                            {value: "INSTALL", text: gettext("安裝")},
-                                            {value: "REINSTALL", text: gettext("重新安装")},
-                                            {value: "UNINSTALL", text: gettext("卸载")},
-                                            {value: "UPGRADE", text: gettext("升级")},
-                                        ]
-                                    } else {
-                                        if (this.value == "UPGRADE") {
-                                            this._set_value("INSTALL")
-                                        }
-                                        this.items = [
-                                            {value: "INSTALL", text: gettext("安裝")},
-                                            {value: "REINSTALL", text: gettext("重新安装")},
-                                            {value: "UNINSTALL", text: gettext("卸载")},
-                                        ]
-                                    }
-                                }
-                            },
-                            {
-                                source: "nodeman_node_type",
-                                type: "change",
-                                action: function (value) {
-                                    node_type = value
-                                    if (value == "AGENT") {
-                                        this.items = [
-                                            {value: "INSTALL", text: gettext("安裝")},
-                                            {value: "REINSTALL", text: gettext("重新安装")},
-                                            {value: "UNINSTALL", text: gettext("卸载")},
-                                            {value: "UPGRADE", text: gettext("升级")},
-                                        ]
-                                    } else {
-                                        if (this.value == "UPGRADE") {
-                                            this._set_value("INSTALL")
-                                        }
-                                        this.items = [
-                                            {value: "INSTALL", text: gettext("安裝")},
-                                            {value: "REINSTALL", text: gettext("重新安装")},
-                                            {value: "UNINSTALL", text: gettext("卸载")},
-                                        ]
-                                    }
+                                    this.emit_event(this.tagCode, "change", this.value);
                                 }
                             },
                         ]
@@ -284,20 +424,11 @@
                             ]
                         },
                         events: [
-                            {
-                                source: "nodeman_op_type",
-                                type: "init",
-                                action: function (value) {
-                                    let op_type = ["INSTALL", "REINSTALL"]
-                                    is_display_tag(this, op_type, value)
-                                }
-                            },
                             {
                                 source: "nodeman_op_type",
                                 type: "change",
                                 action: function (value) {
-                                    let op_type = ["INSTALL", "REINSTALL"]
-                                    is_display_tag(this, op_type, value)
+                                    is_install_op(this, value);
                                 }
                             },
                         ]
@@ -313,7 +444,7 @@
                                     type: "add_row",
                                     text: gettext("添加"),
                                     callback: function () {
-                                        this.add_row()
+                                        this.add_row();
                                     }
                                 },
                                 {
@@ -324,307 +455,29 @@
                                     type: "export",
                                     text: gettext("导出"),
                                     callback: function () {
-                                        this.export2Excel()
+                                        this.export2Excel();
                                     }
                                 },
 
                             ],
-                            columns: [
-                                {
-                                    tag_code: "nodeman_bk_cloud_id",
-                                    type: "select",
-                                    attrs: {
-                                        name: gettext("管控区域ID"),
-                                        width: "180px",
-                                        remote: true,
-                                        items: [],
-                                        remote_url: $.context.get("site_url") + "pipeline/nodeman_get_cloud_area/",
-                                        remote_data_init: function (resp) {
-                                            if (resp.result === false) {
-                                                show_msg(resp.message, "error");
-                                            }
-                                            resp.data.unshift({"text": gettext("直连区域"), "value": 0})
-                                            return resp.data;
-                                        },
-                                        validation: [
-                                            {
-                                                type: "required",
-                                            }
-                                        ]
-                                    }
-                                },
-                                {
-                                    tag_code: "nodeman_ap_id",
-                                    type: "select",
-                                    attrs: {
-                                        name: gettext("接入点"),
-                                        width: "180px",
-                                        remote: true,
-                                        items: [],
-                                        remote_url: $.context.get("site_url") + "pipeline/nodeman_get_ap_list/",
-                                        remote_data_init: function (resp) {
-                                            if (resp.result === false) {
-                                                show_msg(resp.message, "error");
-                                            }
-                                            return resp.data;
-                                        },
-                                        validation: []
-                                    }
-                                },
-                                {
-                                    tag_code: "inner_ip",
-                                    type: "textarea",
-                                    attrs: {
-                                        name: gettext("内网IP"),
-                                        placeholder: gettext("多个用英文逗号 `,` 或换行分隔"),
-                                        width: "180px",
-                                        editable: true
-                                    }
-                                },
-                                {
-                                    tag_code: "outer_ip",
-                                    type: "textarea",
-                                    attrs: {
-                                        name: gettext("外网IP"),
-                                        placeholder: gettext("可选,如填写需与内网ip一一对应,多个用英文逗号 `,` 或换行分隔"),
-                                        width: "180px",
-                                        editable: true,
-                                        validation: []
-                                    }
-                                },
-                                {
-                                    tag_code: "login_ip",
-                                    type: "textarea",
-                                    attrs: {
-                                        name: gettext("登录IP"),
-                                        placeholder: gettext("可为空，如填写需与内网ip一一对应，适配复杂网络时填写,多个用英文逗号 `,` 或换行分隔"),
-                                        width: "180px",
-                                        editable: true
-                                    }
-                                },
-                                {
-                                    tag_code: "data_ip",
-                                    type: "textarea",
-                                    attrs: {
-                                        name: gettext("数据IP"),
-                                        placeholder: gettext("可为空，如填写需与内网ip一一对应，适配复杂网络时填写,多个用英文逗号 `,` 或换行分隔"),
-                                        width: "180px",
-                                        editable: true,
-                                    }
-                                },
-                                {
-                                    tag_code: "inner_ipv6",
-                                    type: "textarea",
-                                    attrs: {
-                                        name: gettext("内网IP(IPV6)"),
-                                        placeholder: gettext("可为空，如纯ipv6主机，内网ipv和外网IP(IPV6)两个必须填一个"),
-                                        width: "180px",
-                                        editable: true,
-                                    }
-                                },
-                                {
-                                    tag_code: "outer_ipv6",
-                                    type: "textarea",
-                                    attrs: {
-                                        name: gettext("外网IP(IPV6)"),
-                                        placeholder: gettext("可为空，如纯ipv6主机，外网ipv和外网IP(IPV6)两个必须填一个"),
-                                        width: "180px",
-                                        editable: true,
-                                    }
-                                },
-                                {
-                                    tag_code: "os_type",
-                                    type: "select",
-                                    attrs: {
-                                        name: gettext("操作系统类型"),
-                                        width: "180px",
-                                        items: [
-                                            {value: "LINUX", text: gettext("LINUX")},
-                                            {value: "WINDOWS", text: gettext("WINDOWS")},
-                                            {value: "AIX", text: gettext("AIX")}
-                                        ],
-                                        default: "LINUX",
-                                        validation: [
-                                            {
-                                                type: "required"
-                                            }
-                                        ]
-                                    }
-                                },
-                                {
-                                    tag_code: "account",
-                                    type: "input",
-                                    attrs: {
-                                        name: gettext("登录账号"),
-                                        width: "180px",
-                                        editable: true,
-                                        validation: [
-                                            {
-                                                type: "required"
-                                            }
-                                        ]
-                                    }
-                                },
-                                {
-                                    tag_code: "port",
-                                    type: "input",
-                                    attrs: {
-                                        name: gettext("端口号"),
-                                        width: "100px",
-                                        editable: true,
-                                        validation: [
-                                            {
-                                                type: "required"
-                                            }
-                                        ]
-                                    }
-                                },
-                                {
-                                    tag_code: "auth_type",
-                                    type: "select",
-                                    attrs: {
-                                        name: gettext("认证方式"),
-                                        width: "180px",
-                                        items: [
-                                            {value: "PASSWORD", text: gettext("PASSWORD")},
-                                            {value: "KEY", text: gettext("KEY")},
-                                            {value: "TJJ_PASSWORD", text: gettext("TJJ")}
-
-                                        ],
-                                        default: "PASSWORD",
-                                        validation: [
-                                            {
-                                                type: "required"
-                                            }
-                                        ]
-                                    }
-                                },
-                                {
-                                    tag_code: "auth_key",
-                                    type: "textarea",
-                                    // TODO 能不能加一个动态选项？如果具有加密前缀，默认展示 * 脱敏
-                                    // TODO 如果重新输入保存，可以拉公钥去做加密
-                                    attrs: {
-                                        name: gettext("认证密钥"),
-                                        width: "400px",
-                                        editable: true,
-                                        validation: [
-                                            {
-                                                type: "custom",
-                                                args: function (value, parent_value) {
-                                                    let auth_type = parent_value.auth_type
-                                                    let result = {
-                                                        result: true,
-                                                        error_message: ""
-                                                    }
-                                                    if (auth_type !== "TJJ_PASSWORD" && !value.length) {
-                                                        result.result = false;
-                                                        result.error_message = gettext("请输入认证密钥");
-                                                    }
-                                                    return result
-                                                }
-                                            }
-                                        ],
-                                        showPassword: true
-                                    },
-                                    events: []
-                                },
-                                {
-                                    tag_code: "peer_exchange_switch_for_agent",
-                                    type: "radio",
-                                    attrs: {
-                                        name: gettext("BT节点探测"),
-                                        items: [
-                                            {value: 1, name: gettext("是")},
-                                            {value: 0, name: gettext("否")}
-                                        ],
-                                        default: 1,
-                                        validation: [
-                                            {
-                                                type: "required"
-                                            },
-                                        ]
-                                    },
-                                    events: [
-                                        {
-                                            source: "nodeman_op_type",
-                                            type: "init",
-                                            action: function (value) {
-                                                let op_type = ["INSTALL", "REINSTALL"]
-                                                is_display_tag(this, op_type, value)
-                                            }
-                                        },
-                                        {
-                                            source: "nodeman_op_type",
-                                            type: "change",
-                                            action: function (value) {
-                                                let op_type = ["INSTALL", "REINSTALL"]
-                                                is_display_tag(this, op_type, value)
-                                            }
-                                        },
-                                    ]
-                                },
-                                {
-                                    tag_code: "speed_limit",
-                                    type: "input",
-                                    attrs: {
-                                        name: gettext("传输限速 M/s"),
-                                        width: "100px",
-                                        placeholder: gettext("请输入"),
-                                        validation: [
-                                            {
-                                                type: "custom",
-                                                args: function (value) {
-                                                    var result = {
-                                                        result: true,
-                                                        error_message: ""
-                                                    }
-                                                    if (value && !Number(value)) {
-                                                        result.result = false;
-                                                        result.error_message = gettext("请输入数字");
-                                                    }
-                                                    return result;
-                                                }
-                                            }
-                                        ]
-                                    },
-                                    events: [
-                                        {
-                                            source: "nodeman_op_type",
-                                            type: "init",
-                                            action: function (value) {
-                                                let op_type = ["INSTALL", "REINSTALL"]
-                                                is_display_tag(this, op_type, value)
-                                            }
-                                        },
-                                        {
-                                            source: "nodeman_op_type",
-                                            type: "change",
-                                            action: function (value) {
-                                                let op_type = ["INSTALL", "REINSTALL"]
-                                                is_display_tag(this, op_type, value)
-                                            }
-                                        },
-                                    ]
-                                },
-                            ],
+                            columns: [],
                             hookable: true,
                             validation: [
                                 {
                                     type: "custom",
                                     args: function (value) {
-                                        let self = this
+                                        let self = this;
                                         let result = {
                                             result: true,
                                             error_message: ""
-                                        }
+                                        };
                                         let op_type = self.get_parent && self.get_parent().get_child("nodeman_op_type").value;
-                                        let install_type = ["INSTALL", "REINSTALL"]
+                                        let install_type = ["INSTALL", "REINSTALL"];
                                         if (install_type.indexOf(op_type) !== -1 && value === "") {
                                             result.result = false;
                                             result.error_message = gettext("请完善主机信息");
                                         }
-                                        return result
+                                        return result;
 
                                     }
                                 }
@@ -633,24 +486,27 @@
                         events: [
                             {
                                 source: "nodeman_op_type",
-                                type: "init",
+                                type: "change",
                                 action: function (value) {
-                                    let op_type = ["INSTALL", "REINSTALL"]
-                                    if (node_type == "AGENT") {
-                                        op_type = ["INSTALL", "REINSTALL", "UNINSTALL"]
+                                    let node_type = this.get_parent().get_child("nodeman_node_type").value;
+                                    init_columns(this, node_type, value);
+                                    let op_type = ["INSTALL", "REINSTALL", "RELOAD"];
+                                    if (node_type === "AGENT") {
+                                        op_type = ["INSTALL", "REINSTALL", "UNINSTALL", "RELOAD"];
                                     }
-                                    is_display_tag(this, op_type, value)
+                                    is_display_tag(this, op_type, value);
                                 }
                             },
                             {
-                                source: "nodeman_op_type",
+                                source: "nodeman_node_type",
                                 type: "change",
                                 action: function (value) {
-                                    let op_type = ["INSTALL", "REINSTALL"]
-                                    if (node_type == "AGENT") {
-                                        op_type = ["INSTALL", "REINSTALL", "UNINSTALL"]
+                                    init_columns(this, value, this.get_parent().get_child("nodeman_op_type").value);
+                                    let op_type = ["INSTALL", "REINSTALL", "RELOAD"];
+                                    if (value === "AGENT") {
+                                        op_type = ["INSTALL", "REINSTALL", "UNINSTALL", "RELOAD"];
                                     }
-                                    is_display_tag(this, op_type, value)
+                                    is_display_tag(this, op_type, this.get_parent().get_child("nodeman_op_type").value);
                                 }
                             },
                         ]
@@ -666,7 +522,7 @@
                                     type: "add_row",
                                     text: gettext("添加"),
                                     callback: function () {
-                                        this.add_row()
+                                        this.add_row();
                                     }
                                 },
                                 {
@@ -677,7 +533,7 @@
                                     type: "export",
                                     text: gettext("导出"),
                                     callback: function () {
-                                        this.export2Excel()
+                                        this.export2Excel();
                                     }
                                 },
 
@@ -717,18 +573,18 @@
                                 {
                                     type: "custom",
                                     args: function (value) {
-                                        let self = this
+                                        let self = this;
                                         let result = {
                                             result: true,
                                             error_message: ""
-                                        }
+                                        };
                                         let op_type = self.get_parent && self.get_parent().get_child("nodeman_op_type").value;
-                                        let install_type = ["UNINSTALL", "UPGRADE"]
+                                        let install_type = ["UNINSTALL", "UPGRADE"];
                                         if (install_type.indexOf(op_type) !== -1 && value === "") {
                                             result.result = false;
                                             result.error_message = gettext("请完善主机信息");
                                         }
-                                        return result
+                                        return result;
 
                                     }
                                 }
@@ -737,24 +593,24 @@
                         events: [
                             {
                                 source: "nodeman_op_type",
-                                type: "init",
+                                type: "change",
                                 action: function (value) {
-                                    let op_type = ["UPGRADE"]
-                                    if (node_type == "PROXY") {
-                                        op_type = ["UPGRADE", "UNINSTALL"]
+                                    let op_type = ["UPGRADE", "RESTART"];
+                                    if (this.get_parent().get_child("nodeman_node_type").value === "PROXY") {
+                                        op_type = ["UPGRADE", "RESTART", "UNINSTALL"];
                                     }
-                                    is_display_tag(this, op_type, value)
+                                    is_display_tag(this, op_type, value);
                                 }
                             },
                             {
-                                source: "nodeman_op_type",
+                                source: "nodeman_node_type",
                                 type: "change",
                                 action: function (value) {
-                                    let op_type = ["UPGRADE"]
-                                    if (node_type == "PROXY") {
-                                        op_type = ["UPGRADE", "UNINSTALL"]
+                                    let op_type = ["UPGRADE", "RESTART"];
+                                    if (value === "PROXY") {
+                                        op_type = ["UPGRADE", "RESTART", "UNINSTALL"];
                                     }
-                                    is_display_tag(this, op_type, value)
+                                    is_display_tag(this, op_type, this.get_parent().get_child("nodeman_op_type").value);
                                 }
                             },
                         ]
@@ -762,5 +618,5 @@
                 ],
             },
         },
-    ]
+    ];
 })();
diff --git a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v3_create_task.py b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v3_create_task.py
index 04e0eee81b..5836b6ad1f 100644
--- a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v3_create_task.py
+++ b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v3_create_task.py
@@ -13,16 +13,16 @@
 
 from django.test import TestCase
 from mock import MagicMock
-
 from pipeline.component_framework.test import (
     Call,
     CallAssertion,
     ComponentTestCase,
     ComponentTestMixin,
     ExecuteAssertion,
-    ScheduleAssertion,
     Patcher,
+    ScheduleAssertion,
 )
+
 from pipeline_plugins.components.collections.sites.open.nodeman.create_task.v3_0 import NodemanCreateTaskComponent
 
 
@@ -743,7 +743,6 @@ def __init__(
     inputs={
         "bk_biz_id": "1",
         "nodeman_node_type": "AGENT",
-        "nodeman_ticket": {"nodeman_tjj_ticket": "xxxxx"},
         "nodeman_op_info": {
             "nodeman_op_type": "INSTALL",
             "nodeman_ip_str": "",
@@ -798,7 +797,6 @@ def __init__(
                                 "data_ip": "1.1.1.1",
                             }
                         ],
-                        "tcoa_ticket": "xxxxx",
                     }
                 )
             ],
diff --git a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v4_create_task.py b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v4_create_task.py
index e5dca2876d..8ff67501a0 100644
--- a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v4_create_task.py
+++ b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v4_create_task.py
@@ -13,16 +13,16 @@
 
 from django.test import TestCase
 from mock import MagicMock
-
 from pipeline.component_framework.test import (
     Call,
     CallAssertion,
     ComponentTestCase,
     ComponentTestMixin,
     ExecuteAssertion,
-    ScheduleAssertion,
     Patcher,
+    ScheduleAssertion,
 )
+
 from pipeline_plugins.components.collections.sites.open.nodeman.create_task.v4_0 import NodemanCreateTaskComponent
 
 
@@ -31,6 +31,7 @@ def cases(self):
         return [
             INSTALL_SUCCESS_CASE,
             REINSTALL_SUCCESS_CASE,
+            RELOAD_SUCCESS_CASE,
             INSTALL_FAIL_CASE,
             OPERATE_SUCCESS_CASE,
             OPERATE_FAIL_CASE,
@@ -241,7 +242,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "1.1.1.1",
                                 "login_ip": "1.1.1.1",
@@ -332,7 +333,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "1.1.1.1",
                                 "login_ip": "1.1.1.1",
@@ -349,7 +350,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "4.4.4.4",
                                 "login_ip": "6.6.6.6",
@@ -366,7 +367,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "5.5.5.5",
                                 "login_ip": "7.7.7.7",
@@ -400,6 +401,111 @@ def __init__(
     ],
 )
 
+RELOAD_SUCCESS_CASE = ComponentTestCase(
+    name="nodeman v4.0 reinstall task success case",
+    inputs={
+        "bk_biz_id": "1",
+        "nodeman_op_info": {
+            "nodeman_op_type": "RELOAD",
+            "nodeman_node_type": "AGENT",
+            "nodeman_hosts": [
+                {
+                    "bk_biz_id": "1",
+                    "nodeman_bk_cloud_id": "1",
+                    "nodeman_ap_id": "1",
+                    "inner_ip": "1.1.1.1",
+                    "os_type": "LINUX",
+                    "peer_exchange_switch_for_agent": 0,
+                    "speed_limit": "100",
+                },
+                {
+                    "bk_biz_id": "1",
+                    "nodeman_bk_cloud_id": "1",
+                    "nodeman_ap_id": "1",
+                    "os_type": "LINUX",
+                    "inner_ip": "2.2.2.2,3.3.3.3",
+                    "peer_exchange_switch_for_agent": 0,
+                    "speed_limit": "100",
+                },
+            ],
+        },
+    },
+    parent_data={"executor": "tester"},
+    execute_assertion=ExecuteAssertion(success=True, outputs={"job_id": "1"}),
+    schedule_assertion=ScheduleAssertion(
+        success=True,
+        callback_data=None,
+        schedule_finished=True,
+        outputs={"fail_num": 0, "job_id": "1", "success_num": 1},
+    ),
+    execute_call_assertion=[
+        CallAssertion(
+            func=INSTALL_OR_OPERATE_SUCCESS_CLIENT.job_install,
+            calls=[
+                Call(
+                    **{
+                        "job_type": "RELOAD_AGENT",
+                        "hosts": [
+                            {
+                                "bk_biz_id": "1",
+                                "bk_cloud_id": "1",
+                                "os_type": "LINUX",
+                                "inner_ip": "1.1.1.1",
+                                "ap_id": "1",
+                                "is_manual": False,  # 不手动操作
+                                "bt_speed_limit": 100,
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
+                                "bk_host_id": 1,
+                            },
+                            {
+                                "bk_biz_id": "1",
+                                "bk_cloud_id": "1",
+                                "os_type": "LINUX",
+                                "inner_ip": "2.2.2.2",
+                                "ap_id": "1",
+                                "is_manual": False,  # 不手动操作
+                                "bt_speed_limit": 100,
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
+                                "bk_host_id": 2,
+                            },
+                            {
+                                "bk_biz_id": "1",
+                                "bk_cloud_id": "1",
+                                "os_type": "LINUX",
+                                "inner_ip": "3.3.3.3",
+                                "ap_id": "1",
+                                "is_manual": False,  # 不手动操作
+                                "bt_speed_limit": 100,
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
+                                "bk_host_id": 3,
+                            },
+                        ],
+                    }
+                )
+            ],
+        ),
+    ],
+    schedule_call_assertion=[
+        CallAssertion(
+            func=INSTALL_OR_OPERATE_SUCCESS_CLIENT.job_details,
+            calls=[Call(**{"job_id": "1"})],
+        ),
+    ],
+    patchers=[
+        Patcher(target=GET_CLIENT_BY_USER, return_value=INSTALL_OR_OPERATE_SUCCESS_CLIENT),
+        Patcher(target=BASE_GET_CLIENT_BY_USER, return_value=INSTALL_OR_OPERATE_SUCCESS_CLIENT),
+        Patcher(
+            target=GET_BUSINESS_HOST,
+            return_value=[
+                {"bk_host_innerip": "1.1.1.1", "bk_host_id": 1},
+                {"bk_host_innerip": "2.2.2.2", "bk_host_id": 2},
+                {"bk_host_innerip": "3.3.3.3", "bk_host_id": 3},
+            ],
+        ),
+        Patcher(target=ENCRYPT_AUTH_KEY, return_value="encrypt_auth_key"),
+    ],
+)
+
 INSTALL_FAIL_CASE = ComponentTestCase(
     name="nodeman v4.0 install task failed case",
     inputs={
@@ -447,7 +553,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "1.1.1.1",
                                 "login_ip": "1.1.1.1",
@@ -635,7 +741,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "3.3.3.3",
                                 "login_ip": "5.5.5.5",
@@ -652,7 +758,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "4.4.4.4",
                                 "login_ip": "6.6.6.6",
@@ -669,7 +775,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "3.3.3.3",
                                 "login_ip": "5.5.5.5",
@@ -686,7 +792,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "data_ip": "7.7.7.7",
                                 "bk_host_id": 1,
@@ -720,7 +826,6 @@ def __init__(
     inputs={
         "bk_biz_id": "1",
         "nodeman_node_type": "AGENT",
-        "nodeman_ticket": {"nodeman_tjj_ticket": "xxxxx"},
         "nodeman_op_info": {
             "nodeman_op_type": "INSTALL",
             "nodeman_node_type": "AGENT",
@@ -734,7 +839,7 @@ def __init__(
                     "os_type": "LINUX",
                     "port": "22",
                     "account": "test",
-                    "auth_type": "PASSWORD",
+                    "auth_type": "TJJ_PASSWORD",
                     "auth_key": "123",
                     "outer_ip": "1.1.1.1",
                     "login_ip": "1.1.1.1",
@@ -767,17 +872,16 @@ def __init__(
                                 "os_type": "LINUX",
                                 "port": "22",
                                 "account": "test",
-                                "auth_type": "PASSWORD",
+                                "auth_type": "TJJ_PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
-                                "password": "encrypt_auth_key",
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
+                                "key": "encrypt_auth_key",
                                 "outer_ip": "1.1.1.1",
                                 "login_ip": "1.1.1.1",
                                 "data_ip": "1.1.1.1",
                             }
                         ],
-                        "tcoa_ticket": "xxxxx",
                     }
                 )
             ],
@@ -910,7 +1014,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "1",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "1.1.1.1",
                                 "login_ip": "1.1.1.1",
@@ -926,7 +1030,7 @@ def __init__(
                                 "auth_type": "PASSWORD",
                                 "ap_id": "2",
                                 "is_manual": False,  # 不手动操作
-                                "peer_exchange_switch_for_agent": 1,  # 不加速
+                                "peer_exchange_switch_for_agent": 0,  # 不加速
                                 "password": "encrypt_auth_key",
                                 "outer_ip": "2.2.2.2",
                                 "login_ip": "2.2.2.2",

From cda7a21134b3f1545fd955cd2fc46682caf8f8ef Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Thu, 10 Aug 2023 14:49:17 +0800
Subject: [PATCH 05/17] minor: review fix

---
 .../components/collections/sites/open/nodeman/base.py        | 5 ++---
 .../collections/sites/open/nodeman/create_task/v4_0.py       | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/base.py b/pipeline_plugins/components/collections/sites/open/nodeman/base.py
index 93e7133144..778f7bf9f5 100644
--- a/pipeline_plugins/components/collections/sites/open/nodeman/base.py
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/base.py
@@ -141,9 +141,8 @@ def get_host_id_list(self, ip_str, executor, bk_cloud_id, bk_biz_id):
         # 如果开启了ipv6的逻辑，则执行
         if settings.ENABLE_IPV6:
             ipv6_list, ipv4_list, *_ = extract_ip_from_ip_str(ip_str)
-            ip_list = ipv4_list + ipv6_list
-            bk_host_id_dict_ipv6 = get_host_id_by_inner_ipv6(executor, self.logger, bk_cloud_id, bk_biz_id, ip_list)
-            bk_host_id_dict = get_host_id_by_inner_ip(executor, self.logger, bk_cloud_id, bk_biz_id, ip_list)
+            bk_host_id_dict_ipv6 = get_host_id_by_inner_ipv6(executor, self.logger, bk_cloud_id, bk_biz_id, ipv6_list)
+            bk_host_id_dict = get_host_id_by_inner_ip(executor, self.logger, bk_cloud_id, bk_biz_id, ipv4_list)
             return list(set(bk_host_id_dict_ipv6.values()) | set(bk_host_id_dict.values()))
 
         ip_list = get_ip_by_regex(ip_str)
diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py
index bf68a50efd..c07311b5d8 100644
--- a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py
@@ -123,7 +123,7 @@ def execute(self, data, parent_data):
                     try:
                         auth_key = decrypt_auth_key(auth_key, settings.RSA_PRIV_KEY)
                     except Exception:
-                        # password is not encrypted
+                        self.logger.info("try to decrypt password error, use plaintext.")
                         pass
 
                     # auth_key加密

From b37e29d73cc946cfe632d3360e03243e57a78880 Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Thu, 17 Aug 2023 21:30:25 +0800
Subject: [PATCH 06/17] =?UTF-8?q?feature:=20=E5=9B=BD=E5=AF=86=E6=94=B9?=
 =?UTF-8?q?=E9=80=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/default.py                             |   4 +-
 gcloud/tests/utils/test_crypto.py             |  62 ++
 gcloud/utils/crypto.py                        |  89 +--
 .../all_biz_execute_job_plan/base_service.py  |  19 +-
 .../job/execute_task/execute_task_base.py     |   9 +-
 .../collections/sites/open/nodeman/base.py    |  52 +-
 .../sites/open/nodeman/create_task/v2_0.py    |  36 +-
 .../sites/open/nodeman/create_task/v3_0.py    |  20 +-
 .../sites/open/nodeman/create_task/v4_0.py    |  25 +-
 .../sites/open/nodeman/create_task/v5_0.py    |  39 ++
 .../wechat_work_send_message/v1_0.py          |  21 +-
 .../wechat_work_send_message/v2_0.py          |  37 ++
 .../atoms/nodeman/create_task/v4_0.js         |   1 -
 .../atoms/nodeman/create_task/v5_0.js         | 619 ++++++++++++++++++
 .../wechat_work_send_message/v2_0.js          |  59 ++
 pipeline_plugins/components/utils/common.py   |  11 +
 .../test_nodeman_v2_create_task.py            |  10 +-
 .../test_nodeman_v3_create_task.py            |   4 +-
 .../test_nodeman_v4_create_task.py            |   4 +-
 .../test_wechat_work_send_message_v1_0.py     |  46 +-
 pipeline_plugins/tests/utils/test_utils.py    |  14 +-
 .../variables/collections/common.py           |   1 -
 .../variables/static/variables/password.js    |   4 +-
 requirements.txt                              |   2 +-
 24 files changed, 1023 insertions(+), 165 deletions(-)
 create mode 100644 gcloud/tests/utils/test_crypto.py
 create mode 100644 pipeline_plugins/components/collections/sites/open/nodeman/create_task/v5_0.py
 create mode 100644 pipeline_plugins/components/collections/sites/open/wechat_work/wechat_work_send_message/v2_0.py
 create mode 100644 pipeline_plugins/components/static/components/atoms/nodeman/create_task/v5_0.js
 create mode 100644 pipeline_plugins/components/static/components/atoms/wechat_work/wechat_work_send_message/v2_0.js

diff --git a/config/default.py b/config/default.py
index 5d302cd9e9..e6526cc32f 100644
--- a/config/default.py
+++ b/config/default.py
@@ -16,8 +16,8 @@
 from urllib.parse import urlparse
 
 from bamboo_engine.config import Settings as BambooSettings
+from bkcrypto import constants as bkcrypto_constants
 from bkcrypto.asymmetric.options import RSAAsymmetricOptions
-from bkcrypto.symmetric.options import AESSymmetricOptions, SM4SymmetricOptions
 from blueapps.conf.default_settings import *  # noqa
 from blueapps.conf.log import get_logging_config_dict
 from blueapps.opentelemetry.utils import inject_logging_trace_info
@@ -27,8 +27,6 @@
 import env
 from gcloud.exceptions import ApiRequestError
 
-from bkcrypto import constants as bkcrypto_constants
-
 # 这里是默认的 INSTALLED_APPS，大部分情况下，不需要改动
 # 如果你已经了解每个默认 APP 的作用，确实需要去掉某些 APP，请去掉下面的注释，然后修改
 # INSTALLED_APPS = (
diff --git a/gcloud/tests/utils/test_crypto.py b/gcloud/tests/utils/test_crypto.py
new file mode 100644
index 0000000000..3370aa17ae
--- /dev/null
+++ b/gcloud/tests/utils/test_crypto.py
@@ -0,0 +1,62 @@
+# -*- coding: utf-8 -*-
+"""
+Tencent is pleased to support the open source community by making 蓝鲸智云PaaS平台社区版 (BlueKing PaaS Community
+Edition) available.
+Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved.
+Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://opensource.org/licenses/MIT
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+"""
+import random
+
+from bkcrypto import constants as bkcrypto_constants
+from bkcrypto.asymmetric.ciphers import BaseAsymmetricCipher
+from bkcrypto.asymmetric.options import RSAAsymmetricOptions
+from bkcrypto.contrib.django.ciphers import get_asymmetric_cipher
+from bkcrypto.contrib.django.selectors import AsymmetricCipherSelector
+from django.test import TestCase
+
+from gcloud.utils import crypto
+
+
+class CryptoTestCase(TestCase):
+
+    plaintext: str = None
+    legacy_cipher: BaseAsymmetricCipher = None
+
+    def setUp(self) -> None:
+        self.plaintext = "123" * random.randint(1, 100)
+        self.legacy_cipher = get_asymmetric_cipher(
+            cipher_type=bkcrypto_constants.AsymmetricCipherType.RSA.value,
+            cipher_options={
+                bkcrypto_constants.AsymmetricCipherType.RSA.value: RSAAsymmetricOptions(
+                    public_key_string=crypto.get_default_asymmetric_key_config(
+                        cipher_type=bkcrypto_constants.AsymmetricCipherType.RSA.value
+                    ).public_key_string,
+                    padding=bkcrypto_constants.RSACipherPadding.PKCS1_v1_5,
+                )
+            },
+        )
+
+    def test_ciphertext_without_prefix(self):
+        """测试不带前缀的密文，模拟存量数据场景"""
+        self.assertEqual(crypto.decrypt(ciphertext=self.legacy_cipher.encrypt(self.plaintext)), self.plaintext)
+
+    def test_ciphertext_with_secondary_encryption(self):
+        """测试原密文再次保存被二次加密的场景"""
+        ciphertext_without_prefix: str = self.legacy_cipher.encrypt(self.plaintext)
+        ciphertext: str = AsymmetricCipherSelector().encrypt(ciphertext_without_prefix)
+        self.assertEqual(crypto.decrypt(ciphertext=ciphertext), self.plaintext)
+
+    def test_ciphertext(self):
+        """模拟新数据加密携带前缀的场景"""
+        ciphertext: str = AsymmetricCipherSelector().encrypt(plaintext=self.plaintext)
+        print(ciphertext)
+        self.assertTrue(ciphertext.startswith(f"{bkcrypto_constants.AsymmetricCipherType.RSA.value.lower()}_str:::"))
+        self.assertEqual(crypto.decrypt(ciphertext=ciphertext), self.plaintext)
+
+    def test_plaintext(self):
+        self.assertEqual(self.plaintext, crypto.decrypt(self.plaintext))
diff --git a/gcloud/utils/crypto.py b/gcloud/utils/crypto.py
index 822a44446d..875438c308 100644
--- a/gcloud/utils/crypto.py
+++ b/gcloud/utils/crypto.py
@@ -10,14 +10,14 @@
 an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 specific language governing permissions and limitations under the License.
 """
-import base64
 import json
+import typing
 
 from bkcrypto import constants as crypto_constants
 from bkcrypto.asymmetric.configs import KeyConfig as AsymmetricKeyConfig
-from Crypto import Util
-from Crypto.Cipher import PKCS1_v1_5 as PKCS1_v1_5_cipher
-from Crypto.PublicKey import RSA
+from bkcrypto.constants import AsymmetricCipherType
+from bkcrypto.contrib.django.ciphers import asymmetric_cipher_manager
+from bkcrypto.contrib.django.selectors import AsymmetricCipherSelector
 from django.conf import settings
 
 
@@ -42,72 +42,23 @@ def get_default_asymmetric_key_config(cipher_type: str) -> AsymmetricKeyConfig:
     )
 
 
-def get_nodeman_asymmetric_key_config(cipher_type: str) -> AsymmetricKeyConfig:
-    """
-    获取节点管理非对称加密配置
-    :param cipher_type:
-    :return:
-    """
-    pass
+def decrypt(ciphertext: str, using: typing.Optional[str] = None) -> str:
+    using = using or "default"
+    # 1. 尝试根据前缀解密
+    plaintext: str = AsymmetricCipherSelector(using=using).decrypt(ciphertext)
 
+    # 2. 尝试对明文二次 RSA 解密，用于兼容原逻辑
+    try:
+        plaintext = asymmetric_cipher_manager.cipher(using=using, cipher_type=AsymmetricCipherType.RSA.value).decrypt(
+            plaintext
+        )
+    except Exception:
+        # 已经是明文的情况下会抛出该异常
+        pass
 
-def _get_block_size(key_obj, is_encrypt=True) -> int:
-    """
-    获取加解密最大片长度，用于分割过长的文本，单位：bytes
-    :param key_obj:
-    :param is_encrypt:
-    :return:
-    """
-    block_size = Util.number.size(key_obj.n) / 8
-    reserve_size = 11
-    if not is_encrypt:
-        reserve_size = 0
-    return int(block_size - reserve_size)
+    return plaintext
 
 
-def _block_list(lst, block_size):
-    """
-    序列切片
-    :param lst:
-    :param block_size:
-    :return:
-    """
-    for idx in range(0, len(lst), block_size):
-        yield lst[idx : idx + block_size]
-
-
-def encrypt_auth_key(auth_key, public_key_name, public_key):
-    """
-    @summary: rsa分块加密
-    @param auth_key: 待加密的敏感信息
-    @param public_key_name: 公钥名称
-    @param public_key: 公钥
-    """
-    public_key_obj = RSA.importKey(public_key)
-    message_bytes = auth_key.encode(encoding="utf-8")
-    encrypt_message_bytes = b""
-    block_size = _get_block_size(public_key_obj)
-    cipher = PKCS1_v1_5_cipher.new(public_key_obj)
-    for block in _block_list(message_bytes, block_size):
-        encrypt_message_bytes += cipher.encrypt(block)
-
-    encrypt_message = base64.b64encode(public_key_name.encode("utf-8")) + base64.b64encode(encrypt_message_bytes)
-    return encrypt_message.decode(encoding="utf-8")
-
-
-def decrypt_auth_key(encrypt_message, private_key):
-    """
-    @summary: rsa分块解密
-    @param encrypt_message: 密文
-    @param private_key: rsa私钥
-    @return: 解密后的信息
-    """
-    # TODO 要改的
-    decrypt_message_bytes = b""
-    private_key_obj = RSA.importKey(private_key.strip("\n"))
-    encrypt_message_bytes = base64.b64decode(encrypt_message)
-    block_size = _get_block_size(private_key_obj, is_encrypt=False)
-    cipher = PKCS1_v1_5_cipher.new(private_key_obj)
-    for block in _block_list(encrypt_message_bytes, block_size):
-        decrypt_message_bytes += cipher.decrypt(block, "")
-    return decrypt_message_bytes.decode(encoding="utf-8")
+def encrypt(plaintext: str, using: typing.Optional[str] = None) -> str:
+    using = using or "default"
+    return AsymmetricCipherSelector(using=using).encrypt(plaintext)
diff --git a/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py b/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py
index 67ca542d08..b9291c565f 100644
--- a/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py
+++ b/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py
@@ -5,26 +5,23 @@
 
 from django.utils import translation
 from django.utils.translation import ugettext_lazy as _
+from pipeline.core.flow.io import ArrayItemSchema, IntItemSchema, ObjectItemSchema, StringItemSchema
+
 from gcloud.conf import settings
 from gcloud.constants import JobBizScopeType
+from gcloud.utils import crypto
 from gcloud.utils.handlers import handle_api_error
 from pipeline_plugins.base.utils.inject import supplier_account_for_business
 from pipeline_plugins.components.collections.sites.open.job import Jobv3Service
 from pipeline_plugins.components.collections.sites.open.job.ipv6_base import GetJobTargetServerMixin
-from pipeline.core.flow.io import (
-    StringItemSchema,
-    IntItemSchema,
-    ArrayItemSchema,
-    ObjectItemSchema,
-)
+from pipeline_plugins.components.query.sites.open.job import JOBV3_VAR_CATEGORY_IP, JOBV3_VAR_CATEGORY_PASSWORD
 from pipeline_plugins.components.utils import (
     get_job_instance_url,
     get_node_callback_url,
+    has_biz_set,
     loose_strip,
     plat_ip_reg,
-    has_biz_set,
 )
-from pipeline_plugins.components.query.sites.open.job import JOBV3_VAR_CATEGORY_IP
 
 __group_name__ = _("作业平台(JOB)")
 
@@ -126,8 +123,7 @@ def execute(self, data, parent_data):
             self.biz_scope_type = JobBizScopeType.BIZ.value
 
         for _value in original_global_var:
-            # 3-IP
-            val = loose_strip(_value["value"])
+            val = loose_strip(crypto.decrypt(_value["value"]))
             if _value["type"] == JOBV3_VAR_CATEGORY_IP:
 
                 ip_list = self.get_ip_list(val)
@@ -141,6 +137,9 @@ def execute(self, data, parent_data):
 
                 if result:
                     global_var_list.append({"id": _value["id"], "server": server})
+            # 密文变量在没有修改的情况下不加入全局变量，避免脱敏字符串作为正式值进行作业执行逻辑
+            elif _value["category"] == JOBV3_VAR_CATEGORY_PASSWORD and val == "******":
+                continue
             else:
                 global_var_list.append({"id": _value["id"], "value": val})
 
diff --git a/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py b/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py
index 51a80a361a..d5534c7409 100644
--- a/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py
+++ b/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py
@@ -19,9 +19,11 @@
 from pipeline.core.flow.io import ArrayItemSchema, IntItemSchema, ObjectItemSchema, StringItemSchema
 
 from gcloud.conf import settings
+from gcloud.utils import crypto
 from gcloud.utils.handlers import handle_api_error
 from pipeline_plugins.components.collections.sites.open.job import JobService
 from pipeline_plugins.components.collections.sites.open.job.ipv6_base import GetJobTargetServerMixin
+from pipeline_plugins.components.query.sites.open.job import JOBV3_VAR_CATEGORY_IP, JOBV3_VAR_CATEGORY_PASSWORD
 from pipeline_plugins.components.utils import get_job_instance_url, get_node_callback_url, loose_strip
 
 __group_name__ = _("作业平台(JOB)")
@@ -149,9 +151,9 @@ def execute(self, data, parent_data):
         biz_across = data.get_one_of_inputs("biz_across")
 
         for _value in original_global_var:
-            val = loose_strip(_value["value"])
+            val = loose_strip(crypto.decrypt(_value["value"]))
             # category为3,表示变量类型为IP
-            if _value["category"] == 3:
+            if _value["category"] == JOBV3_VAR_CATEGORY_IP:
                 self.logger.info("[job_execute_task_base] start find ip, var={}".format(val))
                 if val:
                     server = self.build_ip_list(biz_across, val, executor, biz_cc_id, data, ip_is_exist)
@@ -160,6 +162,9 @@ def execute(self, data, parent_data):
                         data.outputs.ex_data = _(f"无法从配置平台(CMDB)查询到对应 IP，请确认输入的 IP 是否合法。查询失败 IP： {val}")
                         return False
                     global_vars.append({"name": _value["name"], "server": server})
+            # 密文变量在没有修改的情况下不加入全局变量，避免脱敏字符串作为正式值进行作业执行逻辑
+            elif _value["category"] == JOBV3_VAR_CATEGORY_PASSWORD and val == "******":
+                continue
             else:
                 global_vars.append({"name": _value["name"], "value": val})
         job_kwargs = {
diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/base.py b/pipeline_plugins/components/collections/sites/open/nodeman/base.py
index 778f7bf9f5..82b8059561 100644
--- a/pipeline_plugins/components/collections/sites/open/nodeman/base.py
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/base.py
@@ -10,7 +10,13 @@
 an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 specific language governing permissions and limitations under the License.
 """
+import base64
+
 import ujson as json
+from bkcrypto.asymmetric.ciphers import BaseAsymmetricCipher
+from bkcrypto.asymmetric.interceptors import BaseAsymmetricInterceptor
+from bkcrypto.constants import AsymmetricCipherType
+from bkcrypto.contrib.django.ciphers import get_asymmetric_cipher
 from django.utils.translation import ugettext_lazy as _
 from pipeline.core.flow.activity import Service, StaticIntervalGenerator
 from pipeline.core.flow.io import ArrayItemSchema, IntItemSchema, ObjectItemSchema, StringItemSchema
@@ -25,6 +31,15 @@
 from pipeline_plugins.components.utils.sites.open.utils import get_nodeman_job_url
 
 
+class NodeManAsymmetricInterceptor(BaseAsymmetricInterceptor):
+
+    PREFIX: str = base64.b64encode("DEFAULT".encode()).decode(encoding="utf-8")
+
+    @classmethod
+    def after_encrypt(cls, ciphertext: str, **kwargs) -> str:
+        return f"{cls.PREFIX}{ciphertext}"
+
+
 def get_host_id_by_inner_ip(executor, logger, bk_cloud_id: int, bk_biz_id: int, ip_list: list):
     """
     根据inner_ip获取bk_host_id 对应关系dict
@@ -71,19 +86,28 @@ def get_host_id_by_inner_ipv6(executor, logger, bk_cloud_id: int, bk_biz_id: int
     return {host["inner_ipv6"]: host["bk_host_id"] for host in result["data"]["list"]}
 
 
-def get_nodeman_rsa_public_key(executor, logger):
+def get_nodeman_public_key(executor, logger):
     """
     拉取节点管理rsa公钥
     """
     client = BKNodeManClient(username=executor)
-    get_rsa_result = client.get_rsa_public_key(executor)
-    if not get_rsa_result["result"]:
-        error = handle_api_error(__group_name__, "nodeman.get_rsa_public_key", executor, get_rsa_result)
+    pub_key_response = client.get_rsa_public_key(executor)
+    if not pub_key_response["result"]:
+        error = handle_api_error(__group_name__, "nodeman.get_rsa_public_key", executor, pub_key_response)
         logger.error(error)
         return False, None
-    content = get_rsa_result["data"][0]["content"]
-    name = get_rsa_result["data"][0]["name"]
-    return True, {"name": name, "content": content}
+    try:
+        public_key_info = pub_key_response["data"][0]
+    except (AssertionError, IndexError):
+        logger.error("fetch_public_keys return empty data")
+        return False, None
+
+    return True, {
+        "name": public_key_info["name"],
+        "content": public_key_info["content"],
+        # 如果没有返回 cipher_type，说明本环境节点管理还没更新为国密适配版本，此时设置 cipher_type 为 RSA，向前兼容节点管理的接口行为
+        "cipher_type": public_key_info.get("cipher_type") or AsymmetricCipherType.RSA.value,
+    }
 
 
 class NodeManBaseService(Service):
@@ -149,6 +173,20 @@ def get_host_id_list(self, ip_str, executor, bk_cloud_id, bk_biz_id):
         bk_host_id_dict = get_host_id_by_inner_ip(executor, self.logger, bk_cloud_id, bk_biz_id, ip_list)
         return [bk_host_id for bk_host_id in bk_host_id_dict.values()]
 
+    def parse2nodeman_ciphertext(self, data, executor, plaintext) -> str:
+        success, public_key_info = get_nodeman_public_key(executor, self.logger)
+        if not success:
+            data.set_outputs("ex_data", _("获取节点管理公钥失败,请查看节点日志获取错误详情."))
+            raise ValueError
+
+        # 根据接口的 cipher type 和 publickey 创建 cipher
+        cipher: BaseAsymmetricCipher = get_asymmetric_cipher(
+            cipher_type=public_key_info["cipher_type"],
+            common={"public_key_string": public_key_info["content"], "interceptor": NodeManAsymmetricInterceptor},
+        )
+
+        return cipher.encrypt(plaintext)
+
     def outputs_format(self):
         return [
             self.OutputItem(
diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v2_0.py b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v2_0.py
index 89adb8d22c..b4aac307aa 100644
--- a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v2_0.py
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v2_0.py
@@ -18,15 +18,17 @@
 
 from api.collections.nodeman import BKNodeManClient
 from gcloud.conf import settings
-from gcloud.utils.crypto import decrypt_auth_key, encrypt_auth_key
+from gcloud.utils import crypto
 from pipeline_plugins.components.collections.sites.open.nodeman.base import (
     NodeManBaseService,
     get_host_id_by_inner_ip,
     get_host_id_by_inner_ipv6,
-    get_nodeman_rsa_public_key,
 )
 
 __group_name__ = _("节点管理(Nodeman)")
+
+from pipeline_plugins.components.utils import parse_passwd_value
+
 VERSION = "v2.0"
 
 # 安装类任务(job_install)
@@ -55,15 +57,6 @@ def execute(self, data, parent_data):
         bk_cloud_id = nodeman_op_target.get("nodeman_bk_cloud_id", "")
         node_type = nodeman_op_target.get("nodeman_node_type", "")
 
-        nodeman_ticket = data.get_one_of_inputs("nodeman_ticket", {})
-        nodeman_tjj_ticket = nodeman_ticket.get("nodeman_tjj_ticket", "")
-        if nodeman_tjj_ticket:
-            try:
-                nodeman_tjj_ticket = decrypt_auth_key(nodeman_tjj_ticket, settings.RSA_PRIV_KEY)
-            except Exception:
-                # password is not encrypted
-                pass
-
         nodeman_op_info = data.inputs.nodeman_op_info
         op_type = nodeman_op_info.get("nodeman_op_type", "")
         nodeman_hosts = nodeman_op_info.get("nodeman_hosts", [])
@@ -105,7 +98,6 @@ def execute(self, data, parent_data):
             all_hosts, row_host_params_list = [], []
             for host in nodeman_hosts:
                 auth_type = host["auth_type"]
-                auth_key = host["auth_key"]
                 use_inner_ip = True if host.get("inner_ip") else False
                 # use_inner_ip 判定用户输入的的是ipv4还是ipv6
                 inner_ip_list = self.get_ip_list(
@@ -118,17 +110,12 @@ def execute(self, data, parent_data):
                     return False
 
                 # 处理表格中每行的key/psw
+                auth_key: str = crypto.decrypt(parse_passwd_value(host["auth_key"]))
                 try:
-                    auth_key = decrypt_auth_key(auth_key, settings.RSA_PRIV_KEY)
-                except Exception:
-                    # password is not encrypted
-                    pass
-                # auth_key加密
-                success, ras_public_key = get_nodeman_rsa_public_key(executor, self.logger)
-                if not success:
-                    data.set_outputs("ex_data", _("获取节点管理公钥失败,请查看节点日志获取错误详情."))
+                    auth_key: str = self.parse2nodeman_ciphertext(data, executor, auth_key)
+                except ValueError:
                     return False
-                auth_key = encrypt_auth_key(auth_key, ras_public_key["name"], ras_public_key["content"])
+
                 # 表格每行基础参数
                 base_params = {
                     "bk_biz_id": bk_biz_id,
@@ -188,8 +175,6 @@ def execute(self, data, parent_data):
 
             kwargs = {"job_type": job_name, "hosts": all_hosts, "action": "job_install"}
 
-            if nodeman_tjj_ticket:
-                kwargs.update({"tcoa_ticket": nodeman_tjj_ticket})
         else:
             data.set_outputs("ex_data", _("无效的操作请求:{}".format(job_name)))
             return False
@@ -202,7 +187,10 @@ def execute(self, data, parent_data):
     def inputs_format(self):
         return [
             self.InputItem(
-                name=_("业务 ID"), key="bk_biz_id", type="int", schema=IntItemSchema(description=_("当前操作所属的 CMDB 业务 ID")),
+                name=_("业务 ID"),
+                key="bk_biz_id",
+                type="int",
+                schema=IntItemSchema(description=_("当前操作所属的 CMDB 业务 ID")),
             ),
             self.InputItem(
                 name=_("操作对象"),
diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v3_0.py b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v3_0.py
index c3c0cb514a..518ed9ff03 100644
--- a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v3_0.py
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v3_0.py
@@ -17,15 +17,17 @@
 
 from api.collections.nodeman import BKNodeManClient
 from gcloud.conf import settings
-from gcloud.utils.crypto import decrypt_auth_key, encrypt_auth_key
+from gcloud.utils import crypto
 from pipeline_plugins.components.collections.sites.open.nodeman.base import (
     NodeManNewBaseService,
     get_host_id_by_inner_ip,
     get_host_id_by_inner_ipv6,
-    get_nodeman_rsa_public_key,
 )
 
 __group_name__ = _("节点管理(Nodeman)")
+
+from pipeline_plugins.components.utils import parse_passwd_value
+
 VERSION = "v3.0"
 
 # 安装类任务(job_install)
@@ -98,7 +100,6 @@ def execute(self, data, parent_data):
                 bk_cloud_id = host["nodeman_bk_cloud_id"]
                 ap_id = host["nodeman_ap_id"]
                 auth_type = host["auth_type"]
-                auth_key = host["auth_key"]
                 use_inner_ip = True if host.get("inner_ip") else False
                 # use_inner_ip 判定用户输入的的是ipv4还是ipv6
                 inner_ip_list = self.get_ip_list(
@@ -112,17 +113,12 @@ def execute(self, data, parent_data):
                     return False
 
                 # 处理表格中每行的key/psw
+                auth_key: str = crypto.decrypt(parse_passwd_value(host["auth_key"]))
                 try:
-                    auth_key = decrypt_auth_key(auth_key, settings.RSA_PRIV_KEY)
-                except Exception:
-                    # password is not encrypted
-                    pass
-                # auth_key加密
-                success, ras_public_key = get_nodeman_rsa_public_key(executor, self.logger)
-                if not success:
-                    data.set_outputs("ex_data", _("获取节点管理公钥失败,请查看节点日志获取错误详情."))
+                    auth_key: str = self.parse2nodeman_ciphertext(data, executor, auth_key)
+                except ValueError:
                     return False
-                auth_key = encrypt_auth_key(auth_key, ras_public_key["name"], ras_public_key["content"])
+
                 # 表格每行基础参数
                 base_params = {
                     "bk_biz_id": bk_biz_id,
diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py
index c07311b5d8..6c1a984931 100644
--- a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v4_0.py
@@ -17,15 +17,15 @@
 
 from api.collections.nodeman import BKNodeManClient
 from gcloud.conf import settings
+from gcloud.utils import crypto
 from gcloud.utils.cmdb import get_business_host, get_business_host_ipv6
-from gcloud.utils.crypto import decrypt_auth_key, encrypt_auth_key
 from pipeline_plugins.base.utils.inject import supplier_account_for_business
-from pipeline_plugins.components.collections.sites.open.nodeman.base import (
-    NodeManNewBaseService,
-    get_nodeman_rsa_public_key,
-)
+from pipeline_plugins.components.collections.sites.open.nodeman.base import NodeManNewBaseService
 
 __group_name__ = _("节点管理(Nodeman)")
+
+from pipeline_plugins.components.utils import parse_passwd_value
+
 VERSION = "v4.0"
 
 # 无需认证信息的操作
@@ -117,21 +117,12 @@ def execute(self, data, parent_data):
                         }
                     )
 
-                    auth_key = host["auth_key"]
-
                     # 处理表格中每行的key/psw
+                    auth_key: str = crypto.decrypt(parse_passwd_value(host["auth_key"]))
                     try:
-                        auth_key = decrypt_auth_key(auth_key, settings.RSA_PRIV_KEY)
-                    except Exception:
-                        self.logger.info("try to decrypt password error, use plaintext.")
-                        pass
-
-                    # auth_key加密
-                    success, ras_public_key = get_nodeman_rsa_public_key(executor, self.logger)
-                    if not success:
-                        data.set_outputs("ex_data", _("获取节点管理公钥失败,请查看节点日志获取错误详情."))
+                        auth_key: str = self.parse2nodeman_ciphertext(data, executor, auth_key)
+                    except ValueError:
                         return False
-                    auth_key = encrypt_auth_key(auth_key, ras_public_key["name"], ras_public_key["content"])
 
                     if auth_params["auth_type"] == "PASSWORD":
                         auth_params["password"] = auth_key
diff --git a/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v5_0.py b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v5_0.py
new file mode 100644
index 0000000000..ad8d448e0e
--- /dev/null
+++ b/pipeline_plugins/components/collections/sites/open/nodeman/create_task/v5_0.py
@@ -0,0 +1,39 @@
+# -*- coding: utf-8 -*-
+"""
+Tencent is pleased to support the open source community by making 蓝鲸智云PaaS平台社区版 (BlueKing PaaS Community
+Edition) available.
+Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved.
+Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://opensource.org/licenses/MIT
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+"""
+
+
+from django.utils.translation import ugettext_lazy as _
+from pipeline.component_framework.component import Component
+
+from gcloud.conf import settings
+
+__group_name__ = _("节点管理(Nodeman)")
+
+from pipeline_plugins.components.collections.sites.open.nodeman.create_task.v4_0 import (
+    NodemanCreateTaskService as NodemanCreateTaskV4Service,
+)
+
+VERSION = "v5.0"
+
+
+class NodemanCreateTaskService(NodemanCreateTaskV4Service):
+    pass
+
+
+class NodemanCreateTaskComponent(Component):
+    name = _("新建任务")
+    code = "nodeman_create_task"
+    bound_service = NodemanCreateTaskService
+    form = "%scomponents/atoms/nodeman/create_task/v5_0.js" % settings.STATIC_URL
+    version = VERSION
+    desc = _("v5.0版本 支持密码脱敏填写")
diff --git a/pipeline_plugins/components/collections/sites/open/wechat_work/wechat_work_send_message/v1_0.py b/pipeline_plugins/components/collections/sites/open/wechat_work/wechat_work_send_message/v1_0.py
index e14ccbcf94..1d00698457 100644
--- a/pipeline_plugins/components/collections/sites/open/wechat_work/wechat_work_send_message/v1_0.py
+++ b/pipeline_plugins/components/collections/sites/open/wechat_work/wechat_work_send_message/v1_0.py
@@ -15,15 +15,18 @@
 
 import requests
 from django.utils.translation import ugettext_lazy as _
-
-from pipeline.core.flow.activity import Service
 from pipeline.component_framework.component import Component
 from pipeline.conf import settings
+from pipeline.core.flow.activity import Service
 from pipeline.core.flow.io import StringItemSchema
+
 from gcloud.core.models import EnvironmentVariables
 
 __group_name__ = _("企业微信(WechatWork)")
 
+from gcloud.utils import crypto
+from pipeline_plugins.components.utils import parse_passwd_value
+
 
 class WechatWorkSendMessageService(Service):
     def inputs_format(self):
@@ -35,7 +38,10 @@ def inputs_format(self):
                 schema=StringItemSchema(description=_("通过在群里@企业微信机器人获取，多个用换行分隔")),
             ),
             self.InputItem(
-                name=_("消息内容"), key="message_content", type="string", schema=StringItemSchema(description=_("消息内容")),
+                name=_("消息内容"),
+                key="message_content",
+                type="string",
+                schema=StringItemSchema(description=_("消息内容")),
             ),
             self.InputItem(
                 name=_("提醒人"),
@@ -57,8 +63,13 @@ def execute(self, data, parent_data):
         mentioned_members = data.inputs.wechat_work_mentioned_members
         msgtype = data.get_one_of_inputs("msgtype", "text")
 
+        # 尝试解密
+        chat_id: str = crypto.decrypt(parse_passwd_value(chat_id))
+
         chat_id_list = chat_id.split("\n")
 
+        print(chat_id_list)
+
         url = EnvironmentVariables.objects.get_var("BKAPP_SOPS_WECHAT_WORK_WEB_HOOK")
         if not url:
             data.outputs.ex_data = "WechatWork send message URL is not config, contact admin please"
@@ -68,9 +79,9 @@ def execute(self, data, parent_data):
             data.outputs.ex_data = _("会话 ID 不能为空")
             return False
 
-        for c in chat_id_list:
+        for idx, c in enumerate(chat_id_list, 1):
             if len(c) != 32:
-                data.outputs.ex_data = _("无效的会话 ID: {}".format(c))
+                data.outputs.ex_data = _("第{idx}行的会话 ID 格式不正确（长度需为 32）".format(idx=idx))
                 return False
 
         mentioned_list = []
diff --git a/pipeline_plugins/components/collections/sites/open/wechat_work/wechat_work_send_message/v2_0.py b/pipeline_plugins/components/collections/sites/open/wechat_work/wechat_work_send_message/v2_0.py
new file mode 100644
index 0000000000..07cb444d55
--- /dev/null
+++ b/pipeline_plugins/components/collections/sites/open/wechat_work/wechat_work_send_message/v2_0.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+"""
+Tencent is pleased to support the open source community by making 蓝鲸智云PaaS平台社区版 (BlueKing PaaS Community
+Edition) available.
+Copyright (C) 2017 THL A29 Limited, a Tencent company. All rights reserved.
+Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://opensource.org/licenses/MIT
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+"""
+
+from django.utils.translation import ugettext_lazy as _
+from pipeline.component_framework.component import Component
+from pipeline.conf import settings
+
+from pipeline_plugins.components.collections.sites.open.wechat_work.wechat_work_send_message import v1_0
+
+__group_name__ = _("企业微信(WechatWork)")
+
+
+class WechatWorkSendMessageService(v1_0.WechatWorkSendMessageService):
+    pass
+
+
+class WechatWorkSendMessageComponent(Component):
+    name = _("发送消息")
+    code = "wechat_work_send_message"
+    bound_service = WechatWorkSendMessageService
+    form = "%scomponents/atoms/wechat_work/wechat_work_send_message/v2_0.js" % settings.STATIC_URL
+    version = "2.0"
+    desc = _(
+        "1.部署环境与企业微信服务器网络必须联通 "
+        "2.通过企业微信机器人获取会话 ID，可参考https://open.work.weixin.qq.com/api/doc/90000/90136/91770"
+        "3. 支持「会话 ID」脱敏填写"
+    )
diff --git a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
index 86dd4b1df5..da1b241d35 100644
--- a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
+++ b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
@@ -291,7 +291,6 @@
         if (op_type !== "UNINSTALL") {
             self.columns.push(...config_columns);
         }
-        console.log(node_type, op_type);
     };
 
     let NODEMAN_TJJ_IS_HIDDEN = true;
diff --git a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v5_0.js b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v5_0.js
new file mode 100644
index 0000000000..945e937d7b
--- /dev/null
+++ b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v5_0.js
@@ -0,0 +1,619 @@
+/**
+ * Tencent is pleased to support the open source community by making 蓝鲸智云PaaS平台社区版 (BlueKing PaaS Community
+ * Edition) available.
+ * Copyright (C) 2017-2020 THL A29 Limited, a Tencent company. All rights reserved.
+ * Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://opensource.org/licenses/MIT
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+(function () {
+    function is_display_tag(self, op_type, value) {
+        if (op_type.indexOf(value) !== -1) {
+            self.show();
+        } else {
+            self.hide();
+        }
+    }
+
+    function is_install_op(self, value) {
+        is_display_tag(self, ["INSTALL", "REINSTALL"], value);
+    }
+
+
+    function init_columns(self, node_type, op_type) {
+        let common_columns = [
+            {
+                tag_code: "nodeman_bk_cloud_id",
+                type: "select",
+                attrs: {
+                    name: gettext("管控区域ID"),
+                    width: "180px",
+                    remote: true,
+                    items: [],
+                    remote_url: $.context.get("site_url") + "pipeline/nodeman_get_cloud_area/",
+                    remote_data_init: function (resp) {
+                        if (resp.result === false) {
+                            show_msg(resp.message, "error");
+                        }
+                        resp.data.unshift({"text": gettext("直连区域"), "value": 0});
+                        return resp.data;
+                    },
+                    validation: [
+                        {
+                            type: "required",
+                        }
+                    ]
+                }
+            },
+            {
+                tag_code: "nodeman_ap_id",
+                type: "select",
+                attrs: {
+                    name: gettext("接入点"),
+                    width: "180px",
+                    remote: true,
+                    items: [],
+                    remote_url: $.context.get("site_url") + "pipeline/nodeman_get_ap_list/",
+                    remote_data_init: function (resp) {
+                        if (resp.result === false) {
+                            show_msg(resp.message, "error");
+                        }
+                        return resp.data;
+                    },
+                    validation: []
+                }
+            },
+            {
+                tag_code: "inner_ip",
+                type: "textarea",
+                attrs: {
+                    name: gettext("内网IP"),
+                    placeholder: gettext("多个用英文逗号 `,` 或换行分隔"),
+                    width: "180px",
+                    editable: true
+                }
+            },
+            {
+                tag_code: "inner_ipv6",
+                type: "textarea",
+                attrs: {
+                    name: gettext("内网IP(IPV6)"),
+                    placeholder: gettext("可为空，如纯ipv6主机，内网ipv和外网IP(IPV6)两个必须填一个"),
+                    width: "180px",
+                    editable: true,
+                }
+            },
+            {
+                tag_code: "os_type",
+                type: "select",
+                attrs: {
+                    name: gettext("操作系统类型"),
+                    width: "180px",
+                    items: [
+                        {value: "LINUX", text: gettext("LINUX")},
+                        {value: "WINDOWS", text: gettext("WINDOWS")},
+                        {value: "AIX", text: gettext("AIX")}
+                    ],
+                    default: "LINUX",
+                    validation: [
+                        {
+                            type: "required"
+                        }
+                    ],
+                }
+            },
+        ];
+
+        let proxy_columns = [
+            {
+                tag_code: "outer_ip",
+                type: "textarea",
+                attrs: {
+                    name: gettext("外网IP"),
+                    placeholder: gettext("可选,如填写需与内网ip一一对应,多个用英文逗号 `,` 或换行分隔"),
+                    width: "180px",
+                    editable: true,
+                    validation: []
+                },
+            },
+            {
+                tag_code: "data_ip",
+                type: "textarea",
+                attrs: {
+                    name: gettext("数据IP"),
+                    placeholder: gettext("可为空，如填写需与内网ip一一对应，适配复杂网络时填写,多个用英文逗号 `,` 或换行分隔"),
+                    width: "180px",
+                    editable: true,
+                }
+            },
+            {
+                tag_code: "outer_ipv6",
+                type: "textarea",
+                attrs: {
+                    name: gettext("外网IP(IPV6)"),
+                    placeholder: gettext("可为空，如纯ipv6主机，外网ipv和外网IP(IPV6)两个必须填一个"),
+                    width: "180px",
+                    editable: true,
+                },
+            },
+        ];
+
+        let auth_columns = [
+            {
+                tag_code: "login_ip",
+                type: "textarea",
+                attrs: {
+                    name: gettext("登录IP"),
+                    placeholder: gettext("可为空，如填写需与内网ip一一对应，适配复杂网络时填写,多个用英文逗号 `,` 或换行分隔"),
+                    width: "180px",
+                    editable: true
+                }
+            },
+            {
+                tag_code: "account",
+                type: "input",
+                attrs: {
+                    name: gettext("登录账号"),
+                    width: "180px",
+                    editable: true,
+                    validation: [
+                        {
+                            type: "required"
+                        }
+                    ],
+                }
+            },
+            {
+                tag_code: "port",
+                type: "input",
+                attrs: {
+                    name: gettext("端口号"),
+                    width: "100px",
+                    editable: true,
+                    validation: [
+                        {
+                            type: "required"
+                        }
+                    ],
+                }
+            },
+            {
+                tag_code: "auth_type",
+                type: "select",
+                attrs: {
+                    name: gettext("认证方式"),
+                    width: "180px",
+                    items: [
+                        {value: "PASSWORD", text: gettext("PASSWORD")},
+                        {value: "KEY", text: gettext("KEY")},
+                        {value: "TJJ_PASSWORD", text: gettext("TJJ")}
+
+                    ],
+                    default: "PASSWORD",
+                    validation: [
+                        {
+                            type: "required"
+                        }
+                    ],
+                }
+            },
+            {
+                tag_code: "auth_key",
+                type: "password",
+                attrs: {
+                    name: gettext("认证密钥"),
+                    width: "400px",
+                    editable: true,
+                    textareaMode: true,
+                    validation: [
+                        {
+                            type: "custom",
+                            args: function (value, parent_value) {
+                                let auth_type = parent_value.auth_type;
+                                let result = {
+                                    result: true,
+                                    error_message: ""
+                                };
+                                if (auth_type !== "TJJ_PASSWORD" && !value.value.length) {
+                                    result.result = false;
+                                    result.error_message = gettext("请输入认证密钥");
+                                }
+                                return result;
+                            }
+                        }
+                    ]
+                },
+            },
+        ];
+
+        let config_columns = [
+            {
+                tag_code: "peer_exchange_switch_for_agent",
+                type: "radio",
+                attrs: {
+                    name: gettext("BT节点探测"),
+                    items: [
+                        {value: 1, name: gettext("是")},
+                        {value: 0, name: gettext("否")}
+                    ],
+                    default: 0,
+                    validation: [
+                        {
+                            type: "required"
+                        },
+                    ]
+                },
+            },
+            {
+                tag_code: "speed_limit",
+                type: "input",
+                attrs: {
+                    name: gettext("传输限速 M/s"),
+                    width: "100px",
+                    placeholder: gettext("请输入"),
+                    validation: [
+                        {
+                            type: "custom",
+                            args: function (value) {
+                                var result = {
+                                    result: true,
+                                    error_message: ""
+                                };
+                                if (value && !Number(value)) {
+                                    result.result = false;
+                                    result.error_message = gettext("请输入数字");
+                                }
+                                return result;
+                            }
+                        }
+                    ]
+                },
+            },
+        ];
+
+        self.columns = common_columns;
+
+        // 如果是 Proxy，补充 Proxy 信息
+        if (node_type === "PROXY") {
+            self.columns.push(...proxy_columns);
+        }
+        // 安装 / 卸载需要认证信息
+        if (op_type === "INSTALL" || op_type === "UNINSTALL") {
+            self.columns.push(...auth_columns);
+        }
+        // 非卸载场景需要配置信息
+        if (op_type !== "UNINSTALL") {
+            self.columns.push(...config_columns);
+        }
+    };
+
+    let NODEMAN_TJJ_IS_HIDDEN = true;
+
+    $.ajax({
+        url: $.context.get('site_url') + 'pipeline/nodeman_is_support_tjj/',
+        type: 'GET',
+        dataType: 'json',
+        async: false,
+        success: function (resp) {
+            if (resp.data) {
+                NODEMAN_TJJ_IS_HIDDEN = false;
+            }
+        },
+        error: function () {
+            show_msg('request nodeman is support tjj error', 'error');
+        }
+    });
+    $.atoms.nodeman_create_task = [
+        {
+            tag_code: "bk_biz_id",
+            type: "select",
+            attrs: {
+                name: gettext("业务"),
+                allowCreate: true,
+                hookable: true,
+                remote: true,
+                remote_url: $.context.get("site_url") + "pipeline/cc_get_business_list/",
+                remote_data_init: function (resp) {
+                    if (resp.result === false) {
+                        show_msg(resp.message, 'error');
+                    }
+                    return resp.data;
+                },
+                disabled: !$.context.canSelectBiz(),
+                validation: [
+                    {
+                        type: "required"
+                    }
+                ]
+            },
+            methods: {
+                _tag_init: function () {
+                    if (this.value) {
+                        return
+                    }
+                    this._set_value($.context.getBkBizId());
+                }
+            }
+        },
+        {
+            tag_code: "nodeman_op_info",
+            type: "combine",
+            attrs: {
+                name: gettext("操作类型"),
+                hookable: true,
+                children: [
+                    {
+                        tag_code: "nodeman_node_type",
+                        type: "radio",
+                        attrs: {
+                            name: gettext("节点类型"),
+                            hookable: true,
+                            items: [
+                                {value: "AGENT", name: gettext("AGENT")},
+                                {value: "PROXY", name: gettext("PROXY")},
+                            ],
+                            default: "AGENT",
+                            validation: [
+                                {
+                                    type: "required"
+                                }
+                            ],
+                            events: [
+                                {
+                                    source: "nodeman_node_type",
+                                    type: "init",
+                                    action: function (value) {
+                                        // 统一以 change 事件抛出
+                                        this.emit_event(this.tagCode, "change", this.value);
+                                    }
+                                },
+                            ]
+                        }
+                    },
+                    {
+                        tag_code: "nodeman_op_type",
+                        type: "select",
+                        attrs: {
+                            name: gettext("操作类型"),
+                            items: [
+                                {value: "INSTALL", text: gettext("安裝")},
+                                {value: "REINSTALL", text: gettext("重新安装")},
+                                {value: "UNINSTALL", text: gettext("卸载")},
+                                {value: "UPGRADE", text: gettext("升级")},
+                                {value: "RESTART", text: gettext("重启")},
+                                {value: "RELOAD", text: gettext("配置重载")},
+                            ],
+                            default: "INSTALL",
+                            validation: [
+                                {
+                                    type: "required"
+                                }
+                            ]
+                        },
+                        events: [
+                            {
+                                source: "nodeman_op_type",
+                                type: "init",
+                                action: function (value) {
+                                    this.emit_event(this.tagCode, "change", this.value);
+                                }
+                            },
+                        ]
+                    },
+                    {
+                        tag_code: "nodeman_install_latest_plugins",
+                        type: "radio",
+                        attrs: {
+                            name: gettext("是否安装最新版本插件"),
+                            items: [
+                                {value: true, name: gettext("是")},
+                                {value: false, name: gettext("否")}
+                            ],
+                            default: true,
+                            validation: [
+                                {
+                                    type: "required"
+                                },
+                            ]
+                        },
+                        events: [
+                            {
+                                source: "nodeman_op_type",
+                                type: "change",
+                                action: function (value) {
+                                    is_install_op(this, value);
+                                }
+                            },
+                        ]
+                    },
+                    {
+                        tag_code: "nodeman_hosts",
+                        type: "datatable",
+                        attrs: {
+                            pagination: true,
+                            name: gettext("主机"),
+                            table_buttons: [
+                                {
+                                    type: "add_row",
+                                    text: gettext("添加"),
+                                    callback: function () {
+                                        this.add_row();
+                                    }
+                                },
+                                {
+                                    type: "import",
+                                    text: gettext("导入")
+                                },
+                                {
+                                    type: "export",
+                                    text: gettext("导出"),
+                                    callback: function () {
+                                        this.export2Excel();
+                                    }
+                                },
+
+                            ],
+                            columns: [],
+                            hookable: true,
+                            validation: [
+                                {
+                                    type: "custom",
+                                    args: function (value) {
+                                        let self = this;
+                                        let result = {
+                                            result: true,
+                                            error_message: ""
+                                        };
+                                        let op_type = self.get_parent && self.get_parent().get_child("nodeman_op_type").value;
+                                        let install_type = ["INSTALL", "REINSTALL"];
+                                        if (install_type.indexOf(op_type) !== -1 && value === "") {
+                                            result.result = false;
+                                            result.error_message = gettext("请完善主机信息");
+                                        }
+                                        return result;
+
+                                    }
+                                }
+                            ]
+                        },
+                        events: [
+                            {
+                                source: "nodeman_op_type",
+                                type: "change",
+                                action: function (value) {
+                                    let node_type = this.get_parent().get_child("nodeman_node_type").value;
+                                    init_columns(this, node_type, value);
+                                    let op_type = ["INSTALL", "REINSTALL", "RELOAD"];
+                                    if (node_type === "AGENT") {
+                                        op_type = ["INSTALL", "REINSTALL", "UNINSTALL", "RELOAD"];
+                                    }
+                                    is_display_tag(this, op_type, value);
+                                }
+                            },
+                            {
+                                source: "nodeman_node_type",
+                                type: "change",
+                                action: function (value) {
+                                    init_columns(this, value, this.get_parent().get_child("nodeman_op_type").value);
+                                    let op_type = ["INSTALL", "REINSTALL", "RELOAD"];
+                                    if (value === "AGENT") {
+                                        op_type = ["INSTALL", "REINSTALL", "UNINSTALL", "RELOAD"];
+                                    }
+                                    is_display_tag(this, op_type, this.get_parent().get_child("nodeman_op_type").value);
+                                }
+                            },
+                        ]
+                    },
+                    {
+                        tag_code: "nodeman_other_hosts",
+                        type: "datatable",
+                        attrs: {
+                            pagination: true,
+                            name: gettext("主机"),
+                            table_buttons: [
+                                {
+                                    type: "add_row",
+                                    text: gettext("添加"),
+                                    callback: function () {
+                                        this.add_row();
+                                    }
+                                },
+                                {
+                                    type: "import",
+                                    text: gettext("导入")
+                                },
+                                {
+                                    type: "export",
+                                    text: gettext("导出"),
+                                    callback: function () {
+                                        this.export2Excel();
+                                    }
+                                },
+
+                            ],
+                            columns: [
+                                {
+                                    tag_code: "nodeman_bk_cloud_id",
+                                    type: "input",
+                                    attrs: {
+                                        name: gettext("管控区域ID"),
+                                        placeholder: gettext("一行只能对应一个管控区域ID"),
+                                        hookable: true,
+                                        validation: [
+                                            {
+                                                type: "required"
+                                            }
+                                        ]
+                                    }
+                                },
+                                {
+                                    tag_code: "nodeman_ip_str",
+                                    type: "textarea",
+                                    attrs: {
+                                        name: gettext("IP"),
+                                        placeholder: gettext("多个用英文逗号 `,` 分隔"),
+                                        editable: true,
+                                        validation: [
+                                            {
+                                                type: "required"
+                                            }
+                                        ]
+                                    }
+                                }
+                            ],
+                            hookable: true,
+                            validation: [
+                                {
+                                    type: "custom",
+                                    args: function (value) {
+                                        let self = this;
+                                        let result = {
+                                            result: true,
+                                            error_message: ""
+                                        };
+                                        let op_type = self.get_parent && self.get_parent().get_child("nodeman_op_type").value;
+                                        let install_type = ["UNINSTALL", "UPGRADE"];
+                                        if (install_type.indexOf(op_type) !== -1 && value === "") {
+                                            result.result = false;
+                                            result.error_message = gettext("请完善主机信息");
+                                        }
+                                        return result;
+
+                                    }
+                                }
+                            ]
+                        },
+                        events: [
+                            {
+                                source: "nodeman_op_type",
+                                type: "change",
+                                action: function (value) {
+                                    let op_type = ["UPGRADE", "RESTART"];
+                                    if (this.get_parent().get_child("nodeman_node_type").value === "PROXY") {
+                                        op_type = ["UPGRADE", "RESTART", "UNINSTALL"];
+                                    }
+                                    is_display_tag(this, op_type, value);
+                                }
+                            },
+                            {
+                                source: "nodeman_node_type",
+                                type: "change",
+                                action: function (value) {
+                                    let op_type = ["UPGRADE", "RESTART"];
+                                    if (value === "PROXY") {
+                                        op_type = ["UPGRADE", "RESTART", "UNINSTALL"];
+                                    }
+                                    is_display_tag(this, op_type, this.get_parent().get_child("nodeman_op_type").value);
+                                }
+                            },
+                        ]
+                    },
+                ],
+            },
+        },
+    ];
+})();
diff --git a/pipeline_plugins/components/static/components/atoms/wechat_work/wechat_work_send_message/v2_0.js b/pipeline_plugins/components/static/components/atoms/wechat_work/wechat_work_send_message/v2_0.js
new file mode 100644
index 0000000000..ca20765c14
--- /dev/null
+++ b/pipeline_plugins/components/static/components/atoms/wechat_work/wechat_work_send_message/v2_0.js
@@ -0,0 +1,59 @@
+$.atoms.wechat_work_send_message = [
+    {
+        "type": "password",
+        "attrs": {
+            "name": gettext("会话ID"),
+            "hookable": true,
+            "textareaMode": true,
+            "validation": [
+                {
+                    "type": "required"
+                }
+            ],
+            "placeholder": gettext("通过在群里@企业微信机器人获取，多个用换行分隔"),
+        },
+        "tag_code": "wechat_work_chat_id"
+    },
+    {
+        "tag_code": "msgtype",
+        "type": "radio",
+        "attrs": {
+            "name": gettext("消息格式"),
+            "hookable": false,
+            "items": [
+                {"name": gettext("文本(text)"), "value": "text"},
+                {"name": gettext("Markdown"), "value": "markdown"},
+            ],
+            "default": "text",
+            "validation": [
+                {
+                    "type": "required"
+                }
+            ],
+        },
+    },
+    {
+        "type": "textarea",
+        "attrs": {
+            "name": gettext("消息内容"),
+            "hookable": true,
+            "validation": [
+                {
+                    "type": "required"
+                }
+            ]
+        },
+        "tag_code": "message_content"
+    },
+    {
+        "type": "input",
+        "attrs": {
+            "name": gettext("提醒人"),
+            "hookable": true,
+            "placeholder": gettext("提醒群指定成员(@某个成员)，多个成员用 `,` 分隔，@all表示提醒所有人")
+        },
+        "events": [],
+        "methods": {},
+        "tag_code": "wechat_work_mentioned_members"
+    }
+]
\ No newline at end of file
diff --git a/pipeline_plugins/components/utils/common.py b/pipeline_plugins/components/utils/common.py
index 35a15c8ccd..aa75ddcf78 100644
--- a/pipeline_plugins/components/utils/common.py
+++ b/pipeline_plugins/components/utils/common.py
@@ -14,6 +14,7 @@
 import random
 import re
 import time
+import typing
 from copy import deepcopy
 
 from django.utils.translation import ugettext_lazy as _
@@ -118,3 +119,13 @@ def convert_num_to_str(export_data: list):
             if isinstance(value, int) or isinstance(value, float):
                 data[key] = str(value)
     return export_data
+
+
+def parse_passwd_value(passwd_value: typing.Union[str, typing.Dict[str, str]]) -> str:
+    if isinstance(passwd_value, str):
+        return passwd_value
+    elif isinstance(passwd_value, dict):
+        return parse_passwd_value(passwd_value.get("value", ""))
+    else:
+        # 仅有两种合法结构，如果都不满足直接返回空串
+        return ""
diff --git a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v2_create_task.py b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v2_create_task.py
index f271bbffc8..4f56efcc31 100644
--- a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v2_create_task.py
+++ b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v2_create_task.py
@@ -13,16 +13,16 @@
 
 from django.test import TestCase
 from mock import MagicMock
-
 from pipeline.component_framework.test import (
     Call,
     CallAssertion,
     ComponentTestCase,
     ComponentTestMixin,
     ExecuteAssertion,
-    ScheduleAssertion,
     Patcher,
+    ScheduleAssertion,
 )
+
 from pipeline_plugins.components.collections.sites.open.nodeman.create_task.v2_0 import NodemanCreateTaskComponent
 
 
@@ -71,7 +71,9 @@ def __init__(
 GET_HOST_ID_BY_INNER_IP_BASE = (
     "pipeline_plugins.components.collections.sites.open.nodeman.create_task.v2_0.get_host_id_by_inner_ip"
 )
-ENCRYPT_AUTH_KEY = "pipeline_plugins.components.collections.sites.open.nodeman.create_task.v2_0.encrypt_auth_key"
+ENCRYPT_AUTH_KEY = (
+    "pipeline_plugins.components.collections.sites.open.nodeman." "base.NodeManBaseService.parse2nodeman_ciphertext"
+)
 
 # mock clients
 CASE_FAIL_CLIENT = MockClient(
@@ -743,7 +745,6 @@ def __init__(
     inputs={
         "bk_biz_id": "1",
         "nodeman_op_target": {"nodeman_bk_cloud_id": "1", "nodeman_node_type": "AGENT"},
-        "nodeman_ticket": {"nodeman_tjj_ticket": "xxxxx"},
         "nodeman_op_info": {
             "nodeman_ap_id": "1",
             "nodeman_op_type": "INSTALL",
@@ -798,7 +799,6 @@ def __init__(
                                 "data_ip": "1.1.1.1",
                             }
                         ],
-                        "tcoa_ticket": "xxxxx",
                     }
                 )
             ],
diff --git a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v3_create_task.py b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v3_create_task.py
index 5836b6ad1f..bc249cb008 100644
--- a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v3_create_task.py
+++ b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v3_create_task.py
@@ -75,7 +75,9 @@ def __init__(
 )
 
 GET_HOST_ID_BY_INNER_IP = "pipeline_plugins.components.collections.sites.open.nodeman.base.get_host_id_by_inner_ip"
-ENCRYPT_AUTH_KEY = "pipeline_plugins.components.collections.sites.open.nodeman.create_task.v3_0.encrypt_auth_key"
+ENCRYPT_AUTH_KEY = (
+    "pipeline_plugins.components.collections.sites.open.nodeman." "base.NodeManBaseService.parse2nodeman_ciphertext"
+)
 
 # mock clients
 CASE_FAIL_CLIENT = MockClient(
diff --git a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v4_create_task.py b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v4_create_task.py
index 8ff67501a0..71e49df389 100644
--- a/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v4_create_task.py
+++ b/pipeline_plugins/tests/components/collections/sites/open/nodeman_test/create_task_test/test_nodeman_v4_create_task.py
@@ -71,7 +71,9 @@ def __init__(
 HANDLE_API_ERROR = "pipeline_plugins.components.collections.sites.open.nodeman.base.handle_api_error"
 GET_BUSINESS_HOST = "pipeline_plugins.components.collections.sites.open.nodeman.create_task.v4_0.get_business_host"
 GET_HOST_ID_BY_INNER_IP = "pipeline_plugins.components.collections.sites.open.nodeman.base.get_host_id_by_inner_ip"
-ENCRYPT_AUTH_KEY = "pipeline_plugins.components.collections.sites.open.nodeman.create_task.v4_0.encrypt_auth_key"
+ENCRYPT_AUTH_KEY = (
+    "pipeline_plugins.components.collections.sites.open.nodeman." "base.NodeManBaseService.parse2nodeman_ciphertext"
+)
 
 # mock clients
 CASE_FAIL_CLIENT = MockClient(
diff --git a/pipeline_plugins/tests/components/collections/sites/open/wechat_work_test/wechat_work_send_message/test_wechat_work_send_message_v1_0.py b/pipeline_plugins/tests/components/collections/sites/open/wechat_work_test/wechat_work_send_message/test_wechat_work_send_message_v1_0.py
index d77bd82e3e..839e50f3a8 100644
--- a/pipeline_plugins/tests/components/collections/sites/open/wechat_work_test/wechat_work_send_message/test_wechat_work_send_message_v1_0.py
+++ b/pipeline_plugins/tests/components/collections/sites/open/wechat_work_test/wechat_work_send_message/test_wechat_work_send_message_v1_0.py
@@ -13,7 +13,6 @@
 
 from django.test import TestCase
 from mock import MagicMock
-
 from pipeline.component_framework.test import (
     Call,
     CallAssertion,
@@ -22,9 +21,11 @@
     ExecuteAssertion,
     Patcher,
 )
-from pipeline_plugins.components.collections.sites.open.wechat_work.wechat_work_send_message.v1_0 import (
+
+from gcloud.utils import crypto
+from pipeline_plugins.components.collections.sites.open.wechat_work.wechat_work_send_message.v1_0 import (  # noqa
     WechatWorkSendMessageComponent,
-)  # noqa
+)
 
 
 class WechatWorkSendMessageComponentTest(TestCase, ComponentTestMixin):
@@ -89,7 +90,7 @@ def component_cls(self):
         "msgtype": "text",
     },
     parent_data={},
-    execute_assertion=ExecuteAssertion(success=False, outputs={"ex_data": "无效的会话 ID: @all"}),
+    execute_assertion=ExecuteAssertion(success=False, outputs={"ex_data": "第1行的会话 ID 格式不正确（长度需为 32）"}),
     schedule_assertion=None,
     patchers=[Patcher(target=ENVIRONMENT_VAIRABLES_GET, return_value="test_url")],
 )
@@ -172,3 +173,40 @@ def component_cls(self):
         Patcher(target=REQUESTS_POST, side_effect=SUCCESS_REQUEST_POST),
     ],
 )
+
+
+ENCRYPT_SUCCESS_CASE = ComponentTestCase(
+    name="success case",
+    inputs={
+        "wechat_work_chat_id": {
+            "tag": "variable",
+            "value": crypto.encrypt("11111111111111111111111111111111\n22222222222222222222222222222222"),
+        },
+        "message_content": "haha",
+        "wechat_work_mentioned_members": "m1,m2",
+        "msgtype": "text",
+    },
+    parent_data={},
+    execute_assertion=ExecuteAssertion(success=True, outputs={}),
+    schedule_assertion=None,
+    execute_call_assertion=[
+        CallAssertion(
+            func=SUCCESS_REQUEST_POST,
+            calls=[
+                Call(
+                    url="test_url",
+                    json={
+                        "chatid": "11111111111111111111111111111111|22222222222222222222222222222222",  # noqa
+                        "msgtype": "text",
+                        "text": {"content": "haha", "mentioned_list": ["m1", "m2"]},
+                    },
+                    timeout=5,
+                )
+            ],
+        )
+    ],
+    patchers=[
+        Patcher(target=ENVIRONMENT_VAIRABLES_GET, return_value="test_url"),
+        Patcher(target=REQUESTS_POST, side_effect=SUCCESS_REQUEST_POST),
+    ],
+)
diff --git a/pipeline_plugins/tests/utils/test_utils.py b/pipeline_plugins/tests/utils/test_utils.py
index c47611a779..50a1549b8a 100644
--- a/pipeline_plugins/tests/utils/test_utils.py
+++ b/pipeline_plugins/tests/utils/test_utils.py
@@ -13,7 +13,7 @@
 
 from django.test import TestCase
 
-from pipeline_plugins.components.utils import chunk_table_data
+from pipeline_plugins.components.utils import chunk_table_data, parse_passwd_value
 
 
 class UtilsTestCase(TestCase):
@@ -65,3 +65,15 @@ def test_chunk_table_data(self):
         self.assertEqual(has_two_list_expect_column, has_two_list_actual_column["data"])
         self.assertEqual([], failed_actual_column["data"])
         self.assertFalse(failed_actual_column["result"])
+
+    def test_parse_passwd_value__nest(self):
+        value = "123"
+        passwd_value = {"tag": "value", "value": {"tag": "value", "value": value}}
+        self.assertEqual(parse_passwd_value(passwd_value), value)
+
+    def test_parse_passwd_value__str(self):
+        value = "123"
+        self.assertEqual(parse_passwd_value(value), value)
+
+    def test_parse_passwd_value__invalid_type(self):
+        self.assertEqual(parse_passwd_value([]), "")
diff --git a/pipeline_plugins/variables/collections/common.py b/pipeline_plugins/variables/collections/common.py
index 1090af6caa..4a1c5c3976 100644
--- a/pipeline_plugins/variables/collections/common.py
+++ b/pipeline_plugins/variables/collections/common.py
@@ -92,7 +92,6 @@ def _self_explain(cls, **kwargs) -> List[FieldExplain]:
 
 
 class Password(LazyVariable, SelfExplainVariable):
-    # TODO 需要改的
     code = "password"
     name = _("密码")
     type = "general"
diff --git a/pipeline_plugins/variables/static/variables/password.js b/pipeline_plugins/variables/static/variables/password.js
index 6fcb8535c4..7fb8f0b3b3 100644
--- a/pipeline_plugins/variables/static/variables/password.js
+++ b/pipeline_plugins/variables/static/variables/password.js
@@ -17,6 +17,8 @@
             attrs: {
                 name: gettext("密码"),
                 hookable: true,
+                // TODO 如果是 false，应该是允许输密码？
+                canUseVar: false,
                 validation: [
                     {
                         type: "required"
@@ -24,5 +26,5 @@
                 ]
             }
         },
-    ]
+    ];
 })();
diff --git a/requirements.txt b/requirements.txt
index 4959f8957d..59094bf900 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -19,7 +19,7 @@ django-nose==1.4.5
 coverage==4.5.1
 python-magic==0.4.15
 cryptography==3.3.2
-bk-crypto-python-sdk==1.0.4
+bk-crypto-python-sdk==1.1.1
 gitdb2==2.0.6
 GitPython==2.1.11
 PyJWT==1.7.1

From ae545a8594328fea2491a574e03908940f1b1c5b Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Thu, 17 Aug 2023 21:47:13 +0800
Subject: [PATCH 07/17] =?UTF-8?q?feature:=20=E5=9B=BD=E5=AF=86=E6=94=B9?=
 =?UTF-8?q?=E9=80=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../all_biz_execute_job_plan/base_service.py  |  2 +-
 .../job/execute_task/execute_task_base.py     |  2 +-
 .../all_biz_execute_job_plan/test_v1_0.py     | 21 +++++++++++++------
 3 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py b/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py
index b9291c565f..38eb194362 100644
--- a/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py
+++ b/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py
@@ -138,7 +138,7 @@ def execute(self, data, parent_data):
                 if result:
                     global_var_list.append({"id": _value["id"], "server": server})
             # 密文变量在没有修改的情况下不加入全局变量，避免脱敏字符串作为正式值进行作业执行逻辑
-            elif _value["category"] == JOBV3_VAR_CATEGORY_PASSWORD and val == "******":
+            elif _value.get("category") == JOBV3_VAR_CATEGORY_PASSWORD and val == "******":
                 continue
             else:
                 global_var_list.append({"id": _value["id"], "value": val})
diff --git a/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py b/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py
index d5534c7409..4d8829d8a3 100644
--- a/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py
+++ b/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py
@@ -163,7 +163,7 @@ def execute(self, data, parent_data):
                         return False
                     global_vars.append({"name": _value["name"], "server": server})
             # 密文变量在没有修改的情况下不加入全局变量，避免脱敏字符串作为正式值进行作业执行逻辑
-            elif _value["category"] == JOBV3_VAR_CATEGORY_PASSWORD and val == "******":
+            elif _value.get("category") == JOBV3_VAR_CATEGORY_PASSWORD and val == "******":
                 continue
             else:
                 global_vars.append({"name": _value["name"], "value": val})
diff --git a/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py b/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py
index ec85a8e222..90d620e291 100644
--- a/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py
+++ b/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py
@@ -13,19 +13,20 @@
 import ujson as json
 from django.test import TestCase
 from mock import MagicMock
-
 from pipeline.component_framework.test import (
-    ComponentTestMixin,
-    ComponentTestCase,
+    Call,
     CallAssertion,
+    ComponentTestCase,
+    ComponentTestMixin,
     ExecuteAssertion,
-    ScheduleAssertion,
-    Call,
     Patcher,
+    ScheduleAssertion,
 )
+
 from pipeline_plugins.components.collections.sites.open.job.all_biz_execute_job_plan.v1_0 import (
     AllBizJobExecuteJobPlanComponent,
 )
+from pipeline_plugins.components.query.sites.open.job import JOBV3_VAR_CATEGORY_PASSWORD
 
 
 class AllBizJobExecuteJobPlanComponentTest(TestCase, ComponentTestMixin):
@@ -228,7 +229,15 @@ def __init__(
         "data": {
             "job_instance_id": 10000,
             "step_instance_var_list": [
-                {"step_instance_id": 20000000577, "global_var_list": [{"type": 1, "name": "name", "value": "test"}]},
+                {
+                    "step_instance_id": 20000000577,
+                    "global_var_list": [
+                        # 已重新编辑，需要传递给 Job
+                        {"type": JOBV3_VAR_CATEGORY_PASSWORD, "name": "password_1", "value": "test"},
+                        # Job 侧脱敏，无需传递
+                        {"type": JOBV3_VAR_CATEGORY_PASSWORD, "name": "password", "value": "******"},
+                    ],
+                },
                 {"step_instance_id": 20000000578, "global_var_list": [{"type": 1, "name": "name", "value": "test"}]},
             ],
         },

From 6279fdb33d6cab77bba3a48104a2e32f9fdb36c4 Mon Sep 17 00:00:00 2001
From: luofann <fannluowork@gmail.com>
Date: Fri, 18 Aug 2023 11:47:50 +0800
Subject: [PATCH 08/17] =?UTF-8?q?bugfix:=20=E4=BF=AE=E5=A4=8Dpassword=20te?=
 =?UTF-8?q?xtarea=E6=A8=A1=E5=BC=8F=E5=8A=A0=E5=AF=86=E4=B8=8D=E6=AD=A3?=
 =?UTF-8?q?=E7=A1=AE=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/RenderForm/tags/TagPassword.vue    | 23 +++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
index 4f77febd5c..64f948d1a5 100644
--- a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
+++ b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
@@ -33,7 +33,9 @@
                     rows="4"
                     :value="inputText"
                     :placeholder="inputPlaceholder"
+                    @keydown="handleTextareaKeyDown"
                     @input="handleTextareaInput"
+                    @keyup="handleTextareaKeyUp"
                     @focus="handleFocus"
                     @blur="handleBlur">
                 </textarea>
@@ -91,6 +93,7 @@
                     tag: 'value',
                     value: ''
                 },
+                cursorPos: 0,
                 inputText: '',
                 inputPlaceholder: '',
                 ASYMMETRIC_CIPHER_TYPE: window.ASYMMETRIC_CIPHER_TYPE,
@@ -143,11 +146,24 @@
                 this.localVal.value = e.target.value
                 this.inputPlaceholder = ''
             },
+            handleTextareaKeyDown (e) {
+                this.cursorPos = e.target.selectionStart
+            },
             handleTextareaInput (e) {
-                console.log('textarea input: ', e.target.value)
-                this.localVal.value = e.target.value
+                const value = e.target.value
+                const start = this.cursorPos > e.target.selectionStart ? e.target.selectionStart : this.cursorPos
+                const crtLength = this.localVal.value.length
+                const targetLength = value.length
+                const lenGap = targetLength - crtLength
+                if (lenGap < 0) { // 删除
+                    this.localVal.value = this.localVal.value.slice(0, start) + this.localVal.value.slice(start - lenGap)
+                } else { // 新增
+                    this.localVal.value = this.localVal.value.slice(0, start) + value.slice(start, start + lenGap) + this.localVal.value.slice(start)
+                }
+            },
+            handleTextareaKeyUp (e) {
                 this.inputPlaceholder = ''
-                e.target.value = e.target.value.replace(/[^\n]/g, '·')
+                this.inputText = e.target.value.replace(/[^\n]/g, '·')
             },
             handleFocus () {
                 if (this.localVal.value.length > 0) {
@@ -237,7 +253,6 @@
             text-align: left;
             outline: none;
             resize: none;
-            // -webkit-text-security: disc !important;
             &:focus {
                 border-color: #3a84ff;
                 background-color: #ffffff;

From bcb8650f9088b133ac170ecc6b7e62629af28a05 Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Fri, 18 Aug 2023 22:36:38 +0800
Subject: [PATCH 09/17] =?UTF-8?q?feature:=20=E5=9B=BD=E5=AF=86=E6=94=B9?=
 =?UTF-8?q?=E9=80=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/default.py | 2 +-
 env.py            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/default.py b/config/default.py
index e6526cc32f..c9c183824f 100644
--- a/config/default.py
+++ b/config/default.py
@@ -807,7 +807,7 @@ def check_engine_admin_permission(request, *args, **kwargs):
 }
 
 # 加密
-if env.BKAPP_CRYPTO_TYPE == "SHANGMI":
+if env.BKPAAS_CRYPTO_TYPE == "SHANGMI":
     BKCRYPTO_ASYMMETRIC_CIPHER_TYPE = bkcrypto_constants.AsymmetricCipherType.SM2.value
     BKCRYPTO.update(
         {
diff --git a/env.py b/env.py
index 43db006dd3..95eee907e0 100644
--- a/env.py
+++ b/env.py
@@ -111,4 +111,4 @@
 
 
 # 获取加密类型
-BKAPP_CRYPTO_TYPE = os.getenv("BK_CRYPTO_TYPE") or os.getenv("BKAPP_CRYPTO_TYPE") or "CLASSIC"
+BKPAAS_CRYPTO_TYPE = os.getenv("BKPAAS_BK_CRYPTO_TYPE", "") or os.getenv("BK_CRYPTO_TYPE") or "CLASSIC"

From 3f515874085937fbe840fa67fbe70ceda60ecbcd Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Mon, 21 Aug 2023 21:27:07 +0800
Subject: [PATCH 10/17] =?UTF-8?q?sprintfix:=20=E5=8F=98=E9=87=8F=E8=A7=84?=
 =?UTF-8?q?=E8=8C=83=20&=20=E4=BF=AE=E5=A4=8D=E8=8A=82=E7=82=B9=E7=AE=A1?=
 =?UTF-8?q?=E7=90=86=E9=87=8D=E8=A3=85=E6=93=8D=E4=BD=9C=E4=B8=8D=E6=98=BE?=
 =?UTF-8?q?=E7=A4=BA=E5=AF=86=E7=A0=81=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/default.py                                             | 2 +-
 env.py                                                        | 2 +-
 .../static/components/atoms/nodeman/create_task/v4_0.js       | 4 ++--
 .../static/components/atoms/nodeman/create_task/v5_0.js       | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/config/default.py b/config/default.py
index c9c183824f..107cd49663 100644
--- a/config/default.py
+++ b/config/default.py
@@ -807,7 +807,7 @@ def check_engine_admin_permission(request, *args, **kwargs):
 }
 
 # 加密
-if env.BKPAAS_CRYPTO_TYPE == "SHANGMI":
+if env.BKPAAS_BK_CRYPTO_TYPE == "SHANGMI":
     BKCRYPTO_ASYMMETRIC_CIPHER_TYPE = bkcrypto_constants.AsymmetricCipherType.SM2.value
     BKCRYPTO.update(
         {
diff --git a/env.py b/env.py
index 95eee907e0..b64958306b 100644
--- a/env.py
+++ b/env.py
@@ -111,4 +111,4 @@
 
 
 # 获取加密类型
-BKPAAS_CRYPTO_TYPE = os.getenv("BKPAAS_BK_CRYPTO_TYPE", "") or os.getenv("BK_CRYPTO_TYPE") or "CLASSIC"
+BKPAAS_BK_CRYPTO_TYPE = os.getenv("BKPAAS_BK_CRYPTO_TYPE", "") or os.getenv("BK_CRYPTO_TYPE") or "CLASSIC"
diff --git a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
index da1b241d35..ba487b09f4 100644
--- a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
+++ b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v4_0.js
@@ -283,8 +283,8 @@
         if (node_type === "PROXY") {
             self.columns.push(...proxy_columns);
         }
-        // 安装 / 卸载需要认证信息
-        if (op_type === "INSTALL" || op_type === "UNINSTALL") {
+        // 安装 / 重装 / 卸载需要认证信息
+        if (op_type === "INSTALL" || op_type === "UNINSTALL" || op_type === "REINSTALL") {
             self.columns.push(...auth_columns);
         }
         // 非卸载场景需要配置信息
diff --git a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v5_0.js b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v5_0.js
index 945e937d7b..cd9888e61e 100644
--- a/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v5_0.js
+++ b/pipeline_plugins/components/static/components/atoms/nodeman/create_task/v5_0.js
@@ -281,8 +281,8 @@
         if (node_type === "PROXY") {
             self.columns.push(...proxy_columns);
         }
-        // 安装 / 卸载需要认证信息
-        if (op_type === "INSTALL" || op_type === "UNINSTALL") {
+        // 安装 / 重装 / 卸载需要认证信息
+        if (op_type === "INSTALL" || op_type === "UNINSTALL" || op_type === "REINSTALL") {
             self.columns.push(...auth_columns);
         }
         // 非卸载场景需要配置信息

From 4f77fd06f968ef639851afd60a5b7d4c753c48a2 Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Tue, 22 Aug 2023 15:31:10 +0800
Subject: [PATCH 11/17] =?UTF-8?q?feature:=20=E5=90=AF=E7=94=A8=E5=BC=80?=
 =?UTF-8?q?=E5=8F=91=E6=A1=86=E6=9E=B6=E5=86=85=E7=BD=AE=E6=95=B0=E6=8D=AE?=
 =?UTF-8?q?=E5=8A=A0=E5=AF=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/default.py      |  9 +++++++++
 gcloud/utils/crypto.py | 11 +++++++++++
 requirements.txt       |  2 +-
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/config/default.py b/config/default.py
index 107cd49663..c75fc59a54 100644
--- a/config/default.py
+++ b/config/default.py
@@ -804,8 +804,17 @@ def check_engine_admin_permission(request, *args, **kwargs):
             },
         },
     },
+    "SYMMETRIC_CIPHERS": {
+        "default": {"get_key_config": "gcloud.utils.crypto.get_default_symmetric_key_config"},
+    },
 }
 
+# 启用框架内置数据加密
+BLUEAPPS_ENABLE_DB_ENCRYPTION = True
+# 复用已有的 default 对称加密实例
+BKCRYPTO["SYMMETRIC_CIPHERS"]["blueapps"] = BKCRYPTO["SYMMETRIC_CIPHERS"]["default"]
+
+
 # 加密
 if env.BKPAAS_BK_CRYPTO_TYPE == "SHANGMI":
     BKCRYPTO_ASYMMETRIC_CIPHER_TYPE = bkcrypto_constants.AsymmetricCipherType.SM2.value
diff --git a/gcloud/utils/crypto.py b/gcloud/utils/crypto.py
index 875438c308..32af7094b9 100644
--- a/gcloud/utils/crypto.py
+++ b/gcloud/utils/crypto.py
@@ -18,6 +18,7 @@
 from bkcrypto.constants import AsymmetricCipherType
 from bkcrypto.contrib.django.ciphers import asymmetric_cipher_manager
 from bkcrypto.contrib.django.selectors import AsymmetricCipherSelector
+from bkcrypto.symmetric.configs import KeyConfig as SymmetricKeyConfig
 from django.conf import settings
 
 
@@ -42,6 +43,16 @@ def get_default_asymmetric_key_config(cipher_type: str) -> AsymmetricKeyConfig:
     )
 
 
+def get_default_symmetric_key_config(cipher_type: str) -> SymmetricKeyConfig:
+    """
+    获取项目默认对称加密配置
+    :param cipher_type:
+    :return:
+    """
+    # 统一使用 APP_SECRET 作为对称加密密钥，SDK 会截断，取符合预期的 key length
+    return SymmetricKeyConfig(key=settings.SECRET_KEY)
+
+
 def decrypt(ciphertext: str, using: typing.Optional[str] = None) -> str:
     using = using or "default"
     # 1. 尝试根据前缀解密
diff --git a/requirements.txt b/requirements.txt
index 59094bf900..2109bb99ae 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -62,7 +62,7 @@ importlib-metadata==3.7.3
 protobuf==3.19.4
 
 # blueapps
-blueapps[opentelemetry]==4.7.0
+blueapps[opentelemetry, bkcrypto]==4.8.0
 whitenoise==5.2.0
 raven==6.5.0
 python-json-logger==2.0.1

From f0c1e9d70e370357342704b34d0898faef50e2ef Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Wed, 23 Aug 2023 15:13:11 +0800
Subject: [PATCH 12/17] =?UTF-8?q?sprintfix:=20=E4=BF=AE=E5=A4=8D=E9=9D=9E?=
 =?UTF-8?q?=E6=B3=95=20b64=20=E5=AF=BC=E8=87=B4=E8=84=B1=E6=95=8F=E6=A8=A1?=
 =?UTF-8?q?=E5=BC=8F=E4=B8=B2=E8=A2=AB=E8=AF=AF=E8=BD=AC=E4=B8=BA=E7=A9=BA?=
 =?UTF-8?q?=E4=B8=B2=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 gcloud/utils/crypto.py | 6 ++++++
 requirements.txt       | 3 +--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/gcloud/utils/crypto.py b/gcloud/utils/crypto.py
index 32af7094b9..117a0bb1c6 100644
--- a/gcloud/utils/crypto.py
+++ b/gcloud/utils/crypto.py
@@ -12,6 +12,7 @@
 """
 import json
 import typing
+import base64
 
 from bkcrypto import constants as crypto_constants
 from bkcrypto.asymmetric.configs import KeyConfig as AsymmetricKeyConfig
@@ -60,6 +61,11 @@ def decrypt(ciphertext: str, using: typing.Optional[str] = None) -> str:
 
     # 2. 尝试对明文二次 RSA 解密，用于兼容原逻辑
     try:
+        # 该校验用于避免非 b64 串 decode 返回空的场景
+        # 尝试 base64 解密，如果解密结果是空串，说明 plaintext 为空或者字符非法，说明非密文，直接返回；
+        # 如果抛出异常，在外层被 catch 后返回
+        if not base64.b64decode(plaintext.encode(encoding="utf-8")):
+            return plaintext
         plaintext = asymmetric_cipher_manager.cipher(using=using, cipher_type=AsymmetricCipherType.RSA.value).decrypt(
             plaintext
         )
diff --git a/requirements.txt b/requirements.txt
index 2109bb99ae..4a9c3f02cd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -19,7 +19,6 @@ django-nose==1.4.5
 coverage==4.5.1
 python-magic==0.4.15
 cryptography==3.3.2
-bk-crypto-python-sdk==1.1.1
 gitdb2==2.0.6
 GitPython==2.1.11
 PyJWT==1.7.1
@@ -62,7 +61,7 @@ importlib-metadata==3.7.3
 protobuf==3.19.4
 
 # blueapps
-blueapps[opentelemetry, bkcrypto]==4.8.0
+blueapps[opentelemetry,bkcrypto]==4.8.0
 whitenoise==5.2.0
 raven==6.5.0
 python-json-logger==2.0.1

From 0f6d91a5ea636177aca19edadab2968fa415aa0a Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Wed, 23 Aug 2023 21:06:03 +0800
Subject: [PATCH 13/17] =?UTF-8?q?sprintfix:=20=E5=85=BC=E5=AE=B9=E4=BD=BF?=
 =?UTF-8?q?=E7=94=A8=E5=AF=86=E7=A0=81=E5=8F=98=E9=87=8F=E7=9A=84=E5=9C=BA?=
 =?UTF-8?q?=E6=99=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../open/job/all_biz_execute_job_plan/base_service.py    | 3 ++-
 .../sites/open/job/execute_task/execute_task_base.py     | 9 +++++++--
 .../open/job_test/all_biz_execute_job_plan/test_v1_0.py  | 8 ++++++++
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py b/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py
index 38eb194362..3a67b8b6f4 100644
--- a/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py
+++ b/pipeline_plugins/components/collections/sites/open/job/all_biz_execute_job_plan/base_service.py
@@ -20,6 +20,7 @@
     get_node_callback_url,
     has_biz_set,
     loose_strip,
+    parse_passwd_value,
     plat_ip_reg,
 )
 
@@ -123,7 +124,7 @@ def execute(self, data, parent_data):
             self.biz_scope_type = JobBizScopeType.BIZ.value
 
         for _value in original_global_var:
-            val = loose_strip(crypto.decrypt(_value["value"]))
+            val = loose_strip(crypto.decrypt(parse_passwd_value(_value["value"])))
             if _value["type"] == JOBV3_VAR_CATEGORY_IP:
 
                 ip_list = self.get_ip_list(val)
diff --git a/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py b/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py
index 4d8829d8a3..31eec55d9b 100644
--- a/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py
+++ b/pipeline_plugins/components/collections/sites/open/job/execute_task/execute_task_base.py
@@ -24,7 +24,12 @@
 from pipeline_plugins.components.collections.sites.open.job import JobService
 from pipeline_plugins.components.collections.sites.open.job.ipv6_base import GetJobTargetServerMixin
 from pipeline_plugins.components.query.sites.open.job import JOBV3_VAR_CATEGORY_IP, JOBV3_VAR_CATEGORY_PASSWORD
-from pipeline_plugins.components.utils import get_job_instance_url, get_node_callback_url, loose_strip
+from pipeline_plugins.components.utils import (
+    get_job_instance_url,
+    get_node_callback_url,
+    loose_strip,
+    parse_passwd_value,
+)
 
 __group_name__ = _("作业平台(JOB)")
 
@@ -151,7 +156,7 @@ def execute(self, data, parent_data):
         biz_across = data.get_one_of_inputs("biz_across")
 
         for _value in original_global_var:
-            val = loose_strip(crypto.decrypt(_value["value"]))
+            val = loose_strip(crypto.decrypt(parse_passwd_value(_value["value"])))
             # category为3,表示变量类型为IP
             if _value["category"] == JOBV3_VAR_CATEGORY_IP:
                 self.logger.info("[job_execute_task_base] start find ip, var={}".format(val))
diff --git a/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py b/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py
index 90d620e291..51ab94ccbd 100644
--- a/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py
+++ b/pipeline_plugins/tests/components/collections/sites/open/job_test/all_biz_execute_job_plan/test_v1_0.py
@@ -23,6 +23,7 @@
     ScheduleAssertion,
 )
 
+from gcloud.utils import crypto
 from pipeline_plugins.components.collections.sites.open.job.all_biz_execute_job_plan.v1_0 import (
     AllBizJobExecuteJobPlanComponent,
 )
@@ -709,6 +710,12 @@ def __init__(
             "is_tagged_ip": True,
             "job_global_var": [
                 {"id": 1000030, "type": 1, "name": "name", "value": "test", "description": ""},
+                {
+                    "id": 1000032,
+                    "type": JOBV3_VAR_CATEGORY_PASSWORD,
+                    "name": "password",
+                    "value": {"tag": "variable", "value": crypto.encrypt("123")},
+                },
                 {"id": 1000031, "type": 3, "name": "ip", "value": "0:192.168.20.218", "description": ""},
             ],
         }
@@ -750,6 +757,7 @@ def __init__(
                         "job_plan_id": 1000010,
                         "global_var_list": [
                             {"id": 1000030, "value": "test"},
+                            {"id": 1000032, "value": "123"},
                             {"id": 1000031, "server": {"ip_list": [{"ip": "192.168.20.218", "bk_cloud_id": 0}]}},
                         ],
                         "callback_url": "callback_url",

From a448a874ea8dbe8e0478f508a598a33fb70de840 Mon Sep 17 00:00:00 2001
From: luofann <fannluowork@gmail.com>
Date: Thu, 24 Aug 2023 09:40:20 +0800
Subject: [PATCH 14/17] =?UTF-8?q?minor:=20sm2=E5=8A=A0=E5=AF=86=E6=96=B9?=
 =?UTF-8?q?=E5=BC=8F=E7=94=9F=E6=88=90=E7=9A=84=E5=AF=86=E6=96=87=E5=A2=9E?=
 =?UTF-8?q?=E5=8A=A0=E5=89=8D=E7=BC=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/components/common/RenderForm/tags/TagPassword.vue       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
index 64f948d1a5..1feb32b464 100644
--- a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
+++ b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
@@ -199,7 +199,7 @@
                     const pkey = cryptoJsSdk.helper.asn1.decode(pubKey)
                     const cipher = sm2.encrypt(pkey, cryptoJsSdk.helper.encode.strToHex(this.localVal.value))
                     const base64Ret = cryptoJsSdk.helper.encode.hexToBase64(cipher)
-                    return base64Ret
+                    return `${this.ASYMMETRIC_PREFIX}${base64Ret}`
                 }
             },
             change () {

From 58feabeb0f84dc3e52ed2e4638f786cf331f7fa4 Mon Sep 17 00:00:00 2001
From: luofann <fannluowork@gmail.com>
Date: Tue, 29 Aug 2023 20:34:29 +0800
Subject: [PATCH 15/17] =?UTF-8?q?bugfix:=20=E4=BF=AE=E5=A4=8D=E5=9B=BD?=
 =?UTF-8?q?=E5=AF=86=E7=9B=B8=E5=85=B3=E7=9A=84=E4=BD=93=E9=AA=8C=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/components/common/RenderForm/FormItem.vue  | 13 +++++++++----
 .../components/common/RenderForm/RenderForm.vue    |  1 +
 .../common/RenderForm/tags/TagPassword.vue         | 14 ++++++++++++--
 3 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/frontend/desktop/src/components/common/RenderForm/FormItem.vue b/frontend/desktop/src/components/common/RenderForm/FormItem.vue
index 92a8f2a1f5..79a4af4316 100644
--- a/frontend/desktop/src/components/common/RenderForm/FormItem.vue
+++ b/frontend/desktop/src/components/common/RenderForm/FormItem.vue
@@ -348,11 +348,15 @@
                     defaultValueFormat = this.getDefaultValueFormat()
                 }
 
-                const isTypeValid = Array.isArray(defaultValueFormat.type)
-                    ? defaultValueFormat.type.indexOf(valueType) > -1
-                    : defaultValueFormat.type === valueType
+                const defaultValueType = Array.isArray(defaultValueFormat.type) ? defaultValueFormat.type : [defaultValueFormat.type]
 
-                if (isTypeValid) {
+                // 处理非密码框表单使用密码变量时，需要展示******的场景
+                // 非密码框且值类型包含string的表单，如果当前value为Object类型，且type值为password_value时，展示值为******
+                if (this.scheme.type !== 'password' && defaultValueType.includes('String') && checkDataType(val) === 'Object' && val.type === 'password_value') {
+                    return '******'
+                }
+
+                if (defaultValueType.includes(valueType)) {
                     formValue = tools.deepClone(val)
                 } else {
                     formValue = tools.deepClone(defaultValueFormat.value)
@@ -468,6 +472,7 @@
                         valueFormat = {
                             type: ['String', 'Object'],
                             value: {
+                                type: 'password_value',
                                 tag: 'value',
                                 value: ''
                             }
diff --git a/frontend/desktop/src/components/common/RenderForm/RenderForm.vue b/frontend/desktop/src/components/common/RenderForm/RenderForm.vue
index 07aff3fa97..e988a08b98 100644
--- a/frontend/desktop/src/components/common/RenderForm/RenderForm.vue
+++ b/frontend/desktop/src/components/common/RenderForm/RenderForm.vue
@@ -292,6 +292,7 @@
                             break
                         case 'password':
                             val = {
+                                type: 'password_value',
                                 tag: 'value',
                                 value: ''
                             }
diff --git a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
index 1feb32b464..936b10307d 100644
--- a/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
+++ b/frontend/desktop/src/components/common/RenderForm/tags/TagPassword.vue
@@ -12,7 +12,14 @@
 <template>
     <div class="tag-password">
         <div v-if="formMode" class="password-edit-wrapper">
-            <bk-select v-if="canUseVar" slot="prepend" class="select-type" :clearable="false" :value="localVal.tag" @selected="handleSelectType">
+            <bk-select
+                v-if="canUseVar"
+                slot="prepend"
+                class="select-type"
+                :disabled="!editable || !formMode || disabled"
+                :clearable="false"
+                :value="localVal.tag"
+                @selected="handleSelectType">
                 <bk-option id="value" :name="$t('password_手动输入')"></bk-option>
                 <bk-option id="variable" :name="$t('password_使用密码变量')"></bk-option>
             </bk-select>
@@ -23,6 +30,7 @@
                     type="password"
                     :value="inputText"
                     :placeholder="inputPlaceholder"
+                    :disabled="!editable || !formMode || disabled"
                     @input="handleInput"
                     @focus="handleFocus"
                     @blur="handleBlur" />
@@ -33,6 +41,7 @@
                     rows="4"
                     :value="inputText"
                     :placeholder="inputPlaceholder"
+                    :disabled="!editable || !formMode || disabled"
                     @keydown="handleTextareaKeyDown"
                     @input="handleTextareaInput"
                     @keyup="handleTextareaKeyUp"
@@ -41,7 +50,7 @@
                 </textarea>
             </template>
             <bk-select v-else class="select-var" :value="localVal.value" @selected="handleSelectVariable">
-                <bk-option v-for="item in variables" :key="item.id" :id="item.id" :name="item.name"></bk-option>
+                <bk-option v-for="item in variables" :key="item.id" :id="item.id" :name="item.id"></bk-option>
             </bk-select>
             <span v-show="!validateInfo.valid" class="common-error-tip error-info">{{validateInfo.message}}</span>
         </div>
@@ -90,6 +99,7 @@
         data () {
             return {
                 localVal: {
+                    type: 'password_value',
                     tag: 'value',
                     value: ''
                 },

From 5987361ba3fa36cc0824de146f32eadbddd86cc9 Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Wed, 30 Aug 2023 20:29:19 +0800
Subject: [PATCH 16/17] minor: release V3.30.0

---
 app.yml                               | 2 +-
 app_desc.yaml                         | 2 +-
 config/default.py                     | 2 +-
 version_logs_md/V3.30.0_2023-08-30.md | 3 +++
 4 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 version_logs_md/V3.30.0_2023-08-30.md

diff --git a/app.yml b/app.yml
index 63f475dfb7..650371dfe3 100644
--- a/app.yml
+++ b/app.yml
@@ -6,7 +6,7 @@ is_use_celery: True
 author: 蓝鲸智云
 introduction: 标准运维是通过一套成熟稳定的任务调度引擎，把在多系统间的工作整合到一个流程，助力运维实现跨系统调度自动化的SaaS应用。
 introduction_en: SOPS is a SaaS application that utilizes a set of mature and stable task scheduling engines to help realize cross-system scheduling automation, and integrates the work among multiple systems into a single process.
-version: 3.29.5
+version: 3.30.0
 category: 运维工具
 language_support: 中文
 desktop:
diff --git a/app_desc.yaml b/app_desc.yaml
index 841ec68097..0324f4d24f 100644
--- a/app_desc.yaml
+++ b/app_desc.yaml
@@ -1,5 +1,5 @@
 spec_version: 2
-app_version: "3.29.5"
+app_version: "3.30.0"
 app:
     region: default
     bk_app_code: bk_sops
diff --git a/config/default.py b/config/default.py
index c75fc59a54..e9dafacff5 100644
--- a/config/default.py
+++ b/config/default.py
@@ -211,7 +211,7 @@
 # mako模板中：<script src="/a.js?v=${ STATIC_VERSION }"></script>
 # 如果静态资源修改了以后，上线前改这个版本号即可
 
-STATIC_VERSION = "3.29.5"
+STATIC_VERSION = "3.30.0"
 DEPLOY_DATETIME = datetime.datetime.now().strftime("%Y%m%d%H%M%S")
 
 STATICFILES_DIRS = [os.path.join(BASE_DIR, "static")]
diff --git a/version_logs_md/V3.30.0_2023-08-30.md b/version_logs_md/V3.30.0_2023-08-30.md
new file mode 100644
index 0000000000..d47990eff2
--- /dev/null
+++ b/version_logs_md/V3.30.0_2023-08-30.md
@@ -0,0 +1,3 @@
+# V3.30.0 版本更新说明
+
+- [ 新增 ] 提供国密支持

From 9ef27c326cf1d2cadd3c9a6967470b9f72ac6de6 Mon Sep 17 00:00:00 2001
From: crayon <873217631@qq.com>
Date: Mon, 4 Sep 2023 16:40:41 +0800
Subject: [PATCH 17/17] =?UTF-8?q?sprintfix:=20=E5=9B=BD=E5=AF=86=E5=8F=98?=
 =?UTF-8?q?=E9=87=8F=E9=80=82=E9=85=8D=20PaaSV2=20=E5=9C=BA=E6=99=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 env.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/env.py b/env.py
index b64958306b..b93eea8150 100644
--- a/env.py
+++ b/env.py
@@ -111,4 +111,9 @@
 
 
 # 获取加密类型
-BKPAAS_BK_CRYPTO_TYPE = os.getenv("BKPAAS_BK_CRYPTO_TYPE", "") or os.getenv("BK_CRYPTO_TYPE") or "CLASSIC"
+BKPAAS_BK_CRYPTO_TYPE = (
+    os.getenv("BKPAAS_BK_CRYPTO_TYPE", "")
+    or os.getenv("BKAPP_BK_CRYPTO_TYPE", "")
+    or os.getenv("BK_CRYPTO_TYPE")
+    or "CLASSIC"
+)