github
/
ConsulManager
mirror of https://github.com/starsliao/ConsulManager
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

LDAP功能发布,v0.10.0Releases

pull/46/head 0.10.0
starsliao 2022-11-16 23:53:43 +08:00
parent 946f1e23b0
commit 3f3b479293
12 changed files with 164 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
flask-consul/units/ldap/LdapUser.py
View File

@ -9,28 +9,33 @@ from units.ldap.ldap_consul import Ldap_Consul
class Ldap(object):
def __init__(self,**args):
self.ldap_url,self.port,self.rule,self.password = Ldap_Consul.get_consul_args(**args)
server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5)
self.conn = Connection(server, user=self.rule, password=self.password, auto_bind=True)
ldap_dict = Ldap_Consul.get_consul_args(**args)
if ldap_dict:
self.ldap_url,self.port,self.rule,self.password,self.ldapusr,self.allow = ldap_dict
server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5)
self.conn = Connection(server, user=self.rule, password=self.password, auto_bind=True)
else:
self.allow = ''
#校验登录
def authpass(self, username, password):
server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5)
conn = Connection(server, user="uid={0},xxxxxxxxxxxxx".format(username),
password="{0}".format(password),
check_names=True, lazy=False, raise_exceptions=False)
try:
conn.bind()
except Exception:
conn.bind()
if self.allow == '':
return 0
if self.allow == '*' or username.lower() in self.allow.lower().split(','):
ldap_username = self.ldapusr.format(username=username)
print('ldapuser:',ldap_username,flush=True)
server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5)
conn = Connection(server, user=ldap_username, password=password, check_names=True, lazy=False, raise_exceptions=False)
try:
conn.bind()
except Exception:
conn.bind()
if conn.result["description"] == "success":
data = True
if conn.result["description"] == "success":
data = 1
else:
data = 3
else:
data = False
data = 2
return data

7
flask-consul/units/ldap/ldap_consul.py
View File

@ -1,7 +1,7 @@
"""
截取前端ldap信息存入consul
"""
from units import consul_kv
from units import consul_kv,myaes
class Ldap_Consul():
@ -12,6 +12,7 @@ class Ldap_Consul():
@staticmethod
def set_consul_args(**kwargs):
kwargs['port'] = int(kwargs.get("port"))
kwargs['password'] = myaes.encrypt(kwargs.get("password"))
result = consul_kv.put_kv(f'ConsulManager/ldap/report', {**kwargs})
if result:
return True
@ -31,4 +32,6 @@ class Ldap_Consul():
return result.get("ConsulManager/ldap/report").get("ldap_url"),\
result.get("ConsulManager/ldap/report").get("port"),\
result.get("ConsulManager/ldap/report").get("rule"),\
result.get("ConsulManager/ldap/report").get("password")
myaes.decrypt(result.get("ConsulManager/ldap/report").get("password")),\
result.get("ConsulManager/ldap/report").get("ldapusr"),\
result.get("ConsulManager/ldap/report").get("allow")

10
flask-consul/units/prom/mysql_huawei.py
View File

@ -28,12 +28,16 @@ def exporter(vendor,account,region):
metric_body_list.append(MetricInfo(namespace="SYS.RDS",metric_name=i,dimensions=[MetricsDimension(name="rds_cluster_id",value=rdsid)]))
request = BatchListMetricDataRequest()
request.body = BatchListMetricDataRequestBody(to=now,_from=now-600000,filter="max",period="1",metrics=metric_body_list)
request.body = BatchListMetricDataRequestBody(to=now,_from=now-180000,filter="max",period="1",metrics=metric_body_list)
response = client.batch_list_metric_data(request).to_dict()
for i in response['metrics']:
rdsid= i['dimensions'][0]['value']
value = i['datapoints'][-1]['max']
ts = i['datapoints'][-1]['timestamp']
try:
value = i['datapoints'][-1]['max']
ts = i['datapoints'][-1]['timestamp']
except:
value = 0
ts = now
metric = i['metric_name']
prom_metric_name = metric_name_dict[metric][0].split()[2]
metric_name_dict[metric].append(f'{prom_metric_name}{{iid="{rdsid}"}} {float(value)} {ts}')

19
flask-consul/views/ldap.py
View File

@ -9,7 +9,7 @@ from units.json_response import JsonResponse
from units.ldap.ldap_consul import Ldap_Consul
sys.path.append("..")
from units import token_auth, consul_kv
from units import token_auth, consul_kv,myaes
from itsdangerous import TimedJSONWebSignatureSerializer
secret_key = consul_kv.get_value('ConsulManager/assets/secret/skey')['sk']
@ -23,8 +23,8 @@ parser.add_argument('ldap_url',type=str)
parser.add_argument('password',type=str)
parser.add_argument('port',type=str)
parser.add_argument('rule',type=str)
parser.add_argument('ldapusr',type=str)
parser.add_argument('allow',type=str)
class LdapView(Resource):
@ -32,9 +32,22 @@ class LdapView(Resource):
封装了公共返回格式
{"code": code,"success": success, "message": msg, "data": data}
"""
decorators = [token_auth.auth.login_required]
def post(self,):
args = parser.parse_args()
Ldap_Consul.set_consul_args(**args)
return JsonResponse(data="", code=20000, success=True, msg="添加统一认证成功")
def get(self):
ldap_info = consul_kv.get_value('ConsulManager/ldap/report')
if ldap_info:
ldap_info["password"] = myaes.decrypt(ldap_info["password"])
else:
ldap_info = {'port': '389', 'allow': '*'}
return {'code': 20000, 'ldap_info': ldap_info}
def delete(self):
consul_kv.del_key('ConsulManager/ldap/report')
return {'code': 20000, 'data': 'DLAP登录配置已清除'}
api.add_resource(LdapView, '/api/ldap/config')

12
flask-consul/views/login.py
View File

@ -28,16 +28,22 @@ class User(Resource):
args = parser.parse_args()
username = args.get('username')
password = args.get('password')
ldap = args.get('ldap')
#ldap = args.get('ldap')
ldap = False if username == 'admin' else 'True'
#ldap认证
if user_opt == 'login' and ldap == "True":
print("ldap")
ldap_obj = Ldap()
ldap_result = ldap_obj.authpass(username,password)
if ldap_result:
if ldap_result == 1:
token = str(s.dumps(admin_passwd), encoding="utf-8")
return {"code": 20000, "data": {"token": "Bearer " + token,"username":username}}
return {"code": 40000, "data": "ldap校验失败"}
elif ldap_result == 0:
return {"code": 40000, "data": "LDAP未开启。"}
elif ldap_result == 2:
return {"code": 40000, "data": "该LDAP用户不在白名单内。"}
else:
return {"code": 40000, "data": "LDAP用户密码错误"}
else:
if user_opt == 'login':
print("非ldap")

12
vue-consul/src/api/ldap.js
View File

@ -7,3 +7,15 @@ export function setldap(data) {
data: data
})
}
export function getLdap() {
return request({
url: '/api/ldap/config',
method: 'get'
})
}
export function delLdap() {
return request({
url: '/api/ldap/config',
method: 'delete'
})
}

2
vue-consul/src/main.js
View File

@ -46,7 +46,7 @@ Object.keys(filters).forEach(key => {
})
Vue.config.productionTip = false
Vue.prototype.VER = 'v0.10.0-alpha'
Vue.prototype.VER = 'v0.10.0'
new Vue({
el: '#app',

23
vue-consul/src/router/index.js
View File

@ -237,12 +237,23 @@ export const constantRoutes = [
{
path: '/settings',
component: Layout,
children: [{
path: 'index',
name: '全局配置',
component: () => import('@/views/ldap/index'),
meta: { title: '全局配置', icon: 'el-icon-chat-line-square' }
}]
redirect: '/settings/ldap',
name: '系统设置',
meta: { title: '系统设置', icon: 'el-icon-setting' },
children: [
{
path: 'ldap',
name: '统一认证',
component: () => import('@/views/ldap/index'),
meta: { title: '统一认证', icon: 'el-icon-lock' }
},
{
path: 'user',
name: '用户管理',
component: () => import('@/views/ldap/index'),
meta: { title: '用户管理', icon: 'el-icon-user' }
}
]
},
{
path: '/link',

9
vue-consul/src/views/dashboard/index.vue
View File

@ -4,6 +4,15 @@
<el-link :underline="false" type="primary" icon="el-icon-star-on" href="https://github.com/starsliao/ConsulManager" target="_blank" class="dashboard-text">StarsL.cn</el-link>
</el-badge>
<el-timeline>
<el-timeline-item timestamp="2022/11/16" placement="top">
<el-card>
<h4>v0.10.0</h4>
<p><el-button type="primary" size="mini" icon="el-icon-star-off" circle />新增LDAP登录支持可设置用户白名单感谢<el-link :underline="false" type="primary" href="https://github.com/dbdocker" target="_blank">@dbdocker</el-link></p>
<p>修复RDS资源使用率采集bug</p>
<p>修复新版JumpServer同步删除失败的bug</p>
<p>修复mysql告警规则bug</p>
</el-card>
</el-timeline-item>
<el-timeline-item timestamp="2022/11/13" placement="top">
<el-card>
<h4>v0.9.6</h4>

2
vue-consul/src/views/jms/index.vue
View File

@ -23,7 +23,7 @@
<el-input v-model="jms_config.url" placeholder="http开头" style="width: 390px;" />
</el-form-item>
<el-form-item label="JumpServer Token">
<el-input v-model="jms_config.token" placeholder="请输入Admin Token" style="width: 390px;" show-password />
<el-input v-model="jms_config.token" type="password" placeholder="请输入Admin Token" style="width: 390px;" />
</el-form-item>
<hr style="FILTER: alpha(opacity=100,finishopacity=0,style=2)" align=left width="96%" SIZE=1>
<h3>全局通用主机管理用户信息</h3>

85
vue-consul/src/views/ldap/index.vue
View File

@ -1,29 +1,34 @@
<template>
<el-main>
<el-tabs :tab-position="tabPosition" style="height: auto;width: 600px;">
<el-tab-pane label="统一认证">
<el-tab-pane label="LDAP">
<!-- 统一认证 -->
<el-form ref="ruleForm" :model="ruleForm" status-icon :rules="rules" label-width="100px" class="demo-ruleForm">
<el-form-item label="认证地址:" prop="ldap_url">
<el-input v-model="ruleForm.ldap_url" type="text" autocomplete="off" />
<el-form ref="ruleForm" :model="ruleForm" status-icon :rules="rules" label-width="150px" class="demo-ruleForm">
<el-form-item label="地址" prop="ldap_url">
<el-input v-model="ruleForm.ldap_url" type="text" placeholder="仅输入IP或域名192.168.10.26" autocomplete="off" />
</el-form-item>
<el-form-item label="端口" prop="port">
<el-input v-model="ruleForm.port" type="text" placeholder="LDAP的端口" autocomplete="off" />
</el-form-item>
<!-- <el-alert class="alert" title="示例uid=xxx,cn=xxx,dc=xxx,dc=xxx" type="info" /> -->
<el-form-item label="绑定 DN" prop="rule">
<el-input v-model="ruleForm.rule" type="textarea" placeholder="uid=xxx,cn=abc,dc=def,dc=yyy" autosize autocomplete="off" />
</el-form-item>
<el-form-item label="端口号:" prop="port">
<el-input v-model="ruleForm.port" type="text" autocomplete="off" />
<el-form-item label="密码" prop="password">
<el-input v-model="ruleForm.password" type="password" placeholder="Bind DN Password" autocomplete="off" />
</el-form-item>
<el-alert class="alert" title="示例uid=xxx,cn=xxx,dc=xxx,dc=xxx" type="info" />
<el-form-item label="bind_dn:" prop="rule">
<el-input v-model="ruleForm.rule" type="text" autocomplete="off" />
<el-form-item label="LDAP用户名模板" prop="ldapusr">
<el-input v-model="ruleForm.ldapusr" type="textarea" placeholder="uid={username},cn=abc,dc=def,dc=yyy" autosize autocomplete="off" /><br><font size="2px" color="#ff0000">DN{username}</font>
</el-form-item>
<el-form-item label="认证密码:" prop="password">
<el-input v-model="ruleForm.password" type="password" autocomplete="off" />
<el-form-item label="LDAP用户白名单" prop="allow">
<el-input v-model="ruleForm.allow" type="textarea" placeholder="请输入允许登录的LDAP用户名" autosize autocomplete="off" /><br><font size="2px" color="#ff0000">使,*LDAPLDAP</font>
</el-form-item>
<el-form-item>
<el-form-item style="text-align: center">
<el-button type="primary" @click="submitForm('ruleForm')"></el-button>
<el-button @click="resetForm('ruleForm')"></el-button>
<!-- <el-button @click="resetForm('ruleForm')"></el-button> -->
<el-button type="danger" @click="delForm()">DLAP</el-button>
</el-form-item>
</el-form>
</el-tab-pane>
@ -31,30 +36,35 @@
</el-main>
</template>
<script>
import { setldap } from '@/api/ldap'
import { setldap, getLdap, delLdap } from '@/api/ldap'
export default {
data() {
return {
tabPosition: 'left',
ruleForm: {}, // ldap
ruleForm: { port: '389', allow: '*' }, // ldap
rules: {
ldap_url: [{ validator: 'xxx', trigger: 'blur' }],
port: [{ validator: 'xxxx', trigger: 'blur' }],
rule: [{ validator: 'xxx', trigger: 'blur' }],
password: [{ validator: 'xxx', trigger: 'blur' }]
ldap_url: [{ required: true, trigger: 'blur', message: '地址不能为空' }],
port: [{ required: true, trigger: 'blur', message: '端口不能为空' }],
rule: [{ required: true, trigger: 'blur', message: '绑定 DN不能为空' }],
password: [{ required: true, trigger: 'blur', message: '密码不能为空' }],
ldapusr: [{ required: true, trigger: 'blur', message: 'LDAP用户名模板不能为空' }]
} //
}
},
created() {
this.fetchData()
},
methods: {
submitForm(formName) {
this.$refs[formName].validate((valid) => {
if (valid) {
// 使
setldap(this.ruleForm).then(response => {
if (response.code === 200) {
if (response.code === 20000) {
this.$message({
type: 'success',
message: response.message
message: 'LDAP配置成功'
})
return
}
@ -69,6 +79,35 @@ export default {
}
})
},
fetchData() {
this.listLoading = true
getLdap().then(response => {
this.ruleForm = response.ldap_info
this.listLoading = false
})
},
delForm() {
this.listLoading = true
this.$confirm('此操作将删除所有的LDAP设置?', '提示', {
confirmButtonText: '确定',
cancelButtonText: '取消',
type: 'warning'
}).then(() => {
delLdap().then(response => {
this.$message({
message: response.data,
type: 'success'
})
this.ruleForm = { port: '389', allow: '*' }
this.listLoading = false
})
}).catch(() => {
this.$message({
type: 'info',
message: '已取消删除'
})
})
},
resetForm(formName) {
this.$refs[formName].resetFields()
}

5
vue-consul/src/views/login/index.vue
View File

@ -41,9 +41,8 @@
<svg-icon :icon-class="passwordType === 'password' ? 'eye' : 'eye-open'" />
</span>
</el-form-item>
<el-checkbox v-model="loginForm.Ldapchecked" label="启动ldap验证" border class="ldap" />
<!-- <el-checkbox v-model="loginForm.Ldapchecked" label="启动ldap验证" border class="ldap" /> -->
<el-button :loading="loading" type="primary" style="width:100%;margin-bottom:30px;" @click.native.prevent="handleLogin"> </el-button>
</el-form>
<div align="center" class="title-container">
<span style="font-size:12px" class="title">{{ VER }}</span>
@ -177,7 +176,7 @@ $dark_gray:#889aa4;
$light_gray:#eee;
.ldap{
margin-bottom: 10px;
margin-bottom: 9px;
}
.login-container {