From 3f3b4792931d01f83caba4647871c22d4140d6c7 Mon Sep 17 00:00:00 2001 From: starsliao Date: Wed, 16 Nov 2022 23:53:43 +0800 Subject: [PATCH] =?UTF-8?q?LDAP=E5=8A=9F=E8=83=BD=E5=8F=91=E5=B8=83?= =?UTF-8?q?=EF=BC=8Cv0.10.0Releases?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flask-consul/units/ldap/LdapUser.py | 41 +++++++----- flask-consul/units/ldap/ldap_consul.py | 7 +- flask-consul/units/prom/mysql_huawei.py | 10 ++- flask-consul/views/ldap.py | 19 +++++- flask-consul/views/login.py | 12 +++- vue-consul/src/api/ldap.js | 12 ++++ vue-consul/src/main.js | 2 +- vue-consul/src/router/index.js | 23 +++++-- vue-consul/src/views/dashboard/index.vue | 9 +++ vue-consul/src/views/jms/index.vue | 2 +- vue-consul/src/views/ldap/index.vue | 85 +++++++++++++++++------- vue-consul/src/views/login/index.vue | 5 +- 12 files changed, 164 insertions(+), 63 deletions(-) diff --git a/flask-consul/units/ldap/LdapUser.py b/flask-consul/units/ldap/LdapUser.py index f61fc02..b56492b 100644 --- a/flask-consul/units/ldap/LdapUser.py +++ b/flask-consul/units/ldap/LdapUser.py @@ -9,28 +9,33 @@ from units.ldap.ldap_consul import Ldap_Consul class Ldap(object): def __init__(self,**args): - self.ldap_url,self.port,self.rule,self.password = Ldap_Consul.get_consul_args(**args) - server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5) - self.conn = Connection(server, user=self.rule, password=self.password, auto_bind=True) - - - + ldap_dict = Ldap_Consul.get_consul_args(**args) + if ldap_dict: + self.ldap_url,self.port,self.rule,self.password,self.ldapusr,self.allow = ldap_dict + server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5) + self.conn = Connection(server, user=self.rule, password=self.password, auto_bind=True) + else: + self.allow = '' #校验登录 def authpass(self, username, password): - server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5) - conn = Connection(server, user="uid={0},xxxxxxxxxxxxx".format(username), - password="{0}".format(password), - check_names=True, lazy=False, raise_exceptions=False) - try: - conn.bind() - except Exception: - conn.bind() + if self.allow == '': + return 0 + if self.allow == '*' or username.lower() in self.allow.lower().split(','): + ldap_username = self.ldapusr.format(username=username) + print('ldapuser:',ldap_username,flush=True) + server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5) + conn = Connection(server, user=ldap_username, password=password, check_names=True, lazy=False, raise_exceptions=False) + try: + conn.bind() + except Exception: + conn.bind() - if conn.result["description"] == "success": - data = True + if conn.result["description"] == "success": + data = 1 + else: + data = 3 else: - data = False - + data = 2 return data diff --git a/flask-consul/units/ldap/ldap_consul.py b/flask-consul/units/ldap/ldap_consul.py index eb7e129..d3f80c9 100644 --- a/flask-consul/units/ldap/ldap_consul.py +++ b/flask-consul/units/ldap/ldap_consul.py @@ -1,7 +1,7 @@ """ 截取前端ldap信息存入consul """ -from units import consul_kv +from units import consul_kv,myaes class Ldap_Consul(): @@ -12,6 +12,7 @@ class Ldap_Consul(): @staticmethod def set_consul_args(**kwargs): kwargs['port'] = int(kwargs.get("port")) + kwargs['password'] = myaes.encrypt(kwargs.get("password")) result = consul_kv.put_kv(f'ConsulManager/ldap/report', {**kwargs}) if result: return True @@ -31,4 +32,6 @@ class Ldap_Consul(): return result.get("ConsulManager/ldap/report").get("ldap_url"),\ result.get("ConsulManager/ldap/report").get("port"),\ result.get("ConsulManager/ldap/report").get("rule"),\ - result.get("ConsulManager/ldap/report").get("password") + myaes.decrypt(result.get("ConsulManager/ldap/report").get("password")),\ + result.get("ConsulManager/ldap/report").get("ldapusr"),\ + result.get("ConsulManager/ldap/report").get("allow") diff --git a/flask-consul/units/prom/mysql_huawei.py b/flask-consul/units/prom/mysql_huawei.py index ab2564a..d31b66e 100644 --- a/flask-consul/units/prom/mysql_huawei.py +++ b/flask-consul/units/prom/mysql_huawei.py @@ -28,12 +28,16 @@ def exporter(vendor,account,region): metric_body_list.append(MetricInfo(namespace="SYS.RDS",metric_name=i,dimensions=[MetricsDimension(name="rds_cluster_id",value=rdsid)])) request = BatchListMetricDataRequest() - request.body = BatchListMetricDataRequestBody(to=now,_from=now-600000,filter="max",period="1",metrics=metric_body_list) + request.body = BatchListMetricDataRequestBody(to=now,_from=now-180000,filter="max",period="1",metrics=metric_body_list) response = client.batch_list_metric_data(request).to_dict() for i in response['metrics']: rdsid= i['dimensions'][0]['value'] - value = i['datapoints'][-1]['max'] - ts = i['datapoints'][-1]['timestamp'] + try: + value = i['datapoints'][-1]['max'] + ts = i['datapoints'][-1]['timestamp'] + except: + value = 0 + ts = now metric = i['metric_name'] prom_metric_name = metric_name_dict[metric][0].split()[2] metric_name_dict[metric].append(f'{prom_metric_name}{{iid="{rdsid}"}} {float(value)} {ts}') diff --git a/flask-consul/views/ldap.py b/flask-consul/views/ldap.py index 21572f6..d2378f1 100644 --- a/flask-consul/views/ldap.py +++ b/flask-consul/views/ldap.py @@ -9,7 +9,7 @@ from units.json_response import JsonResponse from units.ldap.ldap_consul import Ldap_Consul sys.path.append("..") -from units import token_auth, consul_kv +from units import token_auth, consul_kv,myaes from itsdangerous import TimedJSONWebSignatureSerializer secret_key = consul_kv.get_value('ConsulManager/assets/secret/skey')['sk'] @@ -23,8 +23,8 @@ parser.add_argument('ldap_url',type=str) parser.add_argument('password',type=str) parser.add_argument('port',type=str) parser.add_argument('rule',type=str) - - +parser.add_argument('ldapusr',type=str) +parser.add_argument('allow',type=str) class LdapView(Resource): @@ -32,9 +32,22 @@ class LdapView(Resource): 封装了公共返回格式 {"code": code,"success": success, "message": msg, "data": data} """ + decorators = [token_auth.auth.login_required] def post(self,): args = parser.parse_args() Ldap_Consul.set_consul_args(**args) return JsonResponse(data="", code=20000, success=True, msg="添加统一认证成功") + def get(self): + ldap_info = consul_kv.get_value('ConsulManager/ldap/report') + if ldap_info: + ldap_info["password"] = myaes.decrypt(ldap_info["password"]) + else: + ldap_info = {'port': '389', 'allow': '*'} + return {'code': 20000, 'ldap_info': ldap_info} + + def delete(self): + consul_kv.del_key('ConsulManager/ldap/report') + return {'code': 20000, 'data': 'DLAP登录配置已清除!'} + api.add_resource(LdapView, '/api/ldap/config') diff --git a/flask-consul/views/login.py b/flask-consul/views/login.py index 7c969e0..b806e12 100644 --- a/flask-consul/views/login.py +++ b/flask-consul/views/login.py @@ -28,16 +28,22 @@ class User(Resource): args = parser.parse_args() username = args.get('username') password = args.get('password') - ldap = args.get('ldap') + #ldap = args.get('ldap') + ldap = False if username == 'admin' else 'True' #ldap认证 if user_opt == 'login' and ldap == "True": print("ldap") ldap_obj = Ldap() ldap_result = ldap_obj.authpass(username,password) - if ldap_result: + if ldap_result == 1: token = str(s.dumps(admin_passwd), encoding="utf-8") return {"code": 20000, "data": {"token": "Bearer " + token,"username":username}} - return {"code": 40000, "data": "ldap校验失败!"} + elif ldap_result == 0: + return {"code": 40000, "data": "LDAP未开启。"} + elif ldap_result == 2: + return {"code": 40000, "data": "该LDAP用户不在白名单内。"} + else: + return {"code": 40000, "data": "LDAP用户密码错误!"} else: if user_opt == 'login': print("非ldap") diff --git a/vue-consul/src/api/ldap.js b/vue-consul/src/api/ldap.js index 083f654..edc7d48 100644 --- a/vue-consul/src/api/ldap.js +++ b/vue-consul/src/api/ldap.js @@ -7,3 +7,15 @@ export function setldap(data) { data: data }) } +export function getLdap() { + return request({ + url: '/api/ldap/config', + method: 'get' + }) +} +export function delLdap() { + return request({ + url: '/api/ldap/config', + method: 'delete' + }) +} diff --git a/vue-consul/src/main.js b/vue-consul/src/main.js index f951abf..bfab8f7 100644 --- a/vue-consul/src/main.js +++ b/vue-consul/src/main.js @@ -46,7 +46,7 @@ Object.keys(filters).forEach(key => { }) Vue.config.productionTip = false -Vue.prototype.VER = 'v0.10.0-alpha' +Vue.prototype.VER = 'v0.10.0' new Vue({ el: '#app', diff --git a/vue-consul/src/router/index.js b/vue-consul/src/router/index.js index fc9dd30..4e86d86 100644 --- a/vue-consul/src/router/index.js +++ b/vue-consul/src/router/index.js @@ -237,12 +237,23 @@ export const constantRoutes = [ { path: '/settings', component: Layout, - children: [{ - path: 'index', - name: '全局配置', - component: () => import('@/views/ldap/index'), - meta: { title: '全局配置', icon: 'el-icon-chat-line-square' } - }] + redirect: '/settings/ldap', + name: '系统设置', + meta: { title: '系统设置', icon: 'el-icon-setting' }, + children: [ + { + path: 'ldap', + name: '统一认证', + component: () => import('@/views/ldap/index'), + meta: { title: '统一认证', icon: 'el-icon-lock' } + }, + { + path: 'user', + name: '用户管理', + component: () => import('@/views/ldap/index'), + meta: { title: '用户管理', icon: 'el-icon-user' } + } + ] }, { path: '/link', diff --git a/vue-consul/src/views/dashboard/index.vue b/vue-consul/src/views/dashboard/index.vue index c09306b..73596e4 100644 --- a/vue-consul/src/views/dashboard/index.vue +++ b/vue-consul/src/views/dashboard/index.vue @@ -4,6 +4,15 @@ StarsL.cn + + +

v0.10.0

+

新增LDAP登录支持,可设置用户白名单!感谢@dbdocker贡献代码!

+

修复RDS资源使用率采集bug。

+

修复新版JumpServer同步删除失败的bug。

+

修复mysql告警规则bug。

+ +

v0.9.6

diff --git a/vue-consul/src/views/jms/index.vue b/vue-consul/src/views/jms/index.vue index b53f1a6..15bc3ca 100644 --- a/vue-consul/src/views/jms/index.vue +++ b/vue-consul/src/views/jms/index.vue @@ -23,7 +23,7 @@ - +

全局通用主机【管理用户】信息:

diff --git a/vue-consul/src/views/ldap/index.vue b/vue-consul/src/views/ldap/index.vue index 8c639db..10ed8d7 100644 --- a/vue-consul/src/views/ldap/index.vue +++ b/vue-consul/src/views/ldap/index.vue @@ -1,29 +1,34 @@