github
/
ConsulManager
mirror of https://github.com/starsliao/ConsulManager
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

LDAP功能发布,v0.10.0Releases

pull/46/head 0.10.0
starsliao 2022-11-16 23:53:43 +08:00
parent 946f1e23b0
commit 3f3b479293
12 changed files with 164 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
flask-consul/units/ldap/LdapUser.py
View File

@ -9,28 +9,33 @@ from units.ldap.ldap_consul import Ldap_Consul
class Ldap(object): class Ldap(object):
def __init__(self,**args): def __init__(self,**args):
self.ldap_url,self.port,self.rule,self.password = Ldap_Consul.get_consul_args(**args) ldap_dict = Ldap_Consul.get_consul_args(**args)
server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5) if ldap_dict:
self.conn = Connection(server, user=self.rule, password=self.password, auto_bind=True) self.ldap_url,self.port,self.rule,self.password,self.ldapusr,self.allow = ldap_dict
server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5)
self.conn = Connection(server, user=self.rule, password=self.password, auto_bind=True)
else:
self.allow = ''
#校验登录 #校验登录
def authpass(self, username, password): def authpass(self, username, password):
server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5) if self.allow == '':
conn = Connection(server, user="uid={0},xxxxxxxxxxxxx".format(username), return 0
password="{0}".format(password), if self.allow == '*' or username.lower() in self.allow.lower().split(','):
check_names=True, lazy=False, raise_exceptions=False) ldap_username = self.ldapusr.format(username=username)
try: print('ldapuser:',ldap_username,flush=True)
conn.bind() server = Server(self.ldap_url,port=self.port, get_info=ALL,connect_timeout=5)
except Exception: conn = Connection(server, user=ldap_username, password=password, check_names=True, lazy=False, raise_exceptions=False)
conn.bind() try:
conn.bind()
except Exception:
conn.bind()
if conn.result["description"] == "success": if conn.result["description"] == "success":
data = True data = 1
else:
data = 3
else: else:
data = False data = 2
return data return data

7
flask-consul/units/ldap/ldap_consul.py
View File

@ -1,7 +1,7 @@
""" """
截取前端ldap信息存入consul 截取前端ldap信息存入consul
""" """
from units import consul_kv from units import consul_kv,myaes
class Ldap_Consul(): class Ldap_Consul():
@ -12,6 +12,7 @@ class Ldap_Consul():
@staticmethod @staticmethod
def set_consul_args(**kwargs): def set_consul_args(**kwargs):
kwargs['port'] = int(kwargs.get("port")) kwargs['port'] = int(kwargs.get("port"))
kwargs['password'] = myaes.encrypt(kwargs.get("password"))
result = consul_kv.put_kv(f'ConsulManager/ldap/report', {**kwargs}) result = consul_kv.put_kv(f'ConsulManager/ldap/report', {**kwargs})
if result: if result:
return True return True
@ -31,4 +32,6 @@ class Ldap_Consul():
return result.get("ConsulManager/ldap/report").get("ldap_url"),\ return result.get("ConsulManager/ldap/report").get("ldap_url"),\
result.get("ConsulManager/ldap/report").get("port"),\ result.get("ConsulManager/ldap/report").get("port"),\
result.get("ConsulManager/ldap/report").get("rule"),\ result.get("ConsulManager/ldap/report").get("rule"),\
result.get("ConsulManager/ldap/report").get("password") myaes.decrypt(result.get("ConsulManager/ldap/report").get("password")),\
result.get("ConsulManager/ldap/report").get("ldapusr"),\
result.get("ConsulManager/ldap/report").get("allow")

10
flask-consul/units/prom/mysql_huawei.py
View File

@ -28,12 +28,16 @@ def exporter(vendor,account,region):
metric_body_list.append(MetricInfo(namespace="SYS.RDS",metric_name=i,dimensions=[MetricsDimension(name="rds_cluster_id",value=rdsid)])) metric_body_list.append(MetricInfo(namespace="SYS.RDS",metric_name=i,dimensions=[MetricsDimension(name="rds_cluster_id",value=rdsid)]))
request = BatchListMetricDataRequest() request = BatchListMetricDataRequest()
request.body = BatchListMetricDataRequestBody(to=now,_from=now-600000,filter="max",period="1",metrics=metric_body_list) request.body = BatchListMetricDataRequestBody(to=now,_from=now-180000,filter="max",period="1",metrics=metric_body_list)
response = client.batch_list_metric_data(request).to_dict() response = client.batch_list_metric_data(request).to_dict()
for i in response['metrics']: for i in response['metrics']:
rdsid= i['dimensions'][0]['value'] rdsid= i['dimensions'][0]['value']
value = i['datapoints'][-1]['max'] try:
ts = i['datapoints'][-1]['timestamp'] value = i['datapoints'][-1]['max']
ts = i['datapoints'][-1]['timestamp']
except:
value = 0
ts = now
metric = i['metric_name'] metric = i['metric_name']
prom_metric_name = metric_name_dict[metric][0].split()[2] prom_metric_name = metric_name_dict[metric][0].split()[2]
metric_name_dict[metric].append(f'{prom_metric_name}{{iid="{rdsid}"}} {float(value)} {ts}') metric_name_dict[metric].append(f'{prom_metric_name}{{iid="{rdsid}"}} {float(value)} {ts}')

19
flask-consul/views/ldap.py
View File

@ -9,7 +9,7 @@ from units.json_response import JsonResponse
from units.ldap.ldap_consul import Ldap_Consul from units.ldap.ldap_consul import Ldap_Consul
sys.path.append("..") sys.path.append("..")
from units import token_auth, consul_kv from units import token_auth, consul_kv,myaes
from itsdangerous import TimedJSONWebSignatureSerializer from itsdangerous import TimedJSONWebSignatureSerializer
secret_key = consul_kv.get_value('ConsulManager/assets/secret/skey')['sk'] secret_key = consul_kv.get_value('ConsulManager/assets/secret/skey')['sk']
@ -23,8 +23,8 @@ parser.add_argument('ldap_url',type=str)
parser.add_argument('password',type=str) parser.add_argument('password',type=str)
parser.add_argument('port',type=str) parser.add_argument('port',type=str)
parser.add_argument('rule',type=str) parser.add_argument('rule',type=str)
parser.add_argument('ldapusr',type=str)
parser.add_argument('allow',type=str)
class LdapView(Resource): class LdapView(Resource):
@ -32,9 +32,22 @@ class LdapView(Resource):
封装了公共返回格式 封装了公共返回格式
{"code": code,"success": success, "message": msg, "data": data} {"code": code,"success": success, "message": msg, "data": data}
""" """
decorators = [token_auth.auth.login_required]
def post(self,): def post(self,):
args = parser.parse_args() args = parser.parse_args()
Ldap_Consul.set_consul_args(**args) Ldap_Consul.set_consul_args(**args)
return JsonResponse(data="", code=20000, success=True, msg="添加统一认证成功") return JsonResponse(data="", code=20000, success=True, msg="添加统一认证成功")
def get(self):
ldap_info = consul_kv.get_value('ConsulManager/ldap/report')
if ldap_info:
ldap_info["password"] = myaes.decrypt(ldap_info["password"])
else:
ldap_info = {'port': '389', 'allow': '*'}
return {'code': 20000, 'ldap_info': ldap_info}
def delete(self):
consul_kv.del_key('ConsulManager/ldap/report')
return {'code': 20000, 'data': 'DLAP登录配置已清除'}
api.add_resource(LdapView, '/api/ldap/config') api.add_resource(LdapView, '/api/ldap/config')

12
flask-consul/views/login.py
View File

@ -28,16 +28,22 @@ class User(Resource):
args = parser.parse_args() args = parser.parse_args()
username = args.get('username') username = args.get('username')
password = args.get('password') password = args.get('password')
ldap = args.get('ldap') #ldap = args.get('ldap')
ldap = False if username == 'admin' else 'True'
#ldap认证 #ldap认证
if user_opt == 'login' and ldap == "True": if user_opt == 'login' and ldap == "True":
print("ldap") print("ldap")
ldap_obj = Ldap() ldap_obj = Ldap()
ldap_result = ldap_obj.authpass(username,password) ldap_result = ldap_obj.authpass(username,password)
if ldap_result: if ldap_result == 1:
token = str(s.dumps(admin_passwd), encoding="utf-8") token = str(s.dumps(admin_passwd), encoding="utf-8")
return {"code": 20000, "data": {"token": "Bearer " + token,"username":username}} return {"code": 20000, "data": {"token": "Bearer " + token,"username":username}}
return {"code": 40000, "data": "ldap校验失败"} elif ldap_result == 0:
return {"code": 40000, "data": "LDAP未开启。"}
elif ldap_result == 2:
return {"code": 40000, "data": "该LDAP用户不在白名单内。"}
else:
return {"code": 40000, "data": "LDAP用户密码错误"}
else: else:
if user_opt == 'login': if user_opt == 'login':
print("非ldap") print("非ldap")

12
vue-consul/src/api/ldap.js
View File

@ -7,3 +7,15 @@ export function setldap(data) {
data: data data: data
}) })
} }
export function getLdap() {
return request({
url: '/api/ldap/config',
method: 'get'
})
}
export function delLdap() {
return request({
url: '/api/ldap/config',
method: 'delete'
})
}

2
vue-consul/src/main.js
View File

@ -46,7 +46,7 @@ Object.keys(filters).forEach(key => {
}) })
Vue.config.productionTip = false Vue.config.productionTip = false
Vue.prototype.VER = 'v0.10.0-alpha' Vue.prototype.VER = 'v0.10.0'
new Vue({ new Vue({
el: '#app', el: '#app',

23
vue-consul/src/router/index.js
View File

@ -237,12 +237,23 @@ export const constantRoutes = [
{ {
path: '/settings', path: '/settings',
component: Layout, component: Layout,
children: [{ redirect: '/settings/ldap',
path: 'index', name: '系统设置',
name: '全局配置', meta: { title: '系统设置', icon: 'el-icon-setting' },
component: () => import('@/views/ldap/index'), children: [
meta: { title: '全局配置', icon: 'el-icon-chat-line-square' } {
}] path: 'ldap',
name: '统一认证',
component: () => import('@/views/ldap/index'),
meta: { title: '统一认证', icon: 'el-icon-lock' }
},
{
path: 'user',
name: '用户管理',
component: () => import('@/views/ldap/index'),
meta: { title: '用户管理', icon: 'el-icon-user' }
}
]
}, },
{ {
path: '/link', path: '/link',

9
vue-consul/src/views/dashboard/index.vue
View File

@ -4,6 +4,15 @@
<el-link :underline="false" type="primary" icon="el-icon-star-on" href="https://github.com/starsliao/ConsulManager" target="_blank" class="dashboard-text">StarsL.cn</el-link> <el-link :underline="false" type="primary" icon="el-icon-star-on" href="https://github.com/starsliao/ConsulManager" target="_blank" class="dashboard-text">StarsL.cn</el-link>
</el-badge> </el-badge>
<el-timeline> <el-timeline>
<el-timeline-item timestamp="2022/11/16" placement="top">
<el-card>
<h4>v0.10.0</h4>
<p><el-button type="primary" size="mini" icon="el-icon-star-off" circle />新增LDAP登录支持可设置用户白名单感谢<el-link :underline="false" type="primary" href="https://github.com/dbdocker" target="_blank">@dbdocker</el-link></p>
<p>修复RDS资源使用率采集bug</p>
<p>修复新版JumpServer同步删除失败的bug</p>
<p>修复mysql告警规则bug</p>
</el-card>
</el-timeline-item>
<el-timeline-item timestamp="2022/11/13" placement="top"> <el-timeline-item timestamp="2022/11/13" placement="top">
<el-card> <el-card>
<h4>v0.9.6</h4> <h4>v0.9.6</h4>

2
vue-consul/src/views/jms/index.vue
View File

@ -23,7 +23,7 @@
<el-input v-model="jms_config.url" placeholder="http开头" style="width: 390px;" /> <el-input v-model="jms_config.url" placeholder="http开头" style="width: 390px;" />
</el-form-item> </el-form-item>
<el-form-item label="JumpServer Token"> <el-form-item label="JumpServer Token">
<el-input v-model="jms_config.token" placeholder="请输入Admin Token" style="width: 390px;" show-password /> <el-input v-model="jms_config.token" type="password" placeholder="请输入Admin Token" style="width: 390px;" />
</el-form-item> </el-form-item>
<hr style="FILTER: alpha(opacity=100,finishopacity=0,style=2)" align=left width="96%" SIZE=1> <hr style="FILTER: alpha(opacity=100,finishopacity=0,style=2)" align=left width="96%" SIZE=1>
<h3>全局通用主机管理用户信息</h3> <h3>全局通用主机管理用户信息</h3>

85
vue-consul/src/views/ldap/index.vue
View File

@ -1,29 +1,34 @@
<template> <template>
<el-main> <el-main>
<el-tabs :tab-position="tabPosition" style="height: auto;width: 600px;"> <el-tabs :tab-position="tabPosition" style="height: auto;width: 600px;">
<el-tab-pane label="统一认证"> <el-tab-pane label="LDAP">
<!-- 统一认证 --> <!-- 统一认证 -->
<el-form ref="ruleForm" :model="ruleForm" status-icon :rules="rules" label-width="100px" class="demo-ruleForm"> <el-form ref="ruleForm" :model="ruleForm" status-icon :rules="rules" label-width="150px" class="demo-ruleForm">
<el-form-item label="认证地址:" prop="ldap_url"> <el-form-item label="地址" prop="ldap_url">
<el-input v-model="ruleForm.ldap_url" type="text" autocomplete="off" /> <el-input v-model="ruleForm.ldap_url" type="text" placeholder="仅输入IP或域名192.168.10.26" autocomplete="off" />
</el-form-item>
<el-form-item label="端口" prop="port">
<el-input v-model="ruleForm.port" type="text" placeholder="LDAP的端口" autocomplete="off" />
</el-form-item>
<!-- <el-alert class="alert" title="示例uid=xxx,cn=xxx,dc=xxx,dc=xxx" type="info" /> -->
<el-form-item label="绑定 DN" prop="rule">
<el-input v-model="ruleForm.rule" type="textarea" placeholder="uid=xxx,cn=abc,dc=def,dc=yyy" autosize autocomplete="off" />
</el-form-item> </el-form-item>
<el-form-item label="端口号:" prop="port"> <el-form-item label="密码" prop="password">
<el-input v-model="ruleForm.port" type="text" autocomplete="off" /> <el-input v-model="ruleForm.password" type="password" placeholder="Bind DN Password" autocomplete="off" />
</el-form-item> </el-form-item>
<el-alert class="alert" title="示例uid=xxx,cn=xxx,dc=xxx,dc=xxx" type="info" /> <el-form-item label="LDAP用户名模板" prop="ldapusr">
<el-form-item label="bind_dn:" prop="rule"> <el-input v-model="ruleForm.ldapusr" type="textarea" placeholder="uid={username},cn=abc,dc=def,dc=yyy" autosize autocomplete="off" /><br><font size="2px" color="#ff0000">DN{username}</font>
<el-input v-model="ruleForm.rule" type="text" autocomplete="off" />
</el-form-item> </el-form-item>
<el-form-item label="LDAP用户白名单" prop="allow">
<el-form-item label="认证密码:" prop="password"> <el-input v-model="ruleForm.allow" type="textarea" placeholder="请输入允许登录的LDAP用户名" autosize autocomplete="off" /><br><font size="2px" color="#ff0000">使,*LDAPLDAP</font>
<el-input v-model="ruleForm.password" type="password" autocomplete="off" />
</el-form-item> </el-form-item>
<el-form-item style="text-align: center">
<el-form-item>
<el-button type="primary" @click="submitForm('ruleForm')"></el-button> <el-button type="primary" @click="submitForm('ruleForm')"></el-button>
<el-button @click="resetForm('ruleForm')"></el-button> <!-- <el-button @click="resetForm('ruleForm')"></el-button> -->
<el-button type="danger" @click="delForm()">DLAP</el-button>
</el-form-item> </el-form-item>
</el-form> </el-form>
</el-tab-pane> </el-tab-pane>
@ -31,30 +36,35 @@
</el-main> </el-main>
</template> </template>
<script> <script>
import { setldap } from '@/api/ldap' import { setldap, getLdap, delLdap } from '@/api/ldap'
export default { export default {
data() { data() {
return { return {
tabPosition: 'left', tabPosition: 'left',
ruleForm: {}, // ldap ruleForm: { port: '389', allow: '*' }, // ldap
rules: { rules: {
ldap_url: [{ validator: 'xxx', trigger: 'blur' }], ldap_url: [{ required: true, trigger: 'blur', message: '地址不能为空' }],
port: [{ validator: 'xxxx', trigger: 'blur' }], port: [{ required: true, trigger: 'blur', message: '端口不能为空' }],
rule: [{ validator: 'xxx', trigger: 'blur' }], rule: [{ required: true, trigger: 'blur', message: '绑定 DN不能为空' }],
password: [{ validator: 'xxx', trigger: 'blur' }] password: [{ required: true, trigger: 'blur', message: '密码不能为空' }],
ldapusr: [{ required: true, trigger: 'blur', message: 'LDAP用户名模板不能为空' }]
} // } //
} }
}, },
created() {
this.fetchData()
},
methods: { methods: {
submitForm(formName) { submitForm(formName) {
this.$refs[formName].validate((valid) => { this.$refs[formName].validate((valid) => {
if (valid) { if (valid) {
// 使 // 使
setldap(this.ruleForm).then(response => { setldap(this.ruleForm).then(response => {
if (response.code === 200) { if (response.code === 20000) {
this.$message({ this.$message({
type: 'success', type: 'success',
message: response.message message: 'LDAP配置成功'
}) })
return return
} }
@ -69,6 +79,35 @@ export default {
} }
}) })
}, },
fetchData() {
this.listLoading = true
getLdap().then(response => {
this.ruleForm = response.ldap_info
this.listLoading = false
})
},
delForm() {
this.listLoading = true
this.$confirm('此操作将删除所有的LDAP设置?', '提示', {
confirmButtonText: '确定',
cancelButtonText: '取消',
type: 'warning'
}).then(() => {
delLdap().then(response => {
this.$message({
message: response.data,
type: 'success'
})
this.ruleForm = { port: '389', allow: '*' }
this.listLoading = false
})
}).catch(() => {
this.$message({
type: 'info',
message: '已取消删除'
})
})
},
resetForm(formName) { resetForm(formName) {
this.$refs[formName].resetFields() this.$refs[formName].resetFields()
} }

5
vue-consul/src/views/login/index.vue
View File

@ -41,9 +41,8 @@
<svg-icon :icon-class="passwordType === 'password' ? 'eye' : 'eye-open'" /> <svg-icon :icon-class="passwordType === 'password' ? 'eye' : 'eye-open'" />
</span> </span>
</el-form-item> </el-form-item>
<el-checkbox v-model="loginForm.Ldapchecked" label="启动ldap验证" border class="ldap" /> <!-- <el-checkbox v-model="loginForm.Ldapchecked" label="启动ldap验证" border class="ldap" /> -->
<el-button :loading="loading" type="primary" style="width:100%;margin-bottom:30px;" @click.native.prevent="handleLogin"> </el-button> <el-button :loading="loading" type="primary" style="width:100%;margin-bottom:30px;" @click.native.prevent="handleLogin"> </el-button>
</el-form> </el-form>
<div align="center" class="title-container"> <div align="center" class="title-container">
<span style="font-size:12px" class="title">{{ VER }}</span> <span style="font-size:12px" class="title">{{ VER }}</span>
@ -177,7 +176,7 @@ $dark_gray:#889aa4;
$light_gray:#eee; $light_gray:#eee;
.ldap{ .ldap{
margin-bottom: 10px; margin-bottom: 9px;
} }
.login-container { .login-container {