2022-11-11 11:20:17 +00:00
|
|
|
import os.path
|
|
|
|
import uuid
|
|
|
|
|
|
|
|
from django.conf import settings
|
2022-09-29 12:44:45 +00:00
|
|
|
from django.db import models
|
|
|
|
from django.utils.translation import gettext_lazy as _
|
2023-02-17 05:40:26 +00:00
|
|
|
from private_storage.fields import PrivateFileField
|
2022-09-29 12:44:45 +00:00
|
|
|
|
2023-01-18 10:03:33 +00:00
|
|
|
from ops.const import CreateMethods
|
2022-12-02 04:21:56 +00:00
|
|
|
from ops.exception import PlaybookNoValidEntry
|
2022-12-15 09:25:21 +00:00
|
|
|
from orgs.mixins.models import JMSOrgBaseModel
|
2022-10-08 08:55:14 +00:00
|
|
|
|
2023-02-13 11:22:52 +00:00
|
|
|
dangerous_keywords = (
|
2023-07-31 11:33:39 +00:00
|
|
|
'hosts:localhost',
|
|
|
|
'hosts:127.0.0.1',
|
|
|
|
'hosts:::1',
|
2023-02-13 11:22:52 +00:00
|
|
|
'delegate_to:localhost',
|
|
|
|
'delegate_to:127.0.0.1',
|
2023-07-31 11:33:39 +00:00
|
|
|
'delegate_to:::1',
|
2023-02-13 11:22:52 +00:00
|
|
|
'local_action',
|
|
|
|
'connection:local',
|
2023-07-31 11:33:39 +00:00
|
|
|
'ansible_connection'
|
2023-02-13 11:22:52 +00:00
|
|
|
)
|
|
|
|
|
2022-10-08 08:55:14 +00:00
|
|
|
|
2023-12-18 09:56:16 +00:00
|
|
|
class Playbook(JMSOrgBaseModel):
|
2022-11-11 11:20:17 +00:00
|
|
|
id = models.UUIDField(default=uuid.uuid4, primary_key=True)
|
|
|
|
name = models.CharField(max_length=128, verbose_name=_('Name'), null=True)
|
2023-02-17 05:40:26 +00:00
|
|
|
path = PrivateFileField(upload_to='playbooks/')
|
2022-11-29 11:44:12 +00:00
|
|
|
creator = models.ForeignKey('users.User', verbose_name=_("Creator"), on_delete=models.SET_NULL, null=True)
|
2022-11-29 11:52:48 +00:00
|
|
|
comment = models.CharField(max_length=1024, default='', verbose_name=_('Comment'), null=True, blank=True)
|
2023-01-18 10:03:33 +00:00
|
|
|
create_method = models.CharField(max_length=128, choices=CreateMethods.choices, default=CreateMethods.blank,
|
|
|
|
verbose_name=_('CreateMethod'))
|
|
|
|
vcs_url = models.CharField(max_length=1024, default='', verbose_name=_('VCS URL'), null=True, blank=True)
|
2022-10-08 08:55:14 +00:00
|
|
|
|
2023-02-20 08:05:35 +00:00
|
|
|
def __str__(self):
|
|
|
|
return self.name
|
|
|
|
|
2023-02-13 11:22:52 +00:00
|
|
|
def check_dangerous_keywords(self):
|
|
|
|
result = []
|
|
|
|
for root, dirs, files in os.walk(self.work_dir):
|
|
|
|
for f in files:
|
2023-11-15 07:20:02 +00:00
|
|
|
try:
|
|
|
|
if str(f).endswith('.yml') or str(f).endswith('.yaml'):
|
|
|
|
lines = self.search_keywords(os.path.join(root, f))
|
|
|
|
if len(lines) > 0:
|
|
|
|
for line in lines:
|
|
|
|
result.append({'file': f, 'line': line[0], 'keyword': line[1]})
|
|
|
|
# 遇到无法读取的文件,跳过
|
|
|
|
except UnicodeEncodeError:
|
|
|
|
continue
|
|
|
|
|
2023-02-13 11:22:52 +00:00
|
|
|
return result
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def search_keywords(file):
|
|
|
|
result = []
|
|
|
|
with open(file, 'r') as f:
|
|
|
|
for line_num, line in enumerate(f):
|
|
|
|
for keyword in dangerous_keywords:
|
2023-11-15 07:20:02 +00:00
|
|
|
clear_line = line.replace(' ', '') \
|
|
|
|
.replace('\n', '') \
|
|
|
|
.replace('\r', '') \
|
2023-07-31 11:33:39 +00:00
|
|
|
.replace('\t', '') \
|
|
|
|
.replace('\'', '') \
|
2023-11-15 07:20:02 +00:00
|
|
|
.replace('\"', '') \
|
2023-07-31 11:33:39 +00:00
|
|
|
.replace('\v', '')
|
|
|
|
if keyword in clear_line:
|
2023-02-13 11:22:52 +00:00
|
|
|
result.append((line_num, keyword))
|
|
|
|
return result
|
|
|
|
|
2022-11-11 11:20:17 +00:00
|
|
|
@property
|
2022-12-02 04:21:56 +00:00
|
|
|
def entry(self):
|
2023-01-18 10:03:33 +00:00
|
|
|
work_dir = self.work_dir
|
2022-12-02 04:21:56 +00:00
|
|
|
valid_entry = ('main.yml', 'main.yaml', 'main')
|
|
|
|
for f in os.listdir(work_dir):
|
|
|
|
if f in valid_entry:
|
|
|
|
return os.path.join(work_dir, f)
|
|
|
|
raise PlaybookNoValidEntry
|
2023-01-18 10:03:33 +00:00
|
|
|
|
|
|
|
@property
|
|
|
|
def work_dir(self):
|
|
|
|
work_dir = os.path.join(settings.DATA_DIR, "ops", "playbook", self.id.__str__())
|
|
|
|
return work_dir
|
2023-02-13 07:05:31 +00:00
|
|
|
|
|
|
|
class Meta:
|
|
|
|
unique_together = [('name', 'org_id', 'creator')]
|
|
|
|
ordering = ['date_created']
|