2018-03-23 11:46:46 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
#
|
|
|
|
import os
|
|
|
|
from hashlib import md5
|
|
|
|
|
2022-11-25 10:06:22 +00:00
|
|
|
import sshpubkeys
|
2018-03-23 11:46:46 +00:00
|
|
|
from django.conf import settings
|
2022-11-25 10:06:22 +00:00
|
|
|
from django.db import models
|
|
|
|
from django.utils import timezone
|
2022-11-22 09:33:09 +00:00
|
|
|
from django.utils.translation import ugettext_lazy as _
|
2018-03-23 11:46:46 +00:00
|
|
|
|
2022-11-25 10:06:22 +00:00
|
|
|
from assets.const import Connectivity, SecretType
|
|
|
|
from common.db import fields
|
2019-03-18 02:15:33 +00:00
|
|
|
from common.utils import (
|
2022-09-06 11:57:03 +00:00
|
|
|
ssh_key_string_to_obj, ssh_key_gen, get_logger,
|
2022-11-25 10:06:22 +00:00
|
|
|
random_string, lazyproperty, parse_ssh_public_key_str
|
2019-03-18 02:15:33 +00:00
|
|
|
)
|
2022-11-02 12:33:27 +00:00
|
|
|
from orgs.mixins.models import JMSOrgBaseModel
|
2018-03-23 11:46:46 +00:00
|
|
|
|
2019-03-18 02:15:33 +00:00
|
|
|
logger = get_logger(__file__)
|
|
|
|
|
2018-03-23 11:46:46 +00:00
|
|
|
|
2021-07-08 06:23:18 +00:00
|
|
|
class AbsConnectivity(models.Model):
|
|
|
|
connectivity = models.CharField(
|
2022-11-08 09:54:51 +00:00
|
|
|
choices=Connectivity.choices, default=Connectivity.UNKNOWN,
|
2021-07-08 06:23:18 +00:00
|
|
|
max_length=16, verbose_name=_('Connectivity')
|
|
|
|
)
|
2021-07-12 12:38:01 +00:00
|
|
|
date_verified = models.DateTimeField(null=True, verbose_name=_("Date verified"))
|
2019-06-21 12:57:51 +00:00
|
|
|
|
2021-07-08 06:23:18 +00:00
|
|
|
def set_connectivity(self, val):
|
|
|
|
self.connectivity = val
|
|
|
|
self.date_verified = timezone.now()
|
|
|
|
self.save(update_fields=['connectivity', 'date_verified'])
|
2019-06-21 12:57:51 +00:00
|
|
|
|
2022-12-02 12:28:49 +00:00
|
|
|
@property
|
|
|
|
def is_connective(self):
|
|
|
|
if self.connectivity == Connectivity.OK:
|
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
2020-03-12 08:24:38 +00:00
|
|
|
@classmethod
|
2021-07-08 06:23:18 +00:00
|
|
|
def bulk_set_connectivity(cls, queryset_or_id, connectivity):
|
2022-12-02 09:36:55 +00:00
|
|
|
if not isinstance(queryset_or_id, models.QuerySet):
|
2021-07-08 06:23:18 +00:00
|
|
|
queryset = cls.objects.filter(id__in=queryset_or_id)
|
|
|
|
else:
|
|
|
|
queryset = queryset_or_id
|
|
|
|
queryset.update(connectivity=connectivity, date_verified=timezone.now())
|
2019-07-04 13:17:39 +00:00
|
|
|
|
2021-07-08 06:23:18 +00:00
|
|
|
class Meta:
|
|
|
|
abstract = True
|
2019-06-19 03:31:38 +00:00
|
|
|
|
2020-03-12 08:24:38 +00:00
|
|
|
|
2022-12-06 03:03:14 +00:00
|
|
|
class BaseAccountQuerySet(models.QuerySet):
|
|
|
|
def active(self):
|
|
|
|
return self.filter(is_active=True)
|
|
|
|
|
|
|
|
|
|
|
|
class BaseAccountManager(models.Manager):
|
|
|
|
def active(self):
|
|
|
|
return self.get_queryset().active()
|
|
|
|
|
|
|
|
|
2022-11-02 12:33:27 +00:00
|
|
|
class BaseAccount(JMSOrgBaseModel):
|
2022-09-06 11:57:03 +00:00
|
|
|
name = models.CharField(max_length=128, verbose_name=_("Name"))
|
|
|
|
username = models.CharField(max_length=128, blank=True, verbose_name=_('Username'), db_index=True)
|
2022-10-19 09:05:21 +00:00
|
|
|
secret_type = models.CharField(
|
2022-11-08 09:54:51 +00:00
|
|
|
max_length=16, choices=SecretType.choices, default=SecretType.PASSWORD, verbose_name=_('Secret type')
|
2022-10-19 09:05:21 +00:00
|
|
|
)
|
2022-09-19 12:11:55 +00:00
|
|
|
secret = fields.EncryptTextField(blank=True, null=True, verbose_name=_('Secret'))
|
2022-09-15 13:20:56 +00:00
|
|
|
privileged = models.BooleanField(verbose_name=_("Privileged"), default=False)
|
2022-11-02 12:33:27 +00:00
|
|
|
is_active = models.BooleanField(default=True, verbose_name=_("Is active"))
|
2022-09-06 11:57:03 +00:00
|
|
|
|
2022-12-06 03:03:14 +00:00
|
|
|
objects = BaseAccountManager.from_queryset(BaseAccountQuerySet)()
|
|
|
|
|
2022-10-18 12:37:17 +00:00
|
|
|
@property
|
|
|
|
def has_secret(self):
|
|
|
|
return bool(self.secret)
|
2022-09-29 12:44:45 +00:00
|
|
|
|
2022-11-24 09:04:27 +00:00
|
|
|
@property
|
|
|
|
def has_username(self):
|
|
|
|
return bool(self.username)
|
|
|
|
|
2022-11-03 04:42:57 +00:00
|
|
|
@property
|
|
|
|
def specific(self):
|
|
|
|
data = {}
|
2022-11-08 09:54:51 +00:00
|
|
|
if self.secret_type != SecretType.SSH_KEY:
|
2022-11-03 04:42:57 +00:00
|
|
|
return data
|
|
|
|
data['ssh_key_fingerprint'] = self.ssh_key_fingerprint
|
|
|
|
return data
|
|
|
|
|
2022-09-20 05:54:25 +00:00
|
|
|
@property
|
|
|
|
def private_key(self):
|
2022-11-08 09:54:51 +00:00
|
|
|
if self.secret_type == SecretType.SSH_KEY:
|
2022-09-23 10:59:19 +00:00
|
|
|
return self.secret
|
|
|
|
return None
|
|
|
|
|
2022-09-20 05:54:25 +00:00
|
|
|
@private_key.setter
|
|
|
|
def private_key(self, value):
|
|
|
|
self.secret = value
|
2022-11-08 09:54:51 +00:00
|
|
|
self.secret_type = SecretType.SSH_KEY
|
2022-09-20 05:54:25 +00:00
|
|
|
|
2022-11-03 04:42:57 +00:00
|
|
|
@lazyproperty
|
|
|
|
def public_key(self):
|
2022-11-24 07:25:09 +00:00
|
|
|
if self.secret_type == SecretType.SSH_KEY and self.private_key:
|
2022-12-02 09:36:55 +00:00
|
|
|
return parse_ssh_public_key_str(self.private_key)
|
2022-11-03 04:42:57 +00:00
|
|
|
return None
|
2022-09-20 05:54:25 +00:00
|
|
|
|
2021-03-04 10:17:42 +00:00
|
|
|
@property
|
|
|
|
def ssh_key_fingerprint(self):
|
|
|
|
if self.public_key:
|
|
|
|
public_key = self.public_key
|
|
|
|
elif self.private_key:
|
2021-07-23 10:28:41 +00:00
|
|
|
try:
|
2022-11-25 10:06:22 +00:00
|
|
|
public_key = parse_ssh_public_key_str(self.private_key)
|
2021-07-23 10:28:41 +00:00
|
|
|
except IOError as e:
|
|
|
|
return str(e)
|
2021-03-04 10:17:42 +00:00
|
|
|
else:
|
|
|
|
return ''
|
|
|
|
|
|
|
|
public_key_obj = sshpubkeys.SSHKey(public_key)
|
|
|
|
fingerprint = public_key_obj.hash_md5()
|
|
|
|
return fingerprint
|
|
|
|
|
2020-03-12 08:24:38 +00:00
|
|
|
@property
|
|
|
|
def private_key_obj(self):
|
|
|
|
if self.private_key:
|
2022-11-03 04:42:57 +00:00
|
|
|
key_obj = ssh_key_string_to_obj(self.private_key)
|
2020-03-12 08:24:38 +00:00
|
|
|
return key_obj
|
|
|
|
else:
|
|
|
|
return None
|
|
|
|
|
|
|
|
@property
|
2022-09-29 12:44:45 +00:00
|
|
|
def private_key_path(self):
|
2022-11-08 09:54:51 +00:00
|
|
|
if not self.secret_type != SecretType.SSH_KEY or not self.secret:
|
2020-03-12 08:24:38 +00:00
|
|
|
return None
|
|
|
|
project_dir = settings.PROJECT_DIR
|
|
|
|
tmp_dir = os.path.join(project_dir, 'tmp')
|
|
|
|
key_name = '.' + md5(self.private_key.encode('utf-8')).hexdigest()
|
|
|
|
key_path = os.path.join(tmp_dir, key_name)
|
|
|
|
if not os.path.exists(key_path):
|
|
|
|
self.private_key_obj.write_private_key_file(key_path)
|
|
|
|
os.chmod(key_path, 0o400)
|
|
|
|
return key_path
|
|
|
|
|
|
|
|
def get_private_key(self):
|
2022-11-25 10:06:22 +00:00
|
|
|
if not self.private_key:
|
2020-03-12 08:24:38 +00:00
|
|
|
return None
|
2022-11-25 10:06:22 +00:00
|
|
|
return self.private_key
|
2020-03-12 08:24:38 +00:00
|
|
|
|
|
|
|
@property
|
|
|
|
def public_key_obj(self):
|
|
|
|
if self.public_key:
|
|
|
|
try:
|
|
|
|
return sshpubkeys.SSHKey(self.public_key)
|
|
|
|
except TabError:
|
|
|
|
pass
|
|
|
|
return None
|
|
|
|
|
2019-07-08 07:35:20 +00:00
|
|
|
@staticmethod
|
2021-03-01 10:40:07 +00:00
|
|
|
def gen_password(length=36):
|
|
|
|
return random_string(length, special_char=True)
|
2019-07-08 07:35:20 +00:00
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def gen_key(username):
|
2022-09-23 10:59:19 +00:00
|
|
|
private_key, public_key = ssh_key_gen(username=username)
|
2019-07-08 07:35:20 +00:00
|
|
|
return private_key, public_key
|
|
|
|
|
2018-03-23 11:46:46 +00:00
|
|
|
def _to_secret_json(self):
|
|
|
|
"""Push system user use it"""
|
|
|
|
return {
|
|
|
|
'name': self.name,
|
|
|
|
'username': self.username,
|
|
|
|
'public_key': self.public_key,
|
|
|
|
}
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
abstract = True
|