2016-12-20 16:43:52 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
import logging
|
2017-03-06 13:05:00 +00:00
|
|
|
|
2019-07-26 08:16:06 +00:00
|
|
|
from functools import reduce
|
2017-03-06 13:05:00 +00:00
|
|
|
from django.db import models
|
2019-07-26 08:16:06 +00:00
|
|
|
from django.db.models import Q
|
2017-03-06 13:05:00 +00:00
|
|
|
from django.utils.translation import ugettext_lazy as _
|
2018-10-16 08:47:47 +00:00
|
|
|
from django.core.validators import MinValueValidator, MaxValueValidator
|
2016-12-20 16:43:52 +00:00
|
|
|
|
2019-12-18 07:37:53 +00:00
|
|
|
from common.utils import signer
|
2018-03-23 11:46:46 +00:00
|
|
|
from .base import AssetUser
|
2019-07-26 08:16:06 +00:00
|
|
|
from .asset import Asset
|
2016-12-20 16:43:52 +00:00
|
|
|
|
|
|
|
|
|
2018-12-18 09:28:45 +00:00
|
|
|
__all__ = ['AdminUser', 'SystemUser']
|
2017-12-11 09:08:43 +00:00
|
|
|
logger = logging.getLogger(__name__)
|
2016-12-20 16:43:52 +00:00
|
|
|
|
|
|
|
|
|
2017-12-13 09:21:08 +00:00
|
|
|
class AdminUser(AssetUser):
|
|
|
|
|
"""
|
|
|
|
|
A privileged user that ansible can use it to push system user and so on
|
|
|
|
|
"""
|
|
|
|
|
BECOME_METHOD_CHOICES = (
|
|
|
|
|
('sudo', 'sudo'),
|
|
|
|
|
('su', 'su'),
|
|
|
|
|
)
|
|
|
|
|
become = models.BooleanField(default=True)
|
|
|
|
|
become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4)
|
|
|
|
|
become_user = models.CharField(default='root', max_length=64)
|
2019-08-21 12:27:21 +00:00
|
|
|
_become_pass = models.CharField(default='', blank=True, max_length=128)
|
2019-06-21 12:57:51 +00:00
|
|
|
CONNECTIVITY_CACHE_KEY = '_ADMIN_USER_CONNECTIVE_{}'
|
2019-06-19 03:31:38 +00:00
|
|
|
_prefer = "admin_user"
|
2017-12-13 09:21:08 +00:00
|
|
|
|
|
|
|
|
def __str__(self):
|
|
|
|
|
return self.name
|
2016-12-20 16:43:52 +00:00
|
|
|
|
2017-12-07 08:25:50 +00:00
|
|
|
@property
|
|
|
|
|
def become_pass(self):
|
2017-12-21 03:31:13 +00:00
|
|
|
password = signer.unsign(self._become_pass)
|
|
|
|
|
if password:
|
|
|
|
|
return password
|
|
|
|
|
else:
|
|
|
|
|
return ""
|
2017-12-07 08:25:50 +00:00
|
|
|
|
|
|
|
|
@become_pass.setter
|
|
|
|
|
def become_pass(self, password):
|
|
|
|
|
self._become_pass = signer.sign(password)
|
|
|
|
|
|
2017-12-28 06:25:56 +00:00
|
|
|
@property
|
|
|
|
|
def become_info(self):
|
|
|
|
|
if self.become:
|
|
|
|
|
info = {
|
|
|
|
|
"method": self.become_method,
|
|
|
|
|
"user": self.become_user,
|
|
|
|
|
"pass": self.become_pass,
|
|
|
|
|
}
|
|
|
|
|
else:
|
|
|
|
|
info = None
|
|
|
|
|
return info
|
|
|
|
|
|
2016-12-20 16:43:52 +00:00
|
|
|
class Meta:
|
2016-12-21 16:36:31 +00:00
|
|
|
ordering = ['name']
|
2018-07-20 02:54:16 +00:00
|
|
|
unique_together = [('name', 'org_id')]
|
2018-01-05 09:57:02 +00:00
|
|
|
verbose_name = _("Admin user")
|
2016-12-20 16:43:52 +00:00
|
|
|
|
|
|
|
|
@classmethod
|
2017-03-22 15:36:43 +00:00
|
|
|
def generate_fake(cls, count=10):
|
2016-12-20 16:43:52 +00:00
|
|
|
from random import seed
|
|
|
|
|
import forgery_py
|
|
|
|
|
from django.db import IntegrityError
|
|
|
|
|
|
|
|
|
|
seed()
|
|
|
|
|
for i in range(count):
|
|
|
|
|
obj = cls(name=forgery_py.name.full_name(),
|
|
|
|
|
username=forgery_py.internet.user_name(),
|
|
|
|
|
password=forgery_py.lorem_ipsum.word(),
|
|
|
|
|
comment=forgery_py.lorem_ipsum.sentence(),
|
|
|
|
|
created_by='Fake')
|
|
|
|
|
try:
|
|
|
|
|
obj.save()
|
|
|
|
|
logger.debug('Generate fake asset group: %s' % obj.name)
|
|
|
|
|
except IntegrityError:
|
|
|
|
|
print('Error continue')
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
|
2017-12-13 09:21:08 +00:00
|
|
|
class SystemUser(AssetUser):
|
2018-12-18 09:28:45 +00:00
|
|
|
PROTOCOL_SSH = 'ssh'
|
|
|
|
|
PROTOCOL_RDP = 'rdp'
|
|
|
|
|
PROTOCOL_TELNET = 'telnet'
|
2018-12-19 09:03:10 +00:00
|
|
|
PROTOCOL_VNC = 'vnc'
|
2019-12-19 07:28:17 +00:00
|
|
|
PROTOCOL_MYSQL = 'mysql'
|
2016-12-20 16:43:52 +00:00
|
|
|
PROTOCOL_CHOICES = (
|
2018-12-18 09:28:45 +00:00
|
|
|
(PROTOCOL_SSH, 'ssh'),
|
|
|
|
|
(PROTOCOL_RDP, 'rdp'),
|
2019-09-11 10:52:42 +00:00
|
|
|
(PROTOCOL_TELNET, 'telnet'),
|
2018-12-19 09:03:10 +00:00
|
|
|
(PROTOCOL_VNC, 'vnc'),
|
2019-12-19 07:28:17 +00:00
|
|
|
(PROTOCOL_MYSQL, 'mysql'),
|
2016-12-29 11:17:00 +00:00
|
|
|
)
|
2017-12-29 15:53:45 +00:00
|
|
|
|
2018-12-18 09:28:45 +00:00
|
|
|
LOGIN_AUTO = 'auto'
|
|
|
|
|
LOGIN_MANUAL = 'manual'
|
2018-06-11 08:27:40 +00:00
|
|
|
LOGIN_MODE_CHOICES = (
|
2018-12-18 09:28:45 +00:00
|
|
|
(LOGIN_AUTO, _('Automatic login')),
|
|
|
|
|
(LOGIN_MANUAL, _('Manually login'))
|
2018-06-11 08:27:40 +00:00
|
|
|
)
|
|
|
|
|
|
2018-02-09 03:12:40 +00:00
|
|
|
nodes = models.ManyToManyField('assets.Node', blank=True, verbose_name=_("Nodes"))
|
2018-04-08 12:02:40 +00:00
|
|
|
assets = models.ManyToManyField('assets.Asset', blank=True, verbose_name=_("Assets"))
|
2018-12-18 09:28:45 +00:00
|
|
|
priority = models.IntegerField(default=20, verbose_name=_("Priority"), validators=[MinValueValidator(1), MaxValueValidator(100)])
|
2017-12-07 05:01:33 +00:00
|
|
|
protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
|
2016-12-20 16:43:52 +00:00
|
|
|
auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))
|
2018-04-08 12:02:40 +00:00
|
|
|
sudo = models.TextField(default='/bin/whoami', verbose_name=_('Sudo'))
|
2017-12-07 05:01:33 +00:00
|
|
|
shell = models.CharField(max_length=64, default='/bin/bash', verbose_name=_('Shell'))
|
2018-12-18 09:28:45 +00:00
|
|
|
login_mode = models.CharField(choices=LOGIN_MODE_CHOICES, default=LOGIN_AUTO, max_length=10, verbose_name=_('Login mode'))
|
2018-10-10 11:29:53 +00:00
|
|
|
cmd_filters = models.ManyToManyField('CommandFilter', related_name='system_users', verbose_name=_("Command filter"), blank=True)
|
2016-12-20 16:43:52 +00:00
|
|
|
|
2017-12-07 05:01:33 +00:00
|
|
|
def __str__(self):
|
2018-04-11 07:24:12 +00:00
|
|
|
return '{0.name}({0.username})'.format(self)
|
2016-12-20 16:43:52 +00:00
|
|
|
|
2019-10-18 07:12:17 +00:00
|
|
|
@property
|
|
|
|
|
def nodes_amount(self):
|
|
|
|
|
return self.nodes.all().count()
|
|
|
|
|
|
2017-12-19 04:41:00 +00:00
|
|
|
@property
|
2018-12-18 09:28:45 +00:00
|
|
|
def login_mode_display(self):
|
|
|
|
|
return self.get_login_mode_display()
|
2017-12-19 04:41:00 +00:00
|
|
|
|
2018-02-09 03:12:40 +00:00
|
|
|
def is_need_push(self):
|
2019-06-13 10:58:43 +00:00
|
|
|
if self.auto_push and self.protocol in [self.PROTOCOL_SSH, self.PROTOCOL_RDP]:
|
2018-02-09 03:12:40 +00:00
|
|
|
return True
|
|
|
|
|
else:
|
|
|
|
|
return False
|
|
|
|
|
|
2019-12-19 07:28:17 +00:00
|
|
|
@property
|
|
|
|
|
def is_need_cmd_filter(self):
|
2020-01-14 03:07:35 +00:00
|
|
|
return self.protocol not in [self.PROTOCOL_RDP, self.PROTOCOL_VNC]
|
2019-12-19 07:28:17 +00:00
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def is_need_test_asset_connective(self):
|
|
|
|
|
return self.protocol not in [self.PROTOCOL_MYSQL]
|
|
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def can_perm_to_asset(self):
|
|
|
|
|
return self.protocol not in [self.PROTOCOL_MYSQL]
|
|
|
|
|
|
2018-10-10 07:37:20 +00:00
|
|
|
@property
|
|
|
|
|
def cmd_filter_rules(self):
|
|
|
|
|
from .cmd_filter import CommandFilterRule
|
|
|
|
|
rules = CommandFilterRule.objects.filter(
|
|
|
|
|
filter__in=self.cmd_filters.all()
|
2018-10-16 08:47:47 +00:00
|
|
|
).distinct()
|
2018-10-10 07:37:20 +00:00
|
|
|
return rules
|
|
|
|
|
|
2018-12-10 02:11:54 +00:00
|
|
|
def is_command_can_run(self, command):
|
|
|
|
|
for rule in self.cmd_filter_rules:
|
|
|
|
|
action, matched_cmd = rule.match(command)
|
|
|
|
|
if action == rule.ACTION_ALLOW:
|
|
|
|
|
return True, None
|
|
|
|
|
elif action == rule.ACTION_DENY:
|
|
|
|
|
return False, matched_cmd
|
|
|
|
|
return True, None
|
|
|
|
|
|
2019-07-26 08:16:06 +00:00
|
|
|
def get_all_assets(self):
|
2019-09-24 07:18:12 +00:00
|
|
|
from assets.models import Node
|
2019-07-26 08:16:06 +00:00
|
|
|
nodes_keys = self.nodes.all().values_list('key', flat=True)
|
2019-09-24 07:18:12 +00:00
|
|
|
assets_ids = set(self.assets.all().values_list('id', flat=True))
|
|
|
|
|
nodes_assets_ids = Node.get_nodes_all_assets_ids(nodes_keys)
|
|
|
|
|
assets_ids.update(nodes_assets_ids)
|
|
|
|
|
assets = Asset.objects.filter(id__in=assets_ids)
|
2019-07-26 08:16:06 +00:00
|
|
|
return assets
|
|
|
|
|
|
2016-12-20 16:43:52 +00:00
|
|
|
class Meta:
|
2016-12-21 16:36:31 +00:00
|
|
|
ordering = ['name']
|
2018-07-20 02:54:16 +00:00
|
|
|
unique_together = [('name', 'org_id')]
|
2018-01-05 09:57:02 +00:00
|
|
|
verbose_name = _("System user")
|
2016-12-20 16:43:52 +00:00
|
|
|
|
|
|
|
|
@classmethod
|
2017-03-22 15:36:43 +00:00
|
|
|
def generate_fake(cls, count=10):
|
2016-12-20 16:43:52 +00:00
|
|
|
from random import seed
|
|
|
|
|
import forgery_py
|
|
|
|
|
from django.db import IntegrityError
|
|
|
|
|
|
|
|
|
|
seed()
|
|
|
|
|
for i in range(count):
|
|
|
|
|
obj = cls(name=forgery_py.name.full_name(),
|
|
|
|
|
username=forgery_py.internet.user_name(),
|
|
|
|
|
password=forgery_py.lorem_ipsum.word(),
|
|
|
|
|
comment=forgery_py.lorem_ipsum.sentence(),
|
|
|
|
|
created_by='Fake')
|
|
|
|
|
try:
|
|
|
|
|
obj.save()
|
|
|
|
|
logger.debug('Generate fake asset group: %s' % obj.name)
|
|
|
|
|
except IntegrityError:
|
|
|
|
|
print('Error continue')
|
|
|
|
|
continue
|
