jumpserver/apps/assets/models/user.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#

import logging

from functools import reduce
from django.db import models
from django.db.models import Q
from django.utils.translation import ugettext_lazy as _
from django.core.validators import MinValueValidator, MaxValueValidator

from common.utils import get_signer
from .base import AssetUser
from .asset import Asset


__all__ = ['AdminUser', 'SystemUser']
logger = logging.getLogger(__name__)
signer = get_signer()


class AdminUser(AssetUser):
    """
    A privileged user that ansible can use it to push system user and so on
    """
    BECOME_METHOD_CHOICES = (
        ('sudo', 'sudo'),
        ('su', 'su'),
    )
    become = models.BooleanField(default=True)
    become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4)
    become_user = models.CharField(default='root', max_length=64)
    _become_pass = models.CharField(default='', max_length=128)
    CONNECTIVITY_CACHE_KEY = '_ADMIN_USER_CONNECTIVE_{}'
    _prefer = "admin_user"

    def __str__(self):
        return self.name

    @property
    def become_pass(self):
        password = signer.unsign(self._become_pass)
        if password:
            return password
        else:
            return ""

    @become_pass.setter
    def become_pass(self, password):
        self._become_pass = signer.sign(password)

    @property
    def become_info(self):
        if self.become:
            info = {
                "method": self.become_method,
                "user": self.become_user,
                "pass": self.become_pass,
            }
        else:
            info = None
        return info

    class Meta:
        ordering = ['name']
        unique_together = [('name', 'org_id')]
        verbose_name = _("Admin user")

    @classmethod
    def generate_fake(cls, count=10):
        from random import seed
        import forgery_py
        from django.db import IntegrityError

        seed()
        for i in range(count):
            obj = cls(name=forgery_py.name.full_name(),
                      username=forgery_py.internet.user_name(),
                      password=forgery_py.lorem_ipsum.word(),
                      comment=forgery_py.lorem_ipsum.sentence(),
                      created_by='Fake')
            try:
                obj.save()
                logger.debug('Generate fake asset group: %s' % obj.name)
            except IntegrityError:
                print('Error continue')
                continue


class SystemUser(AssetUser):
    PROTOCOL_SSH = 'ssh'
    PROTOCOL_RDP = 'rdp'
    PROTOCOL_TELNET = 'telnet'
    PROTOCOL_VNC = 'vnc'
    PROTOCOL_CHOICES = (
        (PROTOCOL_SSH, 'ssh'),
        (PROTOCOL_RDP, 'rdp'),
        (PROTOCOL_TELNET, 'telnet (beta)'),
        (PROTOCOL_VNC, 'vnc'),
    )

    LOGIN_AUTO = 'auto'
    LOGIN_MANUAL = 'manual'
    LOGIN_MODE_CHOICES = (
        (LOGIN_AUTO, _('Automatic login')),
        (LOGIN_MANUAL, _('Manually login'))
    )

    nodes = models.ManyToManyField('assets.Node', blank=True, verbose_name=_("Nodes"))
    assets = models.ManyToManyField('assets.Asset', blank=True, verbose_name=_("Assets"))
    priority = models.IntegerField(default=20, verbose_name=_("Priority"), validators=[MinValueValidator(1), MaxValueValidator(100)])
    protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
    auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))
    sudo = models.TextField(default='/bin/whoami', verbose_name=_('Sudo'))
    shell = models.CharField(max_length=64,  default='/bin/bash', verbose_name=_('Shell'))
    login_mode = models.CharField(choices=LOGIN_MODE_CHOICES, default=LOGIN_AUTO, max_length=10, verbose_name=_('Login mode'))
    cmd_filters = models.ManyToManyField('CommandFilter', related_name='system_users', verbose_name=_("Command filter"), blank=True)

    def __str__(self):
        return '{0.name}({0.username})'.format(self)

    @property
    def login_mode_display(self):
        return self.get_login_mode_display()

    def is_need_push(self):
        if self.auto_push and self.protocol in [self.PROTOCOL_SSH, self.PROTOCOL_RDP]:
            return True
        else:
            return False

    @property
    def cmd_filter_rules(self):
        from .cmd_filter import CommandFilterRule
        rules = CommandFilterRule.objects.filter(
            filter__in=self.cmd_filters.all()
        ).distinct()
        return rules

    def is_command_can_run(self, command):
        for rule in self.cmd_filter_rules:
            action, matched_cmd = rule.match(command)
            if action == rule.ACTION_ALLOW:
                return True, None
            elif action == rule.ACTION_DENY:
                return False, matched_cmd
        return True, None

    def get_all_assets(self):
        args = [Q(systemuser=self)]
        pattern = set()
        nodes_keys = self.nodes.all().values_list('key', flat=True)
        for key in nodes_keys:
            pattern.add(r'^{0}$|^{0}:'.format(key))
        pattern = '|'.join(list(pattern))
        if pattern:
            args.append(Q(nodes__key__regex=pattern))
        args = reduce(lambda x, y: x | y, args)
        assets = Asset.objects.filter(args).distinct()
        return assets

    class Meta:
        ordering = ['name']
        unique_together = [('name', 'org_id')]
        verbose_name = _("System user")

    @classmethod
    def generate_fake(cls, count=10):
        from random import seed
        import forgery_py
        from django.db import IntegrityError

        seed()
        for i in range(count):
            obj = cls(name=forgery_py.name.full_name(),
                      username=forgery_py.internet.user_name(),
                      password=forgery_py.lorem_ipsum.word(),
                      comment=forgery_py.lorem_ipsum.sentence(),
                      created_by='Fake')
            try:
                obj.save()
                logger.debug('Generate fake asset group: %s' % obj.name)
            except IntegrityError:
                print('Error continue')
                continue
Change models dir 2016-12-20 16:43:52 +00:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`
			`#`

			`import logging`
trivial changes 2017-03-06 13:05:00 +00:00
[Update] 系统用户资产管理页面获取相关的所有资产 (#3038) * [Update] 系统用户资产管理页面获取相关的所有资产 * [Update] 系统用户资产管理页面获取相关的所有资产2 2019-07-26 08:16:06 +00:00			`from functools import reduce`
trivial changes 2017-03-06 13:05:00 +00:00			`from django.db import models`
[Update] 系统用户资产管理页面获取相关的所有资产 (#3038) * [Update] 系统用户资产管理页面获取相关的所有资产 * [Update] 系统用户资产管理页面获取相关的所有资产2 2019-07-26 08:16:06 +00:00			`from django.db.models import Q`
trivial changes 2017-03-06 13:05:00 +00:00			`from django.utils.translation import ugettext_lazy as _`
[Update] 修改优先级逻辑 2018-10-16 08:47:47 +00:00			`from django.core.validators import MinValueValidator, MaxValueValidator`
Change models dir 2016-12-20 16:43:52 +00:00
[Update] 支持网域 2018-03-23 11:46:46 +00:00			`from common.utils import get_signer`
			`from .base import AssetUser`
[Update] 系统用户资产管理页面获取相关的所有资产 (#3038) * [Update] 系统用户资产管理页面获取相关的所有资产 * [Update] 系统用户资产管理页面获取相关的所有资产2 2019-07-26 08:16:06 +00:00			`from .asset import Asset`
Change models dir 2016-12-20 16:43:52 +00:00

[Update] Stash it (#2197) * [Update] Stash it * [Bugfix] 修复错误 * [Update] 修改jms 2018-12-18 09:28:45 +00:00			`__all__ = ['AdminUser', 'SystemUser']`
[Feature] 修改adminuser systemuser cluster及他们的关系 2017-12-11 09:08:43 +00:00			`logger = logging.getLogger(__name__)`
[Update] 修改ops task运行 2017-12-24 10:53:07 +00:00			`signer = get_signer()`
Change models dir 2016-12-20 16:43:52 +00:00

[Feture] 使用信号解耦 2017-12-13 09:21:08 +00:00			`class AdminUser(AssetUser):`
			`"""`
			`A privileged user that ansible can use it to push system user and so on`
			`"""`
			`BECOME_METHOD_CHOICES = (`
			`('sudo', 'sudo'),`
			`('su', 'su'),`
			`)`
			`become = models.BooleanField(default=True)`
			`become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4)`
			`become_user = models.CharField(default='root', max_length=64)`
			`_become_pass = models.CharField(default='', max_length=128)`
[Update] 优化可连接性 2019-06-21 12:57:51 +00:00			`CONNECTIVITY_CACHE_KEY = '_ADMIN_USER_CONNECTIVE_{}'`
[Update] Auth Info (#2806) * [Update] 修改支持auth info导出 * [Update] 统一认证查看 * [Update] 修改auth book manager * [Update] 修改auth info * [Update] 完成修改auth info * [Update] 优化api 2019-06-19 03:31:38 +00:00			`_prefer = "admin_user"`
[Feture] 使用信号解耦 2017-12-13 09:21:08 +00:00
			`def __str__(self):`
			`return self.name`
Change models dir 2016-12-20 16:43:52 +00:00
[Change] 修改idc => cluster 2017-12-07 08:25:50 +00:00			`@property`
			`def become_pass(self):`
[Bugfix] 修复一些明显的bug 2017-12-21 03:31:13 +00:00			`password = signer.unsign(self._become_pass)`
			`if password:`
			`return password`
			`else:`
			`return ""`
[Change] 修改idc => cluster 2017-12-07 08:25:50 +00:00
			`@become_pass.setter`
			`def become_pass(self, password):`
			`self._become_pass = signer.sign(password)`

[Update] 修改become信息 2017-12-28 06:25:56 +00:00			`@property`
			`def become_info(self):`
			`if self.become:`
			`info = {`
			`"method": self.become_method,`
			`"user": self.become_user,`
			`"pass": self.become_pass,`
			`}`
			`else:`
			`info = None`
			`return info`

Change models dir 2016-12-20 16:43:52 +00:00			`class Meta:`
Add private token and change user group 2016-12-21 16:36:31 +00:00			`ordering = ['name']`
[Update] 修改外键为org_id 2018-07-20 02:54:16 +00:00			`unique_together = [('name', 'org_id')]`
[Bugfix] 修复一些bug 2018-01-05 09:57:02 +00:00			`verbose_name = _("Admin user")`
Change models dir 2016-12-20 16:43:52 +00:00
			`@classmethod`
[Update] 更新生成fake数据脚本 2017-03-22 15:36:43 +00:00			`def generate_fake(cls, count=10):`
Change models dir 2016-12-20 16:43:52 +00:00			`from random import seed`
			`import forgery_py`
			`from django.db import IntegrityError`

			`seed()`
			`for i in range(count):`
			`obj = cls(name=forgery_py.name.full_name(),`
			`username=forgery_py.internet.user_name(),`
			`password=forgery_py.lorem_ipsum.word(),`
			`comment=forgery_py.lorem_ipsum.sentence(),`
			`created_by='Fake')`
			`try:`
			`obj.save()`
			`logger.debug('Generate fake asset group: %s' % obj.name)`
			`except IntegrityError:`
			`print('Error continue')`
			`continue`


[Feture] 使用信号解耦 2017-12-13 09:21:08 +00:00			`class SystemUser(AssetUser):`
[Update] Stash it (#2197) * [Update] Stash it * [Bugfix] 修复错误 * [Update] 修改jms 2018-12-18 09:28:45 +00:00			`PROTOCOL_SSH = 'ssh'`
			`PROTOCOL_RDP = 'rdp'`
			`PROTOCOL_TELNET = 'telnet'`
[Update] 优化授权协议, 支持vnc (#2220) * [Update] 优化授权协议, 支持vnc 2018-12-19 09:03:10 +00:00			`PROTOCOL_VNC = 'vnc'`
Change models dir 2016-12-20 16:43:52 +00:00			`PROTOCOL_CHOICES = (`
[Update] Stash it (#2197) * [Update] Stash it * [Bugfix] 修复错误 * [Update] 修改jms 2018-12-18 09:28:45 +00:00			`(PROTOCOL_SSH, 'ssh'),`
			`(PROTOCOL_RDP, 'rdp'),`
			`(PROTOCOL_TELNET, 'telnet (beta)'),`
[Update] 优化授权协议, 支持vnc (#2220) * [Update] 优化授权协议, 支持vnc 2018-12-19 09:03:10 +00:00			`(PROTOCOL_VNC, 'vnc'),`
Update api 2016-12-29 11:17:00 +00:00			`)`
[Update] 修改信号 2017-12-29 15:53:45 +00:00
[Update] Stash it (#2197) * [Update] Stash it * [Bugfix] 修复错误 * [Update] 修改jms 2018-12-18 09:28:45 +00:00			`LOGIN_AUTO = 'auto'`
			`LOGIN_MANUAL = 'manual'`
[Update] 添加功能，系统用户选择登录模式(自动/手动登录) 2018-06-11 08:27:40 +00:00			`LOGIN_MODE_CHOICES = (`
[Update] Stash it (#2197) * [Update] Stash it * [Bugfix] 修复错误 * [Update] 修改jms 2018-12-18 09:28:45 +00:00			`(LOGIN_AUTO, _('Automatic login')),`
			`(LOGIN_MANUAL, _('Manually login'))`
[Update] 添加功能，系统用户选择登录模式(自动/手动登录) 2018-06-11 08:27:40 +00:00			`)`

[Update] 修改系统用户推送，拆分assets的部分模块 2018-02-09 03:12:40 +00:00			`nodes = models.ManyToManyField('assets.Node', blank=True, verbose_name=_("Nodes"))`
[Update] 修改api和view 2018-04-08 12:02:40 +00:00			`assets = models.ManyToManyField('assets.Asset', blank=True, verbose_name=_("Assets"))`
[Update] Stash it (#2197) * [Update] Stash it * [Bugfix] 修复错误 * [Update] 修改jms 2018-12-18 09:28:45 +00:00			`priority = models.IntegerField(default=20, verbose_name=_("Priority"), validators=[MinValueValidator(1), MaxValueValidator(100)])`
[Feature] 修改ansible和ops 2017-12-07 05:01:33 +00:00			`protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))`
Change models dir 2016-12-20 16:43:52 +00:00			`auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))`
[Update] 修改api和view 2018-04-08 12:02:40 +00:00			`sudo = models.TextField(default='/bin/whoami', verbose_name=_('Sudo'))`
[Feature] 修改ansible和ops 2017-12-07 05:01:33 +00:00			`shell = models.CharField(max_length=64, default='/bin/bash', verbose_name=_('Shell'))`
[Update] Stash it (#2197) * [Update] Stash it * [Bugfix] 修复错误 * [Update] 修改jms 2018-12-18 09:28:45 +00:00			`login_mode = models.CharField(choices=LOGIN_MODE_CHOICES, default=LOGIN_AUTO, max_length=10, verbose_name=_('Login mode'))`
[Update] 修改一些逻辑 2018-10-10 11:29:53 +00:00			`cmd_filters = models.ManyToManyField('CommandFilter', related_name='system_users', verbose_name=_("Command filter"), blank=True)`
Change models dir 2016-12-20 16:43:52 +00:00
[Feature] 修改ansible和ops 2017-12-07 05:01:33 +00:00			`def __str__(self):`
[Update] 修改授权规则详情列表页面 2018-04-11 07:24:12 +00:00			`return '{0.name}({0.username})'.format(self)`
Change models dir 2016-12-20 16:43:52 +00:00
[Bugfix] 基本完成assets模块 2017-12-19 04:41:00 +00:00			`@property`
[Update] Stash it (#2197) * [Update] Stash it * [Bugfix] 修复错误 * [Update] 修改jms 2018-12-18 09:28:45 +00:00			`def login_mode_display(self):`
			`return self.get_login_mode_display()`
[Bugfix] 基本完成assets模块 2017-12-19 04:41:00 +00:00
[Update] 修改系统用户推送，拆分assets的部分模块 2018-02-09 03:12:40 +00:00			`def is_need_push(self):`
Dev ansible windows 2 (#2783) * [Update] 改密支持windows * [Update] 修改asset表结构 * [Feature] Windows支持批量改密、测试可连接性等功能 * [Update] 处理创建资产时labels的问题 * [Update] 优化测试管理系统、系统用户可连接性任务执行逻辑 * [Update] 优化ansible任务逻辑；添加自动推送rdp系统用户功能 * [Update] 添加翻译 * [Update] 优化ansible任务逻辑(测试系统用户可连接性, 通过协议过滤资产) * [Update] 更新翻译 * [Update] 更新翻译 * [Update] 推送windows系统用户，默认添加到Users、Remote Desktop Users组中 * [Update] 优化小细节 * [Update] 更新翻译，删除多余代码 * [Update] 更新翻译信息 2019-06-13 10:58:43 +00:00			`if self.auto_push and self.protocol in [self.PROTOCOL_SSH, self.PROTOCOL_RDP]:`
[Update] 修改系统用户推送，拆分assets的部分模块 2018-02-09 03:12:40 +00:00			`return True`
			`else:`
			`return False`

[Update] 支持命令过滤 2018-10-10 07:37:20 +00:00			`@property`
			`def cmd_filter_rules(self):`
			`from .cmd_filter import CommandFilterRule`
			`rules = CommandFilterRule.objects.filter(`
			`filter__in=self.cmd_filters.all()`
[Update] 修改优先级逻辑 2018-10-16 08:47:47 +00:00			`).distinct()`
[Update] 支持命令过滤 2018-10-10 07:37:20 +00:00			`return rules`

Command (#2134) * [Update] 任务区分org * [Update] 修改翻译 * [Update] 使用id而不是hostname * [Update] 执行命令 * [Update] 修改一些东西 * [Update] 暂存 * [Update] 用户执行命令 * [Update] 添加资产授权模块-tree * [Update] 暂时这样 * [Update] 批量命令执行 * [Update] 修改表结构 * [Update] 更新翻译 * [Update] 删除cloud模块无效中文翻译 2018-12-10 02:11:54 +00:00			`def is_command_can_run(self, command):`
			`for rule in self.cmd_filter_rules:`
			`action, matched_cmd = rule.match(command)`
			`if action == rule.ACTION_ALLOW:`
			`return True, None`
			`elif action == rule.ACTION_DENY:`
			`return False, matched_cmd`
			`return True, None`

[Update] 系统用户资产管理页面获取相关的所有资产 (#3038) * [Update] 系统用户资产管理页面获取相关的所有资产 * [Update] 系统用户资产管理页面获取相关的所有资产2 2019-07-26 08:16:06 +00:00			`def get_all_assets(self):`
			`args = [Q(systemuser=self)]`
			`pattern = set()`
			`nodes_keys = self.nodes.all().values_list('key', flat=True)`
			`for key in nodes_keys:`
			`pattern.add(r'^{0}$\|^{0}:'.format(key))`
			`pattern = '\|'.join(list(pattern))`
			`if pattern:`
			`args.append(Q(nodes__key__regex=pattern))`
			`args = reduce(lambda x, y: x \| y, args)`
			`assets = Asset.objects.filter(args).distinct()`
			`return assets`

Change models dir 2016-12-20 16:43:52 +00:00			`class Meta:`
Add private token and change user group 2016-12-21 16:36:31 +00:00			`ordering = ['name']`
[Update] 修改外键为org_id 2018-07-20 02:54:16 +00:00			`unique_together = [('name', 'org_id')]`
[Bugfix] 修复一些bug 2018-01-05 09:57:02 +00:00			`verbose_name = _("System user")`
Change models dir 2016-12-20 16:43:52 +00:00
			`@classmethod`
[Update] 更新生成fake数据脚本 2017-03-22 15:36:43 +00:00			`def generate_fake(cls, count=10):`
Change models dir 2016-12-20 16:43:52 +00:00			`from random import seed`
			`import forgery_py`
			`from django.db import IntegrityError`

			`seed()`
			`for i in range(count):`
			`obj = cls(name=forgery_py.name.full_name(),`
			`username=forgery_py.internet.user_name(),`
			`password=forgery_py.lorem_ipsum.word(),`
			`comment=forgery_py.lorem_ipsum.sentence(),`
			`created_by='Fake')`
			`try:`
			`obj.save()`
			`logger.debug('Generate fake asset group: %s' % obj.name)`
			`except IntegrityError:`
			`print('Error continue')`
			`continue`