github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

merge with dev

pull/26/head
ibuler 2015-11-18 15:22:26 +08:00
parent cf8e366ae1 8017b1b479
commit 2a6051ae35
14 changed files with 105 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
jasset/views.py
View File

@ -160,7 +160,7 @@ def asset_add(request):
asset_save = af_post.save(commit=False)
if not use_default_auth:
password = request.POST.get('password', '')
password_encode = CRYPTOR.encrypt(password)
password_encode = password
asset_save.password = password_encode
asset_save.is_active = True if is_active else False
asset_save.save()

5
jperm/ansible_api.py
View File

@ -19,7 +19,6 @@ API_DIR = os.path.dirname(os.path.abspath(__file__))
ANSIBLE_DIR = os.path.join(API_DIR, 'playbooks')
class AnsibleError(StandardError):
"""
the base AnsibleError which contains error(required),
@ -115,7 +114,7 @@ class Command(MyInventory):
super(Command, self).__init__(*args, **kwargs)
self.results = ''
def run(self, command, module_name="command", timeout=5, forks=10, group='my_group'):
def run(self, command, module_name="command", timeout=5, forks=10, pattern='*'):
"""
run command from andible ad-hoc.
command : 必须是一个需要执行的命令字符串 比如
@ -128,7 +127,7 @@ class Command(MyInventory):
module_args=command,
timeout=timeout,
inventory=self.inventory,
subset=group,
pattern=pattern,
forks=forks
)
self.results = hoc.run()

4
jperm/models.py
View File

@ -32,14 +32,14 @@ class PermRole(models.Model):
class PermRule(models.Model):
date_added = models.DateTimeField(auto_now=True)
name = models.CharField(max_length=100)
name = models.CharField(max_length=100, unique=True)
comment = models.CharField(max_length=100)
asset = models.ManyToManyField(Asset, related_name='perm_rule')
asset_group = models.ManyToManyField(AssetGroup, related_name='perm_rule')
user = models.ManyToManyField(User, related_name='perm_rule')
user_group = models.ManyToManyField(UserGroup, related_name='perm_rule')
role = models.ManyToManyField(PermRole, related_name='perm_rule')
ssh_type = models.BooleanField()
is_secret_key = models.BooleanField()
def __unicode__(self):
return self.name

9
jperm/utils.py
View File

@ -45,8 +45,13 @@ def gen_keys():
:return: 返回目录名(uuid)
"""
key_basename = "key-" + uuid4().hex
<<<<<<< HEAD
key_path_dir = os.path.join(KEY_DIR, key_basename)
mkdir(key_path_dir, 0755)
=======
key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
makedirs(key_path_dir, 0775)
>>>>>>> dev
key = RSAKey.generate(2048)
private_key = os.path.join(key_path_dir, 'id_rsa')
@ -61,6 +66,10 @@ def gen_keys():
content_file.write(data)
return key_path_dir
<<<<<<< HEAD
=======
>>>>>>> dev
if __name__ == "__main__":
print gen_keys()

88
jperm/views.py
View File

@ -1,6 +1,5 @@
# -*- coding: utf-8 -*-
from django.db.models import Q
from jperm.perm_api import *
from jperm.models import PermLog as Log
@ -89,7 +88,8 @@ def perm_rule_add(request):
asset_groups_select = request.POST.getlist('assetgroup', [])
roles_select = request.POST.getlist('role', [])
rule_name = request.POST.get('rulename')
rule_comment = request.POST.get('comment')
rule_comment = request.POST.get('rule_comment')
rule_ssh_key = request.POST.get("use_publicKey")
# 获取需要授权的主机列表
assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select]
@ -114,7 +114,9 @@ def perm_rule_add(request):
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.is_secret_key = bool(rule_ssh_key)
rule.save()
return HttpResponse(u"添加授权规则:%s" % rule.name)
@ -130,8 +132,10 @@ def perm_rule_edit(request):
rule_id = request.GET.get("id")
rule = PermRule.objects.get(id=rule_id)
if request.method == 'GET' and rule_id:
# 渲染数据, 获取所有的rule对象
rule_comment = rule.comment
users = rule.user.all()
user_groups = rule.user_group.all()
assets = rule.asset.all()
@ -141,7 +145,44 @@ def perm_rule_edit(request):
return my_render('jperm/perm_rule_edit.html', locals(), request)
elif request.method == 'POST' and rule_id:
return HttpResponse("uncompleted")
# 获取用户选择的 用户,用户组,资产,资产组,用户角色
rule_name = request.POST.get('rule_name')
rule_comment = request.POST.get("rule_comment")
users_select = request.POST.getlist('user', [])
user_groups_select = request.POST.getlist('usergroup', [])
assets_select = request.POST.getlist('asset', [])
asset_groups_select = request.POST.getlist('assetgroup', [])
roles_select = request.POST.getlist('role', [])
# 获取需要授权的主机列表
assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select]
asset_groups_obj = [AssetGroup.objects.get(name=group) for group in asset_groups_select]
group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]]
calc_assets = set(group_assets_obj) | set(assets_obj)
# 获取需要授权的用户列表
users_obj = [User.objects.get(name=user) for user in users_select]
user_groups_obj = [UserGroup.objects.get(name=group) for group in user_groups_select]
group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]]
calc_users = set(group_users_obj) | set(users_obj)
# 获取授予的角色列表
roles_obj = [PermRole.objects.get(name=role) for role in roles_select]
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule.user = users_obj
rule.usergroup = user_groups_obj
rule.asset = assets_obj
rule.asset_group = asset_groups_obj
rule.role = roles_obj
rule.name = rule_name
rule.comment = rule.comment
print rule, rule.name
rule.save()
return HttpResponse(u"更新授权规则:%s" % rule.name)
@require_role('admin')
@ -252,8 +293,12 @@ def perm_role_detail(request):
role_info = get_role_info(role_id)
# 渲染数据
for key, value in role_info.iteritems():
key = value
rules = role_info.get("rules")
assets = role_info.get("assets")
asset_groups = role_info.get("asset_groups")
users = role_info.get("users")
user_groups = role_info.get("user_groups")
return my_render('jperm/perm_role_detail.html', locals(), request)
@ -265,15 +310,27 @@ def perm_role_edit(request):
# 渲染数据
header_title, path1, path2 = "系统角色", "角色管理", "角色编辑"
# 渲染数据
role_id = request.GET.get("id")
role = PermRole.objects.get(id=role_id)
if request.method == "GET":
role_id = request.GET.get("id")
# 渲染数据
role = PermRole.objects.get(id=role_id)
return my_render('jperm/perm_role_edit.html', locals(), request)
if request.method == "POST":
return HttpResponse(u"未实现")
# 获取 POST 数据
role_name = request.POST.get("role_name")
role_password = request.POST.get("role_password")
role_comment = request.POST.get("role_comment")
# 写入数据库
role.name = role_name
role.password = role_password
role.comment = role_comment
role.save()
return HttpResponse(u"更新系统角色: %s" % role.name)
@require_role('admin')
@ -326,10 +383,13 @@ def perm_role_push(request):
task = Tasks(push_resource)
ret = {}
ret_failed = []
if password_push:
ret["password_push"] = task.add_multi_user(**role_pass)
if ret["password_push"].get("status") != "success":
ret_failed.append(1)
# 因为要先建立用户所以password 是必选项,
# 而push key是在 password也完成的情况下的 可选项
ret["password_push"] = task.add_multi_user(**role_pass)
if ret["password_push"].get("status") != "success":
ret_failed.append(1)
if key_push:
ret["key_push"] = task.push_multi_key(**role_key)
if ret["key_push"].get("status") != "success":

2
jumpserver.conf
View File

@ -9,7 +9,7 @@ log = debug
host = 127.0.0.1
port = 3306
user = jumpserver
password = mysql234
password = mysql1234
database = jumpserver
[websocket]

5
jumpserver/api.py
View File

@ -14,10 +14,8 @@ from django.core.paginator import Paginator, EmptyPage, InvalidPage
from django.http import HttpResponse, Http404
from django.template import RequestContext
from juser.models import User, UserGroup
from jlog.models import Log
from jasset.models import Asset, AssetGroup
# from jlog.models import Log
from jlog.models import Log, TtyLog
from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
from django.core.mail import send_mail
@ -413,4 +411,3 @@ def my_render(template, data, request):
CRYPTOR = PyCrypt(KEY)
logger = set_log(LOG_LEVEL)
KEY_DIR = os.path.join(BASE_DIR, 'keys')

2
jumpserver/settings.py
View File

@ -18,7 +18,7 @@ config = ConfigParser.ConfigParser()
BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
config.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
KEY_DIR = os.path.join(BASE_DIR, 'role_keys')
KEY_DIR = os.path.join(BASE_DIR, 'keys')
DB_HOST = config.get('db', 'host')
DB_PORT = config.getint('db', 'port')

1
jumpserver/views.py
View File

@ -15,7 +15,6 @@ from jumpserver.api import *
from jumpserver.models import Setting
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
from settings import BASE_DIR
from jlog.models import Log

7
templates/jperm/perm_role_edit.html
View File

@ -40,6 +40,13 @@
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_password_label" class="col-sm-2 control-label">角色密码<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="role_password" name="role_password" type="password" class="form-control" value="{{ role.password }}">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="role_comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">

10
templates/jperm/perm_role_push.html
View File

@ -67,16 +67,6 @@
</div>
<div class="hr-line-dashed"></div>
<div class="row">
<div class="form-group">
<label for="j_group" class="col-sm-2 control-label">使用密码</label>
<div class="col-sm-1">
<div class="radio i-checks">
<label>
<input type="checkbox" value="1" id="use_password" name="use_password">
</label>
</div>
</div>
</div>
<div class="form-group">
<label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
<div class="col-sm-1">

30
templates/jperm/perm_rule_add.html
View File

@ -96,27 +96,6 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="j_group" class="col-sm-2 control-label">使用密码</label>
<div class="col-sm-1">
<div class="radio i-checks">
<label>
<input type="checkbox" value="0" id="use_password" name="use_password">
</label>
</div>
</div>
</div>
<div class="form-group" id="admin_account_password" style="display: none">
<label class="col-sm-1 control-label"> 密码<span class="red-fonts">*</span> </label>
<div class="col-sm-4">
<input type="password" name="password" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
<div class="col-sm-1">
@ -128,18 +107,11 @@
</div>
</div>
<div class="form-group" id="admin_account_publicKey" style="display: none">
<label class="col-sm-1 control-label"> 秘钥<span class="red-fonts">*</span> </label>
<div class="col-sm-4">
<input type="password" name="password" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
<input id="comment" name="comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
<input id="rule_comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
</div>
</div>
<div class="hr-line-dashed"></div>

30
templates/jperm/perm_rule_edit.html
View File

@ -96,27 +96,6 @@
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="j_group" class="col-sm-2 control-label">使用密码</label>
<div class="col-sm-1">
<div class="radio i-checks">
<label>
<input type="checkbox" value="0" id="use_password" name="use_password">
</label>
</div>
</div>
</div>
<div class="form-group" id="admin_account_password" style="display: none">
<label class="col-sm-1 control-label"> 密码<span class="red-fonts">*</span> </label>
<div class="col-sm-4">
<input type="password" name="password" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
<div class="col-sm-1">
@ -128,18 +107,11 @@
</div>
</div>
<div class="form-group" id="admin_account_publicKey" style="display: none">
<label class="col-sm-1 control-label"> 秘钥<span class="red-fonts">*</span> </label>
<div class="col-sm-4">
<input type="password" name="password" class="form-control">
</div>
</div>
<div class="hr-line-dashed"></div>
<div class="form-group">
<label for="comment" class="col-sm-2 control-label">备注</label>
<div class="col-sm-8">
<input id="comment" name="comment" placeholder="Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
<input id="role_comment" name="role_comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule_comment }}">
</div>
</div>
<div class="hr-line-dashed"></div>

10
templates/jperm/perm_rule_list.html
View File

@ -55,19 +55,19 @@
<tr class="gradeX" id={{ rule.id }}>
<td class="text-center"> {{ rule.name }} </td>
<td class="text-center">
<a href="/jasset/asset_list/?gid={{ user.id }}">{{ rule | rule_member_count:"user" }} </a>
{{ rule | rule_member_count:"user" }}
</td>
<td class="text-center">
<a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"user_group" }}</a>
{{ rule | rule_member_count:"user_group" }}
</td>
<td class="text-center">
<a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"asset" }}</a>
{{ rule | rule_member_count:"asset" }}
</td>
<td class="text-center">
<a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"asset_group" }}</a>
{{ rule | rule_member_count:"asset_group" }}
</td>
<td class="text-center">
<a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"role" }}</a>
{{ rule | rule_member_count:"role" }}
</td>
<td class="text-center">
<a href="/jperm/perm_rule_detail/?id={{ rule.id }}" class="btn btn-xs btn-primary">详情</a>