diff --git a/jasset/views.py b/jasset/views.py index 8427f9f67..b0d616d92 100644 --- a/jasset/views.py +++ b/jasset/views.py @@ -160,7 +160,7 @@ def asset_add(request): asset_save = af_post.save(commit=False) if not use_default_auth: password = request.POST.get('password', '') - password_encode = CRYPTOR.encrypt(password) + password_encode = password asset_save.password = password_encode asset_save.is_active = True if is_active else False asset_save.save() diff --git a/jperm/ansible_api.py b/jperm/ansible_api.py index 2e89008fc..0625a599d 100644 --- a/jperm/ansible_api.py +++ b/jperm/ansible_api.py @@ -19,7 +19,6 @@ API_DIR = os.path.dirname(os.path.abspath(__file__)) ANSIBLE_DIR = os.path.join(API_DIR, 'playbooks') - class AnsibleError(StandardError): """ the base AnsibleError which contains error(required), @@ -115,7 +114,7 @@ class Command(MyInventory): super(Command, self).__init__(*args, **kwargs) self.results = '' - def run(self, command, module_name="command", timeout=5, forks=10, group='my_group'): + def run(self, command, module_name="command", timeout=5, forks=10, pattern='*'): """ run command from andible ad-hoc. command : 必须是一个需要执行的命令字符串, 比如 @@ -128,7 +127,7 @@ class Command(MyInventory): module_args=command, timeout=timeout, inventory=self.inventory, - subset=group, + pattern=pattern, forks=forks ) self.results = hoc.run() diff --git a/jperm/models.py b/jperm/models.py index 2bcea14e3..d9553a00c 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -32,14 +32,14 @@ class PermRole(models.Model): class PermRule(models.Model): date_added = models.DateTimeField(auto_now=True) - name = models.CharField(max_length=100) + name = models.CharField(max_length=100, unique=True) comment = models.CharField(max_length=100) asset = models.ManyToManyField(Asset, related_name='perm_rule') asset_group = models.ManyToManyField(AssetGroup, related_name='perm_rule') user = models.ManyToManyField(User, related_name='perm_rule') user_group = models.ManyToManyField(UserGroup, related_name='perm_rule') role = models.ManyToManyField(PermRole, related_name='perm_rule') - ssh_type = models.BooleanField() + is_secret_key = models.BooleanField() def __unicode__(self): return self.name \ No newline at end of file diff --git a/jperm/utils.py b/jperm/utils.py index 019ef6ed9..64c446101 100644 --- a/jperm/utils.py +++ b/jperm/utils.py @@ -45,8 +45,13 @@ def gen_keys(): :return: 返回目录名(uuid) """ key_basename = "key-" + uuid4().hex +<<<<<<< HEAD key_path_dir = os.path.join(KEY_DIR, key_basename) mkdir(key_path_dir, 0755) +======= + key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename) + makedirs(key_path_dir, 0775) +>>>>>>> dev key = RSAKey.generate(2048) private_key = os.path.join(key_path_dir, 'id_rsa') @@ -61,6 +66,10 @@ def gen_keys(): content_file.write(data) return key_path_dir +<<<<<<< HEAD +======= + +>>>>>>> dev if __name__ == "__main__": print gen_keys() diff --git a/jperm/views.py b/jperm/views.py index 2685d6bd6..fd4b9a756 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -1,6 +1,5 @@ # -*- coding: utf-8 -*- - from django.db.models import Q from jperm.perm_api import * from jperm.models import PermLog as Log @@ -89,7 +88,8 @@ def perm_rule_add(request): asset_groups_select = request.POST.getlist('assetgroup', []) roles_select = request.POST.getlist('role', []) rule_name = request.POST.get('rulename') - rule_comment = request.POST.get('comment') + rule_comment = request.POST.get('rule_comment') + rule_ssh_key = request.POST.get("use_publicKey") # 获取需要授权的主机列表 assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select] @@ -114,7 +114,9 @@ def perm_rule_add(request): rule.asset = assets_obj rule.asset_group = asset_groups_obj rule.role = roles_obj + rule.is_secret_key = bool(rule_ssh_key) rule.save() + return HttpResponse(u"添加授权规则:%s" % rule.name) @@ -130,8 +132,10 @@ def perm_rule_edit(request): rule_id = request.GET.get("id") rule = PermRule.objects.get(id=rule_id) + if request.method == 'GET' and rule_id: # 渲染数据, 获取所有的rule对象 + rule_comment = rule.comment users = rule.user.all() user_groups = rule.user_group.all() assets = rule.asset.all() @@ -141,7 +145,44 @@ def perm_rule_edit(request): return my_render('jperm/perm_rule_edit.html', locals(), request) elif request.method == 'POST' and rule_id: - return HttpResponse("uncompleted") + # 获取用户选择的 用户,用户组,资产,资产组,用户角色 + rule_name = request.POST.get('rule_name') + rule_comment = request.POST.get("rule_comment") + users_select = request.POST.getlist('user', []) + user_groups_select = request.POST.getlist('usergroup', []) + assets_select = request.POST.getlist('asset', []) + asset_groups_select = request.POST.getlist('assetgroup', []) + roles_select = request.POST.getlist('role', []) + + # 获取需要授权的主机列表 + assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select] + asset_groups_obj = [AssetGroup.objects.get(name=group) for group in asset_groups_select] + group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]] + calc_assets = set(group_assets_obj) | set(assets_obj) + + # 获取需要授权的用户列表 + users_obj = [User.objects.get(name=user) for user in users_select] + user_groups_obj = [UserGroup.objects.get(name=group) for group in user_groups_select] + group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]] + calc_users = set(group_users_obj) | set(users_obj) + + # 获取授予的角色列表 + roles_obj = [PermRole.objects.get(name=role) for role in roles_select] + + # 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色) + rule.user = users_obj + rule.usergroup = user_groups_obj + rule.asset = assets_obj + rule.asset_group = asset_groups_obj + rule.role = roles_obj + rule.name = rule_name + rule.comment = rule.comment + + print rule, rule.name + rule.save() + return HttpResponse(u"更新授权规则:%s" % rule.name) + + @require_role('admin') @@ -252,8 +293,12 @@ def perm_role_detail(request): role_info = get_role_info(role_id) # 渲染数据 - for key, value in role_info.iteritems(): - key = value + rules = role_info.get("rules") + assets = role_info.get("assets") + asset_groups = role_info.get("asset_groups") + users = role_info.get("users") + user_groups = role_info.get("user_groups") + return my_render('jperm/perm_role_detail.html', locals(), request) @@ -265,15 +310,27 @@ def perm_role_edit(request): # 渲染数据 header_title, path1, path2 = "系统角色", "角色管理", "角色编辑" + # 渲染数据 + role_id = request.GET.get("id") + role = PermRole.objects.get(id=role_id) if request.method == "GET": - role_id = request.GET.get("id") - # 渲染数据 - role = PermRole.objects.get(id=role_id) - return my_render('jperm/perm_role_edit.html', locals(), request) if request.method == "POST": - return HttpResponse(u"未实现") + # 获取 POST 数据 + role_name = request.POST.get("role_name") + role_password = request.POST.get("role_password") + role_comment = request.POST.get("role_comment") + + # 写入数据库 + role.name = role_name + role.password = role_password + role.comment = role_comment + + role.save() + return HttpResponse(u"更新系统角色: %s" % role.name) + + @require_role('admin') @@ -326,10 +383,13 @@ def perm_role_push(request): task = Tasks(push_resource) ret = {} ret_failed = [] - if password_push: - ret["password_push"] = task.add_multi_user(**role_pass) - if ret["password_push"].get("status") != "success": - ret_failed.append(1) + + # 因为要先建立用户,所以password 是必选项, + # 而push key是在 password也完成的情况下的 可选项 + ret["password_push"] = task.add_multi_user(**role_pass) + if ret["password_push"].get("status") != "success": + ret_failed.append(1) + if key_push: ret["key_push"] = task.push_multi_key(**role_key) if ret["key_push"].get("status") != "success": diff --git a/jumpserver.conf b/jumpserver.conf index 6297ab00a..ac9506672 100644 --- a/jumpserver.conf +++ b/jumpserver.conf @@ -9,7 +9,7 @@ log = debug host = 127.0.0.1 port = 3306 user = jumpserver -password = mysql234 +password = mysql1234 database = jumpserver [websocket] diff --git a/jumpserver/api.py b/jumpserver/api.py index 580582d0b..3870540d9 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -14,10 +14,8 @@ from django.core.paginator import Paginator, EmptyPage, InvalidPage from django.http import HttpResponse, Http404 from django.template import RequestContext from juser.models import User, UserGroup +from jlog.models import Log from jasset.models import Asset, AssetGroup -# from jlog.models import Log -from jlog.models import Log, TtyLog -from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned from django.http import HttpResponseRedirect from django.shortcuts import render_to_response from django.core.mail import send_mail @@ -413,4 +411,3 @@ def my_render(template, data, request): CRYPTOR = PyCrypt(KEY) logger = set_log(LOG_LEVEL) -KEY_DIR = os.path.join(BASE_DIR, 'keys') diff --git a/jumpserver/settings.py b/jumpserver/settings.py index cc3f5a8c7..f3042349a 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -18,7 +18,7 @@ config = ConfigParser.ConfigParser() BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) config.read(os.path.join(BASE_DIR, 'jumpserver.conf')) -KEY_DIR = os.path.join(BASE_DIR, 'role_keys') +KEY_DIR = os.path.join(BASE_DIR, 'keys') DB_HOST = config.get('db', 'host') DB_PORT = config.getint('db', 'port') diff --git a/jumpserver/views.py b/jumpserver/views.py index a907ced4f..00f28616c 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -15,7 +15,6 @@ from jumpserver.api import * from jumpserver.models import Setting from django.contrib.auth import authenticate, login, logout from django.contrib.auth.decorators import login_required -from settings import BASE_DIR from jlog.models import Log diff --git a/templates/jperm/perm_role_edit.html b/templates/jperm/perm_role_edit.html index 23c7e7617..81d56d4b4 100644 --- a/templates/jperm/perm_role_edit.html +++ b/templates/jperm/perm_role_edit.html @@ -40,6 +40,13 @@
+
+ +
+ +
+
+
diff --git a/templates/jperm/perm_role_push.html b/templates/jperm/perm_role_push.html index a524d0cc2..91a4c7a0d 100644 --- a/templates/jperm/perm_role_push.html +++ b/templates/jperm/perm_role_push.html @@ -67,16 +67,6 @@
-
- -
-
- -
-
-
diff --git a/templates/jperm/perm_rule_add.html b/templates/jperm/perm_rule_add.html index d5a95cc8d..7f11c9b4e 100644 --- a/templates/jperm/perm_rule_add.html +++ b/templates/jperm/perm_rule_add.html @@ -96,27 +96,6 @@
- -
- -
-
- -
-
-
- - - -
-
@@ -128,18 +107,11 @@
- -
- +
diff --git a/templates/jperm/perm_rule_edit.html b/templates/jperm/perm_rule_edit.html index 9737a3dc4..ee6e0f5c1 100644 --- a/templates/jperm/perm_rule_edit.html +++ b/templates/jperm/perm_rule_edit.html @@ -96,27 +96,6 @@
- -
- -
-
- -
-
-
- - - -
-
@@ -128,18 +107,11 @@
- -
- +
diff --git a/templates/jperm/perm_rule_list.html b/templates/jperm/perm_rule_list.html index 270431c61..e08b8f7f4 100644 --- a/templates/jperm/perm_rule_list.html +++ b/templates/jperm/perm_rule_list.html @@ -55,19 +55,19 @@ {{ rule.name }} - {{ rule | rule_member_count:"user" }} + {{ rule | rule_member_count:"user" }} - {{ rule | rule_member_count:"user_group" }} + {{ rule | rule_member_count:"user_group" }} - {{ rule | rule_member_count:"asset" }} + {{ rule | rule_member_count:"asset" }} - {{ rule | rule_member_count:"asset_group" }} + {{ rule | rule_member_count:"asset_group" }} - {{ rule | rule_member_count:"role" }} + {{ rule | rule_member_count:"role" }} 详情