@ -8,8 +8,6 @@ from django.db import models
from django . utils . translation import ugettext_lazy as _
from django . core . validators import MinValueValidator , MaxValueValidator
from assets . const import Protocol
from common . utils import signer
from . base import BaseAccount
from . protocol import ProtocolMixin
@ -31,14 +29,6 @@ class SystemUser(ProtocolMixin, BaseAccount):
admin = ' admin ' , _ ( ' Admin user ' )
username_same_with_user = models . BooleanField ( default = False , verbose_name = _ ( " Username same with user " ) )
nodes = models . ManyToManyField ( ' assets.Node ' , blank = True , verbose_name = _ ( " Nodes " ) )
assets = models . ManyToManyField (
' assets.Asset ' , blank = True , verbose_name = _ ( " Assets " ) ,
through = ' assets.AuthBook ' , through_fields = [ ' systemuser ' , ' asset ' ] ,
related_name = ' system_users '
)
users = models . ManyToManyField ( ' users.User ' , blank = True , verbose_name = _ ( " Users " ) )
groups = models . ManyToManyField ( ' users.UserGroup ' , blank = True , verbose_name = _ ( " User groups " ) )
type = models . CharField ( max_length = 16 , choices = Type . choices , default = Type . common , verbose_name = _ ( ' Type ' ) )
priority = models . IntegerField ( default = 81 , verbose_name = _ ( " Priority " ) , help_text = _ ( " 1-100, the lower the value will be match first " ) , validators = [ MinValueValidator ( 1 ) , MaxValueValidator ( 100 ) ] )
protocol = models . CharField ( max_length = 16 , default = ' ssh ' , verbose_name = _ ( ' Protocol ' ) )
@ -55,84 +45,6 @@ class SystemUser(ProtocolMixin, BaseAccount):
su_enabled = models . BooleanField ( default = False , verbose_name = _ ( ' User switch ' ) )
su_from = models . ForeignKey ( ' self ' , on_delete = models . SET_NULL , related_name = ' su_to ' , null = True , verbose_name = _ ( " Switch from " ) )
def __str__ ( self ) :
username = self . username
if self . username_same_with_user :
username = ' * '
return ' {0.name} ( {1} ) ' . format ( self , username )
@property
def nodes_amount ( self ) :
return self . nodes . all ( ) . count ( )
@property
def login_mode_display ( self ) :
return self . get_login_mode_display ( )
def is_need_push ( self ) :
if self . auto_push and self . is_protocol_support_push :
return True
else :
return False
@property
def is_admin_user ( self ) :
return self . type == self . Type . admin
@property
def is_need_cmd_filter ( self ) :
return self . protocol not in [ self . Protocol . rdp , self . Protocol . vnc ]
@property
def is_need_test_asset_connective ( self ) :
return self . protocol in self . ASSET_CATEGORY_PROTOCOLS
@property
def cmd_filter_rules ( self ) :
from . cmd_filter import CommandFilterRule
rules = CommandFilterRule . objects . filter (
filter__in = self . cmd_filters . all ( )
) . distinct ( )
return rules
def is_command_can_run ( self , command ) :
for rule in self . cmd_filter_rules :
action , matched_cmd = rule . match ( command )
if action == rule . ActionChoices . allow :
return True , None
elif action == rule . ActionChoices . deny :
return False , matched_cmd
return True , None
def get_all_assets ( self ) :
from assets . models import Node , Asset
nodes_keys = self . nodes . all ( ) . values_list ( ' key ' , flat = True )
asset_ids = set ( self . assets . all ( ) . values_list ( ' id ' , flat = True ) )
nodes_asset_ids = Node . get_nodes_all_asset_ids_by_keys ( nodes_keys )
asset_ids . update ( nodes_asset_ids )
assets = Asset . objects . filter ( id__in = asset_ids )
return assets
def add_related_assets ( self , assets_or_ids ) :
self . assets . add ( * tuple ( assets_or_ids ) )
self . add_related_assets_to_su_from_if_need ( assets_or_ids )
def add_related_assets_to_su_from_if_need ( self , assets_or_ids ) :
if self . protocol not in [ self . Protocol . ssh . value ] :
return
if not self . su_enabled :
return
if not self . su_from :
return
if self . su_from . protocol != self . protocol :
return
self . su_from . assets . add ( * tuple ( assets_or_ids ) )
# TODO 暂时为了接口文档添加
@property
def auto_push_account ( self ) :
return
class Meta :
ordering = [ ' name ' ]
unique_together = [ ( ' name ' , ' org_id ' ) ]
@ -140,52 +52,3 @@ class SystemUser(ProtocolMixin, BaseAccount):
permissions = [
( ' match_systemuser ' , _ ( ' Can match system user ' ) ) ,
]
# Deprecated: 准备废弃
class AdminUser ( BaseAccount ) :
"""
A privileged user that ansible can use it to push system user and so on
"""
BECOME_METHOD_CHOICES = (
( ' sudo ' , ' sudo ' ) ,
( ' su ' , ' su ' ) ,
)
become = models . BooleanField ( default = True )
become_method = models . CharField ( choices = BECOME_METHOD_CHOICES , default = ' sudo ' , max_length = 4 )
become_user = models . CharField ( default = ' root ' , max_length = 64 )
_become_pass = models . CharField ( default = ' ' , blank = True , max_length = 128 )
CONNECTIVITY_CACHE_KEY = ' _ADMIN_USER_CONNECTIVE_ {} '
_prefer = " admin_user "
def __str__ ( self ) :
return self . name
@property
def become_pass ( self ) :
password = signer . unsign ( self . _become_pass )
if password :
return password
else :
return " "
@become_pass.setter
def become_pass ( self , password ) :
self . _become_pass = signer . sign ( password )
@property
def become_info ( self ) :
if self . become :
info = {
" method " : self . become_method ,
" user " : self . become_user ,
" pass " : self . become_pass ,
}
else :
info = None
return info
class Meta :
ordering = [ ' name ' ]
unique_together = [ ( ' name ' , ' org_id ' ) ]
verbose_name = _ ( " Admin user " )
ibuler
2 years ago