校验推送

jperm/perm_api.py

@@ -266,7 +266,7 @@ def get_role_info(role_id, type="all"):
         return u"不支持的查询"
 
 
-def get_role_push_host(role):
+def get_role_push_host(role, raw=False):
     """
     get the role push host
     :return: the asset object
@@ -282,6 +282,8 @@ def get_role_push_host(role):
         group_assets.extend(asset_group.asset_set.all())
     cacl_assets = set(assets) | set(group_assets)
 
+    if raw:
+        return {'asset': cacl_assets, 'asset_group': set(asset_groups)}
     # 计算所有主机 在push记录里面的 使用密码和使用秘钥状况
     result = []
     for asset in cacl_assets:

jperm/views.py

@@ -106,6 +106,19 @@ def perm_rule_add(request):
             # 获取授予的角色列表
             roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
 
+            for role in roles_obj:
+                push_assets_or_group = get_role_push_host(role=role, raw=True)
+                push_assets = push_assets_or_group.get('asset')
+                push_asset_groups = push_assets_or_group.get('asset_group')
+                no_push_assets = set(assets_obj) - set(push_assets)
+                no_push_asset_groups = set(asset_groups_obj) - set(push_asset_groups)
+                if no_push_assets:
+                    raise ServerError(u'没有推送角色 %s 的主机 %s'
+                                      % (role.name, ','.join([asset.hostname for asset in no_push_assets])))
+                elif no_push_asset_groups:
+                    raise ServerError(u'没有推送角色 %s 的主机组 %s'
+                                      % (role.name, ','.join(asset_group.name for asset_group in no_push_asset_groups)))
+
             # 仅授权成功的，写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
             rule = PermRule(name=rule_name, comment=rule_comment)
             rule.save()
@@ -117,7 +130,6 @@ def perm_rule_add(request):
             rule.save()
 
             msg = u"添加授权规则：%s" % rule.name
-            # 渲染数据
             return HttpResponseRedirect('/jperm/rule/')
         except ServerError, e:
             error = e
@@ -465,7 +477,6 @@ def perm_role_push(request):
         os.remove(add_sudo_script)
 
         print ret
-
         # 结果汇总统计
         if ret_failed:
             # 推送失败

templates/jperm/perm_rule_add.html

@@ -136,25 +136,21 @@ $('#ruleForm').validator({
         "rulename": {
             rule: "required;check_name",
             tip: "输入规则名称",
-            ok: "",
             msg: {required: "规则名称必填"}
         },
         "usergroup": {
             rule: "required(check_user)",
             tip: "请选择用户组",
-            ok: "",
             msg: {required: "用户和用户组必选一个!"}
         },
         "assetgroup": {
             rule: "required(check_asset)",
             tip: "输入资产组",
-            ok: "",
             msg: {required: "资产和资产组必选一个!"}
         },
         "role": {
             rule: "required",
             tip: "请选择角色",
-            ok: "",
             msg: {required: "必须选择角色"}
         }
     },