[Bugfix] 修复网关测试连接需要ssh信任key的问题

2018-05-28 16:44:00 +08:00 · 2018-05-28 16:44:00 +08:00 · 47397d2308
parent 7b57d24dc9
commit 47397d2308
2 changed files with 16 additions and 19 deletions
--- a/apps/assets/utils.py
+++ b/apps/assets/utils.py
@ -1,7 +1,8 @@
 # ~*~ coding: utf-8 ~*~
 #
-
+import os
 import paramiko
+from paramiko.ssh_exception import SSHException

 from common.utils import get_object_or_none
 from .models import Asset, SystemUser, Label
@ -49,22 +50,23 @@ def test_gateway_connectability(gateway):
    """
    client = paramiko.SSHClient()
    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
-
-    proxy_command = [
-        "ssh", "{}@{}".format(gateway.username, gateway.ip),
-        "-p", str(gateway.port), "-W", "127.0.0.1:{}".format(gateway.port),
-    ]
-
-    if gateway.password:
-        proxy_command.insert(0, "sshpass -p '{}'".format(gateway.password))
-    if gateway.private_key:
-        proxy_command.append("-i {}".format(gateway.private_key_file))
+    proxy = paramiko.SSHClient()
+    proxy.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
+    proxy.set_missing_host_key_policy(paramiko.AutoAddPolicy())

    try:
-        sock = paramiko.ProxyCommand(" ".join(proxy_command))
-    except paramiko.ProxyCommandFailure as e:
+        proxy.connect(gateway.ip, username=gateway.username,
+                      password=gateway.password,
+                      pkey=gateway.private_key_obj)
+    except(paramiko.AuthenticationException,
+           paramiko.BadAuthenticationType,
+           SSHException) as e:
        return False, str(e)

+    sock = proxy.get_transport().open_channel(
+        'direct-tcpip', ('127.0.0.1', gateway.port), ('127.0.0.1', 0)
+    )
+
    try:
        client.connect("127.0.0.1", port=gateway.port,
                       username=gateway.username,
--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@ -147,13 +147,8 @@ class UserGrantedNodeAssetsApi(ListAPIView):
            user = get_object_or_404(User, id=user_id)
        else:
            user = self.request.user
+        node = get_object_or_404(Node, id=node_id)
        nodes = AssetPermissionUtil.get_user_nodes_with_assets(user)
-        node = get_object_or_none(Node, id=node_id)
-
-        if not node:
-            unnode = [node for node in nodes if node.name == 'Unnode']
-            node = unnode[0] if unnode else None
-
        assets = nodes.get(node, [])
        for asset, system_users in assets.items():
            asset.system_users_granted = system_users