mirror of https://github.com/jumpserver/jumpserver
修改批量执行命令
ibuler
parent
c574bbcb96
commit
66610fb3e7
57
connect.py
57
connect.py
|
|
@ -531,23 +531,41 @@ class Nav(object):
|
|||
"""
|
||||
批量执行命令
|
||||
"""
|
||||
self.search()
|
||||
while True:
|
||||
print "请输入主机名、IP或ansile支持的pattern, q退出"
|
||||
if not self.user_perm:
|
||||
self.user_perm = get_group_user_perm(self.user)
|
||||
print '\033[32m[%-2s] %-15s \033[0m' % ('ID', '角色')
|
||||
roles = self.user_perm.get('role').keys()
|
||||
role_check = dict(zip(range(len(roles)), roles))
|
||||
|
||||
for i, r in role_check.items():
|
||||
print '[%-2s] %-15s' % (i, r.name)
|
||||
print
|
||||
print "请输入运行命令角色的ID, q退出"
|
||||
|
||||
try:
|
||||
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
|
||||
if pattern == 'q':
|
||||
role_id = raw_input("\033[1;32mRole>:\033[0m ").strip()
|
||||
if role_id == 'q':
|
||||
break
|
||||
else:
|
||||
if not self.user_perm:
|
||||
self.user_perm = get_group_user_perm(self.user)
|
||||
res = gen_resource(self.user, perm=self.user_perm)
|
||||
cmd = Command(res)
|
||||
logger.debug(res)
|
||||
for inv in cmd.inventory.get_hosts(pattern=pattern):
|
||||
print inv.name
|
||||
confirm_host = raw_input("\033[1;32mIs that [y/n]>:\033[0m ").strip()
|
||||
if confirm_host == 'y':
|
||||
role = role_check[int(role_id)]
|
||||
assets = list(self.user_perm.get('role', {}).get(role).get('asset'))
|
||||
print "该角色有权限的所有主机"
|
||||
for asset in assets:
|
||||
print asset.hostname
|
||||
|
||||
print
|
||||
print "请输入主机名、IP或ansile支持的pattern, q退出"
|
||||
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
|
||||
if pattern == 'q':
|
||||
break
|
||||
else:
|
||||
res = gen_resource(self.user, {'asset': assets, 'role': role}, perm=self.user_perm)
|
||||
cmd = Command(res)
|
||||
logger.debug("res: %s" % res)
|
||||
for inv in cmd.inventory.get_hosts(pattern=pattern):
|
||||
print inv.name
|
||||
print
|
||||
while True:
|
||||
print "请输入执行的命令, 按q退出"
|
||||
command = raw_input("\033[1;32mCmds>:\033[0m ").strip()
|
||||
|
|
@ -567,8 +585,10 @@ class Nav(object):
|
|||
print
|
||||
print "=" * 20
|
||||
print
|
||||
else:
|
||||
continue
|
||||
|
||||
except (IndexError, KeyError):
|
||||
color_print('ID输入错误')
|
||||
continue
|
||||
|
||||
except EOFError:
|
||||
print
|
||||
|
|
@ -615,10 +635,11 @@ def main():
|
|||
roles = get_role(login_user, asset)
|
||||
if len(roles) > 1:
|
||||
role_check = dict(zip(range(len(roles)), roles))
|
||||
print role_check
|
||||
print "\033[32m[ID] 角色\033[0m"
|
||||
for index, role in role_check.items():
|
||||
print "[%s] %s" % (index, role.name)
|
||||
print "输入角色ID, q退出"
|
||||
print "[%-2s] %s" % (index, role.name)
|
||||
print
|
||||
print "授权角色超过1个,请输入角色ID, q退出"
|
||||
try:
|
||||
role_index = raw_input("\033[1;32mID>:\033[0m ").strip()
|
||||
if role_index == 'q':
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ def get_group_user_perm(ob):
|
|||
}
|
||||
]},
|
||||
'rule':[rule1, rule2,]
|
||||
'role': {role1: {'asset': []}, 'asset_group': []}, role2: {}},
|
||||
}
|
||||
"""
|
||||
perm = {}
|
||||
|
|
@ -38,9 +39,18 @@ def get_group_user_perm(ob):
|
|||
perm['rule'] = rule_all
|
||||
perm_asset_group = perm['asset_group'] = {}
|
||||
perm_asset = perm['asset'] = {}
|
||||
perm_role = perm['role'] = {}
|
||||
for rule in rule_all:
|
||||
asset_groups = rule.asset_group.all()
|
||||
assets = rule.asset.all()
|
||||
perm_roles = rule.role.all()
|
||||
# 获取一个规则授权的角色和对应主机
|
||||
for role in perm_roles:
|
||||
if perm_role.get('role'):
|
||||
perm_role[role]['asset'] = perm_role[role].get('asset', set()).union(set(assets))
|
||||
perm_role[role]['asset_group'] = perm_role[role].get('asset_group', set()).union(set(asset_groups))
|
||||
else:
|
||||
perm_role[role] = {'asset': set(assets), 'asset_group': set(asset_groups)}
|
||||
|
||||
# 获取一个规则用户授权的资产
|
||||
for asset in assets:
|
||||
|
|
@ -85,7 +95,7 @@ def get_group_asset_perm(ob):
|
|||
user2: {'role': [role1, role2], 'rule': [rule1, rule2]},
|
||||
}
|
||||
]},
|
||||
'rule':[rule1, rule2,]
|
||||
'rule':[rule1, rule2,],
|
||||
}
|
||||
"""
|
||||
perm = {}
|
||||
|
|
@ -102,7 +112,6 @@ def get_group_asset_perm(ob):
|
|||
for rule in rule_all:
|
||||
user_groups = rule.user_group.all()
|
||||
users = rule.user.all()
|
||||
|
||||
# 获取一个规则资产的用户
|
||||
for user in users:
|
||||
if perm_user.get(user):
|
||||
|
|
@ -147,22 +156,30 @@ def gen_resource(ob, ex='', perm=None):
|
|||
生成MyInventory需要的 resource文件
|
||||
"""
|
||||
res = []
|
||||
if isinstance(ob, User) and isinstance(ex, (list, QuerySet)):
|
||||
if isinstance(ob, User) and isinstance(ex, dict):
|
||||
if not perm:
|
||||
perm = get_group_user_perm(ob)
|
||||
for asset, asset_info in perm.get('asset').items():
|
||||
if asset not in ex:
|
||||
continue
|
||||
asset_info = get_asset_info(asset)
|
||||
info = {'hostname': asset.hostname, 'ip': asset.ip, 'port': asset_info.get('port', 22)}
|
||||
try:
|
||||
role = sorted(list(perm.get('asset').get(asset).get('role')))[0]
|
||||
except IndexError:
|
||||
continue
|
||||
info['username'] = role.name
|
||||
info['password'] = CRYPTOR.decrypt(role.password)
|
||||
info['ssh_key'] = get_role_key(ob, role)
|
||||
res.append(info)
|
||||
|
||||
role = ex.get('role')
|
||||
asset_r = ex.get('asset')
|
||||
roles = perm.get('role', {}).keys()
|
||||
if role not in roles:
|
||||
return {}
|
||||
|
||||
role_assets_all = perm.get('role').get(ex.get('role')).get('asset')
|
||||
assets = set(role_assets_all) & set(asset_r)
|
||||
|
||||
for asset in assets:
|
||||
asset_info = get_asset_info(asset)
|
||||
info = {'hostname': asset.hostname,
|
||||
'ip': asset.ip,
|
||||
'port': asset_info.get('port', 22),
|
||||
'username': role.name,
|
||||
'password': CRYPTOR.decrypt(role.password),
|
||||
'ssh_key': get_role_key(ob, role)
|
||||
}
|
||||
res.append(info)
|
||||
|
||||
elif isinstance(ob, User):
|
||||
if not perm:
|
||||
perm = get_group_user_perm(ob)
|
||||
|
|
|
|||
Loading…
Reference in New Issue