From 66610fb3e7f61daea368c1be4862f64491057909 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 27 Nov 2015 12:20:08 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=89=B9=E9=87=8F=E6=89=A7?= =?UTF-8?q?=E8=A1=8C=E5=91=BD=E4=BB=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- connect.py | 57 ++++++++++++++++++++++++++++++++--------------- jperm/perm_api.py | 49 +++++++++++++++++++++++++++------------- 2 files changed, 72 insertions(+), 34 deletions(-) diff --git a/connect.py b/connect.py index 43f65117b..44f9ad488 100644 --- a/connect.py +++ b/connect.py @@ -531,23 +531,41 @@ class Nav(object): """ 批量执行命令 """ - self.search() while True: - print "请输入主机名、IP或ansile支持的pattern, q退出" + if not self.user_perm: + self.user_perm = get_group_user_perm(self.user) + print '\033[32m[%-2s] %-15s \033[0m' % ('ID', '角色') + roles = self.user_perm.get('role').keys() + role_check = dict(zip(range(len(roles)), roles)) + + for i, r in role_check.items(): + print '[%-2s] %-15s' % (i, r.name) + print + print "请输入运行命令角色的ID, q退出" + try: - pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() - if pattern == 'q': + role_id = raw_input("\033[1;32mRole>:\033[0m ").strip() + if role_id == 'q': break else: - if not self.user_perm: - self.user_perm = get_group_user_perm(self.user) - res = gen_resource(self.user, perm=self.user_perm) - cmd = Command(res) - logger.debug(res) - for inv in cmd.inventory.get_hosts(pattern=pattern): - print inv.name - confirm_host = raw_input("\033[1;32mIs that [y/n]>:\033[0m ").strip() - if confirm_host == 'y': + role = role_check[int(role_id)] + assets = list(self.user_perm.get('role', {}).get(role).get('asset')) + print "该角色有权限的所有主机" + for asset in assets: + print asset.hostname + + print + print "请输入主机名、IP或ansile支持的pattern, q退出" + pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() + if pattern == 'q': + break + else: + res = gen_resource(self.user, {'asset': assets, 'role': role}, perm=self.user_perm) + cmd = Command(res) + logger.debug("res: %s" % res) + for inv in cmd.inventory.get_hosts(pattern=pattern): + print inv.name + print while True: print "请输入执行的命令, 按q退出" command = raw_input("\033[1;32mCmds>:\033[0m ").strip() @@ -567,8 +585,10 @@ class Nav(object): print print "=" * 20 print - else: - continue + + except (IndexError, KeyError): + color_print('ID输入错误') + continue except EOFError: print @@ -615,10 +635,11 @@ def main(): roles = get_role(login_user, asset) if len(roles) > 1: role_check = dict(zip(range(len(roles)), roles)) - print role_check + print "\033[32m[ID] 角色\033[0m" for index, role in role_check.items(): - print "[%s] %s" % (index, role.name) - print "输入角色ID, q退出" + print "[%-2s] %s" % (index, role.name) + print + print "授权角色超过1个,请输入角色ID, q退出" try: role_index = raw_input("\033[1;32mID>:\033[0m ").strip() if role_index == 'q': diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 54d3eb726..ba81af15b 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -25,6 +25,7 @@ def get_group_user_perm(ob): } ]}, 'rule':[rule1, rule2,] + 'role': {role1: {'asset': []}, 'asset_group': []}, role2: {}}, } """ perm = {} @@ -38,9 +39,18 @@ def get_group_user_perm(ob): perm['rule'] = rule_all perm_asset_group = perm['asset_group'] = {} perm_asset = perm['asset'] = {} + perm_role = perm['role'] = {} for rule in rule_all: asset_groups = rule.asset_group.all() assets = rule.asset.all() + perm_roles = rule.role.all() + # 获取一个规则授权的角色和对应主机 + for role in perm_roles: + if perm_role.get('role'): + perm_role[role]['asset'] = perm_role[role].get('asset', set()).union(set(assets)) + perm_role[role]['asset_group'] = perm_role[role].get('asset_group', set()).union(set(asset_groups)) + else: + perm_role[role] = {'asset': set(assets), 'asset_group': set(asset_groups)} # 获取一个规则用户授权的资产 for asset in assets: @@ -85,7 +95,7 @@ def get_group_asset_perm(ob): user2: {'role': [role1, role2], 'rule': [rule1, rule2]}, } ]}, - 'rule':[rule1, rule2,] + 'rule':[rule1, rule2,], } """ perm = {} @@ -102,7 +112,6 @@ def get_group_asset_perm(ob): for rule in rule_all: user_groups = rule.user_group.all() users = rule.user.all() - # 获取一个规则资产的用户 for user in users: if perm_user.get(user): @@ -147,22 +156,30 @@ def gen_resource(ob, ex='', perm=None): 生成MyInventory需要的 resource文件 """ res = [] - if isinstance(ob, User) and isinstance(ex, (list, QuerySet)): + if isinstance(ob, User) and isinstance(ex, dict): if not perm: perm = get_group_user_perm(ob) - for asset, asset_info in perm.get('asset').items(): - if asset not in ex: - continue - asset_info = get_asset_info(asset) - info = {'hostname': asset.hostname, 'ip': asset.ip, 'port': asset_info.get('port', 22)} - try: - role = sorted(list(perm.get('asset').get(asset).get('role')))[0] - except IndexError: - continue - info['username'] = role.name - info['password'] = CRYPTOR.decrypt(role.password) - info['ssh_key'] = get_role_key(ob, role) - res.append(info) + + role = ex.get('role') + asset_r = ex.get('asset') + roles = perm.get('role', {}).keys() + if role not in roles: + return {} + + role_assets_all = perm.get('role').get(ex.get('role')).get('asset') + assets = set(role_assets_all) & set(asset_r) + + for asset in assets: + asset_info = get_asset_info(asset) + info = {'hostname': asset.hostname, + 'ip': asset.ip, + 'port': asset_info.get('port', 22), + 'username': role.name, + 'password': CRYPTOR.decrypt(role.password), + 'ssh_key': get_role_key(ob, role) + } + res.append(info) + elif isinstance(ob, User): if not perm: perm = get_group_user_perm(ob)