github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

修改批量执行命令

pull/26/head
ibuler 2015-11-27 12:20:08 +08:00
parent c574bbcb96
commit 66610fb3e7
2 changed files with 72 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
connect.py
View File

@ -531,23 +531,41 @@ class Nav(object):
""" """
批量执行命令 批量执行命令
""" """
self.search()
while True: while True:
print "请输入主机名、IP或ansile支持的pattern, q退出" if not self.user_perm:
self.user_perm = get_group_user_perm(self.user)
print '\033[32m[%-2s] %-15s \033[0m' % ('ID', '角色')
roles = self.user_perm.get('role').keys()
role_check = dict(zip(range(len(roles)), roles))
for i, r in role_check.items():
print '[%-2s] %-15s' % (i, r.name)
print
print "请输入运行命令角色的ID, q退出"
try: try:
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() role_id = raw_input("\033[1;32mRole>:\033[0m ").strip()
if pattern == 'q': if role_id == 'q':
break break
else: else:
if not self.user_perm: role = role_check[int(role_id)]
self.user_perm = get_group_user_perm(self.user) assets = list(self.user_perm.get('role', {}).get(role).get('asset'))
res = gen_resource(self.user, perm=self.user_perm) print "该角色有权限的所有主机"
cmd = Command(res) for asset in assets:
logger.debug(res) print asset.hostname
for inv in cmd.inventory.get_hosts(pattern=pattern):
print inv.name print
confirm_host = raw_input("\033[1;32mIs that [y/n]>:\033[0m ").strip() print "请输入主机名、IP或ansile支持的pattern, q退出"
if confirm_host == 'y': pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
else:
res = gen_resource(self.user, {'asset': assets, 'role': role}, perm=self.user_perm)
cmd = Command(res)
logger.debug("res: %s" % res)
for inv in cmd.inventory.get_hosts(pattern=pattern):
print inv.name
print
while True: while True:
print "请输入执行的命令, 按q退出" print "请输入执行的命令, 按q退出"
command = raw_input("\033[1;32mCmds>:\033[0m ").strip() command = raw_input("\033[1;32mCmds>:\033[0m ").strip()
@ -567,8 +585,10 @@ class Nav(object):
print print
print "=" * 20 print "=" * 20
print print
else:
continue except (IndexError, KeyError):
color_print('ID输入错误')
continue
except EOFError: except EOFError:
print print
@ -615,10 +635,11 @@ def main():
roles = get_role(login_user, asset) roles = get_role(login_user, asset)
if len(roles) > 1: if len(roles) > 1:
role_check = dict(zip(range(len(roles)), roles)) role_check = dict(zip(range(len(roles)), roles))
print role_check print "\033[32m[ID] 角色\033[0m"
for index, role in role_check.items(): for index, role in role_check.items():
print "[%s] %s" % (index, role.name) print "[%-2s] %s" % (index, role.name)
print "输入角色ID, q退出" print
print "授权角色超过1个请输入角色ID, q退出"
try: try:
role_index = raw_input("\033[1;32mID>:\033[0m ").strip() role_index = raw_input("\033[1;32mID>:\033[0m ").strip()
if role_index == 'q': if role_index == 'q':

49
jperm/perm_api.py
View File

@ -25,6 +25,7 @@ def get_group_user_perm(ob):
} }
]}, ]},
'rule':[rule1, rule2,] 'rule':[rule1, rule2,]
'role': {role1: {'asset': []}, 'asset_group': []}, role2: {}},
} }
""" """
perm = {} perm = {}
@ -38,9 +39,18 @@ def get_group_user_perm(ob):
perm['rule'] = rule_all perm['rule'] = rule_all
perm_asset_group = perm['asset_group'] = {} perm_asset_group = perm['asset_group'] = {}
perm_asset = perm['asset'] = {} perm_asset = perm['asset'] = {}
perm_role = perm['role'] = {}
for rule in rule_all: for rule in rule_all:
asset_groups = rule.asset_group.all() asset_groups = rule.asset_group.all()
assets = rule.asset.all() assets = rule.asset.all()
perm_roles = rule.role.all()
# 获取一个规则授权的角色和对应主机
for role in perm_roles:
if perm_role.get('role'):
perm_role[role]['asset'] = perm_role[role].get('asset', set()).union(set(assets))
perm_role[role]['asset_group'] = perm_role[role].get('asset_group', set()).union(set(asset_groups))
else:
perm_role[role] = {'asset': set(assets), 'asset_group': set(asset_groups)}
# 获取一个规则用户授权的资产 # 获取一个规则用户授权的资产
for asset in assets: for asset in assets:
@ -85,7 +95,7 @@ def get_group_asset_perm(ob):
user2: {'role': [role1, role2], 'rule': [rule1, rule2]}, user2: {'role': [role1, role2], 'rule': [rule1, rule2]},
} }
]}, ]},
'rule':[rule1, rule2,] 'rule':[rule1, rule2,],
} }
""" """
perm = {} perm = {}
@ -102,7 +112,6 @@ def get_group_asset_perm(ob):
for rule in rule_all: for rule in rule_all:
user_groups = rule.user_group.all() user_groups = rule.user_group.all()
users = rule.user.all() users = rule.user.all()
# 获取一个规则资产的用户 # 获取一个规则资产的用户
for user in users: for user in users:
if perm_user.get(user): if perm_user.get(user):
@ -147,22 +156,30 @@ def gen_resource(ob, ex='', perm=None):
生成MyInventory需要的 resource文件 生成MyInventory需要的 resource文件
""" """
res = [] res = []
if isinstance(ob, User) and isinstance(ex, (list, QuerySet)): if isinstance(ob, User) and isinstance(ex, dict):
if not perm: if not perm:
perm = get_group_user_perm(ob) perm = get_group_user_perm(ob)
for asset, asset_info in perm.get('asset').items():
if asset not in ex: role = ex.get('role')
continue asset_r = ex.get('asset')
asset_info = get_asset_info(asset) roles = perm.get('role', {}).keys()
info = {'hostname': asset.hostname, 'ip': asset.ip, 'port': asset_info.get('port', 22)} if role not in roles:
try: return {}
role = sorted(list(perm.get('asset').get(asset).get('role')))[0]
except IndexError: role_assets_all = perm.get('role').get(ex.get('role')).get('asset')
continue assets = set(role_assets_all) & set(asset_r)
info['username'] = role.name
info['password'] = CRYPTOR.decrypt(role.password) for asset in assets:
info['ssh_key'] = get_role_key(ob, role) asset_info = get_asset_info(asset)
res.append(info) info = {'hostname': asset.hostname,
'ip': asset.ip,
'port': asset_info.get('port', 22),
'username': role.name,
'password': CRYPTOR.decrypt(role.password),
'ssh_key': get_role_key(ob, role)
}
res.append(info)
elif isinstance(ob, User): elif isinstance(ob, User):
if not perm: if not perm:
perm = get_group_user_perm(ob) perm = get_group_user_perm(ob)