mirror of https://github.com/jumpserver/jumpserver
update ansible_api, and update perm_list_user view
Zi Chuanxiu
parent
6572e6f10e
commit
c26594a3ec
|
|
@ -6,5 +6,7 @@
|
|||
|
||||
> 使用说明
|
||||
|
||||
+ 依赖安装包: ansible、 sshpass
|
||||
+ 依赖rpm安装包: ansible、 sshpass
|
||||
+ 依赖pip安装包: passlib
|
||||
+ 关于ansible配置: 需要启用配置文件(/etc/ansible/ansible.cfg)的 host_key_checking = False
|
||||
|
||||
|
|
|
|||
|
|
@ -11,11 +11,16 @@ from ansible import callbacks
|
|||
from ansible import utils
|
||||
from passlib.hash import sha512_crypt
|
||||
|
||||
from utils import get_rand_pass
|
||||
|
||||
import os.path
|
||||
JPERM_DIR = os.path.dirname(os.path.abspath(__file__))
|
||||
ANSIBLE_DIR = os.path.join(JPERM_DIR, 'playbooks')
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
class AnsibleError(StandardError):
|
||||
"""
|
||||
the base AnsibleError which contains error(required),
|
||||
|
|
@ -217,6 +222,15 @@ class Tasks(Command):
|
|||
|
||||
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
|
||||
|
||||
def del_key(self, user, key_path):
|
||||
"""
|
||||
push the ssh authorized key to target.
|
||||
"""
|
||||
module_args = 'user="%s" key="{{ lookup("file", "%s") }}" state="absent"' % (user, key_path)
|
||||
self.__run(module_args, "authorized_key")
|
||||
|
||||
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
|
||||
|
||||
def add_user(self, username, password):
|
||||
"""
|
||||
add a host user.
|
||||
|
|
@ -235,7 +249,31 @@ class Tasks(Command):
|
|||
self.__run(module_args, "user")
|
||||
|
||||
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
|
||||
|
||||
|
||||
def add_init_users(self):
|
||||
"""
|
||||
add initail users: SA, DBA, DEV
|
||||
"""
|
||||
results = {}
|
||||
action = results["action_info"] = {}
|
||||
users = {"SA": get_rand_pass(), "DBA": get_rand_pass(), "DEV": get_rand_pass()}
|
||||
for user, password in users.iteritems():
|
||||
ret = self.add_user(user, password)
|
||||
action[user] = ret
|
||||
results["user_info"] = users
|
||||
|
||||
return results
|
||||
|
||||
def del_init_users(self):
|
||||
"""
|
||||
delete initail users: SA, DBA, DEV
|
||||
"""
|
||||
results = {}
|
||||
action = results["action_info"] = {}
|
||||
for user in ["SA", "DBA", "DEV"]:
|
||||
ret = self.del_user(user)
|
||||
action[user] = ret
|
||||
return results
|
||||
|
||||
|
||||
|
||||
|
|
@ -316,13 +354,28 @@ class App(MyPlaybook):
|
|||
|
||||
|
||||
if __name__ == "__main__":
|
||||
resource = {"test": [{"hostname": "192.168.10.128", "port": "22", "username": "root", "password": "xxx"}]}
|
||||
playbook = MyPlaybook(resource)
|
||||
playbook.run('test.yml')
|
||||
print playbook.raw_results
|
||||
resource = [{"hostname": "192.168.10.128", "port": "22", "username": "root", "password": "yusky0902"}]
|
||||
# playbook = MyPlaybook(resource)
|
||||
# playbook.run('test.yml')
|
||||
# print playbook.raw_results
|
||||
command = Command(resource)
|
||||
command.run("who")
|
||||
print command.stdout
|
||||
|
||||
|
||||
# task = Tasks(resource)
|
||||
# print task.add_user('test', 'mypass')
|
||||
# print task.del_user('test')
|
||||
# print task.push_key('root', '/root/.ssh/id_rsa.pub')
|
||||
# print task.del_key('root', '/root/.ssh/id_rsa.pub')
|
||||
|
||||
|
||||
# task = Tasks(resource)
|
||||
# print task.add_init_users()
|
||||
# print task.del_init_users()
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,197 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
|
||||
from django.db.models import Q
|
||||
from jumpserver.api import *
|
||||
from jperm.perm_api import *
|
||||
from jperm.models import PermLog as Log
|
||||
from jperm.models import SysUser
|
||||
from juser.user_api import gen_ssh_key
|
||||
|
||||
|
||||
from django.shortcuts import render_to_response
|
||||
|
||||
|
||||
@require_role('admin')
|
||||
def perm_user_list(request):
|
||||
"""
|
||||
用户授权视图:
|
||||
该视图的模板包含2部分:
|
||||
1. block 部分:{% block content %}
|
||||
rander_content 为渲染数据
|
||||
2. include 部分:{% include 'nav_cat_bar.html' %}
|
||||
rander_nav 为渲染数据
|
||||
"""
|
||||
render_data = {}
|
||||
data_nav = {"header_title": "用户授权", "path1": "授权管理", "path2": "用户授权"}
|
||||
# 获取所有用户
|
||||
users_list = User.objects.all()
|
||||
|
||||
# 搜索和分页
|
||||
keyword = request.GET.get('search', '')
|
||||
if keyword:
|
||||
users_list = users_list.filter(Q(name=keyword) | Q(username=keyword))
|
||||
users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request)
|
||||
|
||||
data_content = {"users": users}
|
||||
for data in [data_nav, data_content]:
|
||||
render_data.update(data)
|
||||
|
||||
return render_to_response('jperm/perm_user_list.html', render_data)
|
||||
|
||||
|
||||
@require_role('admin')
|
||||
def perm_user_edit(request):
|
||||
"""
|
||||
TODO:
|
||||
"""
|
||||
header_title, path1, path2 = '用户授权', '授权管理', '授权更改'
|
||||
user_id = request.GET.get('id', '')
|
||||
user = get_object(User, id=user_id)
|
||||
asset_all = Asset.objects.all() # 获取所有资产
|
||||
asset_group_all = AssetGroup.objects.all() # 获取所有资产组
|
||||
asset_permed = user.asset.all() # 获取授权的资产对象列表
|
||||
asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表
|
||||
if request.method == 'GET' and user:
|
||||
assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表
|
||||
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理
|
||||
return my_render('jperm/perm_user_edit.html', locals(), request)
|
||||
elif request.method == 'POST' and user:
|
||||
asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表
|
||||
asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表
|
||||
asset_select = get_object_list(Asset, asset_id_select)
|
||||
asset_group_select = get_object_list(AssetGroup, asset_group_id_select)
|
||||
asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表
|
||||
asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表
|
||||
asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表
|
||||
asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表
|
||||
for asset_group in asset_group_new:
|
||||
asset_new.extend(asset_group.asset_set.all())
|
||||
for asset_group in asset_group_del:
|
||||
asset_del.extend(asset_group.asset_set.all())
|
||||
perm_info = {
|
||||
'action': 'perm user edit: ' + user.name,
|
||||
'del': {'users': [user], 'assets': asset_del},
|
||||
'new': {'users': [user], 'assets': asset_new}
|
||||
}
|
||||
print perm_info
|
||||
try:
|
||||
results = perm_user_api(perm_info) # 通过API授权或回收
|
||||
except ServerError, e:
|
||||
return HttpResponse(e)
|
||||
unreachable_asset = []
|
||||
failures_asset = []
|
||||
for ip in results.get('unreachable'):
|
||||
unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
|
||||
for ip in results.get('failures'):
|
||||
failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
|
||||
failures_asset.extend(unreachable_asset) # 失败的授权要统计
|
||||
for asset in failures_asset:
|
||||
if asset in asset_select:
|
||||
asset_select.remove(asset)
|
||||
else:
|
||||
asset_select.append(asset)
|
||||
user.asset = asset_select
|
||||
user.asset_group = asset_group_select
|
||||
user.save() # 保存到数据库
|
||||
return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
|
||||
else:
|
||||
return HttpResponse('输入错误')
|
||||
|
||||
|
||||
@require_role('admin')
|
||||
def perm_group_list(request):
|
||||
header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权'
|
||||
keyword = request.GET.get('search', '')
|
||||
user_groups_list = UserGroup.objects.all()
|
||||
if keyword:
|
||||
request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword))
|
||||
user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request)
|
||||
return my_render('jperm/perm_group_list.html', locals(), request)
|
||||
|
||||
|
||||
|
||||
@require_role('admin')
|
||||
def perm_group_edit(request):
|
||||
header_title, path1, path2 = '用户组授权', '授权管理', '授权更改'
|
||||
user_group_id = request.GET.get('id', '')
|
||||
user_group = get_object(UserGroup, id=user_group_id)
|
||||
asset_all = Asset.objects.all()
|
||||
asset_group_all = AssetGroup.objects.all()
|
||||
asset_permed = user_group.asset.all() # 获取授权的资产对象列表
|
||||
asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表
|
||||
if request.method == 'GET' and user_group:
|
||||
assets = [asset for asset in asset_all if asset not in asset_permed]
|
||||
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
|
||||
return my_render('jperm/perm_group_edit.html', locals(), request)
|
||||
elif request.method == 'POST' and user_group:
|
||||
asset_id_select = request.POST.getlist('asset_select', [])
|
||||
asset_group_id_select = request.POST.getlist('asset_groups_select', [])
|
||||
asset_select = get_object_list(Asset, asset_id_select)
|
||||
asset_group_select = get_object_list(AssetGroup, asset_group_id_select)
|
||||
asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表
|
||||
asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表
|
||||
asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表
|
||||
asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表
|
||||
users = user_group.user_set.all()
|
||||
perm_info = {
|
||||
'action': 'perm group edit: ' + user_group.name,
|
||||
'del': {'users': users, 'assets': asset_del},
|
||||
'new': {'users': users, 'assets': asset_new}
|
||||
}
|
||||
results = perm_user_api(perm_info)
|
||||
unreachable_asset = []
|
||||
failures_asset = []
|
||||
for ip in results.get('unreachable'):
|
||||
unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
|
||||
for ip in results.get('failures'):
|
||||
failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
|
||||
failures_asset.extend(unreachable_asset) # 失败的授权要统计
|
||||
for asset in failures_asset:
|
||||
if asset in asset_select:
|
||||
asset_select.remove(asset)
|
||||
else:
|
||||
asset_select.append(asset)
|
||||
user_group.asset = asset_select
|
||||
user_group.asset_group = asset_group_select
|
||||
user_group.save() # 保存到数据库
|
||||
return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
|
||||
else:
|
||||
return HttpResponse('输入错误')
|
||||
|
||||
|
||||
def log(request):
|
||||
header_title, path1, path2 = '授权记录', '授权管理', '授权记录'
|
||||
log_all = Log.objects.all().order_by('-datetime')
|
||||
log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request)
|
||||
return my_render('jperm/perm_log.html', locals(), request)
|
||||
|
||||
|
||||
def sys_user_add(request):
|
||||
asset_group_all = AssetGroup.objects.all()
|
||||
if request.method == 'POST':
|
||||
username = request.POST.get('username', '')
|
||||
password = request.POST.get('password', '')
|
||||
asset_groups_id = request.POST.getlist('asset_groups_select', [])
|
||||
comment = request.POST.get('comment')
|
||||
sys_user = SysUser(username=username, password=password, comment=comment)
|
||||
sys_user.save()
|
||||
gen_ssh_key(username, key_dir=os.path.join(SSH_KEY_DIR, 'sysuser'), authorized_keys=False)
|
||||
results = push_user(sys_user, asset_groups_id)
|
||||
return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
|
||||
return my_render('jperm/sys_user_add.html', locals(), request)
|
||||
|
||||
|
||||
def sys_user_list(request):
|
||||
users_list = SysUser.objects.all()
|
||||
users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request)
|
||||
return my_render('jperm/sys_user_list.html', locals(), request)
|
||||
|
||||
|
||||
def sys_user_edit(request):
|
||||
pass
|
||||
|
||||
|
||||
def sys_user_del(request):
|
||||
pass
|
||||
|
||||
Loading…
Reference in New Issue