github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

update ansible_api, and update perm_list_user view

pull/26/head
Zi Chuanxiu 2015-11-02 23:05:19 +08:00
parent 6572e6f10e
commit c26594a3ec
3 changed files with 258 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jperm/README.md
View File

@ -6,5 +6,7 @@
> 使用说明 > 使用说明
+ 依赖安装包: ansible、 sshpass + 依赖rpm安装包 ansible、 sshpass
+ 依赖pip安装包 passlib
+ 关于ansible配置 需要启用配置文件(/etc/ansible/ansible.cfg)的 host_key_checking = False + 关于ansible配置 需要启用配置文件(/etc/ansible/ansible.cfg)的 host_key_checking = False

63
jperm/ansible_api.py
View File

@ -11,11 +11,16 @@ from ansible import callbacks
from ansible import utils from ansible import utils
from passlib.hash import sha512_crypt from passlib.hash import sha512_crypt
from utils import get_rand_pass
import os.path import os.path
JPERM_DIR = os.path.dirname(os.path.abspath(__file__)) JPERM_DIR = os.path.dirname(os.path.abspath(__file__))
ANSIBLE_DIR = os.path.join(JPERM_DIR, 'playbooks') ANSIBLE_DIR = os.path.join(JPERM_DIR, 'playbooks')
class AnsibleError(StandardError): class AnsibleError(StandardError):
""" """
the base AnsibleError which contains error(required), the base AnsibleError which contains error(required),
@ -217,6 +222,15 @@ class Tasks(Command):
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"} return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
def del_key(self, user, key_path):
"""
push the ssh authorized key to target.
"""
module_args = 'user="%s" key="{{ lookup("file", "%s") }}" state="absent"' % (user, key_path)
self.__run(module_args, "authorized_key")
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
def add_user(self, username, password): def add_user(self, username, password):
""" """
add a host user. add a host user.
@ -235,7 +249,31 @@ class Tasks(Command):
self.__run(module_args, "user") self.__run(module_args, "user")
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"} return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
def add_init_users(self):
"""
add initail users: SA, DBA, DEV
"""
results = {}
action = results["action_info"] = {}
users = {"SA": get_rand_pass(), "DBA": get_rand_pass(), "DEV": get_rand_pass()}
for user, password in users.iteritems():
ret = self.add_user(user, password)
action[user] = ret
results["user_info"] = users
return results
def del_init_users(self):
"""
delete initail users: SA, DBA, DEV
"""
results = {}
action = results["action_info"] = {}
for user in ["SA", "DBA", "DEV"]:
ret = self.del_user(user)
action[user] = ret
return results
@ -316,13 +354,28 @@ class App(MyPlaybook):
if __name__ == "__main__": if __name__ == "__main__":
resource = {"test": [{"hostname": "192.168.10.128", "port": "22", "username": "root", "password": "xxx"}]} resource = [{"hostname": "192.168.10.128", "port": "22", "username": "root", "password": "yusky0902"}]
playbook = MyPlaybook(resource) # playbook = MyPlaybook(resource)
playbook.run('test.yml') # playbook.run('test.yml')
print playbook.raw_results # print playbook.raw_results
command = Command(resource)
command.run("who")
print command.stdout
# task = Tasks(resource)
# print task.add_user('test', 'mypass') # print task.add_user('test', 'mypass')
# print task.del_user('test') # print task.del_user('test')
# print task.push_key('root', '/root/.ssh/id_rsa.pub') # print task.push_key('root', '/root/.ssh/id_rsa.pub')
# print task.del_key('root', '/root/.ssh/id_rsa.pub')
# task = Tasks(resource)
# print task.add_init_users()
# print task.del_init_users()

197
jperm/views.py Normal file
View File

@ -0,0 +1,197 @@
# -*- coding: utf-8 -*-
from django.db.models import Q
from jumpserver.api import *
from jperm.perm_api import *
from jperm.models import PermLog as Log
from jperm.models import SysUser
from juser.user_api import gen_ssh_key
from django.shortcuts import render_to_response
@require_role('admin')
def perm_user_list(request):
"""
用户授权视图
该视图的模板包含2部分
1. block 部分{% block content %}
rander_content 为渲染数据
2. include 部分{% include 'nav_cat_bar.html' %}
rander_nav 为渲染数据
"""
render_data = {}
data_nav = {"header_title": "用户授权", "path1": "授权管理", "path2": "用户授权"}
# 获取所有用户
users_list = User.objects.all()
# 搜索和分页
keyword = request.GET.get('search', '')
if keyword:
users_list = users_list.filter(Q(name=keyword) | Q(username=keyword))
users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request)
data_content = {"users": users}
for data in [data_nav, data_content]:
render_data.update(data)
return render_to_response('jperm/perm_user_list.html', render_data)
@require_role('admin')
def perm_user_edit(request):
"""
TODO:
"""
header_title, path1, path2 = '用户授权', '授权管理', '授权更改'
user_id = request.GET.get('id', '')
user = get_object(User, id=user_id)
asset_all = Asset.objects.all() # 获取所有资产
asset_group_all = AssetGroup.objects.all() # 获取所有资产组
asset_permed = user.asset.all() # 获取授权的资产对象列表
asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表
if request.method == 'GET' and user:
assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理
return my_render('jperm/perm_user_edit.html', locals(), request)
elif request.method == 'POST' and user:
asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表
asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表
asset_select = get_object_list(Asset, asset_id_select)
asset_group_select = get_object_list(AssetGroup, asset_group_id_select)
asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表
asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表
asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表
asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表
for asset_group in asset_group_new:
asset_new.extend(asset_group.asset_set.all())
for asset_group in asset_group_del:
asset_del.extend(asset_group.asset_set.all())
perm_info = {
'action': 'perm user edit: ' + user.name,
'del': {'users': [user], 'assets': asset_del},
'new': {'users': [user], 'assets': asset_new}
}
print perm_info
try:
results = perm_user_api(perm_info) # 通过API授权或回收
except ServerError, e:
return HttpResponse(e)
unreachable_asset = []
failures_asset = []
for ip in results.get('unreachable'):
unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
for ip in results.get('failures'):
failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
failures_asset.extend(unreachable_asset) # 失败的授权要统计
for asset in failures_asset:
if asset in asset_select:
asset_select.remove(asset)
else:
asset_select.append(asset)
user.asset = asset_select
user.asset_group = asset_group_select
user.save() # 保存到数据库
return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
else:
return HttpResponse('输入错误')
@require_role('admin')
def perm_group_list(request):
header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权'
keyword = request.GET.get('search', '')
user_groups_list = UserGroup.objects.all()
if keyword:
request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword))
user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request)
return my_render('jperm/perm_group_list.html', locals(), request)
@require_role('admin')
def perm_group_edit(request):
header_title, path1, path2 = '用户组授权', '授权管理', '授权更改'
user_group_id = request.GET.get('id', '')
user_group = get_object(UserGroup, id=user_group_id)
asset_all = Asset.objects.all()
asset_group_all = AssetGroup.objects.all()
asset_permed = user_group.asset.all() # 获取授权的资产对象列表
asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表
if request.method == 'GET' and user_group:
assets = [asset for asset in asset_all if asset not in asset_permed]
asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
return my_render('jperm/perm_group_edit.html', locals(), request)
elif request.method == 'POST' and user_group:
asset_id_select = request.POST.getlist('asset_select', [])
asset_group_id_select = request.POST.getlist('asset_groups_select', [])
asset_select = get_object_list(Asset, asset_id_select)
asset_group_select = get_object_list(AssetGroup, asset_group_id_select)
asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表
asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表
asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表
asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表
users = user_group.user_set.all()
perm_info = {
'action': 'perm group edit: ' + user_group.name,
'del': {'users': users, 'assets': asset_del},
'new': {'users': users, 'assets': asset_new}
}
results = perm_user_api(perm_info)
unreachable_asset = []
failures_asset = []
for ip in results.get('unreachable'):
unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
for ip in results.get('failures'):
failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
failures_asset.extend(unreachable_asset) # 失败的授权要统计
for asset in failures_asset:
if asset in asset_select:
asset_select.remove(asset)
else:
asset_select.append(asset)
user_group.asset = asset_select
user_group.asset_group = asset_group_select
user_group.save() # 保存到数据库
return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
else:
return HttpResponse('输入错误')
def log(request):
header_title, path1, path2 = '授权记录', '授权管理', '授权记录'
log_all = Log.objects.all().order_by('-datetime')
log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request)
return my_render('jperm/perm_log.html', locals(), request)
def sys_user_add(request):
asset_group_all = AssetGroup.objects.all()
if request.method == 'POST':
username = request.POST.get('username', '')
password = request.POST.get('password', '')
asset_groups_id = request.POST.getlist('asset_groups_select', [])
comment = request.POST.get('comment')
sys_user = SysUser(username=username, password=password, comment=comment)
sys_user.save()
gen_ssh_key(username, key_dir=os.path.join(SSH_KEY_DIR, 'sysuser'), authorized_keys=False)
results = push_user(sys_user, asset_groups_id)
return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
return my_render('jperm/sys_user_add.html', locals(), request)
def sys_user_list(request):
users_list = SysUser.objects.all()
users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request)
return my_render('jperm/sys_user_list.html', locals(), request)
def sys_user_edit(request):
pass
def sys_user_del(request):
pass