From cddff9fd19135b149e7230b1fd9fda195113a801 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" Date: Mon, 28 Mar 2022 19:48:55 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=94=B9=E5=AF=86=E8=AE=A1=E5=88=92?= =?UTF-8?q?=E6=94=AF=E6=8C=81su=E5=88=87=E6=8D=A2=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E6=89=A7=E8=A1=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行 --- apps/assets/models/asset.py | 38 +++++++++++++++++++++++---- apps/assets/serializers/admin_user.py | 1 + apps/ops/inventory.py | 8 +----- 3 files changed, 35 insertions(+), 12 deletions(-) diff --git a/apps/assets/models/asset.py b/apps/assets/models/asset.py index d846c6ce4..c4ecf9cfe 100644 --- a/apps/assets/models/asset.py +++ b/apps/assets/models/asset.py @@ -280,16 +280,44 @@ class Asset(AbsConnectivity, AbsHardwareInfo, ProtocolsMixin, NodesRelationMixin def is_support_ansible(self): return self.has_protocol('ssh') and self.platform_base not in ("Other",) - def get_auth_info(self): + def get_auth_info(self, with_become=False): if not self.admin_user: return {} - self.admin_user.load_asset_special_auth(self) + if self.is_unixlike() and self.admin_user.su_enabled and self.admin_user.su_from: + auth_user = self.admin_user.su_from + become_user = self.admin_user + else: + auth_user = self.admin_user + become_user = None + + auth_user.load_asset_special_auth(self) info = { - 'username': self.admin_user.username, - 'password': self.admin_user.password, - 'private_key': self.admin_user.private_key_file, + 'username': auth_user.username, + 'password': auth_user.password, + 'private_key': auth_user.private_key_file } + + if not with_become: + return info + + if become_user: + become_user.load_asset_special_auth(self) + become_method = 'su' + become_username = become_user.username + become_pass = become_user.password + else: + become_method = 'sudo' + become_username = 'root' + become_pass = auth_user.password + become_info = { + 'become': { + 'method': become_method, + 'username': become_username, + 'pass': become_pass + } + } + info.update(become_info) return info def nodes_display(self): diff --git a/apps/assets/serializers/admin_user.py b/apps/assets/serializers/admin_user.py index c72670ba8..b6ab18af3 100644 --- a/apps/assets/serializers/admin_user.py +++ b/apps/assets/serializers/admin_user.py @@ -15,6 +15,7 @@ class AdminUserSerializer(SuS): SuS.Meta.fields_m2m + \ [ 'type', 'protocol', "priority", 'sftp_root', 'ssh_key_fingerprint', + 'su_enabled', 'su_from', 'date_created', 'date_updated', 'comment', 'created_by', ] diff --git a/apps/ops/inventory.py b/apps/ops/inventory.py index fa077e903..b19ce8130 100644 --- a/apps/ops/inventory.py +++ b/apps/ops/inventory.py @@ -29,13 +29,7 @@ class JMSBaseInventory(BaseInventory): if asset.domain and asset.domain.has_gateway(): info["vars"].update(self.make_proxy_command(asset)) if run_as_admin: - info.update(asset.get_auth_info()) - if asset.is_unixlike(): - info["become"] = { - "method": 'sudo', - "user": 'root', - "pass": '' - } + info.update(asset.get_auth_info(with_become=True)) if asset.is_windows(): info["vars"].update({ "ansible_connection": "ssh",