feat: 改密计划支持su切换用户执行

feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行 feat: 改密计划支持su切换用户执行
2022-03-28 19:48:55 +08:00 · 2022-03-28 19:48:55 +08:00 · cddff9fd19
parent d856f1364a
commit cddff9fd19
3 changed files with 35 additions and 12 deletions
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@ -280,16 +280,44 @@ class Asset(AbsConnectivity, AbsHardwareInfo, ProtocolsMixin, NodesRelationMixin
    def is_support_ansible(self):
        return self.has_protocol('ssh') and self.platform_base not in ("Other",)

-    def get_auth_info(self):
+    def get_auth_info(self, with_become=False):
        if not self.admin_user:
            return {}

-        self.admin_user.load_asset_special_auth(self)
+        if self.is_unixlike() and self.admin_user.su_enabled and self.admin_user.su_from:
+            auth_user = self.admin_user.su_from
+            become_user = self.admin_user
+        else:
+            auth_user = self.admin_user
+            become_user = None
+
+        auth_user.load_asset_special_auth(self)
        info = {
-            'username': self.admin_user.username,
-            'password': self.admin_user.password,
-            'private_key': self.admin_user.private_key_file,
+            'username': auth_user.username,
+            'password': auth_user.password,
+            'private_key': auth_user.private_key_file
        }
+
+        if not with_become:
+            return info
+
+        if become_user:
+            become_user.load_asset_special_auth(self)
+            become_method = 'su'
+            become_username = become_user.username
+            become_pass = become_user.password
+        else:
+            become_method = 'sudo'
+            become_username = 'root'
+            become_pass = auth_user.password
+        become_info = {
+            'become': {
+                'method': become_method,
+                'username': become_username,
+                'pass': become_pass
+            }
+        }
+        info.update(become_info)
        return info

    def nodes_display(self):
--- a/apps/assets/serializers/admin_user.py
+++ b/apps/assets/serializers/admin_user.py
@ -15,6 +15,7 @@ class AdminUserSerializer(SuS):
                 SuS.Meta.fields_m2m + \
                 [
                     'type', 'protocol', "priority", 'sftp_root', 'ssh_key_fingerprint',
+                     'su_enabled', 'su_from',
                     'date_created', 'date_updated', 'comment', 'created_by',
                 ]

--- a/apps/ops/inventory.py
+++ b/apps/ops/inventory.py
@ -29,13 +29,7 @@ class JMSBaseInventory(BaseInventory):
        if asset.domain and asset.domain.has_gateway():
            info["vars"].update(self.make_proxy_command(asset))
        if run_as_admin:
-            info.update(asset.get_auth_info())
-            if asset.is_unixlike():
-                info["become"] = {
-                    "method": 'sudo',
-                    "user": 'root',
-                    "pass": ''
-                }
+            info.update(asset.get_auth_info(with_become=True))
        if asset.is_windows():
            info["vars"].update({
                "ansible_connection": "ssh",