From e40841463187ad266d466536f8db848c364b02de Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 8 Dec 2015 19:25:11 +0800 Subject: [PATCH] bug fix --- connect.py | 6 +-- jperm/ansible_api.py | 30 +++++++++++-- jperm/utils.py | 42 ----------------- jperm/views.py | 11 ++--- juser/views.py | 8 ++-- templates/jperm/perm_rule_edit.html | 70 ++++++++++++++++++++++------- templates/jperm/role_sudo.j2 | 16 +++---- 7 files changed, 101 insertions(+), 82 deletions(-) diff --git a/connect.py b/connect.py index d0dc36796..e035b6a1a 100644 --- a/connect.py +++ b/connect.py @@ -563,7 +563,7 @@ class Nav(object): for asset in assets: print ' %s' % asset.hostname print - print "请输入主机名、IP或ansile支持的pattern, q退出" + print "请输入主机名、IP或ansile支持的pattern, 多个主机:分隔, q退出" pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() if pattern == 'q': break @@ -606,7 +606,7 @@ class Nav(object): self.user_perm = get_group_user_perm(self.user) try: print "进入批量上传模式" - print "请输入主机名、IP或ansile支持的pattern, q退出" + print "请输入主机名、IP或ansile支持的pattern, 多个主机:分隔 q退出" pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() if pattern == 'q': break @@ -659,7 +659,7 @@ class Nav(object): self.user_perm = get_group_user_perm(self.user) try: print "进入批量下载模式" - print "请输入主机名、IP或ansile支持的pattern, q退出" + print "请输入主机名、IP或ansile支持的pattern, 多个主机:分隔,q退出" pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip() if pattern == 'q': break diff --git a/jperm/ansible_api.py b/jperm/ansible_api.py index 57c01d158..077fa5dfe 100644 --- a/jperm/ansible_api.py +++ b/jperm/ansible_api.py @@ -12,7 +12,11 @@ from ansible import utils from passlib.hash import sha512_crypt from utils import get_rand_pass +from jumpserver.api import logger +from tempfile import NamedTemporaryFile +from django.template.loader import get_template +from django.template import Context import os.path @@ -138,6 +142,7 @@ class MyRunner(MyInventory): become_pass=become_pass ) self.results_raw = hoc.run() + logger.debug(self.results_raw) return self.results_raw @property @@ -353,14 +358,33 @@ class MyTask(MyRunner): return self.results - def push_sudo_file(self, file_path): + @staticmethod + def gen_sudo_script(role_list, sudo_list): + # receive role_list = [role1, role2] sudo_list = [sudo1, sudo2] + # return sudo_alias={'NETWORK': '/sbin/ifconfig, /ls'} sudo_user={'user1': ['NETWORK', 'SYSTEM']} + sudo_alias = {} + sudo_user = {} + for sudo in sudo_list: + sudo_alias[sudo.name] = sudo.commands + + for role in role_list: + sudo_user[role.name] = ','.join(sudo_alias.keys()) + print sudo_alias, sudo_user + + sudo_j2 = get_template('jperm/role_sudo.j2') + sudo_content = sudo_j2.render(Context({"sudo_alias": sudo_alias, "sudo_user": sudo_user})) + sudo_file = NamedTemporaryFile(delete=False) + sudo_file.write(sudo_content) + sudo_file.close() + return sudo_file.name + + def push_sudo_file(self, role_list, sudo_list): """ use template to render pushed sudoers file :return: """ - module_args1 = file_path + module_args1 = self.gen_sudo_script(role_list, sudo_list) self.run("script", module_args1, become=True) - print self.results_raw return self.results diff --git a/jperm/utils.py b/jperm/utils.py index 59b1c17ba..92506cdc1 100644 --- a/jperm/utils.py +++ b/jperm/utils.py @@ -10,11 +10,8 @@ from uuid import uuid4 from jumpserver.api import CRYPTOR from os import makedirs -from django.template.loader import get_template -from django.template import Context from tempfile import NamedTemporaryFile - from jumpserver.settings import KEY_DIR @@ -72,45 +69,6 @@ def gen_keys(key="", key_path_dir=""): return key_path_dir -def gen_sudo(role_custom, role_name, role_chosen): - """ - 生成sudo file, 仅测试了cenos7 - role_custom: 自定义支持的sudo 命令 格式: 'CMD1, CMD2, CMD3, ...' - role_name: role name - role_chosen: 选择那些sudo的命令别名: -     NETWORKING, SOFTWARE, SERVICES, STORAGE, -     DELEGATING, PROCESSES, LOCATE, DRIVERS - :return: - """ - sudo_file_basename = os.path.join(os.path.dirname(KEY_DIR), 'role_sudo_file') - makedirs(sudo_file_basename) - sudo_file_path = os.path.join(sudo_file_basename, role_name) - - t = get_template('role_sudo.j2') - content = t.render(Context({"role_custom": role_custom, - "role_name": role_name, - "role_chosen": role_chosen, - })) - with open(sudo_file_path, 'w') as f: - f.write(content) - return sudo_file_path - - -def get_add_sudo_script(role_chosen_aliase, sudo_alias): - """ - get the sudo file - :param kwargs: - :return: - """ - sudo_j2 = get_template('jperm/role_sudo.j2') - sudo_content = sudo_j2.render(Context({"role_chosen_aliase": role_chosen_aliase, - "sudo_alias": sudo_alias})) - sudo_file = NamedTemporaryFile(delete=False) - sudo_file.write(sudo_content) - sudo_file.close() - print(sudo_file.name) - return sudo_file.name - if __name__ == "__main__": print gen_keys() diff --git a/jperm/views.py b/jperm/views.py index 1529907d7..6e5bdb658 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -10,7 +10,7 @@ from jasset.models import Asset, AssetGroup from jperm.models import PermRole, PermRule, PermSudo, PermPush from jumpserver.models import Setting -from jperm.utils import updates_dict, gen_keys, get_rand_pass, get_add_sudo_script +from jperm.utils import updates_dict, gen_keys, get_rand_pass from jperm.ansible_api import MyTask from jperm.perm_api import get_role_info, get_role_push_host from jumpserver.api import my_render, get_object, CRYPTOR @@ -440,13 +440,8 @@ def perm_role_push(request): # 3. 推送sudo配置文件 if password_push or key_push: - role_chosen_aliase = {} # {'dev': 'NETWORKING, SHUTDOWN'} - sudo_alias = set([sudo for sudo in role.sudo.all()]) # set(sudo1, sudo2, sudo3) - if sudo_alias: - role_chosen_aliase[role.name] = ','.join(sudo.name for sudo in sudo_alias if sudo.name) - add_sudo_script = get_add_sudo_script(role_chosen_aliase, sudo_alias) - ret['sudo'] = task.push_sudo_file(add_sudo_script) - os.remove(add_sudo_script) + sudo_list = set([sudo for sudo in role.sudo.all()]) # set(sudo1, sudo2, sudo3) + ret['sudo'] = task.push_sudo_file([role], sudo_list) logger.debug('推送role结果: %s' % ret) success_asset = {} diff --git a/juser/views.py b/juser/views.py index fd42cd662..a083c5d85 100644 --- a/juser/views.py +++ b/juser/views.py @@ -88,8 +88,8 @@ def group_edit(request): if request.method == 'GET': group_id = request.GET.get('id', '') - # user_group = get_object(UserGroup, id=group_id) - user_group = UserGroup.objects.get(id=group_id) + user_group = get_object(UserGroup, id=group_id) + # user_group = UserGroup.objects.get(id=group_id) users_selected = User.objects.filter(group=user_group) users_remain = User.objects.filter(~Q(group=user_group)) users_all = User.objects.all() @@ -118,7 +118,9 @@ def group_edit(request): if g == user_group: continue user.group.add(g) - + user_group.name = group_name + user_group.comment = comment + user_group.save() except ServerError, e: error = e if not error: diff --git a/templates/jperm/perm_rule_edit.html b/templates/jperm/perm_rule_edit.html index bbb7234b2..4792787fe 100644 --- a/templates/jperm/perm_rule_edit.html +++ b/templates/jperm/perm_rule_edit.html @@ -26,7 +26,7 @@
-
+ {% if error %}
{{ error }}
{% endif %} @@ -34,27 +34,27 @@
{{ msg }}
{% endif %}
- +
- +
- +
- {% for user in users %} {% endfor %} + 用户和用户组必选一个
-
- +
- {% for user_group in user_groups %} {% endfor %} @@ -63,18 +63,18 @@
- +
- {% for asset in assets %} {% endfor %} + 资产和资产组必选一个
-
- +
- {% for role in roles %} + {% for role in roles %} {% endfor %} @@ -99,7 +99,7 @@
- +
@@ -118,6 +118,46 @@ {% endblock %} {% block self_footer_js %}