回收sudo用户，添加sudo别名添加规则检查

2016-01-07 15:15:44 +08:00 · 2016-01-07 15:15:44 +08:00 · f6a228008b
parent 01511c0d5a
commit f6a228008b
3 changed files with 35 additions and 2 deletions
--- a/jperm/ansible_api.py
+++ b/jperm/ansible_api.py
@ -364,6 +364,16 @@ class MyTask(MyRunner):
        self.run("user", module_args, become=True)
        return self.results

+    def del_user_sudo(self, username):
+        """
+        delete a role sudo item
+        :param username:
+        :return:
+        """
+        module_args = "sed -i 's/^%s.*//' /etc/sudoers" % username
+        self.run("command", module_args, become=True)
+        return self.results
+
    @staticmethod
    def gen_sudo_script(role_list, sudo_list):
        # receive role_list = [role1, role2] sudo_list = [sudo1, sudo2]
--- a/jperm/views.py
+++ b/jperm/views.py
@ -358,11 +358,13 @@ def perm_role_delete(request):
                recycle_resource = gen_resource(recycle_assets)
                task = MyTask(recycle_resource)
                try:
-                    msg = task.del_user(get_object(PermRole, id=role_id).name)
+                    msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
+                    msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name)
                except Exception, e:
                    logger.warning(u"Recycle Role failed: %s" % e)
                    raise ServerError(u"回收已推送的系统用户失败: %s" % e)
-                logger.info(u"delete role %s - execute delete user: %s" % (role.name, msg))
+                logger.info(u"delete role %s - execute delete user: %s" % (role.name, msg_del_user))
+                logger.info(u"delete role %s - execute delete sudo: %s" % (role.name, msg_del_sudo))
                # TODO: 判断返回结果，处理异常
            # 删除存储的秘钥，以及目录
            try:
--- a/templates/jperm/perm_sudo_edit.html
+++ b/templates/jperm/perm_sudo_edit.html
@ -112,7 +112,28 @@ var config = {
 for (var selector in config) {
    $(selector).chosen(config[selector]);
 }
+$('#sudoForm').validator({
+    timely: 2,
+    theme: "yellow_right_effect",
+    rules: {
+        check_name: [/^\w{2,20}$/, '大写字母,2-20位']
+    },

+    fields: {
+        "sudo_name": {
+            rule: "required;check_name"
+        },
+        "sudo_runas": {
+            rule: "required;check_name"
+        },
+        "sudo_commands": {
+            rule: "required"
+        }
+    },
+    valid: function(form) {
+            form.submit();
+        }
+});
 </script>
    <script src="/static/js/cropper/cropper.min.js"></script>
    <script src="/static/js/datapicker/bootstrap-datepicker.js"></script>