github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

修改推送用户

pull/26/head
ibuler 2015-11-30 19:06:25 +08:00
parent 8dd4a9fce1
commit f7c8ad6f38
11 changed files with 179 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jperm/ansible_api.py
View File

@ -451,12 +451,12 @@ class Tasks(Command):
if not ret1["msg"]:
result["step1"] = "ok"
else:
result["step1"] = "failed"
result["msg"] = ret1["msg"]
if not ret2["msg"] and "failed" not in ret2_status:
result["step2"] = "ok"
else:
result["step2"] = "failed"
result["msg"] = ret1["msg"]
return result

11
jperm/models.py
View File

@ -13,12 +13,6 @@ class PermLog(models.Model):
is_finish = models.BooleanField(default=False)
class SysUser(models.Model):
username = models.CharField(max_length=100)
password = models.CharField(max_length=100)
comment = models.CharField(max_length=100, null=True, blank=True, default='')
class PermSudo(models.Model):
name = models.CharField(max_length=100, unique=True)
date_added = models.DateTimeField(auto_now=True)
@ -56,12 +50,11 @@ class PermRule(models.Model):
class PermPush(models.Model):
date_added = models.DateTimeField(auto_now=True)
asset = models.ManyToManyField(Asset, related_name='perm_push')
asset_group = models.ManyToManyField(AssetGroup, related_name='perm_push')
asset = models.ForeignKey(Asset, related_name='perm_push')
role = models.ForeignKey(PermRole, related_name='perm_push')
is_public_key = models.BooleanField(default=False)
is_password = models.BooleanField(default=False)
success = models.BooleanField(default=False)
result = models.TextField()
date_added = models.DateTimeField(auto_now=True)

47
jperm/perm_api.py
View File

@ -6,8 +6,7 @@ import uuid
import re
from jumpserver.models import Setting
from jperm.models import PermRole
from jperm.models import PermRule
from jperm.models import PermRole, PermPush, PermRule
def get_group_user_perm(ob):
@ -266,41 +265,21 @@ def get_role_info(role_id, type="all"):
return u"不支持的查询"
def get_role_push_host(role, raw=False):
def get_role_push_host(role):
"""
get the role push host
:return: the asset object
asset_pushed: {'success': push.success, 'key': push.is_public_key, 'password': push.is_password,
'result': push.result}
asset_no_push: set(asset1, asset2)
"""
# 计算该role 所有push记录 总共推送的主机
assets = []
asset_groups = []
for push in role.perm_push.all():
assets.extend(push.asset.all())
asset_groups.extend(push.asset_group.all())
group_assets = []
for asset_group in asset_groups:
group_assets.extend(asset_group.asset_set.all())
cacl_assets = set(assets) | set(group_assets)
if raw:
return {'asset': cacl_assets, 'asset_group': set(asset_groups)}
# 计算所有主机 在push记录里面的 使用密码和使用秘钥状况
result = []
for asset in cacl_assets:
all_push = asset.perm_push.all()
if True in [push.is_password for push in all_push if role in push.role.all()]:
is_password = u""
else:
is_password = u""
if True in [push.is_public_key for push in all_push if role in push.role.all()]:
is_public_key = u""
else:
is_public_key = u""
result.append({"ip": asset.ip,
"group": ','.join([group.name for group in asset.group.all()]),
"password": is_password,
"pubkey": is_public_key})
return result
pushs = PermPush.objects.filter(role=role)
asset_all = Asset.objects.all()
asset_pushed = {}
for push in pushs:
asset_pushed[push.asset] = {'success': push.success, 'key': push.is_public_key, 'password': push.is_password,
'result': push.result}
asset_no_push = set(asset_all) - set(asset_pushed.keys())
return asset_pushed, asset_no_push
if __name__ == "__main__":
print get_role_info(1)

97
jperm/views.py
View File

@ -94,8 +94,8 @@ def perm_rule_add(request):
# 获取需要授权的主机列表
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in assets_select]
asset_groups_obj = [AssetGroup.objects.get(id=group_id) for group_id in asset_groups_select]
# group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]]
# calc_assets = set(group_assets_obj) | set(assets_obj)
group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]]
calc_assets = set(group_assets_obj) | set(assets_obj)
# 获取需要授权的用户列表
users_obj = [User.objects.get(id=user_id) for user_id in users_select]
@ -105,19 +105,13 @@ def perm_rule_add(request):
# 获取授予的角色列表
roles_obj = [PermRole.objects.get(id=role_id) for role_id in roles_select]
need_push_asset = set()
for role in roles_obj:
push_assets_or_group = get_role_push_host(role=role, raw=True)
push_assets = push_assets_or_group.get('asset')
push_asset_groups = push_assets_or_group.get('asset_group')
no_push_assets = set(assets_obj) - set(push_assets)
no_push_asset_groups = set(asset_groups_obj) - set(push_asset_groups)
if no_push_assets:
asset_no_push = get_role_push_host(role=role)[1]
need_push_asset.update(set(calc_assets) - set(asset_no_push))
if need_push_asset:
raise ServerError(u'没有推送角色 %s 的主机 %s'
% (role.name, ','.join([asset.hostname for asset in no_push_assets])))
elif no_push_asset_groups:
raise ServerError(u'没有推送角色 %s 的主机组 %s'
% (role.name, ','.join(asset_group.name for asset_group in no_push_asset_groups)))
% (role.name, ','.join([asset.hostname for asset in need_push_asset])))
# 仅授权成功的,写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
rule = PermRule(name=rule_name, comment=rule_comment)
@ -264,10 +258,7 @@ def perm_role_add(request):
if get_object(PermRole, name=name):
raise ServerError('已经存在该用户 %s' % name)
default = get_object(Setting, name='default')
if default and name == default.field1:
raise ServerError('与默认管理账号同名')
if name == 'root':
raise ServerError('不能为root')
if password:
encrypt_pass = CRYPTOR.encrypt(password)
else:
@ -336,7 +327,7 @@ def perm_role_detail(request):
asset_groups = role_info.get("asset_groups")
users = role_info.get("users")
user_groups = role_info.get("user_groups")
push_info = get_role_push_host(PermRole.objects.get(id=role_id))
pushed_asset, need_push_asset = get_role_push_host(get_object(PermRole, id=role_id))
return my_render('jperm/perm_role_detail.html', locals(), request)
@ -440,8 +431,8 @@ def perm_role_push(request):
logger.debug('推送role res: %s' % push_resource)
# 调用Ansible API 进行推送
password_push = request.POST.get("use_password")
key_push = request.POST.get("use_publicKey")
password_push = True if request.POST.get("use_password") else False
key_push = True if request.POST.get("use_publicKey") else False
task = Tasks(push_resource)
ret = {}
ret_failed = {}
@ -451,43 +442,57 @@ def perm_role_push(request):
if password_push:
ret["password_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))
if ret["password_push"].get("status") != "success":
ret_failed["step1"] == "failed"
ret_failed = ret["password_push"].get('msg')
# 2. 以秘钥 方式推送角色
if key_push:
ret["password_push"] = task.add_user(role.name)
if ret["password_push"].get("status") != "ok":
ret_failed["step2-1"] = "failed"
ret_failed = ret["password_push"].get('msg')
ret["key_push"] = task.push_key(role.name, os.path.join(role.key_path, 'id_rsa.pub'))
if ret["key_push"].get("status") != "ok":
ret_failed["step2-2"] = "failed"
ret_failed = ret["key_push"].get('msg')
# 3. 推送sudo配置文件
role_chosen_aliase = {} # {'dev': 'NETWORKING, SHUTDOWN'}
sudo_alias = set([sudo for sudo in role.sudo.all()]) # set(sudo1, sudo2, sudo3)
role_chosen_aliase[role.name] = ','.join(sudo.name for sudo in sudo_alias)
add_sudo_script = get_add_sudo_script(role_chosen_aliase, sudo_alias)
ret['sudo'] = task.push_sudo_file(add_sudo_script)
if password_push or key_push:
role_chosen_aliase = {} # {'dev': 'NETWORKING, SHUTDOWN'}
sudo_alias = set([sudo for sudo in role.sudo.all()]) # set(sudo1, sudo2, sudo3)
role_chosen_aliase[role.name] = ','.join(sudo.name for sudo in sudo_alias)
add_sudo_script = get_add_sudo_script(role_chosen_aliase, sudo_alias)
ret['sudo'] = task.push_sudo_file(add_sudo_script)
if ret['sudo']["step1"] != "ok" or ret['sudo']["step2"] != "ok":
ret_failed["step3"] = "failed"
os.remove(add_sudo_script)
if ret['sudo'].get('msg'):
ret_failed = ret['sudo'].get('msg')
os.remove(add_sudo_script)
logger.debug('推送role结果: %s' % ret)
# 结果汇总统计
if ret_failed:
# 推送失败
error = u"推送失败, 原因: %s 失败" % ','.join(ret_failed.keys())
else:
# 推送成功 回写push表
msg = u"推送系统角色: %s" % ','.join(role_chosen_aliase.keys())
push = PermPush(is_public_key=bool(key_push), is_password=bool(password_push))
push.save()
push.asset_group = asset_groups_obj
push.asset = calc_assets
push.role = role
push.save()
logger.debug('推送role错误: %s' % ret_failed)
success_asset = []
failed_asset = []
# 推送成功 回写push表
for asset in calc_assets:
push_check = PermPush.objects.filter(role=role, asset=asset)
if push_check:
func = push_check.update
else:
def func(**kwargs):
PermPush(**kwargs).save()
if ret_failed.get(asset.hostname):
failed_asset.append(asset)
func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=False,
result=ret_failed.get(asset.hostname))
else:
success_asset.append(asset)
func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=True)
if not failed_asset:
msg = u'角色 %s 推送成功[ %s ]' % (role.name, ','.join([asset.hostname for asset in success_asset]))
else:
error = u'角色 %s 推送失败 [ %s ], 推送成功 [ %s ]' % (role.name,
','.join([asset.hostname for asset in failed_asset]),
','.join([asset.hostname for asset in success_asset]))
return my_render('jperm/perm_role_push.html', locals(), request)
@ -586,7 +591,3 @@ def perm_sudo_delete(request):
return HttpResponse(u"不支持该操作")
def role_push_list(request):
push_all = PermPush.objects.all()
return my_render('jperm/role_push_list.html', locals(), request)

88
templates/index.html
View File

@ -104,50 +104,48 @@
<div class="row">
<div class="col-lg-4">
<div class="ibox float-e-margins">
<div class="ibox-title">
<h5>权限申请</h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user"></ul>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content ibox-heading">
<h3><i class="fa fa-envelope-o"></i> 权限申请记录 </h3>
<small><i class="fa fa-map-marker"></i> 最近十条权限申请记录信息.</small>
</div>
<div class="ibox-content">
<div class="feed-activity-list">
{% if perm_apply_10 %}
{% for perm in perm_apply_10 %}
<div class="feed-element">
<div>
{% ifequal perm.status 0 %}
<small class="pull-right text-navy">{{ perm.date_add|naturaltime }}</small>
{% else %}
<small class="pull-right">{{ perm.date_add|naturaltime }}</small>
{% endifequal %}
<strong>{{ perm.applyer }}</strong>
{# <div>申请 {{ perm.bisgroup|ast_to_list }} 主机组权限</div>#}
{# <div>申请 {{ perm.asset|ast_to_list }} 主机权限</div>#}
<small class="text-muted">{{ perm.date_add }}</small>
</div>
</div>
{% endfor %}
{% else %}
<p class="text-center">(暂无)</p>
{% endif %}
</div>
</div>
</div>
{# <div class="ibox float-e-margins">#}
{# <div class="ibox-title">#}
{# <h5>权限申请</h5>#}
{# <div class="ibox-tools">#}
{# <a class="collapse-link">#}
{# <i class="fa fa-chevron-up"></i>#}
{# </a>#}
{# <a class="dropdown-toggle" data-toggle="dropdown" href="#">#}
{# <i class="fa fa-wrench"></i>#}
{# </a>#}
{# <ul class="dropdown-menu dropdown-user"></ul>#}
{# <a class="close-link">#}
{# <i class="fa fa-times"></i>#}
{# </a>#}
{# </div>#}
{# </div>#}
{# <div class="ibox-content ibox-heading">#}
{# <h3><i class="fa fa-envelope-o"></i> 权限申请记录 </h3>#}
{# <small><i class="fa fa-map-marker"></i> 最近十条权限申请记录信息.</small>#}
{# </div>#}
{# <div class="ibox-content">#}
{# <div class="feed-activity-list">#}
{# {% if perm_apply_10 %}#}
{# {% for perm in perm_apply_10 %}#}
{# <div class="feed-element">#}
{# <div>#}
{# {% ifequal perm.status 0 %}#}
{# <small class="pull-right text-navy">{{ perm.date_add|naturaltime }}</small>#}
{# {% else %}#}
{# <small class="pull-right">{{ perm.date_add|naturaltime }}</small>#}
{# {% endifequal %}#}
{# <strong>{{ perm.applyer }}</strong>#}
{# <small class="text-muted">{{ perm.date_add }}</small>#}
{# </div>#}
{# </div>#}
{# {% endfor %}#}
{# {% else %}#}
{# <p class="text-center">(暂无)</p>#}
{# {% endif %}#}
{# </div>#}
{# </div>#}
{# </div>#}
<div class="ibox float-e-margins">
<div class="ibox-title">
@ -306,7 +304,7 @@
</div>
</div>
</div>
</div>
{# </div>#}
</div>
{% endblock %}

70
templates/jperm/perm_role_detail.html
View File

@ -6,7 +6,7 @@
{% include 'nav_cat_bar.html' %}
<div class="wrapper wrapper-content animated fadeInRight">
<div class="row">
<div class="col-lg-4">
<div class="col-sm-4">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span class="label label-primary"><b>授权规则</b></span>
@ -52,7 +52,7 @@
</div>
</div>
</div>
<div class="col-lg-4">
<div class="col-sm-4">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span class="label label-primary"><b>授权用户/用户组</b></span>
@ -98,7 +98,7 @@
</div>
</div>
</div>
<div class="col-lg-4">
<div class="col-sm-4">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span class="label label-primary"><b>授权主机/主机组</b></span>
@ -146,7 +146,7 @@
</div>
</div>
<div class="row">
<div class="col-lg-12">
<div class="col-sm-4">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span class="label label-primary"><b>推送主机</b></span>
@ -175,18 +175,64 @@
<thead>
<tr>
<th class="text-center">主机</th>
<th class="text-center">主机组</th>
<th class="text-center">使用密码</th>
<th class="text-center">使用秘钥</th>
<th class="text-center">密钥</th>
<th class="text-center">密码</th>
<th class="text-center">结果</th>
</tr>
</thead>
<tbody>
{% for host in push_info %}
{% for asset, info in pushed_asset.items %}
<tr class="gradeX">
<td class="text-center"> {{ host.ip }} </td>
<td class="text-center"> {{ host.group }} </td>
<td class="text-center"> {{ host.password }} </td>
<td class="text-center"> {{ host.pubkey }} </td>
<td class="text-center"> {{ asset.hostname }} </td>
<td class="text-center"> {{ info.key | yesno:"是,否,未知" }} </td>
<td class="text-center"> {{ info.password | yesno:"是,否,未知" }} </td>
{% if info.success %}
<td class="text-center" style="color: #1ab394;" >{{ info.success | yesno:"成功,失败,未知" }} </td>
{% else %}
<td class="text-center" style="color: #ec4758;cursor: help" title="{{ info.result }}" >{{ info.success | yesno:"成功,失败,未知" }} </td>
{% endif %}
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<div class="col-sm-4">
<div class="ibox float-e-margins">
<div class="ibox-title">
<span class="label label-primary"><b>未推送主机</b></span>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<a class="close-link">
<i class="fa fa-times"></i>
</a>
</div>
</div>
<div class="ibox-content">
<div>
<div class="text-left">
<table class="table table-striped" id="ugedit" >
<thead>
<tr>
<th class="text-center">主机</th>
<th class="text-center">IP</th>
</tr>
</thead>
<tbody>
{% for asset in need_push_asset %}
<tr class="gradeX">
<td class="text-center"> {{ asset.hostname }} </td>
<td class="text-center"> {{ asset.ip }} </td>
</tr>
{% endfor %}
</tbody>

8
templates/jperm/perm_role_list.html
View File

@ -48,9 +48,9 @@
<thead>
<tr>
<th class="text-center">名称 </th>
<th class="text-center">备注</th>
<th class="text-center">创建时间</th>
<th class="text-center">sudo别名</th>
<th class="text-center">创建时间</th>
<th class="text-center">备注</th>
<th class="text-center">操作</th>
</tr>
</thead>
@ -58,9 +58,9 @@
{% for role in roles %}
<tr class="gradeX" id={{ role.id }}>
<td class="text-center"> {{ role.name }} </td>
<td class="text-center"> {{ role.comment }} </td>
<td class="text-center"> {{ role.date_added | date:"Y-m-d H:i:s"}} </td>
<td class="text-center"> {{ role | role_contain_which_sudos }} </td>
<td class="text-center"> {{ role.date_added | date:"Y-m-d H:i:s"}} </td>
<td class="text-center"> {{ role.comment }} </td>
<td class="text-center">
<a href="/jperm/role/perm_role_detail/?id={{ role.id }}" class="btn btn-xs btn-primary">详情</a>
<a href="/jperm/role/perm_role_edit/?id={{ role.id }}" class="btn btn-xs btn-info">编辑</a>

4
templates/jperm/perm_role_push.html
View File

@ -45,7 +45,7 @@
<div class="col-sm-8">
<select name="assets" id="assets" data-placeholder="请选择资产" class="chosen-select form-control m-b" multiple tabindex="2">
{% for asset in assets %}
<option value="{{ asset.id }}">{{ asset.ip }}</option>
<option value="{{ asset.id }}" {% if asset in pushed_assets %}selected{% endif %}>{{ asset.hostname }}</option>
{% endfor %}
</select>
</div>
@ -56,7 +56,7 @@
<div class="col-sm-8">
<select name="asset_groups" data-placeholder="请选择资产组" class="chosen-select form-control m-b" multiple tabindex="2">
{% for asset_group in asset_groups %}
<option value="{{ asset_group.id }}">{{ asset_group.name }}</option>
<option value="{{ asset_group.id }}"{% if asset_group in pushed_asset_groups %}selected{% endif %}>{{ asset_group.name }}</option>
{% endfor %}
</select>
</div>

2
templates/jperm/perm_rule_add.html
View File

@ -68,7 +68,7 @@
<div class="col-sm-8">
<select name="asset" id="asset" data-placeholder="请选择资产" class="chosen-select form-control m-b" multiple tabindex="2">
{% for asset in assets %}
<option value="{{ asset.id }}">{{ asset.ip }}</option>
<option value="{{ asset.id }}">{{ asset.hostname }}</option>
{% endfor %}
</select>
<span class="help-block m-b-none">资产和资产组必选一个</span>

7
templates/juser/group_list.html
View File

@ -55,11 +55,12 @@
{% for group in user_groups.object_list %}
<tr class="gradeX">
<td class="text-center">
<input class="shiftCheckbox"
type="checkbox" name="selected" value="{{ group.id }}">
<input class="shiftCheckbox" type="checkbox" name="selected" value="{{ group.id }}">
</td>
<td class="text-center"> {{ group.name }} </td>
<td class="text-center"><a href="/juser/user_list/?gid={{ group.id }}"> {{ group.id | members_count }}</a> </td>
<td class="text-center">
<a href="/juser/user_list/?gid={{ group.id }}"> {{ group.id | members_count }}</a>
</td>
<td class="text-center"> {{ group.comment }} </td>
<td class="text-center">
<a href="../group_edit/?id={{ group.id }}" class="btn btn-xs btn-info">编辑</a>

2
templates/nav.html
View File

@ -24,7 +24,7 @@
<li id="jperm">
<a href="#"><i class="fa fa-edit"></i> <span class="nav-label">授权管理</span><span class="fa arrow"></span></a>
<ul class="nav nav-second-level">
<li class="rule ">
<li class="rule perm_rule_add">
<a href="/jperm/rule/">授权规则</a>
</li>