jumpserver/apps/assets/tasks/utils.py

66 lines
2.0 KiB
Python

# -*- coding: utf-8 -*-
#
from django.utils.translation import ugettext as _
from common.utils import get_logger
logger = get_logger(__file__)
__all__ = [
'check_asset_can_run_ansible', 'clean_ansible_task_hosts',
'group_asset_by_platform',
]
def check_asset_can_run_ansible(asset):
if not asset.is_active:
msg = _("Asset has been disabled, skipped: {}").format(asset)
logger.info(msg)
return False
if not asset.is_support_ansible():
msg = _("Asset may not be support ansible, skipped: {}").format(asset)
logger.info(msg)
return False
return True
def check_system_user_can_run_ansible(system_user):
if not system_user.auto_push_account:
logger.warn(f'Push system user task skip, auto push not enable: system_user={system_user.name}')
return False
if not system_user.is_protocol_support_push:
logger.warn(f'Push system user task skip, protocol not support: '
f'system_user={system_user.name} protocol={system_user.protocol} '
f'support_protocol={system_user.SUPPORT_PUSH_PROTOCOLS}')
return False
# Push root as system user is dangerous
if system_user.username.lower() in ["root", "administrator"]:
msg = _("For security, do not push user {}".format(system_user.username))
logger.info(msg)
return False
return True
def clean_ansible_task_hosts(assets, system_user=None):
if system_user and not check_system_user_can_run_ansible(system_user):
return []
cleaned_assets = []
for asset in assets:
if not check_asset_can_run_ansible(asset):
continue
cleaned_assets.append(asset)
if not cleaned_assets:
logger.info(_("No assets matched, stop task"))
return cleaned_assets
def group_asset_by_platform(asset):
if asset.is_unixlike():
return 'unixlike'
elif asset.is_windows():
return 'windows'
else:
return 'other'