Skip to content

J
jumpserver
Commit 06eedff4 authored by ibuler@qq.com's avatar ibuler@qq.com
Browse files
Options

fix common

parent afbbad16
Hide whitespace changes
Inline Side-by-side
Showing with 69 additions and 48 deletions
jperm/perm_api.py
View file @ 06eedff4
...@@ -54,19 +54,18 @@ def get_playbook(template, var): ...@@ -54,19 +54,18 @@ def get_playbook(template, var):
return path return path
def playbook_run(inventory, playbook, default_user=None, default_port=None, default_pri_key_path=None): def playbook_run(inventory, playbook, settings):
stats = callbacks.AggregateStats() stats = callbacks.AggregateStats()
playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY) playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY) runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)
# run the playbook # run the playbook
print default_user, default_port, default_pri_key_path, inventory, playbook if settings:
if default_user and default_port and default_pri_key_path:
playbook = PlayBook(host_list=inventory, playbook = PlayBook(host_list=inventory,
playbook=playbook, playbook=playbook,
forks=5, forks=5,
remote_user=default_user, remote_user=settings.default_user,
remote_port=default_port, remote_port=settings.default_port,
private_key_file=default_pri_key_path, private_key_file=settings.default_pri_key_path,
callbacks=playbook_cb, callbacks=playbook_cb,
runner_callbacks=runner_cb, runner_callbacks=runner_cb,
stats=stats, stats=stats,
...@@ -98,43 +97,67 @@ def playbook_run(inventory, playbook, default_user=None, default_port=None, defa ...@@ -98,43 +97,67 @@ def playbook_run(inventory, playbook, default_user=None, default_port=None, defa
return results_r return results_r
def perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user=None, user_group=None): def perm_user_api(perm_info):
"""用户授权api,通过调用ansible API完成用户新建等""" """
asset_new_ip = [] # 新授权的ip列表 用户授权api,通过调用ansible API完成用户新建等,传入参数必须如下,列表中可以是对象,也可以是用户名和ip
asset_del_ip = [] # 回收授权的ip列表 perm_info = {'del': {'users': [],
'assets': [],
asset_new_ip.extend([asset.ip for asset in asset_new]) # 查库,获取新授权ip },
for asset_group in asset_group_new: 'new': {'users': [],
asset_new_ip.extend([asset.ip for asset in asset_group.asset_set.all()]) # 同理 'assets': []}}
asset_del_ip.extend([asset.ip for asset in asset_del]) # 查库,获取回收授权的ip """
for asset_group in asset_group_del: try:
asset_del_ip.extend([asset.ip for asset in asset_group.asset_set.all()]) # 同理 new_users = perm_info['new']['users']
new_assets = perm_info['new']['assets']
if asset_new_ip or asset_del_ip: del_users = perm_info['del']['users']
host_group = {'new': asset_new_ip, 'del': asset_del_ip} del_assets = perm_info['del']['assets']
inventory = get_inventory(host_group) except IndexError:
if user: raise ServerError("Error: function perm_user_api传入参数错误")
the_items = user.username,
elif user_group: # 检查传入的是字符串还是对象
users = user_group.user_set.all() check_users = new_users + del_users
the_items = ','.join([user.username for user in users]) try:
if isinstance(check_users[0], str):
var_type = 'str'
else: else:
return HttpResponse('Argument error.') var_type = 'obj'
except IndexError:
raise ServerError("Error: function perm_user_api传入参数错误")
print new_assets, del_assets
print new_users, del_users
try:
if var_type == 'str':
new_ip = new_assets
del_ip = del_assets
new_username = new_users
del_username = del_users
else:
new_ip = [asset.ip for asset in new_assets if isinstance(asset, Asset)]
del_ip = [asset.ip for asset in del_assets if isinstance(asset, Asset)]
new_username = [user.username for user in new_users if isinstance(user, User)]
del_username = [user.username for user in del_users if isinstance(user, User)]
except IndexError:
raise ServerError("Error: function perm_user_api传入参数类型错误")
playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'), print new_ip, del_ip
{'the_new_group': 'new', 'the_del_group': 'del', print new_username, del_username
'the_items': the_items, 'the_pub_key': '/tmp/id_rsa.pub'})
settings = get_object(Setting, id=1) host_group = {'new': new_ip, 'del': del_ip}
if settings: inventory = get_inventory(host_group)
default_user = settings.default_user
default_port = settings.default_port the_new_users = ','.join(new_username)
default_pri_key_path = settings.default_pri_key_path the_del_users = ','.join(del_username)
else:
default_user = default_port = default_pri_key_path = ''
results_r = playbook_run(inventory, playbook, default_user, default_port, default_pri_key_path) playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'),
return results_r {'the_new_group': 'new', 'the_del_group': 'del',
'the_new_users': the_new_users, 'the_del_users': the_del_users,
'the_pub_key': '/tmp/id_rsa.pub'})
settings = get_object(Setting, name='default')
results_r = playbook_run(inventory, playbook, settings)
return results_r
def refresh_group_api(user_group=None, asset_group=None): def refresh_group_api(user_group=None, asset_group=None):
......
jperm/views.py
View file @ 06eedff4
# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply import json from django.db.models import Q from jperm.models import * from jumpserver.api import * from jperm.perm_api import * @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user=user) # 通过API授权或回收 unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group) # 通过API授权或回收 unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') # # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jperm.models import * from jumpserver.api import * from jperm.perm_api import * @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 perm_info = { 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group) # 通过API授权或回收 unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误')
\ No newline at end of file \ No newline at end of file
......
playbook/user_perm.yaml
View file @ 06eedff4
...@@ -2,18 +2,16 @@ ...@@ -2,18 +2,16 @@
tasks: tasks:
- name: del user - name: del user
user: name={{ item }} state=absent remove=yes user: name={{ item }} state=absent remove=yes
with_items: [ the_items ] with_items: [ the_del_users ]
- hosts: the_new_group - hosts: the_new_group
tasks: tasks:
- name: add user - name: add user
user: name={{ item }} state=present user: name={{ item }} state=present
with_items: [ the_items ] with_items: [ the_new_users ]
- name: .ssh direcotory - name: .ssh direcotory
file: name=/home/{{ item }}/.ssh mode=700 owner={{ item }} group={{ item }} state=directory file: name=/home/{{ item }}/.ssh mode=700 owner={{ item }} group={{ item }} state=directory
with_items: [ the_items ] with_items: [ the_new_users ]
- name: set authorizied_file - name: set authorizied_file
copy: src=the_pub_key dest=/home/{{ item }}/.ssh/authorizied_keys owner={{ item }} group={{ item }} mode=600 copy: src=the_pub_key dest=/home/{{ item }}/.ssh/authorizied_keys owner={{ item }} group={{ item }} mode=600
with_items: [ the_items ] with_items: [ the_new_users ]
templates/jperm/perm_user_edit.html
View file @ 06eedff4
...@@ -107,7 +107,7 @@ ...@@ -107,7 +107,7 @@
<div class="form-group"> <div class="form-group">
<div class="col-sm-4 col-sm-offset-2"> <div class="col-sm-4 col-sm-offset-2">
<button class="btn btn-white" type="reset">取消</button> <button class="btn btn-white" type="reset">取消</button>
<button id="submit_button" class="btn btn-primary" type="submit" onclick="checkAll('userPerm')">确认保存</button> <button id="submit_button" class="btn btn-primary" type="submit" onclick="selectAll()">确认保存</button>
</div> </div>
</div> </div>
</div> </div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment