merge with dev

jasset/views.py

@@ -160,7 +160,7 @@ def asset_add(request):
                 asset_save = af_post.save(commit=False)
                 if not use_default_auth:
                     password = request.POST.get('password', '')
-                    password_encode = CRYPTOR.encrypt(password)
+                    password_encode = password
                     asset_save.password = password_encode
                 asset_save.is_active = True if is_active else False
                 asset_save.save()

jperm/ansible_api.py

@@ -19,7 +19,6 @@ API_DIR = os.path.dirname(os.path.abspath(__file__))
 ANSIBLE_DIR = os.path.join(API_DIR, 'playbooks')
 
 
-
 class AnsibleError(StandardError):
     """
     the base AnsibleError which contains error(required),
@@ -115,7 +114,7 @@ class Command(MyInventory):
         super(Command, self).__init__(*args, **kwargs)
         self.results = ''
 
-    def run(self, command, module_name="command", timeout=5, forks=10, group='my_group'):
+    def run(self, command, module_name="command", timeout=5, forks=10, pattern='*'):
         """
         run command from andible ad-hoc.
         command  : 必须是一个需要执行的命令字符串， 比如 
@@ -128,7 +127,7 @@ class Command(MyInventory):
                      module_args=command,
                      timeout=timeout,
                      inventory=self.inventory,
-                     subset=group,
+                     pattern=pattern,
                      forks=forks
                      )
         self.results = hoc.run()

jperm/models.py

@@ -32,14 +32,14 @@ class PermRole(models.Model):
 
 class PermRule(models.Model):
     date_added = models.DateTimeField(auto_now=True)
-    name = models.CharField(max_length=100)
+    name = models.CharField(max_length=100, unique=True)
     comment = models.CharField(max_length=100)
     asset = models.ManyToManyField(Asset, related_name='perm_rule')
     asset_group = models.ManyToManyField(AssetGroup, related_name='perm_rule')
     user = models.ManyToManyField(User, related_name='perm_rule')
     user_group = models.ManyToManyField(UserGroup, related_name='perm_rule')
     role = models.ManyToManyField(PermRole, related_name='perm_rule')
-    ssh_type = models.BooleanField()
+    is_secret_key = models.BooleanField()
 
     def __unicode__(self):
         return self.name
\ No newline at end of file

jperm/utils.py

@@ -45,8 +45,13 @@ def gen_keys():
     :return: 返回目录名(uuid)
     """
     key_basename = "key-" + uuid4().hex
+<<<<<<< HEAD
     key_path_dir = os.path.join(KEY_DIR, key_basename)
     mkdir(key_path_dir, 0755)
+=======
+    key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
+    makedirs(key_path_dir, 0775)
+>>>>>>> dev
 
     key = RSAKey.generate(2048)
     private_key = os.path.join(key_path_dir, 'id_rsa')
@@ -61,6 +66,10 @@ def gen_keys():
             content_file.write(data)
     return key_path_dir
 
+<<<<<<< HEAD
+=======
+
+>>>>>>> dev
 if __name__ == "__main__":
     print gen_keys()
 

jperm/views.py

 # -*- coding: utf-8 -*-
 
-
 from django.db.models import Q
 from jperm.perm_api import *
 from jperm.models import PermLog as Log
@@ -89,7 +88,8 @@ def perm_rule_add(request):
         asset_groups_select = request.POST.getlist('assetgroup', [])
         roles_select = request.POST.getlist('role', [])
         rule_name = request.POST.get('rulename')
-        rule_comment = request.POST.get('comment')
+        rule_comment = request.POST.get('rule_comment')
+        rule_ssh_key = request.POST.get("use_publicKey")
 
         # 获取需要授权的主机列表
         assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select]
@@ -114,7 +114,9 @@ def perm_rule_add(request):
         rule.asset = assets_obj
         rule.asset_group = asset_groups_obj
         rule.role = roles_obj
+        rule.is_secret_key = bool(rule_ssh_key)
         rule.save()
+
         return HttpResponse(u"添加授权规则：%s" % rule.name)
 
 
@@ -130,8 +132,10 @@ def perm_rule_edit(request):
     rule_id = request.GET.get("id")
     rule = PermRule.objects.get(id=rule_id)
 
+
     if request.method == 'GET' and rule_id:
         # 渲染数据, 获取所有的rule对象
+        rule_comment = rule.comment
         users = rule.user.all()
         user_groups = rule.user_group.all()
         assets = rule.asset.all()
@@ -141,7 +145,44 @@ def perm_rule_edit(request):
         return my_render('jperm/perm_rule_edit.html', locals(), request)
 
     elif request.method == 'POST' and rule_id:
-        return HttpResponse("uncompleted")
+        # 获取用户选择的 用户,用户组,资产,资产组,用户角色
+        rule_name = request.POST.get('rule_name')
+        rule_comment = request.POST.get("rule_comment")
+        users_select = request.POST.getlist('user', [])
+        user_groups_select = request.POST.getlist('usergroup', [])
+        assets_select = request.POST.getlist('asset', [])
+        asset_groups_select = request.POST.getlist('assetgroup', [])
+        roles_select = request.POST.getlist('role', [])
+
+        # 获取需要授权的主机列表
+        assets_obj = [Asset.objects.get(ip=asset) for asset in assets_select]
+        asset_groups_obj = [AssetGroup.objects.get(name=group) for group in asset_groups_select]
+        group_assets_obj = [asset for asset in [group.asset_set.all() for group in asset_groups_obj]]
+        calc_assets = set(group_assets_obj) | set(assets_obj)
+
+        # 获取需要授权的用户列表
+        users_obj = [User.objects.get(name=user) for user in users_select]
+        user_groups_obj = [UserGroup.objects.get(name=group) for group in user_groups_select]
+        group_users_obj = [user for user in [group.user_set.all() for group in user_groups_obj]]
+        calc_users = set(group_users_obj) | set(users_obj)
+
+        # 获取授予的角色列表
+        roles_obj = [PermRole.objects.get(name=role) for role in roles_select]
+
+        # 仅授权成功的，写回数据库(授权规则,用户,用户组,资产,资产组,用户角色)
+        rule.user = users_obj
+        rule.usergroup = user_groups_obj
+        rule.asset = assets_obj
+        rule.asset_group = asset_groups_obj
+        rule.role = roles_obj
+        rule.name = rule_name
+        rule.comment = rule.comment
+
+        print rule, rule.name
+        rule.save()
+        return HttpResponse(u"更新授权规则：%s" % rule.name)
+
+
 
 
 @require_role('admin')
@@ -252,8 +293,12 @@ def perm_role_detail(request):
         role_info = get_role_info(role_id)
 
         # 渲染数据
-        for key, value in role_info.iteritems():
-            key = value
+        rules = role_info.get("rules")
+        assets = role_info.get("assets")
+        asset_groups = role_info.get("asset_groups")
+        users = role_info.get("users")
+        user_groups = role_info.get("user_groups")
+
         return my_render('jperm/perm_role_detail.html', locals(), request)
 
 
@@ -265,15 +310,27 @@ def perm_role_edit(request):
     # 渲染数据
     header_title, path1, path2 = "系统角色", "角色管理", "角色编辑"
 
+    # 渲染数据
+    role_id = request.GET.get("id")
+    role = PermRole.objects.get(id=role_id)
     if request.method == "GET":
-        role_id = request.GET.get("id")
-        # 渲染数据
-        role = PermRole.objects.get(id=role_id)
-
         return my_render('jperm/perm_role_edit.html', locals(), request)
 
     if request.method == "POST":
-        return HttpResponse(u"未实现")
+        # 获取 POST 数据
+        role_name = request.POST.get("role_name")
+        role_password = request.POST.get("role_password")
+        role_comment = request.POST.get("role_comment")
+
+        # 写入数据库
+        role.name = role_name
+        role.password = role_password
+        role.comment = role_comment
+
+        role.save()
+        return HttpResponse(u"更新系统角色： %s" % role.name)
+
+
 
 
 @require_role('admin')
@@ -326,10 +383,13 @@ def perm_role_push(request):
         task = Tasks(push_resource)
         ret = {}
         ret_failed = []
-        if password_push:
-            ret["password_push"] = task.add_multi_user(**role_pass)
-            if ret["password_push"].get("status") != "success":
-                ret_failed.append(1)
+
+        # 因为要先建立用户，所以password 是必选项，
+        # 而push key是在 password也完成的情况下的 可选项
+        ret["password_push"] = task.add_multi_user(**role_pass)
+        if ret["password_push"].get("status") != "success":
+            ret_failed.append(1)
+
         if key_push:
             ret["key_push"] = task.push_multi_key(**role_key)
             if ret["key_push"].get("status") != "success":

jumpserver.conf

@@ -9,7 +9,7 @@ log = debug
 host = 127.0.0.1
 port = 3306
 user = jumpserver
-password = mysql234
+password = mysql1234
 database = jumpserver
 
 [websocket]

jumpserver/api.py

@@ -14,10 +14,8 @@ from django.core.paginator import Paginator, EmptyPage, InvalidPage
 from django.http import HttpResponse, Http404
 from django.template import RequestContext
 from juser.models import User, UserGroup
+from jlog.models import Log
 from jasset.models import Asset, AssetGroup
-# from jlog.models import Log
-from jlog.models import Log, TtyLog
-from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
 from django.http import HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.core.mail import send_mail
@@ -413,4 +411,3 @@ def my_render(template, data, request):
 
 CRYPTOR = PyCrypt(KEY)
 logger = set_log(LOG_LEVEL)
-KEY_DIR = os.path.join(BASE_DIR, 'keys')

jumpserver/settings.py

@@ -18,7 +18,7 @@ config = ConfigParser.ConfigParser()
 BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
 config.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
 
-KEY_DIR = os.path.join(BASE_DIR, 'role_keys')
+KEY_DIR = os.path.join(BASE_DIR, 'keys')
 
 DB_HOST = config.get('db', 'host')
 DB_PORT = config.getint('db', 'port')

jumpserver/views.py

@@ -15,7 +15,6 @@ from jumpserver.api import *
 from jumpserver.models import Setting
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.decorators import login_required
-from settings import BASE_DIR
 from jlog.models import Log
 
 

templates/jperm/perm_role_edit.html

@@ -40,6 +40,13 @@
                                 </div>
                             </div>
                             <div class="hr-line-dashed"></div>
+                            <div class="form-group">
+                                <label for="role_password_label" class="col-sm-2 control-label">角色密码<span class="red-fonts">*</span></label>
+                                <div class="col-sm-8">
+                                    <input id="role_password" name="role_password" type="password" class="form-control" value="{{ role.password }}">
+                                </div>
+                            </div>
+                            <div class="hr-line-dashed"></div>
                             <div class="form-group">
                                 <label for="role_comment" class="col-sm-2 control-label">备注</label>
                                 <div class="col-sm-8">

templates/jperm/perm_role_push.html

@@ -67,16 +67,6 @@
                             </div>
                             <div class="hr-line-dashed"></div>
                             <div class="row">
-                                <div class="form-group">
-                                    <label for="j_group" class="col-sm-2 control-label">使用密码</label>
-                                    <div class="col-sm-1">
-                                        <div class="radio i-checks">
-                                            <label>
-                                                <input type="checkbox"  value="1" id="use_password" name="use_password">
-                                            </label>
-                                        </div>
-                                    </div>
-                                </div>
                                 <div class="form-group">
                                     <label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
                                     <div class="col-sm-1">

templates/jperm/perm_rule_add.html

@@ -96,27 +96,6 @@
                             </div>
 
                                 <div class="hr-line-dashed"></div>
-
-                                <div class="form-group">
-                                    <label for="j_group" class="col-sm-2 control-label">使用密码</label>
-                                    <div class="col-sm-1">
-                                        <div class="radio i-checks">
-                                            <label>
-                                                <input type="checkbox"  value="0" id="use_password" name="use_password">
-                                            </label>
-                                        </div>
-                                    </div>
-                                </div>
-
-                                <div class="form-group" id="admin_account_password" style="display: none">
-                                    <label class="col-sm-1 control-label"> 密码<span class="red-fonts">*</span> </label>
-                                    <div class="col-sm-4">
-                                        <input type="password"  name="password" class="form-control">
-                                    </div>
-                                </div>
-
-                                <div class="hr-line-dashed"></div>
-
                                 <div class="form-group">
                                     <label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
                                     <div class="col-sm-1">
@@ -128,18 +107,11 @@
                                     </div>
                                 </div>
 
-                                <div class="form-group" id="admin_account_publicKey" style="display: none">
-                                    <label class="col-sm-1 control-label"> 秘钥<span class="red-fonts">*</span> </label>
-                                    <div class="col-sm-4">
-                                        <input type="password" name="password" class="form-control">
-                                    </div>
-                                </div>
-
                             <div class="hr-line-dashed"></div>
                             <div class="form-group">
                                 <label for="comment" class="col-sm-2 control-label">备注</label>
                                 <div class="col-sm-8">
-                                    <input id="comment" name="comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
+                                    <input id="rule_comment" name="rule_comment" placeholder="Rule Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
                                 </div>
                             </div>
                             <div class="hr-line-dashed"></div>

templates/jperm/perm_rule_edit.html

@@ -96,27 +96,6 @@
                             </div>
 
                                 <div class="hr-line-dashed"></div>
-
-                                <div class="form-group">
-                                    <label for="j_group" class="col-sm-2 control-label">使用密码</label>
-                                    <div class="col-sm-1">
-                                        <div class="radio i-checks">
-                                            <label>
-                                                <input type="checkbox"  value="0" id="use_password" name="use_password">
-                                            </label>
-                                        </div>
-                                    </div>
-                                </div>
-
-                                <div class="form-group" id="admin_account_password" style="display: none">
-                                    <label class="col-sm-1 control-label"> 密码<span class="red-fonts">*</span> </label>
-                                    <div class="col-sm-4">
-                                        <input type="password"  name="password" class="form-control">
-                                    </div>
-                                </div>
-
-                                <div class="hr-line-dashed"></div>
-
                                 <div class="form-group">
                                     <label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
                                     <div class="col-sm-1">
@@ -128,18 +107,11 @@
                                     </div>
                                 </div>
 
-                                <div class="form-group" id="admin_account_publicKey" style="display: none">
-                                    <label class="col-sm-1 control-label"> 秘钥<span class="red-fonts">*</span> </label>
-                                    <div class="col-sm-4">
-                                        <input type="password" name="password" class="form-control">
-                                    </div>
-                                </div>
-
                             <div class="hr-line-dashed"></div>
                             <div class="form-group">
                                 <label for="comment" class="col-sm-2 control-label">备注</label>
                                 <div class="col-sm-8">
-                                    <input id="comment" name="comment" placeholder="Comment" type="text" class="form-control" {% if error %}value="{{ username }}" {% endif %}>
+                                    <input id="role_comment" name="role_comment" placeholder="Rule Comment" type="text" class="form-control" value="{{ rule_comment }}">
                                 </div>
                             </div>
                             <div class="hr-line-dashed"></div>

templates/jperm/perm_rule_list.html

@@ -55,19 +55,19 @@
                             <tr class="gradeX" id={{ rule.id }}>
                                 <td class="text-center"> {{ rule.name }} </td>
                                 <td class="text-center">
-                                    <a href="/jasset/asset_list/?gid={{ user.id }}">{{ rule | rule_member_count:"user" }} </a>
+                                    {{ rule | rule_member_count:"user" }}
                                 </td>
                                 <td class="text-center">
-                                    <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"user_group" }}</a>
+                                    {{ rule | rule_member_count:"user_group" }}
                                 </td>
                                 <td class="text-center">
-                                    <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"asset" }}</a>
+                                    {{ rule | rule_member_count:"asset" }}
                                 </td>
                                 <td class="text-center">
-                                    <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"asset_group" }}</a>
+                                    {{ rule | rule_member_count:"asset_group" }}
                                 </td>
                                 <td class="text-center">
-                                    <a href="/jasset/group_list/?gid={{ user.id }}">{{ rule | rule_member_count:"role" }}</a>
+                                    {{ rule | rule_member_count:"role" }}
                                 </td>
                                 <td class="text-center">
                                     <a href="/jperm/perm_rule_detail/?id={{ rule.id }}" class="btn btn-xs btn-primary">详情</a>