1. delete role filed : is_screty_key

2. rule edit page  add selected mark
3. role add page  consider user use_default_auth attribute
4. role password use jumpserver api CRYPTO to crypt
5. fixed ansible api auto load local host file (/etc/ansible/hosts) bug
6. ansible api command and task  interface add pattern  default argument( pattern='*')

jperm/ansible_api.py

@@ -17,6 +17,7 @@ from utils                     import get_rand_pass
 import os.path
 API_DIR = os.path.dirname(os.path.abspath(__file__))
 ANSIBLE_DIR = os.path.join(API_DIR, 'playbooks')
+NULL_FILE = os.path.join(ANSIBLE_DIR, 'ansible_need.txt')
 
 
 
@@ -61,7 +62,7 @@ class MyInventory(object):
             [{"hostname": "10.10.10.10", "port": "22", "username": "test", "password": "mypass"}, ...]
         """
         self.resource = resource
-        self.inventory = Inventory()
+        self.inventory = Inventory(host_list=NULL_FILE)
         self.gen_inventory()
 
     def add_group(self, hosts, groupname, groupvars=None):
@@ -101,7 +102,7 @@ class MyInventory(object):
         add hosts to inventory.
         """
         if isinstance(self.resource, list):
-            self.add_group(self.resource, 'my_group')
+            self.add_group(self.resource, 'default_group')
         elif isinstance(self.resource, dict):
             for groupname, hosts_and_vars in self.resource.iteritems():
                 self.add_group(hosts_and_vars.get("hosts"), groupname, hosts_and_vars.get("vars"))
@@ -115,21 +116,23 @@ class Command(MyInventory):
         super(Command, self).__init__(*args, **kwargs)
         self.results = ''
 
-    def run(self, command, module_name="command", timeout=5, forks=10, group='my_group'):
+    def run(self, command, module_name="command", timeout=10, forks=10, group='default_group', pattern='*'):
         """
         run command from andible ad-hoc.
         command  : 必须是一个需要执行的命令字符串， 比如 
                  'uname -a'
         """
+
         if module_name not in ["raw", "command", "shell"]:
-            raise  CommandValueError("module_name",
+            raise CommandValueError("module_name",
                                      "module_name must be of the 'raw, command, shell'")
         hoc = Runner(module_name=module_name,
                      module_args=command,
                      timeout=timeout,
                      inventory=self.inventory,
                      subset=group,
-                     forks=forks
+                     pattern=pattern,
+                     forks=forks,
                      )
         self.results = hoc.run()
 
@@ -203,7 +206,7 @@ class Tasks(Command):
     def __init__(self, *args, **kwargs):
         super(Tasks, self).__init__(*args, **kwargs)
 
-    def __run(self, module_args, module_name="command", timeout=5, forks=10, group='my_group'):
+    def __run(self, module_args, module_name="command", timeout=5, forks=10, group='default_group', pattern='*'):
         """
         run command from andible ad-hoc.
         command  : 必须是一个需要执行的命令字符串， 比如 
@@ -214,7 +217,8 @@ class Tasks(Command):
                      timeout=timeout,
                      inventory=self.inventory,
                      subset=group,
-                     forks=forks
+                     pattern=pattern,
+                     forks=forks,
                      )
 
         self.results = hoc.run()
@@ -425,7 +429,6 @@ class MyPlaybook(MyInventory):
     def __init__(self, *args, **kwargs):
         super(MyPlaybook, self).__init__(*args, **kwargs)
 
-
     def run(self, playbook_relational_path, extra_vars=None):
         """
         run ansible playbook,
@@ -464,7 +467,6 @@ class App(MyPlaybook):
 
 
 if __name__ == "__main__":
-    pass
 
 #   resource =  {
 #                "group1": {
@@ -472,8 +474,10 @@ if __name__ == "__main__":
 #                    "vars" : {"var1": "value1", "var2": "value2"},
 #                          },
 #                }
-#   command = Command(resource)
-#   print    command.run("who", group="group1")
+
+    resource = [{"hostname": "127.0.0.1", "port": "22", "username": "yumaojun", "password": "yusky0902"}]
+    command = Command(resource)
+    print command.run("who")
 
     # resource = [{"hostname": "192.168.10.148", "port": "22", "username": "root", "password": "xxx"}]
     # task = Tasks(resource)

jperm/models.py

@@ -39,7 +39,6 @@ class PermRule(models.Model):
     user = models.ManyToManyField(User, related_name='perm_rule')
     user_group = models.ManyToManyField(UserGroup, related_name='perm_rule')
     role = models.ManyToManyField(PermRole, related_name='perm_rule')
-    is_secret_key = models.BooleanField()
 
     def __unicode__(self):
         return self.name
\ No newline at end of file

jperm/perm_api.py

@@ -89,7 +89,7 @@ def perm_user_api(perm_info):
     the_new_users = ','.join(new_username)
     the_del_users = ','.join(del_username)
 
-    playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'),
+    playbook = get_playbook(os.path.join(BASE_DIR, 'keys/../playbook', 'user_perm.yaml'),
                             {'the_new_group': 'new', 'the_del_group': 'del',
                              'the_new_users': the_new_users, 'the_del_users': the_del_users,
                              'KEY_DIR': os.path.join(SSH_KEY_DIR, 'sysuser')})

jperm/utils.py

@@ -4,10 +4,10 @@ import random
 import os.path
 
 from paramiko.rsakey import RSAKey
-from os import chmod, mkdir
+from os import chmod, makedirs
 from uuid import uuid4
 
-from jumpserver.settings import KEY_DIR
+#from jumpserver.settings import KEY_DIR
 
 
 def get_rand_pass():
@@ -46,7 +46,7 @@ def gen_keys():
     """
     key_basename = "key-" + uuid4().hex
     key_path_dir = os.path.join(KEY_DIR, key_basename)
-    mkdir(key_path_dir, 0700)
+    makedirs(key_path_dir, 0755)
 
     key = RSAKey.generate(2048)
     private_key = os.path.join(key_path_dir, 'id_rsa')

jperm/views.py

@@ -10,12 +10,13 @@ from juser.user_api import gen_ssh_key
 from juser.models      import User, UserGroup
 from jasset.models     import Asset, AssetGroup
 from jperm.models      import PermRole, PermRule
+from jumpserver.models import Setting
 
 from jperm.utils       import updates_dict, gen_keys, get_rand_pass
 from jperm.ansible_api import Tasks
 from jperm.perm_api    import get_role_info
 
-from jumpserver.api    import my_render, get_object
+from jumpserver.api    import my_render, get_object, CRYPTOR
 
 
 @require_role('admin')
@@ -114,7 +115,6 @@ def perm_rule_add(request):
         rule.asset = assets_obj
         rule.asset_group = asset_groups_obj
         rule.role = roles_obj
-        rule.is_secret_key = bool(rule_ssh_key)
         rule.save()
 
         return HttpResponse(u"添加授权规则：%s" % rule.name)
@@ -134,13 +134,19 @@ def perm_rule_edit(request):
 
 
     if request.method == 'GET' and rule_id:
-        # 渲染数据, 获取所有的rule对象
+        # 渲染数据, 获取所选的rule对象
         rule_comment = rule.comment
-        users = rule.user.all()
-        user_groups = rule.user_group.all()
-        assets = rule.asset.all()
-        asset_groups = rule.asset_group.all()
-        roles = rule.role.all()
+        users_select = rule.user.all()
+        user_groups_select = rule.user_group.all()
+        assets_select = rule.asset.all()
+        asset_groups_select = rule.asset_group.all()
+        roles_select = rule.role.all()
+
+        users = User.objects.all()
+        user_groups = UserGroup.objects.all()
+        assets = Asset.objects.all()
+        asset_groups = AssetGroup.objects.all()
+        roles = PermRole.objects.all()
 
         return my_render('jperm/perm_rule_edit.html', locals(), request)
 
@@ -242,10 +248,11 @@ def perm_role_add(request):
         name = request.POST.get("role_name")
         comment = request.POST.get("role_comment")
         password = request.POST.get("role_password")
+        encrypt_pass = CRYPTOR.encrypt(password)
         # 生成随机密码，生成秘钥对
 
         key_path = gen_keys()
-        role = PermRole(name=name, comment=comment, password=password, key_path=key_path)
+        role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path)
         role.save()
         return HttpResponse(u"添加角色: %s" % name)
     else:
@@ -320,11 +327,12 @@ def perm_role_edit(request):
         # 获取 POST 数据
         role_name = request.POST.get("role_name")
         role_password = request.POST.get("role_password")
+        encrypt_role_pass = CRYPTOR.encrypt(role_password)
         role_comment = request.POST.get("role_comment")
 
         # 写入数据库
         role.name = role_name
-        role.password = role_password
+        role.password = encrypt_role_pass
         role.comment = role_comment
 
         role.save()
@@ -364,10 +372,20 @@ def perm_role_push(request):
         calc_assets = set(assets_obj) | set(group_assets_obj)
 
         # 生成Inventory
-        push_resource = [{"hostname": asset.ip,
-                          "port": asset.port,
-                          "username": asset.username,
-                          "password": asset.password} for asset in calc_assets]
+        push_resource = []
+        for asset in calc_assets:
+            if asset.use_default_auth:
+                username = Setting.default_user
+                password = Setting.default_password
+                port = Setting.default_port
+            else:
+                username = asset.username
+                password = asset.password
+                port = asset.port
+            push_resource.append({"hostname": asset.ip,
+                                  "port": port,
+                                  "username": username,
+                                  "password": password})
 
         # 获取角色的推送方式,以及推送需要的信息
         roles_obj = [PermRole.objects.get(name=role_name) for role_name in role_names]

jumpserver/settings.py

@@ -18,7 +18,7 @@ config = ConfigParser.ConfigParser()
 BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
 config.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
 
-KEY_DIR = os.path.join(BASE_DIR, 'role_keys')
+KEY_DIR = os.path.join(BASE_DIR, 'keys/role_keys')
 
 DB_HOST = config.get('db', 'host')
 DB_PORT = config.getint('db', 'port')
@@ -37,7 +37,7 @@ EMAIL_TIMEOUT = 5
 
 # ======== Log ==========
 LOG_DIR = os.path.join(BASE_DIR, 'logs')
-SSH_KEY_DIR = os.path.join(BASE_DIR, 'role_keys')
+SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys/role_keys')
 KEY = config.get('base', 'key')
 URL = config.get('base', 'url')
 LOG_LEVEL = config.get('base', 'log')

jumpserver/views.py

@@ -268,7 +268,7 @@ def setting(request):
             if '' in [username, port] and ('' in password or '' in private_key):
                 return HttpResponse('所填内容不能为空, 且密码和私钥填一个')
             else:
-                private_key_path = os.path.join(BASE_DIR, 'role_keys', 'default', 'default_private_key.pem')
+                private_key_path = os.path.join(BASE_DIR, 'keys/role_keys', 'default', 'default_private_key.pem')
                 if private_key:
                     with open(private_key_path, 'w') as f:
                             f.write(private_key)

templates/jperm/perm_rule_add.html

@@ -95,18 +95,6 @@
                                 </div>
                             </div>
 
-                                <div class="hr-line-dashed"></div>
-                                <div class="form-group">
-                                    <label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
-                                    <div class="col-sm-1">
-                                        <div class="radio i-checks">
-                                            <label>
-                                                <input type="checkbox" value="1" id="use_publicKey" name="use_publicKey">
-                                            </label>
-                                        </div>
-                                    </div>
-                                </div>
-
                             <div class="hr-line-dashed"></div>
                             <div class="form-group">
                                 <label for="comment" class="col-sm-2 control-label">备注</label>

templates/jperm/perm_rule_edit.html

@@ -45,7 +45,7 @@
                                 <div class="col-sm-8">
                                     <select name="user" data-placeholder="用户名" class="chosen-select form-control m-b" multiple  tabindex="2">
                                         {% for user in users %}
-                                            <option value="{{ user.name }}">{{ user.name }}</option>
+                                            <option value="{{ user.name }}" {% if user in users_select %} selected {%  endif %}>{{ user.name }}</option>
                                         {% endfor %}
                                     </select>
                                 </div>
@@ -56,7 +56,7 @@
                                 <div class="col-sm-8">
                                     <select name="usergroup" data-placeholder="请选择用户组" class="chosen-select form-control m-b" multiple  tabindex="2">
                                         {% for user_group in user_groups %}
-                                            <option value="{{ user_group.name }}">{{ user_group.name }}</option>
+                                            <option value="{{ user_group.name }}"{% if user_group in users_groups_select %} selected {% endif %}>{{ user_group.name }}</option>
                                         {% endfor %}
                                     </select>
                                 </div>
@@ -67,7 +67,7 @@
                                 <div class="col-sm-8">
                                     <select name="asset" data-placeholder="请选择资产" class="chosen-select form-control m-b" multiple  tabindex="2">
                                         {% for asset in assets %}
-                                            <option value="{{ asset.ip }}">{{ asset.ip }}</option>
+                                            <option value="{{ asset.ip }}"{% if asset in assets_select %} selected {% endif %}>{{ asset.ip }}</option>
                                         {% endfor %}
                                     </select>
                                 </div>
@@ -78,7 +78,7 @@
                                 <div class="col-sm-8">
                                     <select name="assetgroup" data-placeholder="请选择资产组" class="chosen-select form-control m-b" multiple  tabindex="2">
                                         {% for asset_group in asset_groups %}
-                                            <option value="{{ asset_group.name }}">{{ asset_group.name }}</option>
+                                            <option value="{{ asset_group.name }}"{% if asset_group in asset_groups_select %} selected {% endif %}>{{ asset_group.name }}</option>
                                         {% endfor %}
                                     </select>
                                 </div>
@@ -89,24 +89,12 @@
                                 <div class="col-sm-8">
                                     <select name="role" data-placeholder="请选择角色" class="chosen-select form-control m-b" multiple  tabindex="2">
                                         {% for role in roles %}
-                                            <option value="{{ role.name }}">{{ role.name }}</option>
+                                            <option value="{{ role.name }}"{% if role in roles_select %} selected {% endif %}>{{ role.name }}</option>
                                         {% endfor %}
                                     </select>
                                 </div>
                             </div>
 
-                                <div class="hr-line-dashed"></div>
-                                <div class="form-group">
-                                    <label for="j_group" class="col-sm-2 control-label">使用秘钥</label>
-                                    <div class="col-sm-1">
-                                        <div class="radio i-checks">
-                                            <label>
-                                                <input type="checkbox" value="1" id="use_publicKey" name="use_publicKey">
-                                            </label>
-                                        </div>
-                                    </div>
-                                </div>
-
                             <div class="hr-line-dashed"></div>
                             <div class="form-group">
                                 <label for="comment" class="col-sm-2 control-label">备注</label>