Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
J
jumpserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ops
jumpserver
Commits
66610fb3
Commit
66610fb3
authored
Nov 27, 2015
by
ibuler
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
修改批量执行命令
parent
c574bbcb
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
72 additions
and
34 deletions
+72
-34
connect.py
connect.py
+39
-18
perm_api.py
jperm/perm_api.py
+33
-16
No files found.
connect.py
View file @
66610fb3
...
@@ -531,23 +531,41 @@ class Nav(object):
...
@@ -531,23 +531,41 @@ class Nav(object):
"""
"""
批量执行命令
批量执行命令
"""
"""
self
.
search
()
while
True
:
while
True
:
print
"请输入主机名、IP或ansile支持的pattern, q退出"
if
not
self
.
user_perm
:
self
.
user_perm
=
get_group_user_perm
(
self
.
user
)
print
'
\033
[32m[
%-2
s]
%-15
s
\033
[0m'
%
(
'ID'
,
'角色'
)
roles
=
self
.
user_perm
.
get
(
'role'
)
.
keys
()
role_check
=
dict
(
zip
(
range
(
len
(
roles
)),
roles
))
for
i
,
r
in
role_check
.
items
():
print
'[
%-2
s]
%-15
s'
%
(
i
,
r
.
name
)
print
print
"请输入运行命令角色的ID, q退出"
try
:
try
:
pattern
=
raw_input
(
"
\033
[1;32mPattern
>:
\033
[0m "
)
.
strip
()
role_id
=
raw_input
(
"
\033
[1;32mRole
>:
\033
[0m "
)
.
strip
()
if
pattern
==
'q'
:
if
role_id
==
'q'
:
break
break
else
:
else
:
if
not
self
.
user_perm
:
role
=
role_check
[
int
(
role_id
)]
self
.
user_perm
=
get_group_user_perm
(
self
.
user
)
assets
=
list
(
self
.
user_perm
.
get
(
'role'
,
{})
.
get
(
role
)
.
get
(
'asset'
))
res
=
gen_resource
(
self
.
user
,
perm
=
self
.
user_perm
)
print
"该角色有权限的所有主机"
cmd
=
Command
(
res
)
for
asset
in
assets
:
logger
.
debug
(
res
)
print
asset
.
hostname
for
inv
in
cmd
.
inventory
.
get_hosts
(
pattern
=
pattern
):
print
inv
.
name
print
confirm_host
=
raw_input
(
"
\033
[1;32mIs that [y/n]>:
\033
[0m "
)
.
strip
()
print
"请输入主机名、IP或ansile支持的pattern, q退出"
if
confirm_host
==
'y'
:
pattern
=
raw_input
(
"
\033
[1;32mPattern>:
\033
[0m "
)
.
strip
()
if
pattern
==
'q'
:
break
else
:
res
=
gen_resource
(
self
.
user
,
{
'asset'
:
assets
,
'role'
:
role
},
perm
=
self
.
user_perm
)
cmd
=
Command
(
res
)
logger
.
debug
(
"res:
%
s"
%
res
)
for
inv
in
cmd
.
inventory
.
get_hosts
(
pattern
=
pattern
):
print
inv
.
name
print
while
True
:
while
True
:
print
"请输入执行的命令, 按q退出"
print
"请输入执行的命令, 按q退出"
command
=
raw_input
(
"
\033
[1;32mCmds>:
\033
[0m "
)
.
strip
()
command
=
raw_input
(
"
\033
[1;32mCmds>:
\033
[0m "
)
.
strip
()
...
@@ -567,8 +585,10 @@ class Nav(object):
...
@@ -567,8 +585,10 @@ class Nav(object):
print
print
print
"="
*
20
print
"="
*
20
print
print
else
:
continue
except
(
IndexError
,
KeyError
):
color_print
(
'ID输入错误'
)
continue
except
EOFError
:
except
EOFError
:
print
print
...
@@ -615,10 +635,11 @@ def main():
...
@@ -615,10 +635,11 @@ def main():
roles
=
get_role
(
login_user
,
asset
)
roles
=
get_role
(
login_user
,
asset
)
if
len
(
roles
)
>
1
:
if
len
(
roles
)
>
1
:
role_check
=
dict
(
zip
(
range
(
len
(
roles
)),
roles
))
role_check
=
dict
(
zip
(
range
(
len
(
roles
)),
roles
))
print
role_check
print
"
\033
[32m[ID] 角色
\033
[0m"
for
index
,
role
in
role_check
.
items
():
for
index
,
role
in
role_check
.
items
():
print
"[
%
s]
%
s"
%
(
index
,
role
.
name
)
print
"[
%-2
s]
%
s"
%
(
index
,
role
.
name
)
print
"输入角色ID, q退出"
print
print
"授权角色超过1个,请输入角色ID, q退出"
try
:
try
:
role_index
=
raw_input
(
"
\033
[1;32mID>:
\033
[0m "
)
.
strip
()
role_index
=
raw_input
(
"
\033
[1;32mID>:
\033
[0m "
)
.
strip
()
if
role_index
==
'q'
:
if
role_index
==
'q'
:
...
...
jperm/perm_api.py
View file @
66610fb3
...
@@ -25,6 +25,7 @@ def get_group_user_perm(ob):
...
@@ -25,6 +25,7 @@ def get_group_user_perm(ob):
}
}
]},
]},
'rule':[rule1, rule2,]
'rule':[rule1, rule2,]
'role': {role1: {'asset': []}, 'asset_group': []}, role2: {}},
}
}
"""
"""
perm
=
{}
perm
=
{}
...
@@ -38,9 +39,18 @@ def get_group_user_perm(ob):
...
@@ -38,9 +39,18 @@ def get_group_user_perm(ob):
perm
[
'rule'
]
=
rule_all
perm
[
'rule'
]
=
rule_all
perm_asset_group
=
perm
[
'asset_group'
]
=
{}
perm_asset_group
=
perm
[
'asset_group'
]
=
{}
perm_asset
=
perm
[
'asset'
]
=
{}
perm_asset
=
perm
[
'asset'
]
=
{}
perm_role
=
perm
[
'role'
]
=
{}
for
rule
in
rule_all
:
for
rule
in
rule_all
:
asset_groups
=
rule
.
asset_group
.
all
()
asset_groups
=
rule
.
asset_group
.
all
()
assets
=
rule
.
asset
.
all
()
assets
=
rule
.
asset
.
all
()
perm_roles
=
rule
.
role
.
all
()
# 获取一个规则授权的角色和对应主机
for
role
in
perm_roles
:
if
perm_role
.
get
(
'role'
):
perm_role
[
role
][
'asset'
]
=
perm_role
[
role
]
.
get
(
'asset'
,
set
())
.
union
(
set
(
assets
))
perm_role
[
role
][
'asset_group'
]
=
perm_role
[
role
]
.
get
(
'asset_group'
,
set
())
.
union
(
set
(
asset_groups
))
else
:
perm_role
[
role
]
=
{
'asset'
:
set
(
assets
),
'asset_group'
:
set
(
asset_groups
)}
# 获取一个规则用户授权的资产
# 获取一个规则用户授权的资产
for
asset
in
assets
:
for
asset
in
assets
:
...
@@ -85,7 +95,7 @@ def get_group_asset_perm(ob):
...
@@ -85,7 +95,7 @@ def get_group_asset_perm(ob):
user2: {'role': [role1, role2], 'rule': [rule1, rule2]},
user2: {'role': [role1, role2], 'rule': [rule1, rule2]},
}
}
]},
]},
'rule':[rule1, rule2,]
'rule':[rule1, rule2,]
,
}
}
"""
"""
perm
=
{}
perm
=
{}
...
@@ -102,7 +112,6 @@ def get_group_asset_perm(ob):
...
@@ -102,7 +112,6 @@ def get_group_asset_perm(ob):
for
rule
in
rule_all
:
for
rule
in
rule_all
:
user_groups
=
rule
.
user_group
.
all
()
user_groups
=
rule
.
user_group
.
all
()
users
=
rule
.
user
.
all
()
users
=
rule
.
user
.
all
()
# 获取一个规则资产的用户
# 获取一个规则资产的用户
for
user
in
users
:
for
user
in
users
:
if
perm_user
.
get
(
user
):
if
perm_user
.
get
(
user
):
...
@@ -147,22 +156,30 @@ def gen_resource(ob, ex='', perm=None):
...
@@ -147,22 +156,30 @@ def gen_resource(ob, ex='', perm=None):
生成MyInventory需要的 resource文件
生成MyInventory需要的 resource文件
"""
"""
res
=
[]
res
=
[]
if
isinstance
(
ob
,
User
)
and
isinstance
(
ex
,
(
list
,
QuerySet
)
):
if
isinstance
(
ob
,
User
)
and
isinstance
(
ex
,
dict
):
if
not
perm
:
if
not
perm
:
perm
=
get_group_user_perm
(
ob
)
perm
=
get_group_user_perm
(
ob
)
for
asset
,
asset_info
in
perm
.
get
(
'asset'
)
.
items
():
if
asset
not
in
ex
:
role
=
ex
.
get
(
'role'
)
continue
asset_r
=
ex
.
get
(
'asset'
)
asset_info
=
get_asset_info
(
asset
)
roles
=
perm
.
get
(
'role'
,
{})
.
keys
()
info
=
{
'hostname'
:
asset
.
hostname
,
'ip'
:
asset
.
ip
,
'port'
:
asset_info
.
get
(
'port'
,
22
)}
if
role
not
in
roles
:
try
:
return
{}
role
=
sorted
(
list
(
perm
.
get
(
'asset'
)
.
get
(
asset
)
.
get
(
'role'
)))[
0
]
except
IndexError
:
role_assets_all
=
perm
.
get
(
'role'
)
.
get
(
ex
.
get
(
'role'
))
.
get
(
'asset'
)
continue
assets
=
set
(
role_assets_all
)
&
set
(
asset_r
)
info
[
'username'
]
=
role
.
name
info
[
'password'
]
=
CRYPTOR
.
decrypt
(
role
.
password
)
for
asset
in
assets
:
info
[
'ssh_key'
]
=
get_role_key
(
ob
,
role
)
asset_info
=
get_asset_info
(
asset
)
res
.
append
(
info
)
info
=
{
'hostname'
:
asset
.
hostname
,
'ip'
:
asset
.
ip
,
'port'
:
asset_info
.
get
(
'port'
,
22
),
'username'
:
role
.
name
,
'password'
:
CRYPTOR
.
decrypt
(
role
.
password
),
'ssh_key'
:
get_role_key
(
ob
,
role
)
}
res
.
append
(
info
)
elif
isinstance
(
ob
,
User
):
elif
isinstance
(
ob
,
User
):
if
not
perm
:
if
not
perm
:
perm
=
get_group_user_perm
(
ob
)
perm
=
get_group_user_perm
(
ob
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
