diff --git a/connect.py b/connect.py
index 43f65117bd41e343026bc1f68772c7294d0cab35..44f9ad488628ebbfe76533fcea24bfb191f72895 100644
--- a/connect.py
+++ b/connect.py
@@ -531,23 +531,41 @@ class Nav(object):
"""
批é‡æ‰§è¡Œå‘½ä»¤
"""
- self.search()
while True:
- print "请输入主机åã€IP或ansile支æŒçš„pattern, q退出"
+ if not self.user_perm:
+ self.user_perm = get_group_user_perm(self.user)
+ print '\033[32m[%-2s] %-15s \033[0m' % ('ID', '角色')
+ roles = self.user_perm.get('role').keys()
+ role_check = dict(zip(range(len(roles)), roles))
+
+ for i, r in role_check.items():
+ print '[%-2s] %-15s' % (i, r.name)
+ print
+ print "请输入è¿è¡Œå‘½ä»¤è§’色的ID, q退出"
+
try:
- pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
- if pattern == 'q':
+ role_id = raw_input("\033[1;32mRole>:\033[0m ").strip()
+ if role_id == 'q':
break
else:
- if not self.user_perm:
- self.user_perm = get_group_user_perm(self.user)
- res = gen_resource(self.user, perm=self.user_perm)
- cmd = Command(res)
- logger.debug(res)
- for inv in cmd.inventory.get_hosts(pattern=pattern):
- print inv.name
- confirm_host = raw_input("\033[1;32mIs that [y/n]>:\033[0m ").strip()
- if confirm_host == 'y':
+ role = role_check[int(role_id)]
+ assets = list(self.user_perm.get('role', {}).get(role).get('asset'))
+ print "该角色有æƒé™çš„所有主机"
+ for asset in assets:
+ print asset.hostname
+
+ print
+ print "请输入主机åã€IP或ansile支æŒçš„pattern, q退出"
+ pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
+ if pattern == 'q':
+ break
+ else:
+ res = gen_resource(self.user, {'asset': assets, 'role': role}, perm=self.user_perm)
+ cmd = Command(res)
+ logger.debug("res: %s" % res)
+ for inv in cmd.inventory.get_hosts(pattern=pattern):
+ print inv.name
+ print
while True:
print "请输入执行的命令, 按q退出"
command = raw_input("\033[1;32mCmds>:\033[0m ").strip()
@@ -567,8 +585,10 @@ class Nav(object):
print
print "=" * 20
print
- else:
- continue
+
+ except (IndexError, KeyError):
+ color_print('ID输入错误')
+ continue
except EOFError:
print
@@ -615,10 +635,11 @@ def main():
roles = get_role(login_user, asset)
if len(roles) > 1:
role_check = dict(zip(range(len(roles)), roles))
- print role_check
+ print "\033[32m[ID] 角色\033[0m"
for index, role in role_check.items():
- print "[%s] %s" % (index, role.name)
- print "输入角色ID, q退出"
+ print "[%-2s] %s" % (index, role.name)
+ print
+ print "授æƒè§’色超过1个,请输入角色ID, q退出"
try:
role_index = raw_input("\033[1;32mID>:\033[0m ").strip()
if role_index == 'q':
diff --git a/jperm/perm_api.py b/jperm/perm_api.py
index 54d3eb72657a2a1e4ac4bb5c1b20d92db35f834d..ba81af15bd78280b0bfb7b9eab42deb9223cd757 100644
--- a/jperm/perm_api.py
+++ b/jperm/perm_api.py
@@ -25,6 +25,7 @@ def get_group_user_perm(ob):
}
]},
'rule':[rule1, rule2,]
+ 'role': {role1: {'asset': []}, 'asset_group': []}, role2: {}},
}
"""
perm = {}
@@ -38,9 +39,18 @@ def get_group_user_perm(ob):
perm['rule'] = rule_all
perm_asset_group = perm['asset_group'] = {}
perm_asset = perm['asset'] = {}
+ perm_role = perm['role'] = {}
for rule in rule_all:
asset_groups = rule.asset_group.all()
assets = rule.asset.all()
+ perm_roles = rule.role.all()
+ # 获å–一个规则授æƒçš„角色和对应主机
+ for role in perm_roles:
+ if perm_role.get('role'):
+ perm_role[role]['asset'] = perm_role[role].get('asset', set()).union(set(assets))
+ perm_role[role]['asset_group'] = perm_role[role].get('asset_group', set()).union(set(asset_groups))
+ else:
+ perm_role[role] = {'asset': set(assets), 'asset_group': set(asset_groups)}
# 获å–一个规则用户授æƒçš„资产
for asset in assets:
@@ -85,7 +95,7 @@ def get_group_asset_perm(ob):
user2: {'role': [role1, role2], 'rule': [rule1, rule2]},
}
]},
- 'rule':[rule1, rule2,]
+ 'rule':[rule1, rule2,],
}
"""
perm = {}
@@ -102,7 +112,6 @@ def get_group_asset_perm(ob):
for rule in rule_all:
user_groups = rule.user_group.all()
users = rule.user.all()
-
# 获å–一个规则资产的用户
for user in users:
if perm_user.get(user):
@@ -147,22 +156,30 @@ def gen_resource(ob, ex='', perm=None):
生æˆMyInventory需è¦çš„ resource文件
"""
res = []
- if isinstance(ob, User) and isinstance(ex, (list, QuerySet)):
+ if isinstance(ob, User) and isinstance(ex, dict):
if not perm:
perm = get_group_user_perm(ob)
- for asset, asset_info in perm.get('asset').items():
- if asset not in ex:
- continue
- asset_info = get_asset_info(asset)
- info = {'hostname': asset.hostname, 'ip': asset.ip, 'port': asset_info.get('port', 22)}
- try:
- role = sorted(list(perm.get('asset').get(asset).get('role')))[0]
- except IndexError:
- continue
- info['username'] = role.name
- info['password'] = CRYPTOR.decrypt(role.password)
- info['ssh_key'] = get_role_key(ob, role)
- res.append(info)
+
+ role = ex.get('role')
+ asset_r = ex.get('asset')
+ roles = perm.get('role', {}).keys()
+ if role not in roles:
+ return {}
+
+ role_assets_all = perm.get('role').get(ex.get('role')).get('asset')
+ assets = set(role_assets_all) & set(asset_r)
+
+ for asset in assets:
+ asset_info = get_asset_info(asset)
+ info = {'hostname': asset.hostname,
+ 'ip': asset.ip,
+ 'port': asset_info.get('port', 22),
+ 'username': role.name,
+ 'password': CRYPTOR.decrypt(role.password),
+ 'ssh_key': get_role_key(ob, role)
+ }
+ res.append(info)
+
elif isinstance(ob, User):
if not perm:
perm = get_group_user_perm(ob)