update ansible_api, and update perm_list_user view

jperm/README.md

@@ -6,5 +6,7 @@
 
 > 使用说明
 
-+ 依赖安装包： ansible、 sshpass
++ 依赖rpm安装包： ansible、 sshpass
++ 依赖pip安装包： passlib
 + 关于ansible配置： 需要启用配置文件(/etc/ansible/ansible.cfg)的 host_key_checking = False
+

jperm/ansible_api.py

@@ -11,11 +11,16 @@ from ansible                   import callbacks
 from ansible                   import utils 
 from passlib.hash              import sha512_crypt
 
+from utils                     import get_rand_pass
+
 import os.path
 JPERM_DIR = os.path.dirname(os.path.abspath(__file__))
 ANSIBLE_DIR = os.path.join(JPERM_DIR, 'playbooks')
 
 
+
+
+
 class AnsibleError(StandardError):
     """
     the base AnsibleError which contains error(required),
@@ -217,6 +222,15 @@ class Tasks(Command):
 
         return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
 
+    def del_key(self, user, key_path):
+        """
+        push the ssh authorized key to target.
+        """
+        module_args = 'user="%s" key="{{ lookup("file", "%s") }}" state="absent"' % (user, key_path)
+        self.__run(module_args, "authorized_key")
+
+        return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
+
     def add_user(self, username, password):
         """
         add a host user.
@@ -235,7 +249,31 @@ class Tasks(Command):
         self.__run(module_args, "user")
 
         return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
-        
+
+    def add_init_users(self):
+        """
+        add initail users: SA, DBA, DEV
+        """
+        results = {}
+        action = results["action_info"] = {}
+        users = {"SA": get_rand_pass(), "DBA": get_rand_pass(), "DEV": get_rand_pass()}
+        for user, password in users.iteritems():
+            ret = self.add_user(user, password)
+            action[user] = ret
+        results["user_info"] = users
+
+        return results
+            
+    def del_init_users(self):
+        """
+        delete initail users: SA, DBA, DEV
+        """
+        results = {}
+        action = results["action_info"] = {}
+        for user in ["SA", "DBA", "DEV"]:
+            ret = self.del_user(user)
+            action[user] = ret
+        return results
 
 
 
@@ -316,13 +354,28 @@ class App(MyPlaybook):
         
 
 if __name__ == "__main__":
-   resource =  {"test": [{"hostname": "192.168.10.128", "port": "22", "username": "root", "password": "xxx"}]}
-   playbook = MyPlaybook(resource)
-   playbook.run('test.yml')
-   print playbook.raw_results
+   resource =  [{"hostname": "192.168.10.128", "port": "22", "username": "root", "password": "yusky0902"}]
+#   playbook = MyPlaybook(resource)
+#   playbook.run('test.yml')
+#   print playbook.raw_results
+   command = Command(resource)
+   command.run("who")
+   print command.stdout
+
+
+#   task = Tasks(resource)
 #   print task.add_user('test', 'mypass')
 #   print task.del_user('test')
 #   print task.push_key('root', '/root/.ssh/id_rsa.pub')
+#   print task.del_key('root', '/root/.ssh/id_rsa.pub')
+
+
+#   task = Tasks(resource)
+#   print task.add_init_users()
+#   print task.del_init_users()
+
+
+
 
 
 

jperm/views.py

+# -*- coding: utf-8 -*-
+
+
+from django.db.models import Q
+from jumpserver.api import *
+from jperm.perm_api import *
+from jperm.models import PermLog as Log
+from jperm.models import SysUser
+from juser.user_api import gen_ssh_key
+
+
+from django.shortcuts import render_to_response
+
+
+@require_role('admin')
+def perm_user_list(request):
+    """
+    用户授权视图：
+      该视图的模板包含2部分：
+        1. block   部分：{% block content %}
+             rander_content 为渲染数据
+        2. include 部分：{% include 'nav_cat_bar.html' %}
+             rander_nav 为渲染数据
+    """
+    render_data = {}
+    data_nav = {"header_title": "用户授权", "path1": "授权管理", "path2": "用户授权"}
+    # 获取所有用户
+    users_list = User.objects.all()
+    
+    # 搜索和分页
+    keyword = request.GET.get('search', '')
+    if keyword:
+        users_list = users_list.filter(Q(name=keyword) | Q(username=keyword))
+    users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request)
+
+    data_content = {"users": users}
+    for data in [data_nav, data_content]:
+        render_data.update(data)
+        
+    return render_to_response('jperm/perm_user_list.html', render_data)
+
+
+@require_role('admin')
+def perm_user_edit(request):
+    """
+    TODO:
+    """
+    header_title, path1, path2 = '用户授权', '授权管理', '授权更改'
+    user_id = request.GET.get('id', '')
+    user = get_object(User, id=user_id)
+    asset_all = Asset.objects.all()  # 获取所有资产
+    asset_group_all = AssetGroup.objects.all()  # 获取所有资产组
+    asset_permed = user.asset.all()  # 获取授权的资产对象列表
+    asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表
+    if request.method == 'GET' and user:
+        assets = [asset for asset in asset_all if asset not in asset_permed]  # 获取没有授权的资产对象列表
+        asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]  # 同理
+        return my_render('jperm/perm_user_edit.html', locals(), request)
+    elif request.method == 'POST' and user:
+        asset_id_select = request.POST.getlist('asset_select', [])  # 获取选择的资产id列表
+        asset_group_id_select = request.POST.getlist('asset_groups_select', [])  # 获取选择的资产组id列表
+        asset_select = get_object_list(Asset, asset_id_select)
+        asset_group_select = get_object_list(AssetGroup, asset_group_id_select)
+        asset_new = list(set(asset_select) - set(asset_permed))  # 计算的得到新授权的资产对象列表
+        asset_del = list(set(asset_permed) - set(asset_select))  # 计算得到回收权限的资产对象列表
+        asset_group_new = list(set(asset_group_select) - set(asset_group_permed))  # 新授权的资产组对象列表
+        asset_group_del = list(set(asset_group_permed) - set(asset_group_select))  # 回收的资产组对象列表
+        for asset_group in asset_group_new:
+            asset_new.extend(asset_group.asset_set.all())
+        for asset_group in asset_group_del:
+            asset_del.extend(asset_group.asset_set.all())
+        perm_info = {
+            'action': 'perm user edit: ' + user.name,
+            'del': {'users': [user], 'assets': asset_del},
+            'new': {'users': [user], 'assets': asset_new}
+        }
+        print perm_info
+        try:
+            results = perm_user_api(perm_info)  # 通过API授权或回收
+        except ServerError, e:
+            return HttpResponse(e)
+        unreachable_asset = []
+        failures_asset = []
+        for ip in results.get('unreachable'):
+            unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
+        for ip in results.get('failures'):
+            failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
+        failures_asset.extend(unreachable_asset)  # 失败的授权要统计
+        for asset in failures_asset:
+            if asset in asset_select:
+                asset_select.remove(asset)
+            else:
+                asset_select.append(asset)
+        user.asset = asset_select
+        user.asset_group = asset_group_select
+        user.save()  # 保存到数据库
+        return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
+    else:
+        return HttpResponse('输入错误')
+
+
+@require_role('admin')
+def perm_group_list(request):
+    header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权'
+    keyword = request.GET.get('search', '')
+    user_groups_list = UserGroup.objects.all()
+    if keyword:
+        request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword))
+    user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request)
+    return my_render('jperm/perm_group_list.html', locals(), request)
+
+
+
+@require_role('admin')
+def perm_group_edit(request):
+    header_title, path1, path2 = '用户组授权', '授权管理', '授权更改'
+    user_group_id = request.GET.get('id', '')
+    user_group = get_object(UserGroup, id=user_group_id)
+    asset_all = Asset.objects.all()
+    asset_group_all = AssetGroup.objects.all()
+    asset_permed = user_group.asset.all()  # 获取授权的资产对象列表
+    asset_group_permed = user_group.asset_group.all()  # 获取授权的资产组对象列表
+    if request.method == 'GET' and user_group:
+        assets = [asset for asset in asset_all if asset not in asset_permed]
+        asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed]
+        return my_render('jperm/perm_group_edit.html', locals(), request)
+    elif request.method == 'POST' and user_group:
+        asset_id_select = request.POST.getlist('asset_select', [])
+        asset_group_id_select = request.POST.getlist('asset_groups_select', [])
+        asset_select = get_object_list(Asset, asset_id_select)
+        asset_group_select = get_object_list(AssetGroup, asset_group_id_select)
+        asset_new = list(set(asset_select) - set(asset_permed))  # 计算的得到新授权的资产对象列表
+        asset_del = list(set(asset_permed) - set(asset_select))  # 计算得到回收权限的资产对象列表
+        asset_group_new = list(set(asset_group_select) - set(asset_group_permed))  # 新授权的资产组对象列表
+        asset_group_del = list(set(asset_group_permed) - set(asset_group_select))  # 回收的资产组对象列表
+        users = user_group.user_set.all()
+        perm_info = {
+            'action': 'perm group edit: ' + user_group.name,
+            'del': {'users': users, 'assets': asset_del},
+            'new': {'users': users, 'assets': asset_new}
+        }
+        results = perm_user_api(perm_info)
+        unreachable_asset = []
+        failures_asset = []
+        for ip in results.get('unreachable'):
+            unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
+        for ip in results.get('failures'):
+            failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip)))
+        failures_asset.extend(unreachable_asset)  # 失败的授权要统计
+        for asset in failures_asset:
+            if asset in asset_select:
+                asset_select.remove(asset)
+            else:
+                asset_select.append(asset)
+        user_group.asset = asset_select
+        user_group.asset_group = asset_group_select
+        user_group.save()  # 保存到数据库
+        return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
+    else:
+        return HttpResponse('输入错误')
+
+
+def log(request):
+    header_title, path1, path2 = '授权记录', '授权管理', '授权记录'
+    log_all = Log.objects.all().order_by('-datetime')
+    log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request)
+    return my_render('jperm/perm_log.html', locals(), request)
+
+
+def sys_user_add(request):
+    asset_group_all = AssetGroup.objects.all()
+    if request.method == 'POST':
+        username = request.POST.get('username', '')
+        password = request.POST.get('password', '')
+        asset_groups_id = request.POST.getlist('asset_groups_select', [])
+        comment = request.POST.get('comment')
+        sys_user = SysUser(username=username, password=password, comment=comment)
+        sys_user.save()
+        gen_ssh_key(username, key_dir=os.path.join(SSH_KEY_DIR, 'sysuser'), authorized_keys=False)
+        results = push_user(sys_user, asset_groups_id)
+        return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json")
+    return my_render('jperm/sys_user_add.html', locals(), request)
+
+
+def sys_user_list(request):
+    users_list = SysUser.objects.all()
+    users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request)
+    return my_render('jperm/sys_user_list.html', locals(), request)
+
+
+def sys_user_edit(request):
+    pass
+
+
+def sys_user_del(request):
+    pass
+