github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-10-22 08:19:04 +00:00
Code Issues Projects Releases Wiki Activity

添加组授权

Browse Source
This commit is contained in:
Administrator
2015-10-06 18:51:49 +08:00
parent 699046dad5
commit 43fe985143
10 changed files with 444 additions and 891 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
jperm/perm_api.py
View File

@@ -11,6 +11,7 @@ from jumpserver.models import Setting
def get_object_list(model, id_list):
"""根据id列表获取对象列表"""
object_list = []
for object_id in id_list:
if object_id:
@@ -19,51 +20,69 @@ def get_object_list(model, id_list):
return object_list
def perm_user_handle(user, asset_new, asset_del, group_new, group_del):
username = user.name
asset_group_new = get_object_list(AssetGroup, group_new)
asset_group_del = get_object_list(AssetGroup, group_del)
for asset_group in asset_group_new:
asset_new.extend([asset.ip for asset in asset_group.asset_set.all()])
for asset_group in asset_group_del:
asset_del.extend(asset.ip for asset in asset_group.asset_set.all())
def get_rand_file_path(base_dir=os.path.join(BASE_DIR, 'tmp')):
"""获取随机文件路径"""
filename = uuid.uuid1().hex
return os.path.join(base_dir, filename)
def get_inventory(host_group):
"""生成资产表库存清单"""
path = get_rand_file_path()
f = open(path, 'w')
for group, host_list in host_group.items():
f.write('[%s]\n' % group)
for ip in host_list:
asset = get_object(Asset, ip=ip)
if asset.use_default_auth:
f.write('%s ansbile_ssh_port=%s\n' % (ip, asset.port))
if asset.use_default:
f.write('%s\n' % ip)
else:
f.write('%s ansible_ssh_port=%s ansible_ssh_user=%s ansbile_ssh_pass=%s\n'
% (ip, asset.port, asset.username, CRYPTOR.decrypt(asset.password)))
f.write('%s ansible_ssh_port=%s ansible_ssh_user=%s ansible_ssh_pass=%s\n' %
(ip, asset.port, asset.username, CRYPTOR.decrypt(asset.password)))
f.close()
return path
def get_playbook(tempate, var):
str_playbook = open(tempate).read()
def get_playbook(template, var):
"""根据playbook模板生成playbook"""
str_playbook = open(template).read()
for k, v in var.items():
str_playbook = re.sub(r'%s' % k, v, str_playbook)
str_playbook = re.sub(r'%s' % k, v, str_playbook) # 正则来替换传入的字符
path = get_rand_file_path()
f = open(path, 'w')
f.write(str_playbook)
return path
def perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del):
asset_new_ip = []
asset_del_ip = []
def playbook_run(inventory, playbook, default_user=None, default_port=None, default_pri_key_path=None):
stats = callbacks.AggregateStats()
playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)
# run the playbook
results = PlayBook(host_list=inventory,
playbook=playbook,
forks=5,
remote_user=default_user,
remote_port=default_port,
private_key_file=default_pri_key_path,
callbacks=playbook_cb,
runner_callbacks=runner_cb,
stats=stats,
become=True,
become_user='root').run()
for hostname, result in results.items():
if result.get('failures', 2):
print "%s >>> Failed" % hostname
else:
print "%s >>> Success" % hostname
return results
def perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user=None, user_group=None):
"""用户授权api通过调用ansible API完成用户新建等"""
asset_new_ip = [] # 新授权的ip列表
asset_del_ip = [] # 回收授权的ip列表
if '' in asset_group_new:
asset_group_new.remove('')
@@ -71,48 +90,38 @@ def perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del):
if '' in asset_group_del:
asset_group_del.remove('')
asset_new_ip.extend([asset.ip for asset in get_object_list(Asset, asset_new)])
asset_new_ip.extend([asset.ip for asset in get_object_list(Asset, asset_new)]) # 查库获取新授权ip
for asset_group_id in asset_group_new:
asset_new_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()])
asset_del_ip.extend([asset.ip for asset in get_object_list(Asset, asset_del)])
asset_new_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) # 同理
asset_del_ip.extend([asset.ip for asset in get_object_list(Asset, asset_del)]) # 查库获取回收授权的ip
for asset_group_id in asset_group_del:
asset_del_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()])
asset_del_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) # 同理
print asset_new_ip
print asset_del_ip
stats = callbacks.AggregateStats()
playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)
if asset_new_ip or asset_del_ip:
host_group = {'new': asset_new_ip, 'del': asset_del_ip}
host_list = get_inventory(host_group)
inventory = get_inventory(host_group)
if user:
the_items = user.username,
elif user_group:
users = user_group.user_set.all()
the_items = ','.join([user.username for user in users])
else:
return HttpResponse('Argument error.')
playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'),
{'the_new_group': 'new', 'the_del_group': 'del',
'the_user': user.username, 'the_pub_key': '/tmp/id_rsa.pub'})
'the_items': the_items, 'the_pub_key': '/tmp/id_rsa.pub'})
settings = get_object(Setting, id=1)
if settings:
default_user = settings.default_user
default_port = settings.default_port
default_pri_key_path = settings.default_pri_key_path
else:
default_user = default_pri_key_path = ''
results = PlayBook(host_list=host_list,
playbook=playbook,
forks=5,
remote_user=default_user,
private_key_file=default_pri_key_path,
callbacks=playbook_cb,
runner_callbacks=runner_cb,
stats=stats,
become=True,
become_user='root').run()
default_user = default_port = default_pri_key_path = ''
for hostname, result in results.items():
if result.get('failures', 2):
print "%s >>> Failed" % hostname
else:
print "%s >>> Success" % hostname
results = playbook_run(inventory, playbook, default_user, default_port, default_pri_key_path)
return results