From 2ccd0724167fd893c6310a3732521ddedde00aa8 Mon Sep 17 00:00:00 2001 From: yumaojun <719118794@qq.com> Date: Wed, 18 Nov 2015 17:16:29 +0800 Subject: [PATCH 1/3] 1. delete role filed : is_screty_key 2. rule edit page add selected mark 3. role add page consider user use_default_auth attribute 4. role password use jumpserver api CRYPTO to crypt 5. fixed ansible api auto load local host file (/etc/ansible/hosts) bug 6. ansible api command and task interface add pattern default argument( pattern='*') --- jperm/ansible_api.py | 26 +++++++++------- jperm/models.py | 1 - jperm/perm_api.py | 2 +- jperm/playbooks/ansible_need.txt | 0 jperm/utils.py | 6 ++-- jperm/views.py | 46 ++++++++++++++++++++--------- jumpserver/settings.py | 4 +-- jumpserver/views.py | 2 +- templates/jperm/perm_rule_add.html | 12 -------- templates/jperm/perm_rule_edit.html | 22 ++++---------- 10 files changed, 59 insertions(+), 62 deletions(-) create mode 100644 jperm/playbooks/ansible_need.txt diff --git a/jperm/ansible_api.py b/jperm/ansible_api.py index 2e89008fc..1f3774e61 100644 --- a/jperm/ansible_api.py +++ b/jperm/ansible_api.py @@ -17,6 +17,7 @@ from utils import get_rand_pass import os.path API_DIR = os.path.dirname(os.path.abspath(__file__)) ANSIBLE_DIR = os.path.join(API_DIR, 'playbooks') +NULL_FILE = os.path.join(ANSIBLE_DIR, 'ansible_need.txt') @@ -61,7 +62,7 @@ class MyInventory(object): [{"hostname": "10.10.10.10", "port": "22", "username": "test", "password": "mypass"}, ...] """ self.resource = resource - self.inventory = Inventory() + self.inventory = Inventory(host_list=NULL_FILE) self.gen_inventory() def add_group(self, hosts, groupname, groupvars=None): @@ -101,7 +102,7 @@ class MyInventory(object): add hosts to inventory. """ if isinstance(self.resource, list): - self.add_group(self.resource, 'my_group') + self.add_group(self.resource, 'default_group') elif isinstance(self.resource, dict): for groupname, hosts_and_vars in self.resource.iteritems(): self.add_group(hosts_and_vars.get("hosts"), groupname, hosts_and_vars.get("vars")) @@ -115,21 +116,23 @@ class Command(MyInventory): super(Command, self).__init__(*args, **kwargs) self.results = '' - def run(self, command, module_name="command", timeout=5, forks=10, group='my_group'): + def run(self, command, module_name="command", timeout=10, forks=10, group='default_group', pattern='*'): """ run command from andible ad-hoc. command : 必须是一个需要执行的命令字符串, 比如 'uname -a' """ + if module_name not in ["raw", "command", "shell"]: - raise CommandValueError("module_name", + raise CommandValueError("module_name", "module_name must be of the 'raw, command, shell'") hoc = Runner(module_name=module_name, module_args=command, timeout=timeout, inventory=self.inventory, subset=group, - forks=forks + pattern=pattern, + forks=forks, ) self.results = hoc.run() @@ -203,7 +206,7 @@ class Tasks(Command): def __init__(self, *args, **kwargs): super(Tasks, self).__init__(*args, **kwargs) - def __run(self, module_args, module_name="command", timeout=5, forks=10, group='my_group'): + def __run(self, module_args, module_name="command", timeout=5, forks=10, group='default_group', pattern='*'): """ run command from andible ad-hoc. command : 必须是一个需要执行的命令字符串, 比如 @@ -214,7 +217,8 @@ class Tasks(Command): timeout=timeout, inventory=self.inventory, subset=group, - forks=forks + pattern=pattern, + forks=forks, ) self.results = hoc.run() @@ -425,7 +429,6 @@ class MyPlaybook(MyInventory): def __init__(self, *args, **kwargs): super(MyPlaybook, self).__init__(*args, **kwargs) - def run(self, playbook_relational_path, extra_vars=None): """ run ansible playbook, @@ -464,7 +467,6 @@ class App(MyPlaybook): if __name__ == "__main__": - pass # resource = { # "group1": { @@ -472,8 +474,10 @@ if __name__ == "__main__": # "vars" : {"var1": "value1", "var2": "value2"}, # }, # } -# command = Command(resource) -# print command.run("who", group="group1") + + resource = [{"hostname": "127.0.0.1", "port": "22", "username": "yumaojun", "password": "yusky0902"}] + command = Command(resource) + print command.run("who") # resource = [{"hostname": "192.168.10.148", "port": "22", "username": "root", "password": "xxx"}] # task = Tasks(resource) diff --git a/jperm/models.py b/jperm/models.py index d9553a00c..dc8643b67 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -39,7 +39,6 @@ class PermRule(models.Model): user = models.ManyToManyField(User, related_name='perm_rule') user_group = models.ManyToManyField(UserGroup, related_name='perm_rule') role = models.ManyToManyField(PermRole, related_name='perm_rule') - is_secret_key = models.BooleanField() def __unicode__(self): return self.name \ No newline at end of file diff --git a/jperm/perm_api.py b/jperm/perm_api.py index c04aeda52..1b363f547 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -89,7 +89,7 @@ def perm_user_api(perm_info): the_new_users = ','.join(new_username) the_del_users = ','.join(del_username) - playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'), + playbook = get_playbook(os.path.join(BASE_DIR, 'keys/../playbook', 'user_perm.yaml'), {'the_new_group': 'new', 'the_del_group': 'del', 'the_new_users': the_new_users, 'the_del_users': the_del_users, 'KEY_DIR': os.path.join(SSH_KEY_DIR, 'sysuser')}) diff --git a/jperm/playbooks/ansible_need.txt b/jperm/playbooks/ansible_need.txt new file mode 100644 index 000000000..e69de29bb diff --git a/jperm/utils.py b/jperm/utils.py index 12756b773..e0f1fd6df 100644 --- a/jperm/utils.py +++ b/jperm/utils.py @@ -4,10 +4,10 @@ import random import os.path from paramiko.rsakey import RSAKey -from os import chmod, mkdir +from os import chmod, makedirs from uuid import uuid4 -from jumpserver.settings import KEY_DIR +#from jumpserver.settings import KEY_DIR def get_rand_pass(): @@ -46,7 +46,7 @@ def gen_keys(): """ key_basename = "key-" + uuid4().hex key_path_dir = os.path.join(KEY_DIR, key_basename) - mkdir(key_path_dir, 0700) + makedirs(key_path_dir, 0755) key = RSAKey.generate(2048) private_key = os.path.join(key_path_dir, 'id_rsa') diff --git a/jperm/views.py b/jperm/views.py index fd4b9a756..13ca11a14 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -10,12 +10,13 @@ from juser.user_api import gen_ssh_key from juser.models import User, UserGroup from jasset.models import Asset, AssetGroup from jperm.models import PermRole, PermRule +from jumpserver.models import Setting from jperm.utils import updates_dict, gen_keys, get_rand_pass from jperm.ansible_api import Tasks from jperm.perm_api import get_role_info -from jumpserver.api import my_render, get_object +from jumpserver.api import my_render, get_object, CRYPTOR @require_role('admin') @@ -114,7 +115,6 @@ def perm_rule_add(request): rule.asset = assets_obj rule.asset_group = asset_groups_obj rule.role = roles_obj - rule.is_secret_key = bool(rule_ssh_key) rule.save() return HttpResponse(u"添加授权规则:%s" % rule.name) @@ -134,13 +134,19 @@ def perm_rule_edit(request): if request.method == 'GET' and rule_id: - # 渲染数据, 获取所有的rule对象 + # 渲染数据, 获取所选的rule对象 rule_comment = rule.comment - users = rule.user.all() - user_groups = rule.user_group.all() - assets = rule.asset.all() - asset_groups = rule.asset_group.all() - roles = rule.role.all() + users_select = rule.user.all() + user_groups_select = rule.user_group.all() + assets_select = rule.asset.all() + asset_groups_select = rule.asset_group.all() + roles_select = rule.role.all() + + users = User.objects.all() + user_groups = UserGroup.objects.all() + assets = Asset.objects.all() + asset_groups = AssetGroup.objects.all() + roles = PermRole.objects.all() return my_render('jperm/perm_rule_edit.html', locals(), request) @@ -242,10 +248,11 @@ def perm_role_add(request): name = request.POST.get("role_name") comment = request.POST.get("role_comment") password = request.POST.get("role_password") + encrypt_pass = CRYPTOR.encrypt(password) # 生成随机密码,生成秘钥对 key_path = gen_keys() - role = PermRole(name=name, comment=comment, password=password, key_path=key_path) + role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path) role.save() return HttpResponse(u"添加角色: %s" % name) else: @@ -320,11 +327,12 @@ def perm_role_edit(request): # 获取 POST 数据 role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") + encrypt_role_pass = CRYPTOR.encrypt(role_password) role_comment = request.POST.get("role_comment") # 写入数据库 role.name = role_name - role.password = role_password + role.password = encrypt_role_pass role.comment = role_comment role.save() @@ -364,10 +372,20 @@ def perm_role_push(request): calc_assets = set(assets_obj) | set(group_assets_obj) # 生成Inventory - push_resource = [{"hostname": asset.ip, - "port": asset.port, - "username": asset.username, - "password": asset.password} for asset in calc_assets] + push_resource = [] + for asset in calc_assets: + if asset.use_default_auth: + username = Setting.default_user + password = Setting.default_password + port = Setting.default_port + else: + username = asset.username + password = asset.password + port = asset.port + push_resource.append({"hostname": asset.ip, + "port": port, + "username": username, + "password": password}) # 获取角色的推送方式,以及推送需要的信息 roles_obj = [PermRole.objects.get(name=role_name) for role_name in role_names] diff --git a/jumpserver/settings.py b/jumpserver/settings.py index cc3f5a8c7..5f874b6c4 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -18,7 +18,7 @@ config = ConfigParser.ConfigParser() BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) config.read(os.path.join(BASE_DIR, 'jumpserver.conf')) -KEY_DIR = os.path.join(BASE_DIR, 'role_keys') +KEY_DIR = os.path.join(BASE_DIR, 'keys/role_keys') DB_HOST = config.get('db', 'host') DB_PORT = config.getint('db', 'port') @@ -37,7 +37,7 @@ EMAIL_TIMEOUT = 5 # ======== Log ========== LOG_DIR = os.path.join(BASE_DIR, 'logs') -SSH_KEY_DIR = os.path.join(BASE_DIR, 'role_keys') +SSH_KEY_DIR = os.path.join(BASE_DIR, 'keys/role_keys') KEY = config.get('base', 'key') URL = config.get('base', 'url') LOG_LEVEL = config.get('base', 'log') diff --git a/jumpserver/views.py b/jumpserver/views.py index 89bc75fd8..f38ecd8ca 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -268,7 +268,7 @@ def setting(request): if '' in [username, port] and ('' in password or '' in private_key): return HttpResponse('所填内容不能为空, 且密码和私钥填一个') else: - private_key_path = os.path.join(BASE_DIR, 'role_keys', 'default', 'default_private_key.pem') + private_key_path = os.path.join(BASE_DIR, 'keys/role_keys', 'default', 'default_private_key.pem') if private_key: with open(private_key_path, 'w') as f: f.write(private_key) diff --git a/templates/jperm/perm_rule_add.html b/templates/jperm/perm_rule_add.html index 7f11c9b4e..6a34cfcf4 100644 --- a/templates/jperm/perm_rule_add.html +++ b/templates/jperm/perm_rule_add.html @@ -95,18 +95,6 @@ -
-
- -
-
- -
-
-
-
diff --git a/templates/jperm/perm_rule_edit.html b/templates/jperm/perm_rule_edit.html index ee6e0f5c1..474f90633 100644 --- a/templates/jperm/perm_rule_edit.html +++ b/templates/jperm/perm_rule_edit.html @@ -45,7 +45,7 @@
@@ -56,7 +56,7 @@
@@ -67,7 +67,7 @@
@@ -78,7 +78,7 @@
@@ -89,24 +89,12 @@
-
-
- -
-
- -
-
-
-
From 04e7073acae1dacc3aa1127115427ae2461ab60b Mon Sep 17 00:00:00 2001 From: yumaojun <719118794@qq.com> Date: Wed, 18 Nov 2015 19:03:13 +0800 Subject: [PATCH 2/3] 1. fixed ansible api auto load local host file (/etc/ansible/hosts) bug with null list --- jperm/ansible_api.py | 4 ++-- jperm/playbooks/ansible_need.txt | 0 2 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 jperm/playbooks/ansible_need.txt diff --git a/jperm/ansible_api.py b/jperm/ansible_api.py index 1f3774e61..3a8b50c61 100644 --- a/jperm/ansible_api.py +++ b/jperm/ansible_api.py @@ -15,9 +15,9 @@ from utils import get_rand_pass import os.path + API_DIR = os.path.dirname(os.path.abspath(__file__)) ANSIBLE_DIR = os.path.join(API_DIR, 'playbooks') -NULL_FILE = os.path.join(ANSIBLE_DIR, 'ansible_need.txt') @@ -62,7 +62,7 @@ class MyInventory(object): [{"hostname": "10.10.10.10", "port": "22", "username": "test", "password": "mypass"}, ...] """ self.resource = resource - self.inventory = Inventory(host_list=NULL_FILE) + self.inventory = Inventory(host_list=[]) self.gen_inventory() def add_group(self, hosts, groupname, groupvars=None): diff --git a/jperm/playbooks/ansible_need.txt b/jperm/playbooks/ansible_need.txt deleted file mode 100644 index e69de29bb..000000000 From 6582ee162472e208f63fe32db8c109c3b91934a2 Mon Sep 17 00:00:00 2001 From: yumaojun <719118794@qq.com> Date: Wed, 18 Nov 2015 22:32:21 +0800 Subject: [PATCH 3/3] =?UTF-8?q?1.=20=20=E6=9B=B4=E6=96=B0=20=E5=92=8C=20?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20=EF=BC=88role=20=E5=92=8C=20rule=20)?= =?UTF-8?q?=E6=93=8D=E4=BD=9C=20=E4=BB=A5=20msg=20=E7=9A=84=E6=96=B9?= =?UTF-8?q?=E5=BC=8F=20=E5=88=B7=E6=96=B0=E9=A1=B5=E9=9D=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jperm/utils.py | 2 +- jperm/views.py | 57 +++++++++++++++++++++++++---- templates/jperm/perm_role_edit.html | 2 +- templates/jperm/perm_role_list.html | 8 ++++ templates/jperm/perm_rule_list.html | 10 +++++ 5 files changed, 69 insertions(+), 10 deletions(-) diff --git a/jperm/utils.py b/jperm/utils.py index e0f1fd6df..63054b30b 100644 --- a/jperm/utils.py +++ b/jperm/utils.py @@ -7,7 +7,7 @@ from paramiko.rsakey import RSAKey from os import chmod, makedirs from uuid import uuid4 -#from jumpserver.settings import KEY_DIR +from jumpserver.settings import KEY_DIR def get_rand_pass(): diff --git a/jperm/views.py b/jperm/views.py index 13ca11a14..f961a8e07 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -62,7 +62,7 @@ def perm_rule_detail(request): assets = asset_obj return my_render('jperm/perm_rule_detail.html', locals(), request) - + def perm_rule_add(request): """ @@ -117,7 +117,18 @@ def perm_rule_add(request): rule.role = roles_obj rule.save() - return HttpResponse(u"添加授权规则:%s" % rule.name) + msg = u"添加授权规则:%s" % rule.name + # 渲染数据 + header_title, path1, path2 = "授权规则", "规则管理", "查看规则" + rules_list = PermRule.objects.all() + + # TODO: 搜索和分页 + keyword = request.GET.get('search', '') + if keyword: + rules_list = rules_list.filter(Q(name=keyword)) + rules_list, p, rules, page_range, current_page, show_first, show_end = pages(rules_list, request) + + return my_render('jperm/perm_rule_list.html', locals(), request) @require_role('admin') @@ -132,7 +143,6 @@ def perm_rule_edit(request): rule_id = request.GET.get("id") rule = PermRule.objects.get(id=rule_id) - if request.method == 'GET' and rule_id: # 渲染数据, 获取所选的rule对象 rule_comment = rule.comment @@ -183,12 +193,20 @@ def perm_rule_edit(request): rule.role = roles_obj rule.name = rule_name rule.comment = rule.comment - - print rule, rule.name rule.save() - return HttpResponse(u"更新授权规则:%s" % rule.name) + msg = u"更新授权规则:%s" % rule.name + # 渲染数据 + header_title, path1, path2 = "授权规则", "规则管理", "查看规则" + rules_list = PermRule.objects.all() + # TODO: 搜索和分页 + keyword = request.GET.get('search', '') + if keyword: + rules_list = rules_list.filter(Q(name=keyword)) + rules_list, p, rules, page_range, current_page, show_first, show_end = pages(rules_list, request) + + return my_render('jperm/perm_rule_list.html', locals(), request) @require_role('admin') @@ -254,7 +272,18 @@ def perm_role_add(request): key_path = gen_keys() role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path) role.save() - return HttpResponse(u"添加角色: %s" % name) + + msg = u"添加角色: %s" % name + # 渲染 刷新数据 + header_title, path1, path2 = "系统角色", "角色管理", "查看角色" + roles_list = PermRole.objects.all() + # TODO: 搜索和分页 + keyword = request.GET.get('search', '') + if keyword: + roles_list = roles_list.filter(Q(name=keyword)) + + roles_list, p, roles, page_range, current_page, show_first, show_end = pages(roles_list, request) + return my_render('jperm/perm_role_list.html', locals(), request) else: return HttpResponse(u"不支持该操作") @@ -320,6 +349,7 @@ def perm_role_edit(request): # 渲染数据 role_id = request.GET.get("id") role = PermRole.objects.get(id=role_id) + role_pass = CRYPTOR.decrypt(role.password) if request.method == "GET": return my_render('jperm/perm_role_edit.html', locals(), request) @@ -336,7 +366,18 @@ def perm_role_edit(request): role.comment = role_comment role.save() - return HttpResponse(u"更新系统角色: %s" % role.name) + msg = u"更新系统角色: %s" % role.name + + # 渲染 刷新数据 + header_title, path1, path2 = "系统角色", "角色管理", "查看角色" + roles_list = PermRole.objects.all() + # TODO: 搜索和分页 + keyword = request.GET.get('search', '') + if keyword: + roles_list = roles_list.filter(Q(name=keyword)) + + roles_list, p, roles, page_range, current_page, show_first, show_end = pages(roles_list, request) + return my_render('jperm/perm_role_list.html', locals(), request) diff --git a/templates/jperm/perm_role_edit.html b/templates/jperm/perm_role_edit.html index 81d56d4b4..3b5637560 100644 --- a/templates/jperm/perm_role_edit.html +++ b/templates/jperm/perm_role_edit.html @@ -43,7 +43,7 @@
- +
diff --git a/templates/jperm/perm_role_list.html b/templates/jperm/perm_role_list.html index 760a1b731..045012ccd 100644 --- a/templates/jperm/perm_role_list.html +++ b/templates/jperm/perm_role_list.html @@ -7,6 +7,14 @@
+
+ {% if error %} +
{{ error }}
+ {% endif %} + {% if msg %} +
{{ msg }}
+ {% endif %} +
所有系统角色
diff --git a/templates/jperm/perm_rule_list.html b/templates/jperm/perm_rule_list.html index e08b8f7f4..923fc1442 100644 --- a/templates/jperm/perm_rule_list.html +++ b/templates/jperm/perm_rule_list.html @@ -3,10 +3,20 @@ {% block content %} {% include 'nav_cat_bar.html' %} + +
+
+ {% if error %} +
{{ error }}
+ {% endif %} + {% if msg %} +
{{ msg }}
+ {% endif %} +
所有规则