mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-04-09 22:03:26 +00:00
4e705a52eb
* [Feature] 1. 资产用户管理器 * [Feature] 2. 资产用户管理器: 更新AuthBook * [Feature] 3. 资产用户管理器: 添加 AssetUser API * [Feature] 4. AssetUser Model: 添加方法 load_related_asset_auth * [Feature] 5. AdminUser: 更新管理用户获取认证信息时,先加载相关资产的认证 * [Feature] 6. SystemUser: 更新系统用户获取认证信息时,先加载相关资产的认证 * [Feature] 前端页面: 添加资产用户列表页面 * [Feature] 前端页面: 管理用户的资产管理页面添加按钮: 修改资产用户认证信息 * [Feature] 前端页面: 系统用户的资产管理页面添加按钮: 修改资产用户认证信息 * [Feature] 优化: 从管理用户和系统用户的backend中获取相关资产用户的逻辑 * [Update] Fix 1 * [Feature] 优化: SystemUserBackend之filter功能 * [Feature] 优化: AdminUserBackend之filter功能 * [Feature] 优化: AdminUserBackend和SystemUserBackend功能 * [Feature] 更新翻译: 资产用户管理器 * [Update] 更新资产用户列表页名称为: asset_asset_user_list.html * [Bugfix] 修改bug: SystemUserBackend 根据用户名过滤系统用户 * [Feature] 添加: 资产用户列表中可测试资产用户的连接性 * [Update] 修改: AdHoc model的run_as字段从SystemUser外键修改为username字符串 * [Feature] 添加: 获取系统用户认证信息(对应某个资产)API * [Update] 更新: API获取asset user时进行排序 * [Bugfix] 修改: 资产用户可连接性CACHE_KEY * [Update] 更新翻译信息 * [Update] 修改获取资产用户认证信息API的返回响应(200/400) * [Update] 修改BaseUser获取特定资产的方法名 * [Update] 修改logger输出,AuthBook set_version_and_latest * [Update] 修改日志输出添加exc_info参数 * [Update] 移除AuthBook迁移文件0026 * [Bugfix] 修复AdminUserBackend获取instances为空的bug
113 lines
3.5 KiB
Python
113 lines
3.5 KiB
Python
# -*- coding: utf-8 -*-
|
|
#
|
|
|
|
from .ansible.inventory import BaseInventory
|
|
from assets.utils import get_assets_by_id_list, get_system_user_by_id
|
|
|
|
from common.utils import get_logger
|
|
|
|
__all__ = [
|
|
'JMSInventory'
|
|
]
|
|
|
|
|
|
logger = get_logger(__file__)
|
|
|
|
|
|
class JMSInventory(BaseInventory):
|
|
"""
|
|
JMS Inventory is the manager with jumpserver assets, so you can
|
|
write you own manager, construct you inventory
|
|
"""
|
|
def __init__(self, assets, run_as_admin=False, run_as=None, become_info=None):
|
|
"""
|
|
:param host_id_list: ["test1", ]
|
|
:param run_as_admin: True 是否使用管理用户去执行, 每台服务器的管理用户可能不同
|
|
:param run_as: 用户名(添加了统一的资产用户管理器之后AssetUserManager加上之后修改为username)
|
|
:param become_info: 是否become成某个用户去执行
|
|
"""
|
|
self.assets = assets
|
|
self.using_admin = run_as_admin
|
|
self.run_as = run_as
|
|
self.become_info = become_info
|
|
|
|
host_list = []
|
|
|
|
for asset in assets:
|
|
info = self.convert_to_ansible(asset, run_as_admin=run_as_admin)
|
|
host_list.append(info)
|
|
|
|
if run_as:
|
|
for host in host_list:
|
|
run_user_info = self.get_run_user_info(host)
|
|
host.update(run_user_info)
|
|
|
|
if become_info:
|
|
for host in host_list:
|
|
host.update(become_info)
|
|
super().__init__(host_list=host_list)
|
|
|
|
def convert_to_ansible(self, asset, run_as_admin=False):
|
|
info = {
|
|
'id': asset.id,
|
|
'hostname': asset.hostname,
|
|
'ip': asset.ip,
|
|
'port': asset.port,
|
|
'vars': dict(),
|
|
'groups': [],
|
|
}
|
|
if asset.domain and asset.domain.has_gateway():
|
|
info["vars"].update(self.make_proxy_command(asset))
|
|
if run_as_admin:
|
|
info.update(asset.get_auth_info())
|
|
for node in asset.nodes.all():
|
|
info["groups"].append(node.value)
|
|
for label in asset.labels.all():
|
|
info["vars"].update({
|
|
label.name: label.value
|
|
})
|
|
info["groups"].append("{}:{}".format(label.name, label.value))
|
|
if asset.domain:
|
|
info["vars"].update({
|
|
"domain": asset.domain.name,
|
|
})
|
|
info["groups"].append("domain_"+asset.domain.name)
|
|
return info
|
|
|
|
def get_run_user_info(self, host):
|
|
from assets.backends.multi import AssetUserManager
|
|
|
|
if not self.run_as:
|
|
return {}
|
|
|
|
try:
|
|
asset = self.assets.get(id=host.get('id'))
|
|
run_user = AssetUserManager.get(self.run_as, asset)
|
|
except Exception as e:
|
|
logger.error(e, exc_info=True)
|
|
return {}
|
|
else:
|
|
return run_user._to_secret_json()
|
|
|
|
@staticmethod
|
|
def make_proxy_command(asset):
|
|
gateway = asset.domain.random_gateway()
|
|
proxy_command_list = [
|
|
"ssh", "-p", str(gateway.port),
|
|
"-o", "StrictHostKeyChecking=no",
|
|
"{}@{}".format(gateway.username, gateway.ip),
|
|
"-W", "%h:%p", "-q",
|
|
]
|
|
|
|
if gateway.password:
|
|
proxy_command_list.insert(
|
|
0, "sshpass -p '{}'".format(gateway.password)
|
|
)
|
|
if gateway.private_key:
|
|
proxy_command_list.append("-i {}".format(gateway.private_key_file))
|
|
|
|
proxy_command = "'-o ProxyCommand={}'".format(
|
|
" ".join(proxy_command_list)
|
|
)
|
|
return {"ansible_ssh_common_args": proxy_command}
|