def post(self, request, *args, **kwargs): request_data = request.data.get('data', {}) validator = CreateDepartmentMembersValidator(data=request_data) if not validator.is_valid(): return Response(console_response(code=1, msg=validator.errors)) department_id = validator.validated_data.get('department_id') member_type = validator.validated_data.get('member_type') validator = self.get_create_member_validator(member_type)( data=request_data) if not validator.is_valid(): return Response(console_response(code=1, msg=validator.errors)) member_info = validator.validated_data.get('member_info') member, error = AccountService.create(**member_info) if error: return Response( console_response(code=1, ret_set={}, msg='成员创建失败' + str(error))) elif DepartmentMemberService.join([member.user], department_id): # 创建成功 就加入到指定部门 if member.type in AccountType.FINANCE_TYPES: permission_group_id_list = validator.validated_data.get( 'permission_group_id_list') new_member = AccountService.get_by_owner(member.user) groups = PermissionGroupService.gets(permission_group_id_list) count = UserPermissionService.append_groups(new_member, groups) ret_set = DepartmentMemberService.to_dict(new_member) if count == len(permission_group_id_list): # create_payload = { # "owner": member.user.username, # "zone": request_data.get("zone", "bj") # } # create_resp = create_base_net(create_payload) # if create_resp.get("ret_code"): # return Response(console_response(code=1, msg="创建成员子网失败")) # ret_set["sub_net"] = create_resp.get("ret_set")[0] # return Response(console_response(ret_set=ret_set)) else: return Response( console_response(code=1, ret_set=ret_set, msg='成员初始化权限失败')) elif member.type in AccountType.PORTAL_TYPES: new_member = AccountService.get_by_owner(member.user) ret_set = DepartmentMemberService.to_dict(new_member) return Response(console_response(ret_set=ret_set)) else: AccountService.delete_by_username(member.user.username, really_delete=True) return Response( console_response(code=1, ret_set={}, msg='成员加入部门失败'))
def _create_system_account(self, username): if not AccountService.get_by_owner(username): logger.debug('create owner') AccountService.create( username=username, account_type=AccountType.NORMAL, email='*****@*****.**' % (username), password=username, phone='18511076831', name=username, )
def remove(cls, member_id_list): """ 删除用户 :param member_id_list: username 的列表 :return: """ try: for member_id in member_id_list: AccountService.delete_by_username(member_id) # delete_user_base_net(member_id) return True except Exception as e: logger.error(e.message) return False
def update(cls, member_id, update_info): """ 根据给定的用户信息 :param member_id :param update_info: 一个包含更新信息的dict :return: """ try: account = AccountService.get_by_owner(member_id) AccountService.update(account, update_dict=update_info) return AccountService.get_by_owner(member_id) except Exception as e: logger.error(e.message) return None
def uninstall_app_one(payload): """ 卸载应用 :param payload: :return: """ owner = payload.get("owner") zone = payload.get("zone") app_name = payload.get("app_name") # 根据应用采取操作 if app_name == "waf": pass # 删除MQ数据库中的用户信息 elif app_name == "mq": user_model = AccountService.get_by_owner(owner).user name = user_model.account.email sql_data = dict( name=name ) # sql = KAFKA_MQ_DB_SQL_DELETE % sql_data conn, cur = mysql_connect(KAFKA_MQ_DB_HOST, KAFKA_MQ_DB_NAME, KAFKA_MQ_DB_USER, KAFKA_MQ_DB_PASSWORD, port=int(KAFKA_MQ_DB_PORT)) code = mysql_execute(conn, cur, KAFKA_MQ_DB_SQL_DELETE, sql_data) if code: return console_response(code=1, msg=u"卸载失败") elif app_name == "mysql": pass elif app_name == "oracle": pass else: return console_response(code=1, msg=u"应用名称错误") # 数据库操作 uninstall_code = AppstoreService.uninstall_one_app(app_name, zone, owner) action_record = dict(app_name=app_name) return console_response(code=uninstall_code, action_record=action_record)
def create_waf_service(payload): """ 新建waf站点 发送新建请求 存入数据库 :param payload: :return: """ owner = payload.pop("owner") zone = payload.pop("zone") domain = payload.get("domain") payload["ips"] = [item.encode() for item in payload.pop("ips")] smc_ip, smc_port = get_smc_info() create_code, create_msg = create_waf_site(smc_ip, smc_port, payload) if create_code: return console_response(code=1, msg=create_msg) user = AccountService.get_by_owner(owner).user zone = ZoneModel.get_zone_by_name(zone) try: WafServiceModel(waf_domain=domain, user=user, zone=zone).save() action_record = dict( domain=domain ) return console_response(action_record=action_record) except Exception as exc: logger.error("save domain error, %s", exc) return console_response(code=1, msg=exc.message)
def record_action(service, req_data, resp_data): owner = req_data.get("owner") zone = req_data.get("zone") action = req_data.get("action") # Get User info account = AccountService.get_by_owner(owner) if account is None: return None, "invalid account %s" % owner if not should_recorded(action): return None, None action_data = get_action_data(action, req_data, resp_data) inst, error = ConsoleRecord.create( username=account.user.username, name=service, nickname=account.nickname, service=action_data["service"], action=action_data["type"], action_detail=action_data["action_detail"], status=action_data["status"], zone=zone, extra_info=action_data["msg"]) return inst, error
def get_all_apps(cls, owner, zone): """ 获取当前zone当前用户下app状态 :param owner: :param zone: :return: """ user_model = AccountService.get_by_owner(owner).user zone_model = ZoneModel.get_zone_by_name(zone) all_app = AppStoreModel.objects.filter(app_zone=zone_model).all() app_users = AppUserModel.objects.filter(app_users__in=(user_model, ), app_app__app_zone=zone_model).all() apps_installed = list() for app in app_users: apps_installed.extend(app.app_app.all()) dict_apps = defaultdict(dict) for app in all_app: dict_one_app = dict() if app in apps_installed: dict_one_app["installed"] = True app_user = app_users.filter(app_app=app).first() dict_one_app["status"] = app_user.app_status dict_one_app["version"] = app.app_version dict_one_app["publisher"] = app.app_publisher if app.app_name == "mq": dict_one_app["mq_host"] = KAFKA_MQ_HOST dict_apps[app.app_name] = dict_one_app continue dict_one_app["installed"] = False dict_one_app["status"] = None dict_one_app["version"] = app.app_version dict_one_app["publisher"] = app.app_publisher dict_apps[app.app_name] = dict_one_app return dict_apps
def handle(self, *args, **options): self.stdout.write("Create a admin_ account:") self.stdout.flush() email = raw_input("Input your email:") if not email: logger.info("Email should not be empty") sys.exit(1) password = raw_input("Input your password:"******"Password should not be empty") sys.exit(1) phone = raw_input("Input your cell phone:") if not phone: logger.info("Cell phone should not be empty") sys.exit(1) account, error = AccountService.create( email=email, password=password, phone=phone, name=email[:email.find('@')], account_type=AccountType.HANKOU, ) if error is not None: logger.error("Create admin_ account failed, %s" % error) sys.exit(1) account.user.is_superuser = True account.user.save() logger.info("Create admin_ account successful!")
def handle(self, request, gid=None, members=None): usernames, department_ids = split_username_and_department_id(members) group = PermissionGroupService.get(gid) members = list(AccountService.get_by_usernames(usernames)) for department_id in department_ids: members.extend(DepartmentService.get_members(department_id)) return PermissionGroupService.update_users(group=group, users=members)
def get(cls, member_id): """ 返回一个Account 实例 :param member_id: username :return: """ account = AccountService.get_by_owner(member_id) return account
def handle(self, request, uid=None, nodes=None, operable=False): user = uid and AccountService.get_by_owner(uid) default = dict(zip(nodes, [False] * len(nodes))) allows = UserPermissionService.check_node_permissions( user=user or request.user.account, node_ids=nodes, operable=operable) default.update(dict(zip(nodes, allows))) return default
def list(cls, payload): data = payload.get('data') owner = data.get('owner') zone = data.get('zone') zone_model = ZoneModel.get_zone_by_name(zone) account = AccountService.get_by_owner(owner) jumper_instance_set = InstancesModel.get_instances_by_owner( owner, zone).filter(role="jumpserver", deleted=1, destroyed=0) jumper_detail_list, total_count = InstanceService.render_with_detail( jumper_instance_set, account, zone_model) return console_response(code=0, ret_set=jumper_detail_list)
def handle(self, request, uid=None, permissions=None): user = uid and AccountService.get_by_owner(uid) default = dict(zip(permissions, [False] * len(permissions))) permissions = PermissionService.gets(permissions) allows = UserPermissionService.check_permissions( user=user or request.user.account, permissions=permissions) default.update({ permission.id: allows[offset] for offset, permission in enumerate(permissions) }) return default
def setUp(self): telphone = 18901177755 self.creator = AccountService.create( '*****@*****.**', 'admin', telphone )[0] self.users = [ AccountService.create( '*****@*****.**' % (i + 1), 'admin', telphone + i + 1 )[0] for i in range(16) ] self.permissions = list() for i in range(16): permission = Permission(name='UnitTest-Permission-%02d' % (i + 1)) permission.save() self.permissions.append(permission) super(BasePermissionHelperTestCase, self).setUp()
def post(self, request, *args, **kwargs): request_data = request.data.get('data', {}) validator = ChangeDepartmentValidator(data=request_data) if not validator.is_valid(): return Response(console_response(code=1, msg=validator.errors)) department_id = validator.validated_data.get('department_id') member_list = validator.validated_data.get('member_list') accounts = AccountService.get_all_by_owner(member_list) members = [account.user for account in accounts] ret_set = DepartmentMemberService.join(members, department_id) return Response(console_response(ret_set=ret_set))
def post(self, request, *args, **kwargs): form = DescribeInstanceGroupSerializer(data=request.data) if not form.is_valid(): return Response( console_response(CommonErrorCode.PARAMETER_ERROR, form.errors)) owner = form.validated_data['owner'] zone_name = form.validated_data['zone'] account = AccountService.get_by_owner(owner) zone = ZoneModel.get_zone_by_name(zone_name) groups = InstanceGroupService.mget_by_account(account, zone) groups = [_.to_dict() for _ in groups] return old_restful_response(0, "succ", len(groups), groups)
def setUp(self): super(AbstractTestCase, self).setUp() zone = ZoneModel.objects.first() self.zone = zone.name email = '*****@*****.**' password = '******' phone = '106900810045' name = '单元测试' account, err = AccountService.create(email, password, phone, name=name) account.save() self.account = account self.owner = account.user.username self.client = Client(enforce_csrf_checks=False) self.client.login(username=account.user.username, password=password)
def uninstall_one_app(cls, app_name, zone, owner): """ 卸载应用 :param app_name: :param zone: :param owner: :return: """ user_model = AccountService.get_by_owner(owner).user zone_model = ZoneModel.get_zone_by_name(zone) try: app = AppStoreModel.objects.filter(app_name=app_name, app_zone=zone_model) app_user_model = AppUserModel.objects.get(app_app=app, app_users=user_model) app_user_model.delete() except Exception as exc: logger.error("uninstall_one_app get exception: %s", exc) return 1 return 0
def sync_quota(resource, owner, zone): owner = AccountService.get_user_by_name(owner) zone = ZoneModel.get_zone_by_name(zone) update_map = get_usage(resource, owner, zone) for quota_type, used in update_map.items(): try: # quota_model = QuotaModel.objects.filter(user=owner, zone=zone, quota_type=quota_type).first() # if not quota_model: # old_quota_model = QuotaModel.objects.filter(user=owner, quota_type=quota_type).first() # capacity = old_quota_model.capacity # quota_model = QuotaModel(user=owner, zone=zone, quota_type=quota_type, capacity=capacity) # quota_model.used = used # quota_model.save() QuotaModel.objects.update_or_create(user=owner, zone=zone, quota_type=quota_type, defaults={'used': used}) except Exception as exc: logger.debug("sync_quota exception happened %s ", exc.message)
def post(self, request, *args, **kwargs): form = CreateInstanceGroupSerializer(data=request.data) if not form.is_valid(): return old_restful_response(CommonErrorCode.PARAMETER_ERROR, form.errors) name = form.validated_data["name"] owner = form.validated_data['owner'] zone_name = form.validated_data['zone'] account = AccountService.get_by_owner(owner) zone = ZoneModel.get_zone_by_name(zone_name) if InstanceGroupService.get_by_name(account, zone, name) is not None: return old_restful_response(CommonErrorCode.PARAMETER_ERROR, u'业务组%s已存在' % (name)) InstanceGroupService.create(account, zone, name) return old_restful_response()
def search_cfg_history(payload): type = payload.get('type') id = payload.get('id') items = CfgRecordModel.objects.filter( model=type, rid=id).order_by('create_datetime').reverse() uids = set() for record in items: if record.applicant: uids.add(record.applicant) if record.approve: uids.add(record.approve) accounts = AccountService.get_all_by_owner(uids) names = {account.user.username: account.name for account in accounts} dicts = CfgRecordSerializer(items, many=True).data for item in dicts: applicant = item['applicant'] item['applicant'] = names.get(applicant, applicant) approve = item['approve'] item['approve'] = names.get(approve, approve) return console_response(total_count=len(items), ret_set=dicts)
def add_default_alarm(zone, owner, tpe, targets, rules): from .helper import create_alarm account = AccountService.get_by_owner(owner) nfg_id = ensure_notify_group(zone, owner, 'only-%s' % account.name) if not nfg_id: logger.warning('ensure_notify_group fail') return False if not ensure_member_in_notify_group(zone, owner, nfg_id, account.name, account.phone, account.email): logger.warning('ensure_member_in_notify_group fail') return False payload = { 'zone': zone, 'owner': owner, 'name': 'default-%s' % get_random_string(settings.NAME_ID_LENGTH), 'type': tpe, 'period': 5, 'trigger': [{ 'item': item, 'condition': condition, 'threshold': threshold, 'continuous_time': continuous } for item, condition, threshold, continuous in rules], 'resource': targets, 'notify_at': 'alarm,restore', 'group_id': nfg_id, 'method': 'email,message' } ret = create_alarm(payload) return 0 == ret['ret_code']
def change_one_app_status(cls, app_name, zone, owner, app_status): """ 修改应用状态 :param app_name: :param zone: :param owner: :param app_status: :return: """ if not app_status: return 0 user_model = AccountService.get_by_owner(owner).user zone_model = ZoneModel.get_zone_by_name(zone) app = AppStoreModel.objects.filter(app_name=app_name, app_zone=zone_model) try: app_user_model = AppUserModel.objects.get(app_app=app, app_users=user_model) app_user_model.app_status = app_status app_user_model.save() except Exception as exc: logger.error("change_one_app_status get exception: %s", exc) return 1 return 0
def install_one_app(cls, app_name, zone, owner, app_status="in_use"): """ 安装应用 :param app_name: :param zone: :param owner: :param app_status: :return: """ user_model = AccountService.get_by_owner(owner).user zone_model = ZoneModel.get_zone_by_name(zone) app = AppStoreModel.objects.get(app_name=app_name, app_zone=zone_model) try: app_user_model = AppUserModel(app_status=app_status) app_user_model.save() app_user_model.app_app.add(app) app_user_model.app_users.add(user_model) app_user_model.save() except Exception as exc: logger.error("install_one_app get exception: %s", exc) return 1 return 0
def get_all_items(cls, keyword=None, zone=None, page_index=1, page_size=0, deleted=False): zone = ZoneModel.get_zone_by_name(zone) query = cls.objects.filter(zone=zone, deleted=deleted) if cls.SEARCH_FIELDS and keyword: queries = list() accounts = AccountService.search_by_name(keyword) if accounts: usernames = [ account.user.username for account in accounts ] queries.append(Q(man__in=usernames)) for field in cls.SEARCH_FIELDS: kwargs = dict() key = '%s__contains' % field kwargs[key] = keyword queries.append(Q(**kwargs)) search = queries.pop() for item in queries: search |= item query = query.filter(search) all_items = query.order_by('-create_datetime') return all_items[(page_index - 1) * page_size:page_index * page_size or None], len(all_items)
def consume_quota(resource, owner, zone, req_data): owner = AccountService.get_user_by_name(owner) zone = ZoneModel.get_zone_by_name(zone) used = get_usage(resource, owner, zone) total = get_total(resource, owner, zone) needs = get_needs(resource, req_data) unenough_quotas = [] for resource_type in needs: if needs[resource_type] + used[resource_type] > total[resource_type]: unenough_quotas.append(resource_type) if len(unenough_quotas) > 0: return False, unenough_quotas else: for quota_type, need in needs.items(): new_used = needs[resource_type] + used[resource_type] QuotaModel.objects.update_or_create(user=owner, zone=zone, quota_type=quota_type, defaults={'used': new_used}) return True, []
def get_author(self, obj): return AccountService.get_by_owner(obj.author).name
def post(self, request, *args, **kwargs): serializer = ListTrashInstancesSerializer(data=request.data) if not serializer.is_valid(): return Response( console_response(code=CommonErrorCode.PARAMETER_ERROR, msg=serializer.errors)) serializer_data = serializer.data zone_name = serializer_data.get('zone') zone = ZoneModel.get_zone_by_name(zone_name) username = serializer_data.get('owner') account = AccountService.get_by_owner(username) limit = serializer_data.get('limit') offset = serializer_data.get('offset') availability_zone = serializer_data.get('availability_zone') search_key = serializer_data.get('search_key') if not search_key: search_key = None instances = InstanceTrash.objects.filter( user=account.user, zone=zone, delete_state=InstanceTrash.DROPPED).order_by( '-create_time').values('instance_id') logger.info('Instances query from DB: %s', instances) instance_list = [] for ins in instances: instance_id = ins['instance_id'] ins_obj_list = InstancesModel.objects.filter( instance_id=instance_id, deleted=True, vhost_type=availability_zone) if ins_obj_list.count() == 1: instance_list.append(ins_obj_list[0]) start = None end = None if limit is not None: start = limit * (offset - 1) end = start + limit instances, total_count = InstanceService.render_with_detail( instance_list, account, zone, start, end, vm_type=availability_zone, ) logger.info('Instances query from OSAPI: %s', instances) ret_set = [] for ins in instances: ins_id = ins['instance_id'] ins['dropped_time'] = InstanceTrash.objects.get( instance_id=ins_id).dropped_time if search_key is not None: for item in ins.values(): if search_key in str(item): if ins not in ret_set: ret_set.append(ins) else: ret_set.append(ins) total_count = len(ret_set) if limit is not None: total_page = (total_count + limit - 1) / limit else: total_page = 1 return Response( console_response(0, "succ", total_count, ret_set, total_page=total_page))
def post(self, request, *args, **kwargs): DEBUG_INFO = ''' TOTAL_TIME ===> {total_spent} GET_INSTANCE_BASE_INFO_SPENT ===> {instance_base_spent} RENDER_WITH_DETAIL_SPENT ===> {render_detail_spent} ''' instance_id_list = [] total_count = 0 with Timer() as total_spent: form = DescribeInstancesValidator(data=request.data) if not form.is_valid(): return old_restful_response(CommonErrorCode.PARAMETER_ERROR, form.errors) params = form.validated_data zone_name = params['zone'] zone = ZoneModel.get_zone_by_name(zone_name) or 'bj' username = params['owner'] account = AccountService.get_by_owner(username) app_system_id = params.get('app_system_id') # FIXME 去掉instance_id 参数 instance_id = params.get('instance_id') instance_ids = params.get('instance_ids', []) limit = params.get('limit') offset = params.get('offset') vhost_type = params.get('vhost_type') instance_ids = instance_ids or [instance_id] instance_ids = filter(None, instance_ids) search_item = params.get('search_instance') with Timer() as instance_base_spent: if search_item: instance_id_list = self._get_instances_by_search_item( search_item, vhost_type) elif instance_ids: instance_id_list = self._get_instances_by_ids(instance_ids) elif vhost_type: instance_id_list = self._get_instances_by_vhost_type( account.user, vhost_type).filter(deleted=False) elif app_system_id: # 根据应用系统筛选 instance_id_list = self._get_instances_by_app_system_id( app_system_id) # 根据操作系统类型 else: instance_id_list = self._get_instances_by_user( account.user, zone).filter(deleted=False) logger.info('Instances query from DB: %s', instance_id_list) # console_instance_id = [item.instance_id for item in instance_id_list] start = None end = None if limit is not None: start = limit * (offset - 1) end = start + limit with Timer() as render_detail_spent: ori_instances, ori_total_count = InstanceService.render_with_detail( instance_id_list, account, zone, start=None, end=None, vm_type=vhost_type) logger.info('Instances query from OSAPI: %s', ori_instances) instances = list() # osapi_instance_id = list() for instance in ori_instances: # osapi_instance_id.append(instance.get("instance_id")) if instance.get( 'hyper_type' ) == 'POWERVM' and settings.USE_POWERVM_HMC or instance.get( 'hyper_type') == 'AIX': instances.append(instance) continue image_name = instance.get("image", {}).get("image_name", '') if image_name.find("fortress") >= 0 or image_name.find( "waf") >= 0: continue instances.append(instance) logger.info('Instances after filter: %s', instances) total_count = len(instances) instances = instances[start:end] # # # instance数据一致性 # rest_instance_id = set(console_instance_id) - set(osapi_instance_id) # for need_delete_id in rest_instance_id: # try: # InstancesModel.delete_instance(need_delete_id, is_delete=False) # except Exception as exce: # logger.error("sync data in instance error %s", exce.message) # if limit is not None: total_page = (total_count + limit - 1) / limit else: total_page = 1 logger.debug( DEBUG_INFO.format(total_spent=total_spent, instance_base_spent=instance_base_spent, render_detail_spent=render_detail_spent)) return old_restful_response(0, "succ", len(instances), instances, total_page=total_page)