def post(self, request, *args, **kwargs):
request_data = request.data.get('data', {})
validator = CreateDepartmentMembersValidator(data=request_data)
if not validator.is_valid():
return Response(console_response(code=1, msg=validator.errors))
department_id = validator.validated_data.get('department_id')
member_type = validator.validated_data.get('member_type')
validator = self.get_create_member_validator(member_type)(
data=request_data)
if not validator.is_valid():
return Response(console_response(code=1, msg=validator.errors))
member_info = validator.validated_data.get('member_info')
member, error = AccountService.create(**member_info)
if error:
return Response(
console_response(code=1, ret_set={},
msg='成员创建失败' + str(error)))
elif DepartmentMemberService.join([member.user], department_id):
# 创建成功 就加入到指定部门
if member.type in AccountType.FINANCE_TYPES:
permission_group_id_list = validator.validated_data.get(
'permission_group_id_list')
new_member = AccountService.get_by_owner(member.user)
groups = PermissionGroupService.gets(permission_group_id_list)
count = UserPermissionService.append_groups(new_member, groups)
ret_set = DepartmentMemberService.to_dict(new_member)
if count == len(permission_group_id_list):
# create_payload = {
# "owner": member.user.username,
# "zone": request_data.get("zone", "bj")
# }
# create_resp = create_base_net(create_payload)
# if create_resp.get("ret_code"):
# return Response(console_response(code=1, msg="创建成员子网失败"))
# ret_set["sub_net"] = create_resp.get("ret_set")[0]
#
return Response(console_response(ret_set=ret_set))
else:
return Response(
console_response(code=1,
ret_set=ret_set,
msg='成员初始化权限失败'))
elif member.type in AccountType.PORTAL_TYPES:
new_member = AccountService.get_by_owner(member.user)
ret_set = DepartmentMemberService.to_dict(new_member)
return Response(console_response(ret_set=ret_set))
else:
AccountService.delete_by_username(member.user.username,
really_delete=True)
return Response(
console_response(code=1, ret_set={}, msg='成员加入部门失败'))
def update(cls, member_id, update_info):
"""
根据给定的用户信息
:param member_id
:param update_info: 一个包含更新信息的dict
:return:
"""
try:
account = AccountService.get_by_owner(member_id)
AccountService.update(account, update_dict=update_info)
return AccountService.get_by_owner(member_id)
except Exception as e:
logger.error(e.message)
return None
def create_waf_service(payload):
"""
新建waf站点
发送新建请求
存入数据库
:param payload:
:return:
"""
owner = payload.pop("owner")
zone = payload.pop("zone")
domain = payload.get("domain")
payload["ips"] = [item.encode() for item in payload.pop("ips")]
smc_ip, smc_port = get_smc_info()
create_code, create_msg = create_waf_site(smc_ip, smc_port, payload)
if create_code:
return console_response(code=1, msg=create_msg)
user = AccountService.get_by_owner(owner).user
zone = ZoneModel.get_zone_by_name(zone)
try:
WafServiceModel(waf_domain=domain, user=user, zone=zone).save()
action_record = dict(
domain=domain
)
return console_response(action_record=action_record)
except Exception as exc:
logger.error("save domain error, %s", exc)
return console_response(code=1, msg=exc.message)
def uninstall_app_one(payload):
"""
卸载应用
:param payload:
:return:
"""
owner = payload.get("owner")
zone = payload.get("zone")
app_name = payload.get("app_name")
# 根据应用采取操作
if app_name == "waf":
pass
# 删除MQ数据库中的用户信息
elif app_name == "mq":
user_model = AccountService.get_by_owner(owner).user
name = user_model.account.email
sql_data = dict(
name=name
)
# sql = KAFKA_MQ_DB_SQL_DELETE % sql_data
conn, cur = mysql_connect(KAFKA_MQ_DB_HOST, KAFKA_MQ_DB_NAME, KAFKA_MQ_DB_USER, KAFKA_MQ_DB_PASSWORD, port=int(KAFKA_MQ_DB_PORT))
code = mysql_execute(conn, cur, KAFKA_MQ_DB_SQL_DELETE, sql_data)
if code:
return console_response(code=1, msg=u"卸载失败")
elif app_name == "mysql":
pass
elif app_name == "oracle":
pass
else:
return console_response(code=1, msg=u"应用名称错误")
# 数据库操作
uninstall_code = AppstoreService.uninstall_one_app(app_name, zone, owner)
action_record = dict(app_name=app_name)
return console_response(code=uninstall_code, action_record=action_record)
def record_action(service, req_data, resp_data):
owner = req_data.get("owner")
zone = req_data.get("zone")
action = req_data.get("action")
# Get User info
account = AccountService.get_by_owner(owner)
if account is None:
return None, "invalid account %s" % owner
if not should_recorded(action):
return None, None
action_data = get_action_data(action, req_data, resp_data)
inst, error = ConsoleRecord.create(
username=account.user.username,
name=service,
nickname=account.nickname,
service=action_data["service"],
action=action_data["type"],
action_detail=action_data["action_detail"],
status=action_data["status"],
zone=zone,
extra_info=action_data["msg"])
return inst, error
def get_all_apps(cls, owner, zone):
"""
获取当前zone当前用户下app状态
:param owner:
:param zone:
:return:
"""
user_model = AccountService.get_by_owner(owner).user
zone_model = ZoneModel.get_zone_by_name(zone)
all_app = AppStoreModel.objects.filter(app_zone=zone_model).all()
app_users = AppUserModel.objects.filter(app_users__in=(user_model, ), app_app__app_zone=zone_model).all()
apps_installed = list()
for app in app_users:
apps_installed.extend(app.app_app.all())
dict_apps = defaultdict(dict)
for app in all_app:
dict_one_app = dict()
if app in apps_installed:
dict_one_app["installed"] = True
app_user = app_users.filter(app_app=app).first()
dict_one_app["status"] = app_user.app_status
dict_one_app["version"] = app.app_version
dict_one_app["publisher"] = app.app_publisher
if app.app_name == "mq":
dict_one_app["mq_host"] = KAFKA_MQ_HOST
dict_apps[app.app_name] = dict_one_app
continue
dict_one_app["installed"] = False
dict_one_app["status"] = None
dict_one_app["version"] = app.app_version
dict_one_app["publisher"] = app.app_publisher
dict_apps[app.app_name] = dict_one_app
return dict_apps
def get(cls, member_id):
"""
返回一个Account 实例
:param member_id: username
:return:
"""
account = AccountService.get_by_owner(member_id)
return account
def handle(self, request, uid=None, nodes=None, operable=False):
user = uid and AccountService.get_by_owner(uid)
default = dict(zip(nodes, [False] * len(nodes)))
allows = UserPermissionService.check_node_permissions(
user=user or request.user.account,
node_ids=nodes,
operable=operable)
default.update(dict(zip(nodes, allows)))
return default
def _create_system_account(self, username):
if not AccountService.get_by_owner(username):
logger.debug('create owner')
AccountService.create(
username=username,
account_type=AccountType.NORMAL,
email='*****@*****.**' % (username),
password=username,
phone='18511076831',
name=username,
)
def list(cls, payload):
data = payload.get('data')
owner = data.get('owner')
zone = data.get('zone')
zone_model = ZoneModel.get_zone_by_name(zone)
account = AccountService.get_by_owner(owner)
jumper_instance_set = InstancesModel.get_instances_by_owner(
owner, zone).filter(role="jumpserver", deleted=1, destroyed=0)
jumper_detail_list, total_count = InstanceService.render_with_detail(
jumper_instance_set, account, zone_model)
return console_response(code=0, ret_set=jumper_detail_list)
def handle(self, request, uid=None, permissions=None):
user = uid and AccountService.get_by_owner(uid)
default = dict(zip(permissions, [False] * len(permissions)))
permissions = PermissionService.gets(permissions)
allows = UserPermissionService.check_permissions(
user=user or request.user.account, permissions=permissions)
default.update({
permission.id: allows[offset]
for offset, permission in enumerate(permissions)
})
return default
def post(self, request, *args, **kwargs):
form = DescribeInstanceGroupSerializer(data=request.data)
if not form.is_valid():
return Response(
console_response(CommonErrorCode.PARAMETER_ERROR, form.errors))
owner = form.validated_data['owner']
zone_name = form.validated_data['zone']
account = AccountService.get_by_owner(owner)
zone = ZoneModel.get_zone_by_name(zone_name)
groups = InstanceGroupService.mget_by_account(account, zone)
groups = [_.to_dict() for _ in groups]
return old_restful_response(0, "succ", len(groups), groups)
def uninstall_one_app(cls, app_name, zone, owner):
"""
卸载应用
:param app_name:
:param zone:
:param owner:
:return:
"""
user_model = AccountService.get_by_owner(owner).user
zone_model = ZoneModel.get_zone_by_name(zone)
try:
app = AppStoreModel.objects.filter(app_name=app_name, app_zone=zone_model)
app_user_model = AppUserModel.objects.get(app_app=app, app_users=user_model)
app_user_model.delete()
except Exception as exc:
logger.error("uninstall_one_app get exception: %s", exc)
return 1
return 0
def post(self, request, *args, **kwargs):
form = CreateInstanceGroupSerializer(data=request.data)
if not form.is_valid():
return old_restful_response(CommonErrorCode.PARAMETER_ERROR,
form.errors)
name = form.validated_data["name"]
owner = form.validated_data['owner']
zone_name = form.validated_data['zone']
account = AccountService.get_by_owner(owner)
zone = ZoneModel.get_zone_by_name(zone_name)
if InstanceGroupService.get_by_name(account, zone, name) is not None:
return old_restful_response(CommonErrorCode.PARAMETER_ERROR,
u'业务组%s已存在' % (name))
InstanceGroupService.create(account, zone, name)
return old_restful_response()
def add_default_alarm(zone, owner, tpe, targets, rules):
from .helper import create_alarm
account = AccountService.get_by_owner(owner)
nfg_id = ensure_notify_group(zone, owner, 'only-%s' % account.name)
if not nfg_id:
logger.warning('ensure_notify_group fail')
return False
if not ensure_member_in_notify_group(zone, owner, nfg_id, account.name,
account.phone, account.email):
logger.warning('ensure_member_in_notify_group fail')
return False
payload = {
'zone':
zone,
'owner':
owner,
'name':
'default-%s' % get_random_string(settings.NAME_ID_LENGTH),
'type':
tpe,
'period':
5,
'trigger': [{
'item': item,
'condition': condition,
'threshold': threshold,
'continuous_time': continuous
} for item, condition, threshold, continuous in rules],
'resource':
targets,
'notify_at':
'alarm,restore',
'group_id':
nfg_id,
'method':
'email,message'
}
ret = create_alarm(payload)
return 0 == ret['ret_code']
def install_one_app(cls, app_name, zone, owner, app_status="in_use"):
"""
安装应用
:param app_name:
:param zone:
:param owner:
:param app_status:
:return:
"""
user_model = AccountService.get_by_owner(owner).user
zone_model = ZoneModel.get_zone_by_name(zone)
app = AppStoreModel.objects.get(app_name=app_name, app_zone=zone_model)
try:
app_user_model = AppUserModel(app_status=app_status)
app_user_model.save()
app_user_model.app_app.add(app)
app_user_model.app_users.add(user_model)
app_user_model.save()
except Exception as exc:
logger.error("install_one_app get exception: %s", exc)
return 1
return 0
def change_one_app_status(cls, app_name, zone, owner, app_status):
"""
修改应用状态
:param app_name:
:param zone:
:param owner:
:param app_status:
:return:
"""
if not app_status:
return 0
user_model = AccountService.get_by_owner(owner).user
zone_model = ZoneModel.get_zone_by_name(zone)
app = AppStoreModel.objects.filter(app_name=app_name, app_zone=zone_model)
try:
app_user_model = AppUserModel.objects.get(app_app=app, app_users=user_model)
app_user_model.app_status = app_status
app_user_model.save()
except Exception as exc:
logger.error("change_one_app_status get exception: %s", exc)
return 1
return 0
def handle(self, request, uid=None, offset=0, limit=0):
user = uid and AccountService.get_by_owner(uid)
return UserPermissionService.get_groups(user or request.user.account,
offset, limit)
def get_author(self, obj):
return AccountService.get_by_owner(obj.author).name
def handle(self, request, uid=None, node_id=None, node_name=None):
creator = uid and AccountService.get_by_owner(uid)
return PermissionService.create_ticket_node_permission(
creator=creator or request.user.account,
node_id=node_id,
node_name=node_name)
def post(self, request, *args, **kwargs):
serializer = ListTrashInstancesSerializer(data=request.data)
if not serializer.is_valid():
return Response(
console_response(code=CommonErrorCode.PARAMETER_ERROR,
msg=serializer.errors))
serializer_data = serializer.data
zone_name = serializer_data.get('zone')
zone = ZoneModel.get_zone_by_name(zone_name)
username = serializer_data.get('owner')
account = AccountService.get_by_owner(username)
limit = serializer_data.get('limit')
offset = serializer_data.get('offset')
availability_zone = serializer_data.get('availability_zone')
search_key = serializer_data.get('search_key')
if not search_key:
search_key = None
instances = InstanceTrash.objects.filter(
user=account.user, zone=zone,
delete_state=InstanceTrash.DROPPED).order_by(
'-create_time').values('instance_id')
logger.info('Instances query from DB: %s', instances)
instance_list = []
for ins in instances:
instance_id = ins['instance_id']
ins_obj_list = InstancesModel.objects.filter(
instance_id=instance_id,
deleted=True,
vhost_type=availability_zone)
if ins_obj_list.count() == 1:
instance_list.append(ins_obj_list[0])
start = None
end = None
if limit is not None:
start = limit * (offset - 1)
end = start + limit
instances, total_count = InstanceService.render_with_detail(
instance_list,
account,
zone,
start,
end,
vm_type=availability_zone,
)
logger.info('Instances query from OSAPI: %s', instances)
ret_set = []
for ins in instances:
ins_id = ins['instance_id']
ins['dropped_time'] = InstanceTrash.objects.get(
instance_id=ins_id).dropped_time
if search_key is not None:
for item in ins.values():
if search_key in str(item):
if ins not in ret_set:
ret_set.append(ins)
else:
ret_set.append(ins)
total_count = len(ret_set)
if limit is not None:
total_page = (total_count + limit - 1) / limit
else:
total_page = 1
return Response(
console_response(0,
"succ",
total_count,
ret_set,
total_page=total_page))
def handle(self, request, uid=None, node_id=None):
user = uid and AccountService.get_by_owner(uid)
return PermissionService.delete_ticket_node_permission(
user=user or request.user.account, node_id=node_id)
def handle(self, request, uid=None, offset=0, limit=0):
user = uid and AccountService.get_by_owner(uid)
count, full = PermissionGroupService.get_all()
exists = UserPermissionService.get_groups(user or request.user.account,
offset, limit)
return filters(full, exists, offset, limit)
def post(self, request, *args, **kwargs):
DEBUG_INFO = '''
TOTAL_TIME ===> {total_spent}
GET_INSTANCE_BASE_INFO_SPENT ===> {instance_base_spent}
RENDER_WITH_DETAIL_SPENT ===> {render_detail_spent}
'''
instance_id_list = []
total_count = 0
with Timer() as total_spent:
form = DescribeInstancesValidator(data=request.data)
if not form.is_valid():
return old_restful_response(CommonErrorCode.PARAMETER_ERROR,
form.errors)
params = form.validated_data
zone_name = params['zone']
zone = ZoneModel.get_zone_by_name(zone_name) or 'bj'
username = params['owner']
account = AccountService.get_by_owner(username)
app_system_id = params.get('app_system_id')
# FIXME 去掉instance_id 参数
instance_id = params.get('instance_id')
instance_ids = params.get('instance_ids', [])
limit = params.get('limit')
offset = params.get('offset')
vhost_type = params.get('vhost_type')
instance_ids = instance_ids or [instance_id]
instance_ids = filter(None, instance_ids)
search_item = params.get('search_instance')
with Timer() as instance_base_spent:
if search_item:
instance_id_list = self._get_instances_by_search_item(
search_item, vhost_type)
elif instance_ids:
instance_id_list = self._get_instances_by_ids(instance_ids)
elif vhost_type:
instance_id_list = self._get_instances_by_vhost_type(
account.user, vhost_type).filter(deleted=False)
elif app_system_id:
# 根据应用系统筛选
instance_id_list = self._get_instances_by_app_system_id(
app_system_id)
# 根据操作系统类型
else:
instance_id_list = self._get_instances_by_user(
account.user, zone).filter(deleted=False)
logger.info('Instances query from DB: %s', instance_id_list)
# console_instance_id = [item.instance_id for item in instance_id_list]
start = None
end = None
if limit is not None:
start = limit * (offset - 1)
end = start + limit
with Timer() as render_detail_spent:
ori_instances, ori_total_count = InstanceService.render_with_detail(
instance_id_list,
account,
zone,
start=None,
end=None,
vm_type=vhost_type)
logger.info('Instances query from OSAPI: %s', ori_instances)
instances = list()
# osapi_instance_id = list()
for instance in ori_instances:
# osapi_instance_id.append(instance.get("instance_id"))
if instance.get(
'hyper_type'
) == 'POWERVM' and settings.USE_POWERVM_HMC or instance.get(
'hyper_type') == 'AIX':
instances.append(instance)
continue
image_name = instance.get("image", {}).get("image_name", '')
if image_name.find("fortress") >= 0 or image_name.find(
"waf") >= 0:
continue
instances.append(instance)
logger.info('Instances after filter: %s', instances)
total_count = len(instances)
instances = instances[start:end]
#
# # instance数据一致性
# rest_instance_id = set(console_instance_id) - set(osapi_instance_id)
# for need_delete_id in rest_instance_id:
# try:
# InstancesModel.delete_instance(need_delete_id, is_delete=False)
# except Exception as exce:
# logger.error("sync data in instance error %s", exce.message)
#
if limit is not None:
total_page = (total_count + limit - 1) / limit
else:
total_page = 1
logger.debug(
DEBUG_INFO.format(total_spent=total_spent,
instance_base_spent=instance_base_spent,
render_detail_spent=render_detail_spent))
return old_restful_response(0,
"succ",
len(instances),
instances,
total_page=total_page)
def handle(self, request, uid=None, groups=None):
user = uid and AccountService.get_by_owner(uid)
groups = PermissionGroupService.gets(groups)
return UserPermissionService.update_groups(
user or request.user.account, groups)
def get_lessee_name(self, obj):
account = AccountService.get_by_owner(obj.lessee_id)
return account and account.name or '-'