def perm_role_edit(request, res, *args): """ edit role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑" res['operator'] = path2 # 渲染数据 role_id = request.GET.get("id") role = PermRole.objects.get(id=role_id) role_pass = CRYPTOR.decrypt(role.password) sudo_all = PermSudo.objects.all() role_sudos = role.sudo.all() sudo_all = PermSudo.objects.all() if request.method == "GET": return my_render('permManage/perm_role_edit.html', locals(), request) if request.method == "POST": # 获取 POST 数据 role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [PermSudo.objects.get(id=sudo_id) for sudo_id in role_sudo_names] key_content = request.POST.get("role_key", "") try: if not role: raise ServerError('该系统用户不能存在') if role_name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass # 生成随机密码,生成秘钥对 if key_content: try: key_path = gen_keys(key=key_content, key_path_dir=role.key_path) except SSHException: raise ServerError('输入的密钥不合法') logger.debug('Recreate role key: %s' % role.key_path) # 写入数据库 role.name = role_name role.comment = role_comment role.sudo = role_sudos role.save() msg = u"更新系统用户: %s" % role.name res['content'] = msg return HttpResponseRedirect(reverse('role_list')) except ServerError, e: error = e res['flag'] = 'false' res['content'] = e
def perm_role_add(request, res, *args): """ add role page """ header_title, path1, path2 = "系统用户", "系统用户管理", "添加系统用户" res['operator'] = path2 sudos = PermSudo.objects.all() if request.method == "POST": name = request.POST.get("role_name", "").strip() comment = request.POST.get("role_comment", "") password = request.POST.get("role_password", "") key_content = request.POST.get("role_key", "") sudo_ids = request.POST.getlist('sudo_name') try: if get_object(PermRole, name=name): raise ServerError(u'已经存在该用户 %s' % name) if name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') default = get_object(Setting, name='default') if password: encrypt_pass = CRYPTOR.encrypt(password) else: encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) # 生成随机密码,生成秘钥对 sudos_obj = [get_object(PermSudo, id=sudo_id) for sudo_id in sudo_ids] if key_content: try: key_path = gen_keys(key=key_content) except SSHException, e: raise ServerError(e) else: key_path = gen_keys() logger.debug('generate role key: %s' % key_path) role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path) role.save() role.sudo = sudos_obj msg = u"添加系统用户: %s" % name res['content'] = msg return HttpResponseRedirect(reverse('role_list'))
def perm_role_edit(request, res, *args): """ 编辑系统用户 """ # 渲染数据 res['operator'] = u"编辑系统用户" res['emer_content'] = 6 if request.method == "GET": role_id = request.GET.get("id") role = PermRole.objects.get(id=int(role_id)) if not role: return HttpResponse(u'系统用户不存在') rest = {} rest['Id'] = role.id rest['role_name'] = role.name rest['role_password'] = role.password rest['role_comment'] = role.comment rest['system_groups'] = role.system_groups rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()]) return HttpResponse(json.dumps(rest), content_type='application/json') else: response = {'success': False, 'error': ''} role_id = request.GET.get("id", '') role = PermRole.objects.get(id=int(role_id)) role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [ PermSudo.objects.get(id=int(sudo_id)) for sudo_id in role_sudo_names ] key_content = request.POST.get("role_key", "") sudo_uuids = [item.uuid_id for item in role_sudos] sys_groups = request.POST.get("sys_groups", '').strip() try: if not role: raise ServerError('该系统用户不能存在') if role_name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass role_key_content = "" # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥 # TODO 生成随机密码,生成秘钥对 if key_content: try: key_contents = json.dumps(gen_keys(key=key_content)) role.key_content = key_contents role_key_content = key_contents except SSHException: raise ServerError(u'输入的密钥不合法') # 跟新server上的permrole role.name = role_name role.comment = role_comment role.system_groups = sys_groups role.sudo = role_sudos role.save() # 更新proxy上的permrole data = { 'name': role_name, 'password': role_password, 'comment': role_comment, 'sudo_uuids': sudo_uuids, 'key_content': role_key_content, 'sys_groups': sys_groups } data = json.dumps(data) proxy_list = Proxy.objects.all() execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='update') # TODO 用户操作记录 res['content'] = u"编辑系统用户[%s]成功" % role.name # TODO 告警事件记录 res['emer_status'] = u"编辑系统用户[%s]成功" % role.name # TODO 页面返回信息 response['success'] = True except ServerError, e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"编辑系统用户失败:%s" % (e.message) response['error'] = u"编辑系统用户失败:%s" % (e.message) return HttpResponse(json.dumps(response), content_type='application/json')
def perm_role_add(request, res, *args): """ 添加系统用户 server和proxy上都添加 """ response = {'success': False, 'error': ''} res['operator'] = u"添加系统用户" res['emer_content'] = 6 if request.method == "POST": name = request.POST.get("role_name", "").strip() comment = request.POST.get("role_comment", "") password = request.POST.get("role_password", "") key_content = request.POST.get("role_key", "") sudo_ids = request.POST.getlist('sudo_name') uuid_id = str(uuid.uuid1()) sys_groups = request.POST.get('sys_groups', '').strip() try: if get_object(PermRole, name=name): raise ServerError(u'用户 %s已经存在' % name) if name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if name == "": raise ServerError(u'系统用户名为空') if password: encrypt_pass = CRYPTOR.encrypt(password) else: encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) # 生成随机密码,生成秘钥对 sudos_obj = [ get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids ] sudo_uuids = [item.uuid_id for item in sudos_obj] try: keys_content = json.dumps(gen_keys(key_content)) except Exception, e: raise ServerError(e) # # TODO 将数据保存到magicstack上 role = PermRole.objects.create(uuid_id=uuid_id, name=name, comment=comment, password=encrypt_pass, key_content=keys_content, system_groups=sys_groups) role.sudo = sudos_obj role.save() # TODO 将数据同时保存到proxy上 proxy_list = Proxy.objects.all() data = { 'uuid_id': uuid_id, 'id': role.id, 'name': name, 'password': encrypt_pass, 'comment': comment, 'key_content': keys_content, 'sudo_uuids': sudo_uuids, 'sys_groups': sys_groups } data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='add') response['success'] = True res['content'] = u'添加系统用户[%s]成功' % role.name res['emer_status'] = u'添加系统用户[%s]成功' % role.name except ServerError, e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"添加系统用户失败:%s" (e.message) response['error'] = u"添加系统用户失败:%s" % (e.message)
def perm_role_edit(request, res, *args): """ 编辑系统用户 """ # 渲染数据 res['operator'] = u"编辑系统用户" res['emer_content'] = 6 if request.method == "GET": role_id = request.GET.get("id") role = PermRole.objects.get(id=int(role_id)) if not role: return HttpResponse(u'系统用户不存在') rest = {} rest['Id'] = role.id rest['role_name'] = role.name rest['role_password'] = role.password rest['role_comment'] = role.comment rest['system_groups'] = role.system_groups rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()]) return HttpResponse(json.dumps(rest), content_type='application/json') else: response = {'success': False, 'error': ''} role_id = request.GET.get("id", '') role = PermRole.objects.get(id=int(role_id)) role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [PermSudo.objects.get(id=int(sudo_id)) for sudo_id in role_sudo_names] key_content = request.POST.get("role_key", "") sudo_uuids = [item.uuid_id for item in role_sudos] sys_groups = request.POST.get("sys_groups",'').strip() try: if not role: raise ServerError('该系统用户不能存在') if role_name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass role_key_content = "" # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥 # TODO 生成随机密码,生成秘钥对 if key_content: try: key_contents = json.dumps(gen_keys(key=key_content)) role.key_content = key_contents role_key_content = key_contents except SSHException: raise ServerError(u'输入的密钥不合法') # 跟新server上的permrole role.name = role_name role.comment = role_comment role.system_groups = sys_groups role.sudo = role_sudos role.save() # 更新proxy上的permrole data = {'name': role_name, 'password': role_password, 'comment': role_comment, 'sudo_uuids': sudo_uuids, 'key_content': role_key_content, 'sys_groups': sys_groups} data = json.dumps(data) proxy_list = Proxy.objects.all() execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='update') # TODO 用户操作记录 res['content'] = u"编辑系统用户[%s]成功" % role.name # TODO 告警事件记录 res['emer_status'] = u"编辑系统用户[%s]成功" % role.name # TODO 页面返回信息 response['success'] = True except ServerError, e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"编辑系统用户失败:%s"%(e.message) response['error'] = u"编辑系统用户失败:%s"%(e.message) return HttpResponse(json.dumps(response), content_type='application/json')
def perm_role_add(request, res, *args): """ 添加系统用户 server和proxy上都添加 """ response = {'success': False, 'error': ''} res['operator'] = u"添加系统用户" res['emer_content'] = 6 if request.method == "POST": name = request.POST.get("role_name", "").strip() comment = request.POST.get("role_comment", "") password = request.POST.get("role_password", "") key_content = request.POST.get("role_key", "") sudo_ids = request.POST.getlist('sudo_name') uuid_id = str(uuid.uuid1()) sys_groups = request.POST.get('sys_groups', '').strip() try: if get_object(PermRole, name=name): raise ServerError(u'用户 %s已经存在' % name) if name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if name == "": raise ServerError(u'系统用户名为空') if password: encrypt_pass = CRYPTOR.encrypt(password) else: encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) # 生成随机密码,生成秘钥对 sudos_obj = [get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids] sudo_uuids = [item.uuid_id for item in sudos_obj] try: keys_content = json.dumps(gen_keys(key_content)) except Exception, e: raise ServerError(e) # # TODO 将数据保存到magicstack上 role = PermRole.objects.create(uuid_id=uuid_id, name=name, comment=comment, password=encrypt_pass, key_content=keys_content, system_groups=sys_groups) role.sudo = sudos_obj role.save() # TODO 将数据同时保存到proxy上 proxy_list = Proxy.objects.all() data = {'uuid_id': uuid_id, 'id': role.id, 'name': name, 'password': encrypt_pass, 'comment': comment, 'key_content': keys_content, 'sudo_uuids': sudo_uuids, 'sys_groups': sys_groups} data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='add') response['success'] = True res['content'] = u'添加系统用户[%s]成功'% role.name res['emer_status'] = u'添加系统用户[%s]成功'% role.name except ServerError, e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"添加系统用户失败:%s"(e.message) response['error'] = u"添加系统用户失败:%s"%(e.message)