def perm_role_add(request): """ add role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "添加系统用户" login_user_id = request.user.id if not login_user_id: return HttpResponseRedirect(reverse('index')) login_user = User.objects.get(id=login_user_id) productlines = ProductLine.objects.all() sudos = PermSudo.objects.all().filter(productLine=login_user.productLine) if request.method == "POST": # 获取参数: name, comment name = request.POST.get("role_name", "").strip() comment = request.POST.get("role_comment", "") password = request.POST.get("role_password", "") key_content = request.POST.get("role_key", "") sudo_ids = request.POST.getlist('sudo_name') productline_name = request.POST.get('productline_name', '') productLine = get_object_or_404(ProductLine, name=productline_name) try: if get_object(PermRole, name=name, productLine=productLine): raise ServerError(u'已经存在该用户 %s' % name) if name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') default = get_object(Setting, name='default') if len(password) > 64: raise ServerError(u'密码长度不能超过64位!') if password: encrypt_pass = CRYPTOR.encrypt(password) else: encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) # 生成随机密码,生成秘钥对 sudos_obj = [ get_object(PermSudo, id=sudo_id) for sudo_id in sudo_ids ] if key_content: try: key_path = gen_keys(key=key_content) except SSHException, e: raise ServerError(e) else: key_path = gen_keys() logger.debug('generate role key: %s' % key_path) role = PermRole(name=name, productLine=productLine, comment=comment, password=encrypt_pass, key_path=key_path) role.save() role.sudo = sudos_obj msg = u"添加系统用户: %s" % name return HttpResponseRedirect(reverse('role_list'))
def setting(request): header_title, path1 = '项目设置', '设置' setting_default = get_object(Setting, name='default') if request.method == "POST": try: setting_raw = request.POST.get('setting', '') if setting_raw == 'default': username = request.POST.get('username', '') port = request.POST.get('port', '') password = request.POST.get('password', '') private_key = request.POST.get('key', '') if len(password) > 30: raise ServerError('秘密长度不能超过30位!') if '' in [username, port]: return ServerError('所填内容不能为空, 且密码和私钥填一个') else: private_key_dir = os.path.join(settings.BASE_DIR, 'keys', 'default') private_key_path = os.path.join(private_key_dir, 'admin_user.pem') mkdir(private_key_dir) if private_key: with open(private_key_path, 'w') as f: f.write(private_key) os.chmod(private_key_path, 0o600) if setting_default: if password: password_encode = CRYPTOR.encrypt(password) else: password_encode = password Setting.objects.filter(name='default').update( field1=username, field2=port, field3=password_encode, field4=private_key_path) else: password_encode = CRYPTOR.encrypt(password) setting_r = Setting(name='default', field1=username, field2=port, field3=password_encode, field4=private_key_path).save() msg = "设置成功" except ServerError as e: error = e.message return render(request, 'setting.html', locals())
def perm_role_add(request): """ add role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "添加系统用户" sudos = PermSudo.objects.all() if request.method == "POST": # 获取参数: name, comment name = request.POST.get("role_name", "").strip() comment = request.POST.get("role_comment", "") password = request.POST.get("role_password", "") key_content = request.POST.get("role_key", "") sudo_ids = request.POST.getlist('sudo_name') try: if get_object(PermRole, name=name): raise ServerError('已经存在该用户 %s' % name) if name == "root": raise ServerError('禁止使用root用户作为系统用户,这样非常危险!') default = get_object(Setting, name='default') if len(password) > 64: raise ServerError('密码长度不能超过64位!') if password: encrypt_pass = CRYPTOR.encrypt(password) else: encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) # 生成随机密码,生成秘钥对 sudos_obj = [ get_object(PermSudo, id=sudo_id) for sudo_id in sudo_ids ] if key_content: try: key_path = gen_keys(key=key_content) except SSHException as e: raise ServerError(e) else: key_path = gen_keys() logger.debug('generate role key: %s' % key_path) role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path) role.save() role.sudo = sudos_obj msg = "添加系统用户: %s" % name return HttpResponseRedirect(reverse('role_list')) except ServerError as e: error = e return my_render('jperm/perm_role_add.html', locals(), request)
def perm_role_edit(request): """ edit role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑" # 渲染数据 role_id = request.GET.get("id") role = PermRole.objects.get(id=role_id) ori_name = role.name if request.method == "GET": # role_pass = CRYPTOR.decrypt(role.password) sudo_all = PermSudo.objects.all() role_sudos = role.sudo.all() sudo_all = PermSudo.objects.all() return my_render('jperm/perm_role_edit.html', locals(), request) if request.method == "POST": # 获取 POST 数据 role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [ PermSudo.objects.get(id=sudo_id) for sudo_id in role_sudo_names ] key_content = request.POST.get("role_key", "") if len(role_password) > 64: raise ServerError(u'密码长度不能超过64位!') try: # if not role: # raise ServerError('该系统用户不能存在') if role_name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if PermRole.objects.get( name=role_name) and (role_name != ori_name): raise ServerError(u'role %s is already exists.' % role_name) if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass # 生成随机密码,生成秘钥对 if key_content: try: key_path = gen_keys(key=key_content, key_path_dir=role.key_path) except SSHException: raise ServerError('输入的密钥不合法') logger.debug('Recreate role key: %s' % role.key_path) # 写入数据库 role.name = role_name role.comment = role_comment role.sudo = role_sudos role.save() msg = u"更新系统用户: %s" % role.name return HttpResponseRedirect(reverse('role_list')) except ServerError, e: error = e
def perm_role_add(request): """ add role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "添加系统用户" sudos = PermSudo.objects.all() if request.method == "POST": # 获取参数: name, comment name = request.POST.get("role_name", "").strip() comment = request.POST.get("role_comment", "") password = request.POST.get("role_password", "") key_content = request.POST.get("role_key", "") sudo_ids = request.POST.getlist('sudo_name') try: if get_object(PermRole, name=name): raise ServerError(u'已经存在该用户 %s' % name) if name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') default = get_object(Setting, name='default') if len(password) > 64: raise ServerError(u'密码长度不能超过64位!') if password: encrypt_pass = CRYPTOR.encrypt(password) else: encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) # 生成随机密码,生成秘钥对 sudos_obj = [get_object(PermSudo, id=sudo_id) for sudo_id in sudo_ids] if key_content: try: key_path = gen_keys(key=key_content) except SSHException, e: raise ServerError(e) else: key_path = gen_keys() logger.debug('generate role key: %s' % key_path) role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path) role.save() role.sudo = sudos_obj msg = u"添加系统用户: %s" % name return HttpResponseRedirect(reverse('role_list'))
def perm_role_edit(request): """ edit role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑" # 渲染数据 role_id = request.GET.get("id") role = PermRole.objects.get(id=role_id) role_pass = CRYPTOR.decrypt(role.password) sudo_all = PermSudo.objects.all() role_sudos = role.sudo.all() sudo_all = PermSudo.objects.all() if request.method == "GET": return my_render('jperm/perm_role_edit.html', locals(), request) if request.method == "POST": # 获取 POST 数据 role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [PermSudo.objects.get(id=sudo_id) for sudo_id in role_sudo_names] key_content = request.POST.get("role_key", "") if len(role_password) > 64: raise ServerError(u'密码长度不能超过64位!') try: if not role: raise ServerError('该系统用户不能存在') if role_name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass # 生成随机密码,生成秘钥对 if key_content: try: key_path = gen_keys(key=key_content, key_path_dir=role.key_path) except SSHException: raise ServerError('输入的密钥不合法') logger.debug('Recreate role key: %s' % role.key_path) # 写入数据库 role.name = role_name role.comment = role_comment role.sudo = role_sudos role.save() msg = u"更新系统用户: %s" % role.name return HttpResponseRedirect(reverse('role_list')) except ServerError, e: error = e
def asset_add(request): """ Asset add view 添加资产 """ header_title, path1, path2 = '添加资产', '资产管理', '添加资产' asset_group_all = AssetGroup.objects.all() af = AssetForm() default_setting = get_object(Setting, name='default') default_port = default_setting.field2 if default_setting else '' if request.method == 'POST': af_post = AssetForm(request.POST) ip = request.POST.get('ip', '') hostname = request.POST.get('hostname', '') is_active = True if request.POST.get('is_active') == '1' else False use_default_auth = request.POST.get('use_default_auth', '') try: if Asset.objects.filter(hostname=str(hostname)): error = '该主机名 %s 已存在!' % hostname raise ServerError(error) if len(hostname) > 54: error = "主机名长度不能超过53位!" raise ServerError(error) except ServerError: pass else: if af_post.is_valid(): asset_save = af_post.save(commit=False) if not use_default_auth: password = request.POST.get('password', '') password_encode = CRYPTOR.encrypt(password) asset_save.password = password_encode if not ip: asset_save.ip = hostname asset_save.is_active = True if is_active else False asset_save.save() af_post.save_m2m() msg = '主机 %s 添加成功' % hostname else: esg = '主机 %s 添加失败' % hostname return my_render('jasset/asset_add.html', locals(), request)
def excel_to_db(excel_file): """ Asset add batch function """ try: data = xlrd.open_workbook(filename=None, file_contents=excel_file.read()) except Exception: return False else: table = data.sheets()[0] rows = table.nrows for row_num in range(1, rows): row = table.row_values(row_num) if row: group_instance = [] ip, port, hostname, use_default_auth, username, password, group = row if get_object(Asset, hostname=hostname): continue if isinstance(password, int) or isinstance(password, float): password = str(int(password)) use_default_auth = 1 if use_default_auth == '默认' else 0 password_encode = CRYPTOR.encrypt(password) if password else '' if hostname: asset = Asset(ip=ip, port=port, hostname=hostname, use_default_auth=use_default_auth, username=username, password=password_encode) asset.save() group_list = group.split('/') for group_name in group_list: group = get_object(AssetGroup, name=group_name) if group: group_instance.append(group) if group_instance: asset.group = group_instance asset.save() return True
def perm_role_edit(request): """ edit role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑" # 渲染数据 role_id = request.GET.get("id") role = PermRole.objects.get(id=role_id) role_pass = CRYPTOR.decrypt(role.password) role_sudos = role.sudo.all() productlines = ProductLine.objects.all() username = request.user.username user_perm = request.session['role_id'] if user_perm == 2: sudo_all = PermSudo.objects.all() elif user_perm == 1: login_user = get_object(User, username=username) sudo_all = PermSudo.objects.all().filter( productLine=login_user.productLine) if request.method == "GET": return my_render('jperm/perm_role_edit.html', locals(), request) if request.method == "POST": # 获取 POST 数据 role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [ PermSudo.objects.get(id=sudo_id) for sudo_id in role_sudo_names ] key_content = request.POST.get("role_key", "") productline_name = request.POST.get('productline_name', '') productLine = get_object_or_404(ProductLine, name=productline_name) if len(role_password) > 64: raise ServerError(u'密码长度不能超过64位!') try: if not role: raise ServerError('该系统用户不能存在') if role_name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass # 生成随机密码,生成秘钥对 if key_content: try: key_path = gen_keys(key=key_content, key_path_dir=role.key_path) except SSHException: raise ServerError('输入的密钥不合法') logger.debug('Recreate role key: %s' % role.key_path) # 写入数据库 role.name = role_name role.comment = role_comment role.sudo = role_sudos role.productLine = productLine role.save() msg = u"更新系统用户: %s" % role.name return HttpResponseRedirect(reverse('role_list')) except ServerError, e: error = e
def asset_edit_batch(request): af = AssetForm() name = request.user.username asset_group_all = AssetGroup.objects.all() if request.method == 'POST': env = request.POST.get('env', '') idc_id = request.POST.get('idc', '') port = request.POST.get('port', '') use_default_auth = request.POST.get('use_default_auth', '') username = request.POST.get('username', '') password = request.POST.get('password', '') group = request.POST.getlist('group', []) cabinet = request.POST.get('cabinet', '') comment = request.POST.get('comment', '') asset_id_all = str(request.GET.get('asset_id_all', '')) asset_id_all = asset_id_all.split(',') for asset_id in asset_id_all: alert_list = [] asset = get_object(Asset, id=asset_id) if asset: if env: if asset.env != env: asset.env = env alert_list.append(['运行环境', asset.env, env]) if idc_id: idc = get_object(IDC, id=idc_id) name_old = asset.idc.name if asset.idc else '' if idc and idc.name != name_old: asset.idc = idc alert_list.append(['机房', name_old, idc.name]) if port: if str(asset.port) != port: asset.port = port alert_list.append(['端口号', asset.port, port]) if use_default_auth: if use_default_auth == 'default': asset.use_default_auth = 1 asset.username = '' asset.password = '' alert_list.append( ['使用默认管理账号', asset.use_default_auth, '默认']) elif use_default_auth == 'user_passwd': asset.use_default_auth = 0 asset.username = username password_encode = CRYPTOR.encrypt(password) asset.password = password_encode alert_list.append( ['使用默认管理账号', asset.use_default_auth, username]) if group: group_new, group_old, group_new_name, group_old_name = [], asset.group.all( ), [], [] for group_id in group: g = get_object(AssetGroup, id=group_id) if g: group_new.append(g) if not set(group_new) < set(group_old): group_instance = list(set(group_new) | set(group_old)) for g in group_instance: group_new_name.append(g.name) for g in group_old: group_old_name.append(g.name) asset.group = group_instance alert_list.append([ '主机组', ','.join(group_old_name), ','.join(group_new_name) ]) if cabinet: if asset.cabinet != cabinet: asset.cabinet = cabinet alert_list.append(['机柜号', asset.cabinet, cabinet]) if comment: if asset.comment != comment: asset.comment = comment alert_list.append(['备注', asset.comment, comment]) asset.save() if alert_list: recode_name = str(name) + ' - ' + '批量' AssetRecord.objects.create(asset=asset, username=recode_name, content=alert_list) return my_render('jasset/asset_update_status.html', locals(), request) return my_render('jasset/asset_edit_batch.html', locals(), request)
def asset_edit(request): """ edit a asset 修改主机 """ header_title, path1, path2 = '修改资产', '资产管理', '修改资产' asset_id = request.GET.get('id', '') username = request.user.username asset = get_object(Asset, id=asset_id) if asset: password_old = asset.password # asset_old = copy_model_instance(asset) af = AssetForm(instance=asset) if request.method == 'POST': af_post = AssetForm(request.POST, instance=asset) ip = request.POST.get('ip', '') hostname = request.POST.get('hostname', '') password = request.POST.get('password', '') is_active = True if request.POST.get('is_active') == '1' else False use_default_auth = request.POST.get('use_default_auth', '') try: asset_test = get_object(Asset, hostname=hostname) if asset_test and asset_id != str(asset_test.id): emg = '该主机名 %s 已存在!' % hostname raise ServerError(emg) if len(hostname) > 54: emg = '主机名长度不能超过54位!' raise ServerError(emg) else: if af_post.is_valid(): af_save = af_post.save(commit=False) if use_default_auth: af_save.username = '' af_save.password = '' # af_save.port = None else: if password: password_encode = CRYPTOR.encrypt(password) af_save.password = password_encode else: af_save.password = password_old af_save.is_active = True if is_active else False af_save.save() af_post.save_m2m() # asset_new = get_object(Asset, id=asset_id) # asset_diff_one(asset_old, asset_new) info = asset_diff(af_post.__dict__.get('initial'), request.POST) db_asset_alert(asset, username, info) smg = '主机 %s 修改成功' % ip else: emg = '主机 %s 修改失败' % ip raise ServerError(emg) except ServerError as e: error = e.message return my_render('jasset/asset_edit.html', locals(), request) return HttpResponseRedirect( reverse('asset_detail') + '?id=%s' % asset_id) return my_render('jasset/asset_edit.html', locals(), request)