def post(self):
post_add_permission = '3.2.1'
post_update_permission = '3.2.2'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, permission_data = body['action'], body['data']
if action == 'add':
local_permission_list = [self.handler_permission, self.post_permission, post_add_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if db_permission.add(permission_data):
ok = True
info = 'Add permission successful'
else:
ok = False
info = 'Add permission failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'update':
local_permission_list = [self.handler_permission, self.post_permission, post_update_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if db_permission.update(permission_data):
ok = True
info = 'Update permission successful'
else:
ok = False
info = 'Update permission failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported permission action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def get(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.get_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
username = self.get_argument('username', None)
begin_time = int(self.get_argument('begin_time', 1483200000))
end_time = int(self.get_argument('end_time', 4102415999))
is_all = self.get_argument('is_all', False)
if is_all:
task_statistic_info, user_list = db_utils.get_all_user_task_statistic_by_time(
begin_time, end_time)
else:
user_list = False
task_statistic_info = db_utils.get_task_statistic_by_time(
begin_time, end_time, username)
if task_statistic_info is not False:
ok = True
if user_list is not False:
info = {'data': task_statistic_info, 'user_list': user_list}
else:
info = {'data': task_statistic_info}
else:
ok = False
info = 'Get task statistic info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def delete(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.delete_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
permission = self.get_argument('permission')
permission_data = db_permission.get(permission)
if not permission_data:
ok = True
info = 'No such a permission info'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if db_permission.delete(permission):
ok = True
info = 'Delete permission info successful'
else:
ok = False
info = 'Delete permission info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def get(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.get_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
username = self.get_argument('username', None)
start = int(self.get_argument('start', 0))
count = int(self.get_argument('count', 10))
get_username_list = self.get_argument('get_username_list', None)
if get_username_list == 'true':
user_info = db_user.get_user_list()
else:
user_info = db_user.get(username, start, count)
if user_info is not False:
ok = True
info = {'data': user_info, 'count': db_user.row_count()}
else:
ok = False
info = 'Get user info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def get(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.get_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
machine_name = self.get_argument('machine_name', None)
start = int(self.get_argument('start', 0))
count = int(self.get_argument('count', 10))
get_ip_list = self.get_argument('get_ip_list', None)
if get_ip_list == 'true':
machine_info = db_machine.get_machine_ip_list()
else:
machine_info = db_machine.get(machine_name, start, count)
if machine_info is not False:
ok = True
info = {'data': machine_info, 'count': db_machine.row_count()}
else:
ok = False
info = 'No such a machine info'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def delete(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [
self.handler_permission, self.delete_permission
]
ok, info, is_admin = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if not is_admin:
ok = False
info = "Only admin can delete a user"
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
username = self.get_argument('username')
if db_user.delete(username):
ok = True
info = 'Delete user successful'
else:
ok = False
info = 'Delete user failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def get(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.get_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
task_id = self.get_argument('task_id', None)
if not task_id:
ok = False
info = 'Must have task_id'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
task = db_task.get(task_id)
result = sapi.run_script([task['ip']],
'salt://scripts/get_task_log.sh', task_id)
retcode = result[task['ip']]['retcode']
if retcode == 0:
log_info = result[task['ip']]['stdout']
ok = True
info = {'data': log_info}
else:
ok = False
info = 'Get Log info Failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_initialize_permission = '8.2.1'
post_install_permission = '8.2.2'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, data = body['action'], body['data']
if action == 'initialize':
local_permission_list = [self.handler_permission, self.post_permission, post_initialize_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
tornado.ioloop.IOLoop.instance().add_callback(self.machine_initialize(data['ip']))
ok = True
info = "Initializing..."
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'install':
local_permission_list = [self.handler_permission, self.post_permission, post_install_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
tornado.ioloop.IOLoop.instance().add_callback(self.install_software(data['ip'], data['software']))
ok = True
info = 'Software installing...'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported task action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_add_permission = '1.2.1'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, task_data, mailto = body['action'], body['data'], body[
'mailto']
if action == 'add':
local_permission_list = [
self.handler_permission, self.post_permission,
post_add_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
task_data['task_id'] = uuid.uuid1().hex
task_data['create_time'] = utils.cur_timestamp()
if db_task.add(task_data):
if list(mailto):
message = task_data['creator'] + " create a new task, see in " \
"http://oms.example.com/task?task_id=" + task_data['task_id']
tornado.ioloop.IOLoop.instance().add_callback(
self.sending_mail(list(mailto), message))
ok = True
info = {'task_id': task_data['task_id']}
else:
ok = False
info = 'Add task failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported task action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def delete(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [
self.handler_permission, self.delete_permission
]
ok, info, is_admin = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
task_id = self.get_argument('task_id')
task_data = db_task.get(task_id)
if not task_data:
ok = True
info = 'No such a task'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if not is_admin:
executor = db_utils.get_info_by_token(self.token)['username']
task_creator = task_data['creator']
if executor != task_creator:
ok = False
info = "Can not delete data create by other people"
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if db_task.delete(task_id):
ok = True
info = 'Delete task successful'
else:
ok = False
info = 'Delete task failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def delete(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.delete_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
machine_name = self.get_argument('machine_name')
if db_machine.delete(machine_name):
ok = True
info = 'Delete machine info successful'
else:
ok = False
info = 'Delete machine info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def get(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.get_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
mode = self.get_argument('mode', None)
username = self.get_argument('username', None)
ip = self.get_argument('ip', None)
key_info = db_ssh_key_info.get(mode, username, ip)
if key_info is not False:
ok = True
info = {'data': key_info}
else:
ok = False
info = 'Get ssh-key info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def get(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.get_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
task_id = self.get_argument('task_id', None)
start = int(self.get_argument('start', 0))
count = int(self.get_argument('count', 10))
task_info = db_task.get(task_id, start, count)
if task_info is not False:
ok = True
info = {'data': task_info, 'count': db_task.row_count()}
else:
ok = False
info = 'No such a task'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def get(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.get_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
start = int(self.get_argument('start', 0))
count = int(self.get_argument('count', 10))
permission = self.get_argument('permission', None)
is_all = self.get_argument('all', False)
permission_info = db_permission.get(is_all, start, count, permission)
if permission_info is not False:
ok = True
info = {'data': permission_info, 'count': db_permission.row_count()}
else:
ok = False
info = 'Get permission info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_add_permission = '7.2.1'
post_delete_permission = '7.2.1'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, ssh_key_data = body['action'], body['data']
if action == 'add':
local_permission_list = [self.handler_permission, self.post_permission, post_add_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ip = ssh_key_data['ip']
ssh_key_string = db_user.get(username=ssh_key_data['username'])['ssh_key']
if ssh_key_string is None:
ok = False
info = "User ssh-key does not exist, please add first"
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
encrypt_ssh_key_info = encrypt.base64_encode(ssh_key_data['system_user'] + '@' +
ssh_key_string + " " + ssh_key_data['username'])
result = sapi.run_script([ip], 'salt://scripts/add_ssh_key.sh', encrypt_ssh_key_info)
retcode = result[ip]['retcode']
if retcode == 0:
if db_ssh_key_info.add(ssh_key_data):
ok = True
info = 'Add ssh-key successful'
else:
ok = False
info = 'Add ssh-key failed'
else:
ok = False
info = 'Add ssh-key failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'delete':
local_permission_list = [self.handler_permission, self.post_permission, post_delete_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
fail_count = 0
for ssh_key_info in ssh_key_data:
ip = ssh_key_info['ip']
encrypt_ssh_key_info = encrypt.base64_encode(ssh_key_info['system_user'] + '@' +
ssh_key_info['username'])
result = sapi.run_script([ip], 'salt://scripts/delete_ssh_key.sh', encrypt_ssh_key_info)
retcode = result[ip]['retcode']
if retcode == 0:
if db_ssh_key_info.delete(ssh_key_info['username'], ssh_key_info['ip'], ssh_key_info['system_user']):
fail_count += 0
else:
fail_count += 1
else:
fail_count += 1
if fail_count == 0:
ok = True
info = 'Delete all ssh-key info failed'
else:
ok = False
info = 'Delete some ssh-key info failed, please retry'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported ssh-key action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_update_file_permission = '5.2.1'
post_update_db_permission = '5.2.2'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, data = body['action'], body['data']
excutor = self.get_cookie("username")
if action == 'update':
task = db_task.get(data['task_id'])
update_type = task['type']
local_permission_list = [
self.handler_permission, self.post_permission
]
if update_type == 'update_file':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_file_permission
]
if update_type == 'update_db':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_db_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if task['status'] is True:
ok = False
info = 'Task has been executed'
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
task_status = {
'task_id': task['task_id'],
'status': 1,
'start_time': utils.cur_timestamp(),
'executor': excutor
}
if not db_task.update(task_status):
ok = False
info = 'update task status failed'
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
tornado.ioloop.IOLoop.instance().add_callback(
self.salt_run_update(task))
ok = True
info = 'Execute update script successful'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'revert':
task = db_task.get(data['task_id'])
update_type = task['type']
local_permission_list = [
self.handler_permission, self.post_permission
]
if update_type == 'update_file':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_file_permission
]
if update_type == 'update_db':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_db_permission
]
ok, info, is_admin = verify.has_permission(self.token,
local_permission_list)
if not is_admin:
info = "Only admin can revert."
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
task_status = {
'task_id': task['task_id'],
'revert': 1,
'revert_time': utils.cur_timestamp()
}
if not db_task.update(task_status):
ok = False
info = 'update task status failed'
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
tornado.ioloop.IOLoop.instance().add_callback(
self.salt_run_revert(task))
ok = True
info = 'Execute revert script successful'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'get_current_version':
target = data['target']
ip = '127.0.0.1'
result = sapi.run_script([ip],
'salt://scripts/get_current_version.sh',
target)
retcode, cur_version = result[ip]['retcode'], result[ip]['stdout']
if retcode == 0:
ok = True
info = cur_version
else:
ok = False
info = u'Get version info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported update action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_add_permission = '4.2.1'
post_user_update_permission = '4.2.2'
post_admin_update_permission = '4.2.3'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, user_data = body['action'], body['data']
if action == 'add':
local_permission_list = [
self.handler_permission, self.post_permission,
post_add_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
ok, info = check.check_user_input(user_data)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
user_data['salt'], user_data['passwd'] = encrypt.md5_salt(
user_data['passwd'])
if db_user.add(user_data):
ok = True
info = 'Add user successful'
else:
ok = False
info = 'Add user failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'update':
local_permission_list = [
self.handler_permission, self.post_permission,
post_user_update_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
ok, info = check.check_user_input(user_data)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if 'old_passwd' in user_data:
ok, info = check.check_password(user_data['username'],
user_data['old_passwd'])
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
user_data['salt'], user_data['passwd'] = encrypt.md5_salt(
user_data['new_passwd'])
if db_user.update(user_data):
ok = True
info = 'Update password successful'
else:
ok = False
info = 'Update password failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
# update user info without verify password, by admin
if action == 'update_all':
local_permission_list = [
self.handler_permission, self.post_permission,
post_admin_update_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if user_data['passwd'] == "":
user_data.pop('passwd')
ok, info = check.check_user_input(user_data)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if 'passwd' in user_data:
user_data['salt'], user_data['passwd'] = encrypt.md5_salt(
user_data['passwd'])
if db_user.update(user_data):
ok = True
info = 'Update user info successful'
else:
ok = False
info = 'Update user info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported user action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))