def perm_sudo_edit(request): """ list sudo commands alias :param request: :return: """ # 渲染数据 header_title, path1, path2 = "Sudo命令", "别名管理", "编辑别名" sudo_id = request.GET.get("id") sudo = PermSudo.objects.get(id=sudo_id) if request.method == "POST": name = request.POST.get("sudo_name").upper() commands = request.POST.get("sudo_commands") comment = request.POST.get("sudo_comment") pattern = re.compile(r'[ \n,\r]') commands = ', '.join(list_drop_str(pattern.split(commands), u'')).strip() logger.debug(u'添加sudo %s: %s' % (name, commands)) sudo.name = name.strip() sudo.commands = commands sudo.comment = comment sudo.save() msg = u"更新命令别名: %s" % name return my_render('upperm/perm_sudo_edit.html', locals(), request)
def perm_sudo_add(request): """ list sudo commands alias :param request: :return: """ # 渲染数据 header_title, path1, path2 = "Sudo命令", "别名管理", "添加别名" if request.method == "POST": # 获取参数: name, comment name = request.POST.get("sudo_name").strip().upper() comment = request.POST.get("sudo_comment").strip() commands = request.POST.get("sudo_commands").strip() pattern = re.compile(r'[ \n,\r]') commands = ', '.join(list_drop_str(pattern.split(commands), u'')) logger.debug(u'添加sudo %s: %s' % (name, commands)) if get_object(PermSudo, name=name): error = 'Sudo别名 %s已经存在' % name else: sudo = PermSudo(name=name.strip(), comment=comment, commands=commands) sudo.save() msg = u"添加Sudo命令别名: %s" % name # 渲染数据 return my_render('upperm/perm_sudo_add.html', locals(), request)
def perm_role_edit(request): """ edit role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑" # 渲染数据 role_id = request.GET.get("id") role = PermRole.objects.get(id=role_id) role_pass = CRYPTOR.decrypt(role.password) sudo_all = PermSudo.objects.all() role_sudos = role.sudo.all() sudo_all = PermSudo.objects.all() if request.method == "GET": return my_render('upperm/perm_role_edit.html', locals(), request) if request.method == "POST": # 获取 POST 数据 role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [ PermSudo.objects.get(id=sudo_id) for sudo_id in role_sudo_names ] key_content = request.POST.get("role_key", "") try: if not role: raise ServerError('该系统用户不能存在') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass # 生成随机密码,生成秘钥对 if key_content: try: key_path = gen_keys(key=key_content, key_path_dir=role.key_path) except SSHException: raise ServerError('输入的密钥不合法') logger.debug('Recreate role key: %s' % role.key_path) # 写入数据库 role.name = role_name role.comment = role_comment role.sudo = role_sudos role.save() msg = u"更新系统用户: %s" % role.name return HttpResponseRedirect(reverse('role_list')) except ServerError, e: error = e
def perm_role_edit(request): """ edit role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑" # 渲染数据 role_id = request.GET.get("id") role = PermRole.objects.get(id=role_id) role_pass = CRYPTOR.decrypt(role.password) sudo_all = PermSudo.objects.all() role_sudos = role.sudo.all() sudo_all = PermSudo.objects.all() if request.method == "GET": return my_render('upperm/perm_role_edit.html', locals(), request) if request.method == "POST": # 获取 POST 数据 role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [PermSudo.objects.get(id=sudo_id) for sudo_id in role_sudo_names] key_content = request.POST.get("role_key", "") try: if not role: raise ServerError('该系统用户不能存在') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass # 生成随机密码,生成秘钥对 if key_content: try: key_path = gen_keys(key=key_content, key_path_dir=role.key_path) except SSHException: raise ServerError('输入的密钥不合法') logger.debug('Recreate role key: %s' % role.key_path) # 写入数据库 role.name = role_name role.comment = role_comment role.sudo = role_sudos role.save() msg = u"更新系统用户: %s" % role.name return HttpResponseRedirect(reverse('role_list')) except ServerError, e: error = e
def perm_sudo_list(request): """ list sudo commands alias :param request: :return: """ # 渲染数据 header_title, path1, path2 = "Sudo命令", "别名管理", "查看别名" # 获取所有sudo 命令别名 sudos_list = PermSudo.objects.all() # TODO: 搜索和分页 keyword = request.GET.get('search', '') if keyword: sudos_list = sudos_list.filter(Q(name=keyword)) sudos_list, p, sudos, page_range, current_page, show_first, show_end = pages(sudos_list, request) return my_render('upperm/perm_sudo_list.html', locals(), request)
def perm_sudo_list(request): """ list sudo commands alias :param request: :return: """ # 渲染数据 header_title, path1, path2 = "Sudo命令", "别名管理", "查看别名" # 获取所有sudo 命令别名 sudos_list = PermSudo.objects.all() # TODO: 搜索和分页 keyword = request.GET.get('search', '') if keyword: sudos_list = sudos_list.filter(Q(name=keyword)) sudos_list, p, sudos, page_range, current_page, show_first, show_end = pages( sudos_list, request) return my_render('upperm/perm_sudo_list.html', locals(), request)
def perm_role_list(request): """ list role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "查看系统用户" # 获取所有系统角色 roles_list = PermRole.objects.all() role_id = request.GET.get('id') # TODO: 搜索和分页 keyword = request.GET.get('search', '') if keyword: roles_list = roles_list.filter(Q(name=keyword)) if role_id: roles_list = roles_list.filter(id=role_id) roles_list, p, roles, page_range, current_page, show_first, show_end = pages(roles_list, request) return my_render('upperm/perm_role_list.html', locals(), request)
def perm_rule_list(request): """ list rule page 授权规则列表 """ # 渲染数据 header_title, path1, path2 = "授权规则", "规则管理", "查看规则" # 获取所有规则 rules_list = PermRule.objects.all() rule_id = request.GET.get('id') # TODO: 搜索和分页 keyword = request.GET.get('search', '') if rule_id: rules_list = rules_list.filter(id=rule_id) if keyword: rules_list = rules_list.filter(Q(name=keyword)) rules_list, p, rules, page_range, current_page, show_first, show_end = pages(rules_list, request) return my_render('upperm/perm_rule_list.html', locals(), request)
def perm_role_list(request): """ list role page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "查看系统用户" # 获取所有系统角色 roles_list = PermRole.objects.all() role_id = request.GET.get('id') # TODO: 搜索和分页 keyword = request.GET.get('search', '') if keyword: roles_list = roles_list.filter(Q(name=keyword)) if role_id: roles_list = roles_list.filter(id=role_id) roles_list, p, roles, page_range, current_page, show_first, show_end = pages( roles_list, request) return my_render('upperm/perm_role_list.html', locals(), request)
def perm_rule_list(request): """ list rule page 授权规则列表 """ # 渲染数据 header_title, path1, path2 = "授权规则", "规则管理", "查看规则" # 获取所有规则 rules_list = PermRule.objects.all() rule_id = request.GET.get('id') # TODO: 搜索和分页 keyword = request.GET.get('search', '') if rule_id: rules_list = rules_list.filter(id=rule_id) if keyword: rules_list = rules_list.filter(Q(name=keyword)) rules_list, p, rules, page_range, current_page, show_first, show_end = pages( rules_list, request) return my_render('upperm/perm_rule_list.html', locals(), request)
def perm_role_push(request): """ the role push page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户推送" role_id = request.GET.get('id') asset_ids = request.GET.get('asset_id') role = get_object(PermRole, id=role_id) assets = Asset.objects.all() asset_groups = AssetGroup.objects.all() if asset_ids: need_push_asset = [ get_object(Asset, id=asset_id) for asset_id in asset_ids.split(',') ] if request.method == "POST": # 获取推荐角色的名称列表 # 计算出需要推送的资产列表 asset_ids = request.POST.getlist("assets") asset_group_ids = request.POST.getlist("asset_groups") assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids] asset_groups_obj = [ AssetGroup.objects.get(id=asset_group_id) for asset_group_id in asset_group_ids ] group_assets_obj = [] for asset_group in asset_groups_obj: group_assets_obj.extend(asset_group.asset_set.all()) calc_assets = list(set(assets_obj) | set(group_assets_obj)) push_resource = gen_resource(calc_assets) # 调用Ansible API 进行推送 password_push = True if request.POST.get("use_password") else False key_push = True if request.POST.get("use_publicKey") else False task = MyTask(push_resource) ret = {} # 因为要先建立用户,所以password 是必选项,而push key是在 password也完成的情况下的 可选项 # 1. 以秘钥 方式推送角色 if key_push: ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password)) ret["key_push"] = task.push_key( role.name, os.path.join(role.key_path, 'id_rsa.pub')) # 2. 推送账号密码 elif password_push: ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password)) # 3. 推送sudo配置文件 if password_push or key_push: sudo_list = set([sudo for sudo in role.sudo.all() ]) # set(sudo1, sudo2, sudo3) if sudo_list: ret['sudo'] = task.push_sudo_file([role], sudo_list) logger.debug('推送role结果: %s' % ret) success_asset = {} failed_asset = {} logger.debug(ret) for push_type, result in ret.items(): if result.get('failed'): for hostname, info in result.get('failed').items(): if hostname in failed_asset.keys(): if info in failed_asset.get(hostname): failed_asset[hostname] += info else: failed_asset[hostname] = info for push_type, result in ret.items(): if result.get('ok'): for hostname, info in result.get('ok').items(): if hostname in failed_asset.keys(): continue elif hostname in success_asset.keys(): if str(info) in success_asset.get(hostname, ''): success_asset[hostname] += str(info) else: success_asset[hostname] = str(info) # 推送成功 回写push表 for asset in calc_assets: push_check = PermPush.objects.filter(role=role, asset=asset) if push_check: func = push_check.update else: def func(**kwargs): PermPush(**kwargs).save() if failed_asset.get(asset.hostname): func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=False, result=failed_asset.get(asset.hostname)) else: func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=True) if not failed_asset: msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join( success_asset.keys())) else: error = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ]' % (role.name, ','.join( failed_asset.keys()), ','.join(success_asset.keys())) return my_render('upperm/perm_role_push.html', locals(), request)
user_group_obj = rule_obj.user_group.all() asset_obj = rule_obj.asset.all() asset_group_obj = rule_obj.asset_group.all() roles_name = [role.name for role in rule_obj.role.all()] # 渲染数据 roles_name = ','.join(roles_name) rule = rule_obj users = user_obj user_groups = user_group_obj assets = asset_obj asset_groups = asset_group_obj except ServerError, e: logger.warning(e) return my_render('upperm/perm_rule_detail.html', locals(), request) def perm_rule_add(request): """ add rule page 添加授权 """ # 渲染数据 header_title, path1, path2 = "授权规则", "规则管理", "添加规则" # 渲染数据, 获取所有 用户,用户组,资产,资产组,用户角色, 用于添加授权规则 users = User.objects.all() user_groups = UserGroup.objects.all() assets = Asset.objects.all() asset_groups = AssetGroup.objects.all()
def perm_role_push(request): """ the role push page """ # 渲染数据 header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户推送" role_id = request.GET.get('id') asset_ids = request.GET.get('asset_id') role = get_object(PermRole, id=role_id) assets = Asset.objects.all() asset_groups = AssetGroup.objects.all() if asset_ids: need_push_asset = [get_object(Asset, id=asset_id) for asset_id in asset_ids.split(',')] if request.method == "POST": # 获取推荐角色的名称列表 # 计算出需要推送的资产列表 asset_ids = request.POST.getlist("assets") asset_group_ids = request.POST.getlist("asset_groups") assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids] asset_groups_obj = [AssetGroup.objects.get(id=asset_group_id) for asset_group_id in asset_group_ids] group_assets_obj = [] for asset_group in asset_groups_obj: group_assets_obj.extend(asset_group.asset_set.all()) calc_assets = list(set(assets_obj) | set(group_assets_obj)) push_resource = gen_resource(calc_assets) # 调用Ansible API 进行推送 password_push = True if request.POST.get("use_password") else False key_push = True if request.POST.get("use_publicKey") else False task = MyTask(push_resource) ret = {} # 因为要先建立用户,所以password 是必选项,而push key是在 password也完成的情况下的 可选项 # 1. 以秘钥 方式推送角色 if key_push: ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password)) ret["key_push"] = task.push_key(role.name, os.path.join(role.key_path, 'id_rsa.pub')) # 2. 推送账号密码 elif password_push: ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password)) # 3. 推送sudo配置文件 if password_push or key_push: sudo_list = set([sudo for sudo in role.sudo.all()]) # set(sudo1, sudo2, sudo3) if sudo_list: ret['sudo'] = task.push_sudo_file([role], sudo_list) logger.debug('推送role结果: %s' % ret) success_asset = {} failed_asset = {} logger.debug(ret) for push_type, result in ret.items(): if result.get('failed'): for hostname, info in result.get('failed').items(): if hostname in failed_asset.keys(): if info in failed_asset.get(hostname): failed_asset[hostname] += info else: failed_asset[hostname] = info for push_type, result in ret.items(): if result.get('ok'): for hostname, info in result.get('ok').items(): if hostname in failed_asset.keys(): continue elif hostname in success_asset.keys(): if str(info) in success_asset.get(hostname, ''): success_asset[hostname] += str(info) else: success_asset[hostname] = str(info) # 推送成功 回写push表 for asset in calc_assets: push_check = PermPush.objects.filter(role=role, asset=asset) if push_check: func = push_check.update else: def func(**kwargs): PermPush(**kwargs).save() if failed_asset.get(asset.hostname): func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=False, result=failed_asset.get(asset.hostname)) else: func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=True) if not failed_asset: msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(success_asset.keys())) else: error = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ]' % (role.name, ','.join(failed_asset.keys()), ','.join(success_asset.keys())) return my_render('upperm/perm_role_push.html', locals(), request)