def setUp(self):
Organization.objects.bulk_create([
Organization(name='org-01'),
Organization(name='org-02'),
Organization(name='org-03'),
])
org_01, org_02, org_03 = Organization.objects.all()
self.org_01, self.org_02, self.org_03 = org_01, org_02, org_03
set_current_org(org_01)
AdminUser.objects.bulk_create([
AdminUser(name='au-01', username='******'),
AdminUser(name='au-02', username='******'),
AdminUser(name='au-03', username='******'),
])
SystemUser.objects.bulk_create([
SystemUser(name='su-01', username='******'),
SystemUser(name='su-02', username='******'),
SystemUser(name='su-03', username='******'),
])
admin_users = AdminUser.objects.all()
Asset.objects.bulk_create([
Asset(hostname='asset-01',
ip='192.168.1.1',
public_ip='192.168.1.1',
admin_user=admin_users[0]),
Asset(hostname='asset-02',
ip='192.168.1.2',
public_ip='192.168.1.2',
admin_user=admin_users[0]),
Asset(hostname='asset-03',
ip='192.168.1.3',
public_ip='192.168.1.3',
admin_user=admin_users[0]),
])
new_user = User.objects.create
new_org_memeber = OrganizationMember.objects.create
u = new_user(name='user-01',
username='******',
email='*****@*****.**')
new_org_memeber(org=org_01, user=u, role=ORG_ROLE.USER)
new_org_memeber(org=org_02, user=u, role=ORG_ROLE.USER)
self.user_01 = u
u = new_user(name='org-admin-01',
username='******',
email='*****@*****.**')
new_org_memeber(org=org_01, user=u, role=ORG_ROLE.ADMIN)
self.org_admin_01 = u
u = new_user(name='org-admin-02',
username='******',
email='*****@*****.**')
new_org_memeber(org=org_02, user=u, role=ORG_ROLE.ADMIN)
self.org_admin_02 = u
def on_system_user_update(instance: SystemUser, created, **kwargs):
"""
当系统用户更新时,可能更新了密钥,用户名等,这时要自动推送系统用户到资产上,
其实应该当 用户名,密码,密钥 sudo等更新时再推送,这里偷个懒,
这里直接取了 instance.assets 因为nodes和系统用户发生变化时,会自动将nodes下的资产
关联到上面
"""
if instance and not created:
logger.info("System user update signal recv: {}".format(instance))
assets = instance.assets.all().valid()
push_system_user_to_assets.delay(instance.id,
[_asset.id for _asset in assets])
# add assets to su_from
instance.add_related_assets_to_su_from_if_need(assets)
def validate_approve_system_users(self, approve_system_users):
if not isinstance(self.root.instance, Ticket):
return []
with tmp_to_org(self.root.instance.org_id):
apply_type = self.root.instance.meta.get('apply_type')
protocol = SystemUser.get_protocol_by_application_type(apply_type)
queries = Q(protocol=protocol)
queries &= Q(id__in=approve_system_users)
system_users_id = SystemUser.objects.filter(queries).values_list('id', flat=True)
system_users_id = [str(system_user_id) for system_user_id in system_users_id]
if system_users_id:
return system_users_id
raise serializers.ValidationError(_(
'No `SystemUser` are found under Organization `{}`'.format(self.root.instance.org_name)
))
def connect(self):
# 接受连接
self.accept()
# 获取参数 进行验证
qs = self.scope['query_string']
argv = QueryDict(query_string=qs, encoding='utf-8')
# 获取服务器id 及 用户id,记录id
asset_id = argv.get('sid', None)
uid = argv.get("uid", None)
session_id = argv.get("key", None)
user_key = argv.get("key2", None)
# 查询值
asset = Assets.get_by_id(asset_id)
self.connection = SessionLog.get_by_id(session_id)
if not self.connection or self.connection.used:
self.send("连接拒绝")
self.close()
# 先判断是否是管理员,不是管理员一律使用uuser_key 判断用户是用user_key 还是密码
print(1)
# 建立ssh连接
if uid == '0':
# 0 用root默认用户登录
self.ssh = SSHTty(asset, self, is_user=False, connection_obj=self.connection)
else:
login_user = SystemUser.get_by_id(uid)
if login_user is None:
self.close()
# 传入用户名密码
self.ssh = SSHTty(asset, self, is_user=True, user=login_user.username, pwd=login_user.password,
connection_obj=self.connection)
print(2)
# 开始
print(self.ssh.connection)
self.ssh.connect()
print(3)
# 开启线程,监控服务器,每当服务器有消息是发送给ws
Thread(target=self.ssh.server_to_ws).start()
print(4)
def get_recommend_system_users(self, value):
if not isinstance(self.root.instance, Ticket):
return []
apply_system_user_group = value.get('apply_system_user_group', [])
if not apply_system_user_group:
return []
apply_type = value.get('apply_type')
protocol = SystemUser.get_protocol_by_application_type(apply_type)
queries = Q()
for system_user in apply_system_user_group:
queries |= Q(username__icontains=system_user)
queries |= Q(name__icontains=system_user)
queries &= Q(protocol=protocol)
with tmp_to_org(self.root.instance.org_id):
system_users_id = SystemUser.objects.filter(queries).values_list('id', flat=True)[:5]
system_users_id = [str(system_user_id) for system_user_id in system_users_id]
return system_users_id