def destroy(self, request, *args, **kwargs):
'''
删除指定APP,model下的所有权限点
:param request.data: {
"appName": "workOrder",
"modelName": "workorder",
}
'''
user = self.get_object()
try:
app_name = request.data.get('appName')
app = apps.get_app_config(app_name)
model = app.get_model(request.data.get('modelName'))
content_type = ContentType.objects.get_for_model(model)
# 用户所有权限点
permissions = Permission.objects.filter(user=user)
# 过滤要删除的权限
permissions = permissions.exclude(content_type=content_type)
user.user_permissions.set(permissions)
except Exception as e:
logger.error(e)
return Response({'detail': str(e)},
status=status.HTTP_400_BAD_REQUEST)
return Response({'detail': '删除权限点成功'},
status=status.HTTP_204_NO_CONTENT)
def update(self, request, *args, **kwargs):
'''
修改用户权限点
:param request.data:
[
"users.add_user",
"users.change_user",
"users.delete_user"
]
'''
permissions = []
user = self.get_object()
# 设置权限范围不能大于自己所拥有的权限
# 设置权限对象不能是自己
if (not user.is_superuser and not \
set(request.data).issubset(request.user.get_all_permissions())) \
or user == request.user:
return Response({'detail': '权限拒绝'},
status=status.HTTP_403_FORBIDDEN)
try:
for permission_node in request.data:
permission_node = permission_node.split('.', 1)
permission = Permission.objects.get(
content_type__app_label=permission_node[0],
codename=permission_node[1])
permissions.append(permission)
user.user_permissions.set(permissions)
except Exception as e:
logger.error(e)
return Response({'detail': str(e)},
status=status.HTTP_400_BAD_REQUEST)
return Response({'detail': '设置权限成功'},
status=status.HTTP_204_NO_CONTENT)
def __new__(cls, **params):
res = utils.check_hostname(params['ip'])
if res == 1:
logger.warning("Host %s not answer" % (params['ip']))
logger.error("Device not created")
return None
return object.__new__(cls)
def update(self, request, *args, **kwargs):
'''
:param request.data:
[
"users.add_user",
"users.change_user",
"users.delete_user"
]
'''
group = self.get_object()
permissions = []
try:
for permission_node in request.data:
permission_node = permission_node.split('.', 1)
permission = Permission.objects.get(
content_type__app_label=permission_node[0],
codename=permission_node[1])
permissions.append(permission)
group.permissions.set(permissions)
except Exception as e:
logger.error(e)
return Response({'detail': str(e)},
status=status.HTTP_400_BAD_REQUEST)
return Response({'detail': '设置权限成功'},
status=status.HTTP_204_NO_CONTENT)
def exit_cfg_mode(self):
try:
self.__tn.write("exit\n".encode())
self.__tn.write("exit\n".encode())
except EOFError as e:
logger.error("%s: Execution failed: %s" % (self.ip, e))
return
# timeout for correct work telnet
time.sleep(1)
def set_parameter(self, param, value):
try:
self.__conn.request("GET",
"/axis-cgi/param.cgi?action=update&%s=%s" %
(param, value),
headers=self.__headers_auth)
res = self.__conn.getresponse()
#logger.debug("%s %s", res.status, res.reason)
except httplib.HTTPException as e:
logger.error("Execution failed: %s", e)
def restart(self):
if vc.restart(self) == False: return
try:
self.__conn.request("GET",
"/axis-cgi/restart.cgi",
headers=self.__headers_auth)
res = self.__conn.getresponse()
#logger.debug("%s %s", res.status, res.reason)
except httplib.HTTPException as e:
logger.error("Execution failed: %s", e)
def get(self, request, format=None):
data = []
try:
jobs = jenkins_api.get_all_jobs()
data = [{'name': job['name'], 'url': job['url']} for job in jobs]
except Exception as e:
logger.error(e)
return Response({'detail': '获取jenkins job 列表失败'})
return Response(data)
def get(self, request, format=None):
# 2019-04-17 00:00:00
try:
data = request.GET
# 查询条件
datetime_start = datetime.strptime(data.get('datetime_start'),
'%Y-%m-%d %H:%M:%S')
datetime_end = datetime.strptime(data.get('datetime_end'),
'%Y-%m-%d %H:%M:%S')
db_name = data.get('db_type')
collection_name = data.get('db_instance')
accountName = data.get('account_name', '.*')
sql_text = '.*{}.*'.format(
data.get('cmd')) if data.get('cmd') else '.*'
# 分页
page = int(data.get('page', 1))
size = int(data.get('size', 10))
skip_count = (page - 1) * size
collection = mongodb_client[db_name][collection_name]
cursor = collection.find({
'ExecuteTime': {
'$gte': datetime_start,
'$lte': datetime_end
},
'AccountName': {
'$regex': accountName
},
'SQLText': {
'$regex': sql_text
}
}).sort('ExecuteTime', DESCENDING)
# 分页后的数据
documents = list(cursor.skip(skip_count).limit(size))
# 转换MongoDBObjectId
for i in range(len(documents)):
documents[i]['_id'] = str(documents[i]['_id'])
data = {'count': cursor.count(), 'results': documents}
return Response(data)
except (ValueError, TypeError) as e:
logger.info(e)
return Response({'detail': str(e)},
status=status.HTTP_400_BAD_REQUEST)
except Exception as e:
logger.error(e)
return Response({'detail': str(e)},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def update(self, request, *args, **kwargs):
'''
修改用户指定APP,model下的权限点
:param request.data:
{
"appName": "workOrder",
"modelName": "workorder",
"codenames": ["delete", "delete_workorder"],
"reset":bool
}
reset默认值为True,当reset为True时重置组权限,当reset为True时添加用户权限
'''
user = self.get_object()
try:
app_name = request.data.get('appName')
codenames = request.data.get('codenames')
reset = request.data.get('reset', True)
app = apps.get_app_config(app_name)
model = app.get_model(request.data.get('modelName'))
content_type = ContentType.objects.get_for_model(model)
# 设置权限范围不能大于自己所拥有的权限
# 设置权限对象不能是自己
if (not user.is_superuser and not \
set(codenames).issubset(request.user.get_all_permissions())) \
or user == request.user:
return Response({'detail': '权限拒绝'},
status=status.HTTP_400_BAD_REQUEST)
# 需要设置的权限点
permissions_set = Permission.objects.filter(
content_type=content_type, codename__in=codenames)
if reset:
# 用户所有权限点
permissions_all = Permission.objects.filter(user=user)
# 排除包含当前模块的权限点
permissions_exclude = permissions_all.exclude(
content_type=content_type)
user.user_permissions.set(
(permissions_exclude | permissions_set))
else:
user.user_permissions.add(*permissions_set)
except Exception as e:
logger.error(e)
return Response({'detail': str(e)},
status=status.HTTP_400_BAD_REQUEST)
return Response({'detail': '权限设置成功'},
status=status.HTTP_204_NO_CONTENT)
def __getSongByUrl(self, song_url, song_name, counter):
try:
resp = requests.Session().head(song_url,
timeout=self.timeout,
stream=True,
headers=headers,
proxies=self.proxies)
if resp.status_code == 302:
realLocation = resp.headers.get("Location")
print("地址被重定向:", realLocation)
else:
realLocation = song_url
resp = requests.Session().get(realLocation,
timeout=self.timeout,
stream=True,
headers=headers,
proxies=self.proxies)
length = int(resp.headers.get('content-length'))
while (length == 0):
if resp.status_code == 302:
realLocation = resp.headers.get("Location")
print("地址再次被重定向:", realLocation)
resp = requests.Session().get(realLocation,
timeout=self.timeout,
stream=True,
headers=headers,
proxies=self.proxies)
length = int(resp.headers.get('content-length'))
else:
print("服务器返回:", resp.status_code, resp)
counter['error'] += 1
return False
label = 'Downloading {} {}kb'.format(song_name, int(length / 1024))
with click.progressbar(length=length, label=label) as progressbar:
with open(song_name, 'wb') as song_file:
for chunk in resp.iter_content(chunk_size=1024):
if chunk: # filter out keep-alive new chunks
song_file.write(chunk)
progressbar.update(1024)
if counter != None:
counter["success"] += 1
return True
except requests.exceptions.Timeout as err:
logger.error("%s during download filepath" % err)
if counter != None:
counter['error'] += 1
return False
def get_parameter(self, param):
if utils.check_hostname(self.ip) == 1: return
try:
self.__conn.request("GET",
"/axis-cgi/param.cgi?action=list&group=%s" %
(param),
headers=self.__headers_auth)
res = self.__conn.getresponse()
#logger.debug("%s %s", res.status, res.reason)
data = res.read()
return (data.split("=")[1]).strip()
except httplib.HTTPException as e:
logger.error("Execution failed: %s", e)
def __init__(self, **params):
logger.debug("Init axis %s", params['ip'])
vc.__init__(self, **params)
auth = '%s:%s' % (self.user, self.password)
auth = auth.encode('ascii')
userAndPass = b64encode(auth).decode("ascii")
self.__headers_auth = {'Authorization': 'Basic %s' % userAndPass}
logger.debug("Connection string http://%s:%s@%s" %
(self.user, self.password, self.ip))
try:
self.__conn = httplib.HTTPConnection("%s" % self.ip)
except httplib.HTTPException as e:
logger.error("Execution failed: %s", e)
def get(self, request, format=None):
try:
databases = [
db for db in mongodb_client.list_database_names()
if 'audit' in db
]
# data = [{db: mongodb_client[db].collection_names()} for db in databases]
data = [{
'db': db,
'tables': mongodb_client[db].collection_names()
} for db in databases]
except Exception as e:
logger.error(e)
return Response({'detail': str(e)})
return Response(data)
def start(self):
try:
retcode = call("service %s %s" % (self.service_name, "start"),
shell=True)
if retcode < 0:
logger.error("%s: Unable start the service" %
(self.service_name))
elif retcode == 0:
logger.info("%s: Service is started succesfully" %
(self.service_name))
self.__state = Service_State.run
else:
logger.warning("Service already started")
except OSError as e:
logger.error("Execution failed: %s", e)
def state(self):
try:
logger.debug("%s: Check service state", self.service_name)
FNULL = open(os.devnull, 'w')
retcode = call("pgrep %s" % (self.service_name),
stdout=FNULL,
stderr=subprocess.STDOUT,
shell=True)
if retcode == 0:
logger.info("%s: Service runnig" % (self.service_name))
return Service_State.run
else:
logger.info("%s: Service stopped" % (self.service_name))
return Service_State.stop
except OSError as e:
logger.error("Execution failed: %s", e)
def get_devops_members(self, request):
'''
获取运维组成员
'''
try:
# group = UserGroup.objects.get(name='devops')
# members = group.members.all(name='devops')
group = Group.objects.get(name='devops')
serializer = UserSerializer(group.user_set.all(), many=True)
except Exception as e:
# 不存着devops组就获取超级用户
members = User.objects.filter(is_superuser=1)
serializer = UserSerializer(members, many=True)
logger.error('获取运维组失败!')
return Response(serializer.data)
def get(self, request, format=None):
data = []
try:
projects = gitlab_api.get_user_projects()
for p in projects:
data.append({
'id': p.id,
'name': p.name,
'description': p.description,
'path_with_namespace': p.path_with_namespace
})
except Exception as e:
logger.error(e)
return Response({'detail': '获取gitlab项目失败'},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
return Response(data)
def get_grains_items(self, key_id):
prefix = '/minions/{}'.format(key_id)
try:
req = self.get(prefix=prefix)
logger.debug(req.json())
data = req.json()
response = data['return'][0][key_id]
if req.status_code != 200:
response = {'code': req.status_code, 'detail': '请求异常'}
elif not response:
response = {'code': -1, 'detail': 'minion 返回false'}
else:
response['code'] = req.status_code
except Exception as e:
logger.error(e)
response = {'code': -1, 'detail': 'salt api返回数据异常'}
return response
def post(self, request, format=None):
salt_id = request.data.get('keyID')
response = saltapi.accept_key(salt_id)
if response.get('code') == 200 and request.data.get('addAssets'):
data = saltapi.get_grains_items(salt_id)
try:
if data['code'] == 200:
data['comment'] = '来自salt添加'
saveServer(data)
except ValidationError as e:
logger.error(e)
response['detail'] = '接受KEY成功,资产中已存在此saltID的资产'
except Exception as e:
logger.error(e)
response['detail'] = '接受KEY成功,导入到资产失败'
# response = {'code': 200, 'status': True, 'detail': '接受KEY成功,资产中已存在此saltID的资产'}
return Response(response)
def reject_key(self, key_id):
data = {
'client': 'wheel',
'fun': 'key.reject',
'match': key_id,
'include_accepted': True,
'include_denied': True
}
try:
req = self.post(data=data)
logger.debug(req.json())
if req.status_code != 200:
response = {'code': req.status_code, 'detail': '请求异常'}
else:
data = req.json()
status = data['return'][0]['data']['success']
# salt-api 返回执行成功的成员,任意saltID都会返回status,最终结果还得看numbers
numbers = data['return'][0]['data']['return']
if numbers and status:
response = {
'code': 200,
'status': status,
'detail': '驳回成功'
}
else:
if not status:
response = {
'code': 200,
'status': status,
'detail': '驳回失败'
}
else:
response = {
'code': 200,
'status': False,
'detail': '未知的minion'
}
except Exception as e:
logger.error(e)
response = {'code': -1, 'detail': 'salt api返回数据异常'}
return response
def update(self, request, *args, **kwargs):
'''
:param request.data:
{
"appName": "workOrder",
"modelName": "workorder",
"codenames": ["delete", "delete_workorder"],
"reset":bool
}
reset默认值为True,当reset为True时重置组权限,当reset为True时添加组权限
'''
group = self.get_object()
try:
app_name = request.data.get('appName')
codenames = request.data.get('codenames')
reset = request.data.get('reset', True)
app = apps.get_app_config(app_name)
model = app.get_model(request.data.get('modelName'))
content_type = ContentType.objects.get_for_model(model)
# 需要设置的权限点
permissions_set = Permission.objects.filter(
content_type=content_type, codename__in=codenames)
if reset:
# 获取组所有权限点
permissions_all = group.permissions.all()
# 排除包含当前模块的权限点
permissions_exclude = permissions_all.exclude(
content_type=content_type)
group.permissions.set((permissions_exclude | permissions_set))
else:
group.permissions.add(*permissions_set)
except Exception as e:
logger.error(e)
return Response({'detail': str(e)},
status=status.HTTP_400_BAD_REQUEST)
return Response({'detail': '权限设置成功'},
status=status.HTTP_204_NO_CONTENT)
def permissions_node(self, request, app, model):
'''
获取模块权限点
:return:
{
"id": val,
"name": val,
"codename": val,
"content_type": val,
"node": val
},
'''
try:
data = get_permission_nodes(app, model)
except Exception as e:
logger.error(e)
return Response({'detail': str(e)},
status=status.HTTP_404_NOT_FOUND)
return Response(data)
def get_token(self, prefix='token'):
"""
登录获取token
"""
data = json.dumps({ "userName": self.username, "password": self.password})
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
token_url = '{}{}'.format(self.url, prefix)
try:
req = requests.post(token_url, headers=headers,
data=data, verify=False, timeout=self.timeout)
if req.status_code == 200:
logger.info('获取OA token: {}'.format(req.json()))
return req.json().get('id')
except Exception as e:
logger.error(e)
return ''
def delete_key(self, key_id):
data = {'client': 'wheel', 'fun': 'key.delete', 'match': key_id}
try:
req = self.post(data=data)
logger.debug(req.json())
if req.status_code != 200:
response = {'code': req.status_code, 'detail': '请求异常'}
else:
data = req.json()
status = data['return'][0]['data']['success']
response = {'code': 200, 'status': status, 'detail': '删除key成功'}
# delete key 无论key是否存在都返回空
if not status:
response['detail'] = '删除key失败'
except Exception as e:
logger.error(e)
response = {'code': -1, 'detail': '删除key失败'}
return response
def get(self, request, format=None):
data = []
path_with_namespace = request.GET.get('path_with_namespace')
try:
branches = gitlab_api.get_project_branchs(path_with_namespace)
if len(branches) > 1:
return Response({'detail': '多个gitlab中存在多个相同的工程'},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
elif len(branches) == 1:
data = [{
'name': branch.name,
'commit_id': branch.commit.get('id'),
'message': branch.commit.get('message'),
'created': branch.commit.get('created_at')
} for branch in branches[0]]
except Exception as e:
logger.error(e)
return Response({'detail': '获取项目分支失败'},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
return Response(data)
def create(self, request, *args, **kwargs):
salt_id = request.data.get('keyID')
data = saltapi.get_grains_items(salt_id)
try:
if data['code'] == 200:
data['comment'] = '来自salt添加'
response = saveServer(data)
status = 201
else:
response = {'detail': data.get('detail')}
status = 500
except ValidationError as e:
logger.error(e)
response = {'detail': '资产中已存在此saltID的资产'}
status = 500
except Exception as e:
logger.error(e)
response = {'detail': '添加资产失败'}
status = 500
return Response(data=response, status=status)
def sendMessageToMPClient(msg, device):
global deviceConnectionToIPMap, outputs, messageForMPQueue
for conn in deviceConnectionToIPMap.keys():
addr = deviceConnectionToIPMap[conn]
d = getOrBuildMPClient(addr[0], addr[1])
if d.code:
try:
# 只发给对应用的MP
if device.code != d.code: continue
q = messageForMPQueue[d]
#如果满了,则弹出一个
if q.full():
q.get_nowait()
q.put_nowait(msg)
if not conn in outputs:
outputs.append(conn)
logger.debug("MP outputs conn: " + str(len(outputs)))
except:
traceback.print_exc()
logger.error("add MP msg QUEUE ERROR :" +
binascii.b2a_hex(msg))
pass
def __oa_request(self, prefix='', type='get', **data):
headers = { 'Accept': 'application/json' }
url = '{}{}'.format(self.url, prefix)
params = { 'token': self.token }
if 'post' == type.lower():
__params = {
'headers': headers,
'url': url,
'params': params,
'timeout': self.timeout,
'json': data,
'verify': False
}
__request = requests.post
else:
__params = {
'headers': headers,
'url': url,
'params': data,
'timeout': self.timeout,
'verify': False
}
__request = requests.get
try:
req = __request(**__params)
if req.status_code == 401 and req.json().get('code') == '1010':
self.token = self.get_token()
__params['params']['token'] = self.token
req = __request(**__params)
return req.json()
except Exception as e:
logger.error(e)
return False
def log(self, request, pk):
try:
obj = self.get_object()
lineno = int(request.GET.get('lineno', 1))
size = int(request.GET.get('size', 0))
line_count = len(linecache.getlines(obj.log_file))
if line_count == 0:
return Response({
'detail': '不存在日志文件或者日志文件无内容',
'is_tail': True
},
status=status.HTTP_404_NOT_FOUND)
elif line_count >= lineno:
lines = linecache.getlines(obj.log_file)[lineno - 1:lineno -
1 + size]
is_tail = bool(line_count < (lineno + size))
return Response({'content': lines, 'is_tail': is_tail})
except Exception as e:
logger.exception(e)
logger.error(e)
return Response({'detail': '获取日志失败'},
status=status.HTTP_400_BAD_REQUEST)
