Esempio n. 1
0
 def get_all_asset_info(self, group=0):
     ret_t = []
     hc = HttpClient(ret_type="json")
     url = "%s?key=%s&user=%s" % (settings.OPS_HOST_IN_GROUP_URL,
                                  settings.OPS_KEY, self._user)
     logger.info("query url: %s", url)
     ret = hc.get(url)
     logger.info("query data is: %s", ret["data"])
     asset_groups = {}
     if ret and ret["statusCode"] == 200:
         _data = ret["data"]
         display_id = 1
         for ip in _data:
             a = Asset()
             a.ip = ip
             a.hostname = _data[ip]["name"]
             a.comment = ""
             a.group = _data[ip]["group"]
             #####get data from ops api
             a.role = _data[ip]["user"]
             if a.group in asset_groups:
                 asset_groups[a.group].asset_set.append(a)
             else:
                 g = AssetGroup()
                 g.name = _data[ip]["group"]
                 g.id = display_id
                 g.comment = ""
                 g.asset_set = [a]
                 display_id += 1
                 asset_groups[a.group] = g
                 self.asset_group.append(g)
             self.assets.append(a)
         for group in self.asset_group:
             group.asset_count = len(group.asset_set)
Esempio n. 2
0
 def __init__(self, user):
     self.user = user
     self.user_perm = get_group_user_perm(self.user)
     self.perm_assets = sorted(self.user_perm.get('asset', []))
     self.search_result = self.perm_assets
     self.perm_asset_groups = self.user_perm.get('asset_group', [])
     logger.info("get group is: %s", self.perm_asset_groups)
Esempio n. 3
0
def perm_role_recycle(request):
    role_id = request.GET.get('role_id')
    asset_ids = request.GET.get('asset_id').split(',')

    # 仅有推送的角色才回收
    assets = [get_object(Asset, id=asset_id) for asset_id in asset_ids]
    recycle_assets = []
    for asset in assets:
        if True in [push.success for push in asset.perm_push.all()]:
            recycle_assets.append(asset)
    recycle_resource = gen_resource(recycle_assets)
    task = MyTask(recycle_resource)
    try:
        msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
        msg_del_sudo = task.del_user_sudo(
            get_object(PermRole, id=role_id).name)
        logger.info("recycle user msg: %s" % msg_del_user)
        logger.info("recycle sudo msg: %s" % msg_del_sudo)
    except Exception as e:
        logger.warning("Recycle Role failed: %s" % e)
        raise ServerError("回收已推送的系统用户失败: %s" % e)

    for asset_id in asset_ids:
        asset = get_object(Asset, id=asset_id)
        assets.append(asset)
        role = get_object(PermRole, id=role_id)
        PermPush.objects.filter(asset=asset, role=role).delete()

    return HttpResponse('删除成功')
Esempio n. 4
0
def perm_role_recycle(request):
    role_id = request.GET.get('role_id')
    asset_ids = request.GET.get('asset_id').split(',')

    # 仅有推送的角色才回收
    assets = [get_object(Asset, id=asset_id) for asset_id in asset_ids]
    recycle_assets = []
    for asset in assets:
        if True in [push.success for push in asset.perm_push.all()]:
            recycle_assets.append(asset)
    recycle_resource = gen_resource(recycle_assets)
    task = MyTask(recycle_resource)
    try:
        msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
        msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name)
        logger.info("recycle user msg: %s" % msg_del_user)
        logger.info("recycle sudo msg: %s" % msg_del_sudo)
    except Exception, e:
        logger.warning("Recycle Role failed: %s" % e)
        raise ServerError(u"回收已推送的系统用户失败: %s" % e)
Esempio n. 5
0
    def search(self, str_r=''):
        # 搜索结果保存
        if str_r:
            if not str_r.startswith("/"):
                try:
                    id_ = int(str_r)
                    if id_ < len(self.search_result):
                        self.search_result = [self.search_result[id_]]
                        return
                    else:
                        raise ValueError

                except (ValueError, TypeError):
                    logger.exception("type error")
            str_r = str_r.lstrip("/").lower()
            self.search_result = [asset for asset in self.perm_assets if str_r == str(asset.ip).lower()] or \
                                 [asset for asset in self.perm_assets if str_r in str(asset.ip).lower() \
                                  or str_r in str(asset.hostname).lower() \
                                  or str_r in str(asset.comment).lower()]
            logger.info("get asset: %s", self.search_result)
        else:
            # 如果没有输入就展现所有
            self.search_result = self.perm_assets
Esempio n. 6
0
     push.asset for push in role.perm_push.all() if push.success
 ]
 logger.debug(u"delete role %s - delete_assets: %s" %
              (role.name, recycle_assets))
 if recycle_assets:
     recycle_resource = gen_resource(recycle_assets)
     task = MyTask(recycle_resource)
     try:
         msg_del_user = task.del_user(
             get_object(PermRole, id=role_id).name)
         msg_del_sudo = task.del_user_sudo(
             get_object(PermRole, id=role_id).name)
     except Exception, e:
         logger.warning(u"Recycle Role failed: %s" % e)
         raise ServerError(u"回收已推送的系统用户失败: %s" % e)
     logger.info(u"delete role %s - execute delete user: %s" %
                 (role.name, msg_del_user))
     logger.info(u"delete role %s - execute delete sudo: %s" %
                 (role.name, msg_del_sudo))
     # TODO: 判断返回结果,处理异常
 # 删除存储的秘钥,以及目录
 try:
     key_files = os.listdir(role_key)
     for key_file in key_files:
         os.remove(os.path.join(role_key, key_file))
     os.rmdir(role_key)
 except OSError, e:
     logger.warning(u"Delete Role: delete key error, %s" % e)
     raise ServerError(u"删除系统用户key失败: %s" % e)
 logger.info(u"delete role %s - delete role key directory: %s" %
             (role.name, role_key))
 # 数据库里删除记录
Esempio n. 7
0
     logger.warning(u"Delete Role: role_id %s not exist" % role_id)
     raise ServerError(u"role_id %s 无数据记录" % role_id)
 role_key = role.key_path
 # 删除推送到主机上的role
 recycle_assets = [push.asset for push in role.perm_push.all() if push.success]
 logger.debug(u"delete role %s - delete_assets: %s" % (role.name, recycle_assets))
 if recycle_assets:
     recycle_resource = gen_resource(recycle_assets)
     task = MyTask(recycle_resource)
     try:
         msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
         msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name)
     except Exception, e:
         logger.warning(u"Recycle Role failed: %s" % e)
         raise ServerError(u"回收已推送的系统用户失败: %s" % e)
     logger.info(u"delete role %s - execute delete user: %s" % (role.name, msg_del_user))
     logger.info(u"delete role %s - execute delete sudo: %s" % (role.name, msg_del_sudo))
     # TODO: 判断返回结果,处理异常
 # 删除存储的秘钥,以及目录
 try:
     key_files = os.listdir(role_key)
     for key_file in key_files:
         os.remove(os.path.join(role_key, key_file))
     os.rmdir(role_key)
 except OSError, e:
     logger.warning(u"Delete Role: delete key error, %s" % e)
     raise ServerError(u"删除系统用户key失败: %s" % e)
 logger.info(u"delete role %s - delete role key directory: %s" % (role.name, role_key))
 # 数据库里删除记录
 role.delete()
 return HttpResponse(u"删除系统用户: %s" % role.name)
Esempio n. 8
0
        def start_shell():
            global q
            """
            Use paramiko channel connect server interactive.
            使用paramiko模块的channel,连接后端,进入交互式
            """
            log_file_f, log_time_f, log = self.get_log()
            termlog = TermLogRecorder(self.user)
            termlog.setid(log.id)
            old_tty = termios.tcgetattr(sys.stdin)
            pre_timestamp = time.time()
            data = ''
            input_mode = False
            try:
                tty.setraw(sys.stdin.fileno())
                tty.setcbreak(sys.stdin.fileno())
                self.channel.settimeout(0.0)

                cache_line = ""

                RECORD_CMD_FLAG = True
                while True:
                    try:
                        r, w, e = select.select([self.channel, sys.stdin], [],
                                                [])
                        flag = fcntl.fcntl(sys.stdin, fcntl.F_GETFL, 0)
                        fcntl.fcntl(sys.stdin.fileno(), fcntl.F_SETFL,
                                    flag | os.O_NONBLOCK)
                    except Exception:
                        pass

                    if self.channel in r:
                        try:
                            y = self.channel.recv(10240)
                            if len(y) == 0:
                                break

                            index = 0
                            len_y = len(y)
                            f = open(RECORD_PATH, "a+")
                            while index < len_y:
                                try:
                                    n = os.write(sys.stdout.fileno(),
                                                 y[index:])
                                    if self.role == "rd" and RECORD_CMD_FLAG:
                                        f.write(y[index:])
                                    sys.stdout.flush()
                                    index += n
                                except OSError as msg:
                                    if msg.errno == errno.EAGAIN:
                                        continue
                            f.close()
                            now_timestamp = time.time()
                            termlog.write(y)
                            termlog.recoder = False
                            log_time_f.write('%s %s\n' % (round(
                                now_timestamp - pre_timestamp, 4), len(y)))
                            log_time_f.flush()
                            log_file_f.write(y)
                            log_file_f.flush()
                            pre_timestamp = now_timestamp
                            log_file_f.flush()

                            self.vim_data += y
                            if input_mode:
                                data += y

                        except socket.timeout:
                            pass

                    if sys.stdin in r:
                        RECORD_CMD_FLAG = True
                        try:
                            x = os.read(sys.stdin.fileno(), 4096)
                            q.put(x)
                        except OSError:
                            pass
                        termlog.recoder = True
                        input_mode = True
                        if self.is_output(str(x)):
                            # 如果len(str(x)) > 1 说明是复制输入的
                            if len(str(x)) > 1:
                                data = x
                            match = self.vim_end_pattern.findall(self.vim_data)
                            if match:
                                if self.vim_flag or len(match) == 2:
                                    self.vim_flag = False
                                else:
                                    self.vim_flag = True
                            elif not self.vim_flag:
                                self.vim_flag = False
                                data = self.deal_command(data)[0:200]
                                if data is not None:
                                    TtyLog(log=log,
                                           datetime=datetime.datetime.now(),
                                           cmd=data).save()
                            data = ''
                            self.vim_data = ''
                            input_mode = False

                        if len(x) == 0:
                            break

                        if x in ['\x03', '\r\n', '\n', '\x0D']:
                            f = open(RECORD_PATH, "r")
                            lines = f.readlines()
                            cmd = ""
                            if lines:
                                cmd = lines[-1]
                            f.close()
                            f = open(RECORD_PATH, "w")
                            f.close()
                            cmds_str = re.compile('\[?.*@.*\]?[\$#]\s').split(
                                cmd)
                            logger.info("get command from log file is: %s",
                                        cmds_str)
                            if len(cmds_str) == 2:
                                cmds = cmds_str[1]
                                logger.info("command >>>: %s", cmds.split("|"))
                                cmd = set([
                                    i.split()[0].strip()
                                    for i in cmds.split("|") if i.split()
                                ])
                                logger.info("command set>>>: %s", cmd)
                                if self.role == "rd" and not ALLOW_CMD.issuperset(
                                        cmd):
                                    x = '\x03'
                                if "tail" in cmd or "cat" in cmd:
                                    RECORD_CMD_FLAG = False
                            else:
                                RECORD_CMD_FLAG = True
                            cache_line = ""
                        self.channel.send(x)

                        if self.kill_shell:
                            break

            finally:
                termios.tcsetattr(sys.stdin, termios.TCSADRAIN, old_tty)
                log_file_f.write('End time is %s' % datetime.datetime.now())
                log_file_f.close()
                log_time_f.close()
                termlog.save()
                log.filename = termlog.filename
                log.is_finished = True
                log.end_time = datetime.datetime.now()
                log.save()
                if os.path.isfile(RECORD_PATH):
                    os.remove(RECORD_PATH)
                sys.exit(0)
Esempio n. 9
0
def perm_role_delete(request):
    """
    delete role page
    """
    if request.method == "GET":
        try:
            # 获取参数删除的role对象
            role_id = request.GET.get("id")
            role = get_object(PermRole, id=role_id)
            if not role:
                logger.warning("Delete Role: role_id %s not exist" % role_id)
                raise ServerError("role_id %s 无数据记录" % role_id)
            # 删除推送到主机上的role
            filter_type = request.GET.get("filter_type")
            if filter_type:
                if filter_type == "recycle_assets":
                    recycle_assets = [
                        push.asset for push in role.perm_push.all()
                        if push.success
                    ]
                    print(recycle_assets)
                    recycle_assets_ip = ','.join(
                        [asset.ip for asset in recycle_assets])
                    return HttpResponse(recycle_assets_ip)
                else:
                    return HttpResponse("no such filter_type: %s" %
                                        filter_type)
            else:
                return HttpResponse("filter_type: ?")
        except ServerError as e:
            return HttpResponse(e)
    if request.method == "POST":
        try:
            # 获取参数删除的role对象
            role_id = request.POST.get("id")
            role = get_object(PermRole, id=role_id)
            if not role:
                logger.warning("Delete Role: role_id %s not exist" % role_id)
                raise ServerError("role_id %s 无数据记录" % role_id)
            role_key = role.key_path
            # 删除推送到主机上的role
            recycle_assets = [
                push.asset for push in role.perm_push.all() if push.success
            ]
            logger.debug("delete role %s - delete_assets: %s" %
                         (role.name, recycle_assets))
            if recycle_assets:
                recycle_resource = gen_resource(recycle_assets)
                task = MyTask(recycle_resource)
                try:
                    msg_del_user = task.del_user(
                        get_object(PermRole, id=role_id).name)
                    msg_del_sudo = task.del_user_sudo(
                        get_object(PermRole, id=role_id).name)
                except Exception as e:
                    logger.warning("Recycle Role failed: %s" % e)
                    raise ServerError("回收已推送的系统用户失败: %s" % e)
                logger.info("delete role %s - execute delete user: %s" %
                            (role.name, msg_del_user))
                logger.info("delete role %s - execute delete sudo: %s" %
                            (role.name, msg_del_sudo))
                # TODO: 判断返回结果,处理异常
            # 删除存储的秘钥,以及目录
            try:
                key_files = os.listdir(role_key)
                for key_file in key_files:
                    os.remove(os.path.join(role_key, key_file))
                os.rmdir(role_key)
            except OSError as e:
                logger.warning("Delete Role: delete key error, %s" % e)
                raise ServerError("删除系统用户key失败: %s" % e)
            logger.info("delete role %s - delete role key directory: %s" %
                        (role.name, role_key))
            # 数据库里删除记录
            role.delete()
            return HttpResponse("删除系统用户: %s" % role.name)
        except ServerError as e:
            return HttpResponseBadRequest("删除失败, 原因: %s" % e)
    return HttpResponseNotAllowed("仅支持POST")