def perm_role_edit(request, res, *args):
"""
edit role page
"""
# 渲染数据
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户编辑"
res['operator'] = path2
# 渲染数据
role_id = request.GET.get("id")
role = PermRole.objects.get(id=role_id)
role_pass = CRYPTOR.decrypt(role.password)
sudo_all = PermSudo.objects.all()
role_sudos = role.sudo.all()
sudo_all = PermSudo.objects.all()
if request.method == "GET":
return my_render('permManage/perm_role_edit.html', locals(), request)
if request.method == "POST":
# 获取 POST 数据
role_name = request.POST.get("role_name")
role_password = request.POST.get("role_password")
role_comment = request.POST.get("role_comment")
role_sudo_names = request.POST.getlist("sudo_name")
role_sudos = [PermSudo.objects.get(id=sudo_id) for sudo_id in role_sudo_names]
key_content = request.POST.get("role_key", "")
try:
if not role:
raise ServerError('该系统用户不能存在')
if role_name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
if role_password:
encrypt_pass = CRYPTOR.encrypt(role_password)
role.password = encrypt_pass
# 生成随机密码,生成秘钥对
if key_content:
try:
key_path = gen_keys(key=key_content, key_path_dir=role.key_path)
except SSHException:
raise ServerError('输入的密钥不合法')
logger.debug('Recreate role key: %s' % role.key_path)
# 写入数据库
role.name = role_name
role.comment = role_comment
role.sudo = role_sudos
role.save()
msg = u"更新系统用户: %s" % role.name
res['content'] = msg
return HttpResponseRedirect(reverse('role_list'))
except ServerError, e:
error = e
res['flag'] = 'false'
res['content'] = e
def perm_role_add(request, res, *args):
"""
add role page
"""
header_title, path1, path2 = "系统用户", "系统用户管理", "添加系统用户"
res['operator'] = path2
sudos = PermSudo.objects.all()
if request.method == "POST":
name = request.POST.get("role_name", "").strip()
comment = request.POST.get("role_comment", "")
password = request.POST.get("role_password", "")
key_content = request.POST.get("role_key", "")
sudo_ids = request.POST.getlist('sudo_name')
try:
if get_object(PermRole, name=name):
raise ServerError(u'已经存在该用户 %s' % name)
if name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
default = get_object(Setting, name='default')
if password:
encrypt_pass = CRYPTOR.encrypt(password)
else:
encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
# 生成随机密码,生成秘钥对
sudos_obj = [get_object(PermSudo, id=sudo_id) for sudo_id in sudo_ids]
if key_content:
try:
key_path = gen_keys(key=key_content)
except SSHException, e:
raise ServerError(e)
else:
key_path = gen_keys()
logger.debug('generate role key: %s' % key_path)
role = PermRole(name=name, comment=comment, password=encrypt_pass, key_path=key_path)
role.save()
role.sudo = sudos_obj
msg = u"添加系统用户: %s" % name
res['content'] = msg
return HttpResponseRedirect(reverse('role_list'))
def perm_role_edit(request, res, *args):
"""
编辑系统用户
"""
# 渲染数据
res['operator'] = u"编辑系统用户"
res['emer_content'] = 6
if request.method == "GET":
role_id = request.GET.get("id")
role = PermRole.objects.get(id=int(role_id))
if not role:
return HttpResponse(u'系统用户不存在')
rest = {}
rest['Id'] = role.id
rest['role_name'] = role.name
rest['role_password'] = role.password
rest['role_comment'] = role.comment
rest['system_groups'] = role.system_groups
rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()])
return HttpResponse(json.dumps(rest), content_type='application/json')
else:
response = {'success': False, 'error': ''}
role_id = request.GET.get("id", '')
role = PermRole.objects.get(id=int(role_id))
role_name = request.POST.get("role_name")
role_password = request.POST.get("role_password")
role_comment = request.POST.get("role_comment")
role_sudo_names = request.POST.getlist("sudo_name")
role_sudos = [
PermSudo.objects.get(id=int(sudo_id))
for sudo_id in role_sudo_names
]
key_content = request.POST.get("role_key", "")
sudo_uuids = [item.uuid_id for item in role_sudos]
sys_groups = request.POST.get("sys_groups", '').strip()
try:
if not role:
raise ServerError('该系统用户不能存在')
if role_name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
if role_password:
encrypt_pass = CRYPTOR.encrypt(role_password)
role.password = encrypt_pass
role_key_content = "" # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥
# TODO 生成随机密码,生成秘钥对
if key_content:
try:
key_contents = json.dumps(gen_keys(key=key_content))
role.key_content = key_contents
role_key_content = key_contents
except SSHException:
raise ServerError(u'输入的密钥不合法')
# 跟新server上的permrole
role.name = role_name
role.comment = role_comment
role.system_groups = sys_groups
role.sudo = role_sudos
role.save()
# 更新proxy上的permrole
data = {
'name': role_name,
'password': role_password,
'comment': role_comment,
'sudo_uuids': sudo_uuids,
'key_content': role_key_content,
'sys_groups': sys_groups
}
data = json.dumps(data)
proxy_list = Proxy.objects.all()
execute_thread_tasks(proxy_list,
THREAD_NUMBERS,
role_proxy_operator,
request.user.username,
'PermRole',
data,
obj_uuid=role.uuid_id,
action='update')
# TODO 用户操作记录
res['content'] = u"编辑系统用户[%s]成功" % role.name
# TODO 告警事件记录
res['emer_status'] = u"编辑系统用户[%s]成功" % role.name
# TODO 页面返回信息
response['success'] = True
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"编辑系统用户失败:%s" % (e.message)
response['error'] = u"编辑系统用户失败:%s" % (e.message)
return HttpResponse(json.dumps(response),
content_type='application/json')
def perm_role_add(request, res, *args):
"""
添加系统用户 server和proxy上都添加
"""
response = {'success': False, 'error': ''}
res['operator'] = u"添加系统用户"
res['emer_content'] = 6
if request.method == "POST":
name = request.POST.get("role_name", "").strip()
comment = request.POST.get("role_comment", "")
password = request.POST.get("role_password", "")
key_content = request.POST.get("role_key", "")
sudo_ids = request.POST.getlist('sudo_name')
uuid_id = str(uuid.uuid1())
sys_groups = request.POST.get('sys_groups', '').strip()
try:
if get_object(PermRole, name=name):
raise ServerError(u'用户 %s已经存在' % name)
if name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
if name == "":
raise ServerError(u'系统用户名为空')
if password:
encrypt_pass = CRYPTOR.encrypt(password)
else:
encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
# 生成随机密码,生成秘钥对
sudos_obj = [
get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids
]
sudo_uuids = [item.uuid_id for item in sudos_obj]
try:
keys_content = json.dumps(gen_keys(key_content))
except Exception, e:
raise ServerError(e)
# # TODO 将数据保存到magicstack上
role = PermRole.objects.create(uuid_id=uuid_id,
name=name,
comment=comment,
password=encrypt_pass,
key_content=keys_content,
system_groups=sys_groups)
role.sudo = sudos_obj
role.save()
# TODO 将数据同时保存到proxy上
proxy_list = Proxy.objects.all()
data = {
'uuid_id': uuid_id,
'id': role.id,
'name': name,
'password': encrypt_pass,
'comment': comment,
'key_content': keys_content,
'sudo_uuids': sudo_uuids,
'sys_groups': sys_groups
}
data = json.dumps(data)
execute_thread_tasks(proxy_list,
THREAD_NUMBERS,
role_proxy_operator,
request.user.username,
'PermRole',
data,
obj_uuid=role.uuid_id,
action='add')
response['success'] = True
res['content'] = u'添加系统用户[%s]成功' % role.name
res['emer_status'] = u'添加系统用户[%s]成功' % role.name
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"添加系统用户失败:%s" (e.message)
response['error'] = u"添加系统用户失败:%s" % (e.message)
def perm_role_edit(request, res, *args):
"""
编辑系统用户
"""
# 渲染数据
res['operator'] = u"编辑系统用户"
res['emer_content'] = 6
if request.method == "GET":
role_id = request.GET.get("id")
role = PermRole.objects.get(id=int(role_id))
if not role:
return HttpResponse(u'系统用户不存在')
rest = {}
rest['Id'] = role.id
rest['role_name'] = role.name
rest['role_password'] = role.password
rest['role_comment'] = role.comment
rest['system_groups'] = role.system_groups
rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()])
return HttpResponse(json.dumps(rest), content_type='application/json')
else:
response = {'success': False, 'error': ''}
role_id = request.GET.get("id", '')
role = PermRole.objects.get(id=int(role_id))
role_name = request.POST.get("role_name")
role_password = request.POST.get("role_password")
role_comment = request.POST.get("role_comment")
role_sudo_names = request.POST.getlist("sudo_name")
role_sudos = [PermSudo.objects.get(id=int(sudo_id)) for sudo_id in role_sudo_names]
key_content = request.POST.get("role_key", "")
sudo_uuids = [item.uuid_id for item in role_sudos]
sys_groups = request.POST.get("sys_groups",'').strip()
try:
if not role:
raise ServerError('该系统用户不能存在')
if role_name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
if role_password:
encrypt_pass = CRYPTOR.encrypt(role_password)
role.password = encrypt_pass
role_key_content = "" # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥
# TODO 生成随机密码,生成秘钥对
if key_content:
try:
key_contents = json.dumps(gen_keys(key=key_content))
role.key_content = key_contents
role_key_content = key_contents
except SSHException:
raise ServerError(u'输入的密钥不合法')
# 跟新server上的permrole
role.name = role_name
role.comment = role_comment
role.system_groups = sys_groups
role.sudo = role_sudos
role.save()
# 更新proxy上的permrole
data = {'name': role_name,
'password': role_password,
'comment': role_comment,
'sudo_uuids': sudo_uuids,
'key_content': role_key_content,
'sys_groups': sys_groups}
data = json.dumps(data)
proxy_list = Proxy.objects.all()
execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='update')
# TODO 用户操作记录
res['content'] = u"编辑系统用户[%s]成功" % role.name
# TODO 告警事件记录
res['emer_status'] = u"编辑系统用户[%s]成功" % role.name
# TODO 页面返回信息
response['success'] = True
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"编辑系统用户失败:%s"%(e.message)
response['error'] = u"编辑系统用户失败:%s"%(e.message)
return HttpResponse(json.dumps(response), content_type='application/json')
def perm_role_add(request, res, *args):
"""
添加系统用户 server和proxy上都添加
"""
response = {'success': False, 'error': ''}
res['operator'] = u"添加系统用户"
res['emer_content'] = 6
if request.method == "POST":
name = request.POST.get("role_name", "").strip()
comment = request.POST.get("role_comment", "")
password = request.POST.get("role_password", "")
key_content = request.POST.get("role_key", "")
sudo_ids = request.POST.getlist('sudo_name')
uuid_id = str(uuid.uuid1())
sys_groups = request.POST.get('sys_groups', '').strip()
try:
if get_object(PermRole, name=name):
raise ServerError(u'用户 %s已经存在' % name)
if name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
if name == "":
raise ServerError(u'系统用户名为空')
if password:
encrypt_pass = CRYPTOR.encrypt(password)
else:
encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
# 生成随机密码,生成秘钥对
sudos_obj = [get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids]
sudo_uuids = [item.uuid_id for item in sudos_obj]
try:
keys_content = json.dumps(gen_keys(key_content))
except Exception, e:
raise ServerError(e)
# # TODO 将数据保存到magicstack上
role = PermRole.objects.create(uuid_id=uuid_id, name=name, comment=comment, password=encrypt_pass,
key_content=keys_content, system_groups=sys_groups)
role.sudo = sudos_obj
role.save()
# TODO 将数据同时保存到proxy上
proxy_list = Proxy.objects.all()
data = {'uuid_id': uuid_id,
'id': role.id,
'name': name,
'password': encrypt_pass,
'comment': comment,
'key_content': keys_content,
'sudo_uuids': sudo_uuids,
'sys_groups': sys_groups}
data = json.dumps(data)
execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data,
obj_uuid=role.uuid_id, action='add')
response['success'] = True
res['content'] = u'添加系统用户[%s]成功'% role.name
res['emer_status'] = u'添加系统用户[%s]成功'% role.name
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"添加系统用户失败:%s"(e.message)
response['error'] = u"添加系统用户失败:%s"%(e.message)
