def get_connection(self):
"""
获取连接成功后的ssh
"""
connect_info = self.get_connect_info()
# 发起ssh连接请求 Make a ssh connection
ssh = paramiko.SSHClient()
# ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
role_key = connect_info.get('role_key')
if role_key and os.path.isfile(role_key):
try:
ssh.connect(connect_info.get('ip'),
port=connect_info.get('port'),
username=connect_info.get('role_name'),
password=connect_info.get('role_pass'),
key_filename=role_key,
look_for_keys=False)
return ssh
except (paramiko.ssh_exception.AuthenticationException, paramiko.ssh_exception.SSHException):
logger.warning(u'使用ssh key %s 失败, 尝试只使用密码' % role_key)
pass
ssh.connect(connect_info.get('ip'),
port=connect_info.get('port'),
username=connect_info.get('role_name'),
password=connect_info.get('role_pass'),
allow_agent=False,
look_for_keys=False)
except paramiko.ssh_exception.AuthenticationException, paramiko.ssh_exception.SSHException:
raise ServerError('认证失败 Authentication Error.')
def perm_rule_detail(request):
"""
rule detail page
授权详情
"""
# 渲染数据
header_title, path1, path2 = "授权规则", "规则管理", "规则详情"
# 根据rule_id 取得rule对象
try:
if request.method == "GET":
rule_id = request.GET.get("id")
if not rule_id:
raise ServerError("Rule Detail - no rule id get")
rule_obj = PermRule.objects.get(id=rule_id)
user_obj = rule_obj.user.all()
user_group_obj = rule_obj.user_group.all()
asset_obj = rule_obj.asset.all()
asset_group_obj = rule_obj.asset_group.all()
roles_name = [role.name for role in rule_obj.role.all()]
# 渲染数据
roles_name = ','.join(roles_name)
rule = rule_obj
users = user_obj
user_groups = user_group_obj
assets = asset_obj
asset_groups = asset_group_obj
except ServerError, e:
logger.warning(e)
def perm_role_detail(request):
"""
the role detail page
the role_info data like:
{'asset_groups': [],
'assets': [<Asset: 192.168.10.148>],
'rules': [<PermRule: PermRule object>],
'': [],
'': [<User: user1>]}
"""
# 渲染数据
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户详情"
try:
if request.method == "GET":
role_id = request.GET.get("id")
if not role_id:
raise ServerError("not role id")
role = get_object(PermRole, id=role_id)
role_info = get_role_info(role_id)
# 渲染数据
rules = role_info.get("rules")
assets = role_info.get("assets")
asset_groups = role_info.get("asset_groups")
users = role_info.get("users")
user_groups = role_info.get("user_groups")
pushed_asset, need_push_asset = get_role_push_host(get_object(PermRole, id=role_id))
except ServerError, e:
logger.warning(e)
def perm_role_delete(request):
"""
delete role page
"""
if request.method == "GET":
try:
# 获取参数删除的role对象
role_id = request.GET.get("id")
role = get_object(PermRole, id=role_id)
if not role:
logger.warning(u"Delete Role: role_id %s not exist" % role_id)
raise ServerError(u"role_id %s 无数据记录" % role_id)
# 删除推送到主机上的role
filter_type = request.GET.get("filter_type")
print filter_type
if filter_type:
if filter_type == "recycle_assets":
recycle_assets = [push.asset for push in role.perm_push.all() if push.success]
print recycle_assets
recycle_assets_ip = ','.join([asset.ip for asset in recycle_assets])
return HttpResponse(recycle_assets_ip)
else:
return HttpResponse("no such filter_type: %s" % filter_type)
else:
return HttpResponse("filter_type: ?")
except ServerError, e:
return HttpResponse(e)
def perm_role_recycle(request):
role_id = request.GET.get('role_id')
asset_ids = request.GET.get('asset_id').split(',')
# 仅有推送的角色才回收
assets = [get_object(Asset, id=asset_id) for asset_id in asset_ids]
recycle_assets = []
for asset in assets:
if True in [push.success for push in asset.perm_push.all()]:
recycle_assets.append(asset)
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name)
logger.info("recycle user msg: %s" % msg_del_user)
logger.info("recycle sudo msg: %s" % msg_del_sudo)
except Exception, e:
logger.warning("Recycle Role failed: %s" % e)
raise ServerError(u"回收已推送的系统用户失败: %s" % e)
[asset.ip for asset in recycle_assets])
return HttpResponse(recycle_assets_ip)
else:
return HttpResponse("no such filter_type: %s" %
filter_type)
else:
return HttpResponse("filter_type: ?")
except ServerError, e:
return HttpResponse(e)
if request.method == "POST":
try:
# 获取参数删除的role对象
role_id = request.POST.get("id")
role = get_object(PermRole, id=role_id)
if not role:
logger.warning(u"Delete Role: role_id %s not exist" % role_id)
raise ServerError(u"role_id %s 无数据记录" % role_id)
role_key = role.key_path
# 删除推送到主机上的role
recycle_assets = [
push.asset for push in role.perm_push.all() if push.success
]
logger.debug(u"delete role %s - delete_assets: %s" %
(role.name, recycle_assets))
if recycle_assets:
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(
get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(
print recycle_assets
recycle_assets_ip = ','.join([asset.ip for asset in recycle_assets])
return HttpResponse(recycle_assets_ip)
else:
return HttpResponse("no such filter_type: %s" % filter_type)
else:
return HttpResponse("filter_type: ?")
except ServerError, e:
return HttpResponse(e)
if request.method == "POST":
try:
# 获取参数删除的role对象
role_id = request.POST.get("id")
role = get_object(PermRole, id=role_id)
if not role:
logger.warning(u"Delete Role: role_id %s not exist" % role_id)
raise ServerError(u"role_id %s 无数据记录" % role_id)
role_key = role.key_path
# 删除推送到主机上的role
recycle_assets = [push.asset for push in role.perm_push.all() if push.success]
logger.debug(u"delete role %s - delete_assets: %s" % (role.name, recycle_assets))
if recycle_assets:
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name)
except Exception, e:
logger.warning(u"Recycle Role failed: %s" % e)
raise ServerError(u"回收已推送的系统用户失败: %s" % e)
logger.info(u"delete role %s - execute delete user: %s" % (role.name, msg_del_user))
def perm_role_delete(request):
"""
delete role page
"""
if request.method == "GET":
try:
# 获取参数删除的role对象
role_id = request.GET.get("id")
role = get_object(PermRole, id=role_id)
if not role:
logger.warning("Delete Role: role_id %s not exist" % role_id)
raise ServerError("role_id %s 无数据记录" % role_id)
# 删除推送到主机上的role
filter_type = request.GET.get("filter_type")
if filter_type:
if filter_type == "recycle_assets":
recycle_assets = [
push.asset for push in role.perm_push.all()
if push.success
]
print(recycle_assets)
recycle_assets_ip = ','.join(
[asset.ip for asset in recycle_assets])
return HttpResponse(recycle_assets_ip)
else:
return HttpResponse("no such filter_type: %s" %
filter_type)
else:
return HttpResponse("filter_type: ?")
except ServerError as e:
return HttpResponse(e)
if request.method == "POST":
try:
# 获取参数删除的role对象
role_id = request.POST.get("id")
role = get_object(PermRole, id=role_id)
if not role:
logger.warning("Delete Role: role_id %s not exist" % role_id)
raise ServerError("role_id %s 无数据记录" % role_id)
role_key = role.key_path
# 删除推送到主机上的role
recycle_assets = [
push.asset for push in role.perm_push.all() if push.success
]
logger.debug("delete role %s - delete_assets: %s" %
(role.name, recycle_assets))
if recycle_assets:
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(
get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(
get_object(PermRole, id=role_id).name)
except Exception as e:
logger.warning("Recycle Role failed: %s" % e)
raise ServerError("回收已推送的系统用户失败: %s" % e)
logger.info("delete role %s - execute delete user: %s" %
(role.name, msg_del_user))
logger.info("delete role %s - execute delete sudo: %s" %
(role.name, msg_del_sudo))
# TODO: 判断返回结果,处理异常
# 删除存储的秘钥,以及目录
try:
key_files = os.listdir(role_key)
for key_file in key_files:
os.remove(os.path.join(role_key, key_file))
os.rmdir(role_key)
except OSError as e:
logger.warning("Delete Role: delete key error, %s" % e)
raise ServerError("删除系统用户key失败: %s" % e)
logger.info("delete role %s - delete role key directory: %s" %
(role.name, role_key))
# 数据库里删除记录
role.delete()
return HttpResponse("删除系统用户: %s" % role.name)
except ServerError as e:
return HttpResponseBadRequest("删除失败, 原因: %s" % e)
return HttpResponseNotAllowed("仅支持POST")
