def perm_sudo_add(request, res, *args):
"""
list sudo commands alias
"""
res['operator'] = u"添加别名"
response = {'success': False, 'error': ''}
res['emer_content'] = 6
if request.method == "POST":
try:
name = request.POST.get("sudo_name").strip().upper()
comment = request.POST.get("sudo_comment")
commands = request.POST.get("sudo_commands").strip()
if not name or not commands:
raise ServerError(u"sudo name 和 commands是必填项!")
pattern = re.compile(r'[\n,\r]')
deal_space_commands = list_drop_str(pattern.split(commands), u'')
deal_all_commands = map(trans_all, deal_space_commands)
commands = ', '.join(deal_all_commands)
logger.debug(u'添加sudo %s: %s' % (name, commands))
sudo_name_test = get_object(PermSudo, name=name)
if sudo_name_test:
raise ServerError(u"别名[%s]已存在" % name)
sudo_uuid = str(uuid.uuid1())
# TODO 保存数据到magicstack
sudo = PermSudo.objects.create(uuid_id=sudo_uuid,
name=name.strip(),
comment=comment,
commands=commands)
# TODO 保存数据到proxy上的数据库
proxy_list = Proxy.objects.all()
data = {
'uuid_id': sudo_uuid,
'id': sudo.id,
'name': name,
'comment': comment,
'commands': commands
}
data = json.dumps(data)
execute_thread_tasks(proxy_list,
THREAD_NUMBERS,
role_proxy_operator,
request.user.username,
'PermSudo',
data,
obj_uuid=sudo.uuid_id,
action='add')
res['content'] = u"添加Sudo命令别名[%s]成功" % name
res['emer_status'] = u"添加Sudo命令别名[%s]成功" % name
response['success'] = True
except ServerError as e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"添加Sudo命令别名失败:%s" % (e.message)
response['error'] = res['emer_status']
return HttpResponse(json.dumps(response), content_type='application/json')
def perm_sudo_delete(request, res, *args):
"""
list sudo commands alias
"""
res['operator'] = '删除别名'
res['emer_content'] = 6
if request.method == "POST":
try:
sudo_id = request.POST.get("id")
sudo = PermSudo.objects.get(id=int(sudo_id))
# 数据库里删除记录
proxy_list = Proxy.objects.all()
data = {
'name': sudo.name,
}
data = json.dumps(data)
execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator,request.user.username, 'PermSudo', data, obj_uuid=sudo.uuid_id, action='delete')
msg = u'删除Sudo别名[%s]成功'% sudo.name
res['content'] = msg
res['emer_status'] = msg
sudo.delete()
except Exception as e:
res['flag'] = 'false'
msg = u'删除Sudo别名[%s]失败:%s'% (sudo.name,e)
res['content'] = msg
res['emer_status'] = msg
return HttpResponse(msg)
else:
res['flag'] = 'false'
res['content'] = u'不支持该操作'
res['emer_status'] = u"删除Sudo别名失败:不支持该操作"
return HttpResponse(u"不支持该操作")
def asset_update_batch(request,res,*args):
response = {'success':'', 'error':''}
res['operator'] = res['content'] = u'批量更新主机'
if request.method == 'POST':
try:
arg = request.GET.get('arg', '')
name = unicode(request.user.username) + ' - ' + u'自动更新'
if arg == 'all':
asset_list = Asset.objects.all()
else:
asset_list = []
asset_id_all = request.POST.get('asset_id_all', '')
asset_id_all = asset_id_all.split(',')
for asset_id in asset_id_all:
asset = Asset.objects.get(id=int(asset_id))
if asset:
asset_list.append(asset)
proxy_list = Proxy.objects.all()
execute_thread_tasks(proxy_list, THREAD_NUMBERS, update_asset_info, asset_list, name)
res['content'] = u'更新资产成功'
response['success'] = u'批量更新成功!'
except Exception as e:
logger.error(e)
res['flag'] = 'false'
res['content'] = u'批量更新失败'
response['error'] = e
return HttpResponse(json.dumps(response), content_type='application/json')
def perm_sudo_add(request, res, *args):
"""
list sudo commands alias
"""
res['operator'] = u"添加别名"
response ={'success': False, 'error': ''}
res['emer_content'] = 6
if request.method == "POST":
try:
name = request.POST.get("sudo_name").strip().upper()
comment = request.POST.get("sudo_comment")
commands = request.POST.get("sudo_commands").strip()
if not name or not commands:
raise ServerError(u"sudo name 和 commands是必填项!")
pattern = re.compile(r'[\n,\r]')
deal_space_commands = list_drop_str(pattern.split(commands), u'')
deal_all_commands = map(trans_all, deal_space_commands)
commands = ', '.join(deal_all_commands)
logger.debug(u'添加sudo %s: %s' % (name, commands))
sudo_name_test = get_object(PermSudo, name=name)
if sudo_name_test:
raise ServerError(u"别名[%s]已存在" %name)
sudo_uuid = str(uuid.uuid1())
# TODO 保存数据到magicstack
sudo = PermSudo.objects.create(uuid_id=sudo_uuid, name=name.strip(), comment=comment, commands=commands)
# TODO 保存数据到proxy上的数据库
proxy_list = Proxy.objects.all()
data = {'uuid_id': sudo_uuid,
'id': sudo.id,
'name': name,
'comment': comment,
'commands': commands}
data = json.dumps(data)
execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermSudo', data,
obj_uuid=sudo.uuid_id, action='add')
res['content'] = u"添加Sudo命令别名[%s]成功" % name
res['emer_status'] = u"添加Sudo命令别名[%s]成功" % name
response['success'] = True
except ServerError as e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"添加Sudo命令别名失败:%s" % (e.message)
response['error'] = res['emer_status']
return HttpResponse(json.dumps(response), content_type='application/json')
def asset_action(request, status):
if request.method == 'POST':
try:
select_ids = request.POST.getlist('asset_id_all')
select_ids = select_ids[0].split(',')
asset_list = []
for item in select_ids:
asset = get_object(Asset, id=int(item))
asset_list.append(asset)
proxy_list = Proxy.objects.all()
execute_thread_tasks(proxy_list, THREAD_NUMBERS, asset_operator, asset_list, status, request.user.username)
result = 'running'
except Exception as e:
logger.debug(e)
result = e
return HttpResponse(json.dumps(result), content_type='application/json')
def asset_del(request,res, *args):
"""
del a asset
删除主机
"""
response = {'msg': u'删除成功'}
res['operator'] = res['content'] = u'删除主机'
asset_id = request.GET.get('id', '')
if asset_id:
asset = get_object(Asset, id=int(asset_id))
if asset:
proxy = asset.proxy
param = {'names': [asset.name], 'id_unique': asset.id_unique}
data = json.dumps(param)
try:
api = APIRequest('{0}/v1.0/system'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password))
result, code = api.req_del(data)
logger.debug(u'删除单一资产result:%s'%result)
if code == 200:
asset.delete()
else:
response['msg'] = result['messege']
except Exception as e:
logger.error(e)
res['flag'] = 'false'
res['content'] = e
response['msg'] = e
if request.method == 'POST':
try:
asset_id_all = request.POST.get('asset_id_all', '')
asset_list = []
for asset_id in asset_id_all.split(','):
asset = get_object(Asset, id=int(asset_id))
res['content'] += '%s ' % asset.name
if asset:
asset_list.append(asset)
proxy_list = Proxy.objects.all()
execute_thread_tasks(proxy_list, THREAD_NUMBERS, delete_asset_batch, asset_list)
response['msg'] = u'批量删除主机成功'
except Exception as e:
logger.error(e)
res['flag'] = 'false'
res['content'] = e
response['msg'] = e
return HttpResponse(json.dumps(response), content_type='application/json')
def perm_role_push(request, *args):
"""
推送系统用户
"""
if request.method == 'GET':
try:
rest = {}
role_id = request.GET.get('id')
role = get_object(PermRole, id=int(role_id))
rest['Id'] = role.id
rest['role_name'] = role.name
return HttpResponse(json.dumps(rest),
content_type='application/json')
except Exception as e:
logger.error(e)
else:
response = {'success': False, 'error': ''}
try:
role_id = request.GET.get('id')
role = get_object(PermRole, id=int(role_id))
asset_ids = request.POST.getlist("assets")
asset_group_ids = request.POST.getlist("asset_groups")
assets_obj = [
Asset.objects.get(id=asset_id) for asset_id in asset_ids
]
asset_groups_obj = [
AssetGroup.objects.get(id=asset_group_id)
for asset_group_id in asset_group_ids
]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(asset_group.asset_set.all())
calc_assets = list(set(assets_obj) | set(group_assets_obj))
proxy_list = Proxy.objects.all()
execute_thread_tasks(proxy_list, THREAD_NUMBERS,
push_role_to_asset, calc_assets, role,
request.user.username)
response['success'] = True
response['error'] = 'running ...'
except Exception as e:
response['error'] = e.message
logger.error(e.message)
return HttpResponse(json.dumps(response),
content_type='application/json')
def perm_sudo_delete(request, res, *args):
"""
list sudo commands alias
"""
res['operator'] = '删除别名'
res['emer_content'] = 6
if request.method == "POST":
try:
sudo_id = request.POST.get("id")
sudo = PermSudo.objects.get(id=int(sudo_id))
# 数据库里删除记录
proxy_list = Proxy.objects.all()
data = {
'name': sudo.name,
}
data = json.dumps(data)
execute_thread_tasks(proxy_list,
THREAD_NUMBERS,
role_proxy_operator,
request.user.username,
'PermSudo',
data,
obj_uuid=sudo.uuid_id,
action='delete')
msg = u'删除Sudo别名[%s]成功' % sudo.name
res['content'] = msg
res['emer_status'] = msg
sudo.delete()
except Exception as e:
res['flag'] = 'false'
msg = u'删除Sudo别名[%s]失败:%s' % (sudo.name, e)
res['content'] = msg
res['emer_status'] = msg
return HttpResponse(msg)
else:
res['flag'] = 'false'
res['content'] = u'不支持该操作'
res['emer_status'] = u"删除Sudo别名失败:不支持该操作"
return HttpResponse(u"不支持该操作")
def perm_role_push(request, *args):
"""
推送系统用户
"""
if request.method == 'GET':
try:
rest = {}
role_id = request.GET.get('id')
role = get_object(PermRole, id=int(role_id))
rest['Id'] = role.id
rest['role_name'] = role.name
return HttpResponse(json.dumps(rest), content_type='application/json')
except Exception as e:
logger.error(e)
else:
response = {'success': False, 'error': ''}
try:
role_id = request.GET.get('id')
role = get_object(PermRole, id=int(role_id))
asset_ids = request.POST.getlist("assets")
asset_group_ids = request.POST.getlist("asset_groups")
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids]
asset_groups_obj = [AssetGroup.objects.get(id=asset_group_id) for asset_group_id in asset_group_ids]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(asset_group.asset_set.all())
calc_assets = list(set(assets_obj) | set(group_assets_obj))
proxy_list = Proxy.objects.all()
execute_thread_tasks(proxy_list, THREAD_NUMBERS, push_role_to_asset, calc_assets, role, request.user.username)
response['success'] = True
response['error'] = 'running ...'
except Exception as e:
response['error'] = e.message
logger.error(e.message)
return HttpResponse(json.dumps(response), content_type='application/json')
msg_del_user = task.del_user(role.name, proxy, request.user.username)
msg_del_sudo = task.del_user_sudo(role.uuid_id, proxy, request.user.username)
except Exception, e:
logger.warning(u"Recycle Role failed: %s" % e)
raise ServerError(u"回收已推送的系统用户失败: %s" % e)
logger.info(u"删除用户 %s - execute delete user: %s" % (role.name, msg_del_user))
logger.info(u"删除用户 %s - execute delete sudo: %s" % (role.name, msg_del_sudo))
# TODO: 判断返回结果,处理异常
# 删除proxy上的role, proxy上的role删除成功后再删除magicstack上的role
proxy_list = Proxy.objects.all()
data = {
'name': role.name,
}
data = json.dumps(data)
execute_thread_tasks(proxy_list, THREAD_NUMBERS,role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='delete')
msg = u"删除系统用户[%s]成功" % role.name
res['content'] = msg
res['emer_status'] = msg
role.delete()
except ServerError, e:
res['flag'] = 'false'
msg = u"删除系统用户失败: %s" %e
res['content'] = msg
res['emer_status'] = msg
return HttpResponse(msg)
@require_role('admin')
def perm_role_detail(request):
def perm_role_edit(request, res, *args):
"""
编辑系统用户
"""
# 渲染数据
res['operator'] = u"编辑系统用户"
res['emer_content'] = 6
if request.method == "GET":
role_id = request.GET.get("id")
role = PermRole.objects.get(id=int(role_id))
if not role:
return HttpResponse(u'系统用户不存在')
rest = {}
rest['Id'] = role.id
rest['role_name'] = role.name
rest['role_password'] = role.password
rest['role_comment'] = role.comment
rest['system_groups'] = role.system_groups
rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()])
return HttpResponse(json.dumps(rest), content_type='application/json')
else:
response = {'success': False, 'error': ''}
role_id = request.GET.get("id", '')
role = PermRole.objects.get(id=int(role_id))
role_name = request.POST.get("role_name")
role_password = request.POST.get("role_password")
role_comment = request.POST.get("role_comment")
role_sudo_names = request.POST.getlist("sudo_name")
role_sudos = [PermSudo.objects.get(id=int(sudo_id)) for sudo_id in role_sudo_names]
key_content = request.POST.get("role_key", "")
sudo_uuids = [item.uuid_id for item in role_sudos]
sys_groups = request.POST.get("sys_groups",'').strip()
try:
if not role:
raise ServerError('该系统用户不能存在')
if role_name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
if role_password:
encrypt_pass = CRYPTOR.encrypt(role_password)
role.password = encrypt_pass
role_key_content = "" # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥
# TODO 生成随机密码,生成秘钥对
if key_content:
try:
key_contents = json.dumps(gen_keys(key=key_content))
role.key_content = key_contents
role_key_content = key_contents
except SSHException:
raise ServerError(u'输入的密钥不合法')
# 跟新server上的permrole
role.name = role_name
role.comment = role_comment
role.system_groups = sys_groups
role.sudo = role_sudos
role.save()
# 更新proxy上的permrole
data = {'name': role_name,
'password': role_password,
'comment': role_comment,
'sudo_uuids': sudo_uuids,
'key_content': role_key_content,
'sys_groups': sys_groups}
data = json.dumps(data)
proxy_list = Proxy.objects.all()
execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='update')
# TODO 用户操作记录
res['content'] = u"编辑系统用户[%s]成功" % role.name
# TODO 告警事件记录
res['emer_status'] = u"编辑系统用户[%s]成功" % role.name
# TODO 页面返回信息
response['success'] = True
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"编辑系统用户失败:%s"%(e.message)
response['error'] = u"编辑系统用户失败:%s"%(e.message)
return HttpResponse(json.dumps(response), content_type='application/json')
def perm_sudo_edit(request, res, *args):
"""
编辑别名
"""
res['operator'] = "编辑别名"
res['emer_content'] = 6
if request.method == "GET":
sudo_id = request.GET.get("id")
sudo = PermSudo.objects.get(id=sudo_id)
rest = {}
rest['Id'] = sudo.id
rest['name'] = sudo.name
rest['commands'] = sudo.commands
rest['comment'] = sudo.comment
return HttpResponse(json.dumps(rest), content_type='application/json')
else:
response = {'success': False, 'error': ''}
try:
sudo_id = request.GET.get("id")
sudo = PermSudo.objects.get(id=int(sudo_id))
name = request.POST.get("sudo_name").upper()
commands = request.POST.get("sudo_commands")
comment = request.POST.get("sudo_comment")
if not name or not commands:
raise ServerError(u"sudo name 和 commands是必填项!")
old_name = sudo.name
if old_name == name:
if len(PermSudo.objects.filter(name=name)) > 1:
raise ServerError(u'别名[%s]已存在' % name)
else:
if len(PermSudo.objects.filter(name=name)) > 0:
raise ServerError(u'别名[%s]已存在' % name)
pattern = re.compile(r'[\n,\r]')
deal_space_commands = list_drop_str(pattern.split(commands), u'')
deal_all_commands = map(trans_all, deal_space_commands)
commands = ', '.join(deal_all_commands).strip()
sudo.name = name.strip()
sudo.commands = commands
sudo.comment = comment
sudo.save()
proxy_list = Proxy.objects.all()
# 更新proxy上的数据
data = {
'name': name.strip(),
'comment': comment,
'commands': commands
}
data = json.dumps(data)
execute_thread_tasks(proxy_list,
THREAD_NUMBERS,
role_proxy_operator,
request.user.username,
'PermSudo',
data,
obj_uuid=sudo.uuid_id,
action='update')
msg = u"编辑Sudo命令别名[%s]成功" % sudo.name
res['content'] = msg
res['emer_status'] = msg
response['success'] = True
except ServerError as e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"编辑Sudo命令别名失败:%s" % (e.message)
response['error'] = res['emer_status']
return HttpResponse(json.dumps(response),
content_type='application/json')
def perm_sudo_edit(request, res, *args):
"""
编辑别名
"""
res['operator'] = "编辑别名"
res['emer_content'] = 6
if request.method == "GET":
sudo_id = request.GET.get("id")
sudo = PermSudo.objects.get(id=sudo_id)
rest = {}
rest['Id'] = sudo.id
rest['name'] = sudo.name
rest['commands'] = sudo.commands
rest['comment'] = sudo.comment
return HttpResponse(json.dumps(rest), content_type='application/json')
else:
response = {'success': False, 'error': ''}
try:
sudo_id = request.GET.get("id")
sudo = PermSudo.objects.get(id=int(sudo_id))
name = request.POST.get("sudo_name").upper()
commands = request.POST.get("sudo_commands")
comment = request.POST.get("sudo_comment")
if not name or not commands:
raise ServerError(u"sudo name 和 commands是必填项!")
old_name = sudo.name
if old_name == name:
if len(PermSudo.objects.filter(name=name)) > 1:
raise ServerError(u'别名[%s]已存在' % name)
else:
if len(PermSudo.objects.filter(name=name)) > 0:
raise ServerError(u'别名[%s]已存在' % name)
pattern = re.compile(r'[\n,\r]')
deal_space_commands = list_drop_str(pattern.split(commands), u'')
deal_all_commands = map(trans_all, deal_space_commands)
commands = ', '.join(deal_all_commands).strip()
sudo.name = name.strip()
sudo.commands = commands
sudo.comment = comment
sudo.save()
proxy_list = Proxy.objects.all()
# 更新proxy上的数据
data = {'name': name.strip(),
'comment': comment,
'commands': commands}
data = json.dumps(data)
execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermSudo', data,
obj_uuid=sudo.uuid_id, action='update')
msg = u"编辑Sudo命令别名[%s]成功" % sudo.name
res['content'] = msg
res['emer_status'] = msg
response['success'] = True
except ServerError as e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"编辑Sudo命令别名失败:%s"%(e.message)
response['error'] = res['emer_status']
return HttpResponse(json.dumps(response), content_type='application/json')
logger.info(u"删除用户 %s - execute delete user: %s" %
(role.name, msg_del_user))
logger.info(u"删除用户 %s - execute delete sudo: %s" %
(role.name, msg_del_sudo))
# TODO: 判断返回结果,处理异常
# 删除proxy上的role, proxy上的role删除成功后再删除magicstack上的role
proxy_list = Proxy.objects.all()
data = {
'name': role.name,
}
data = json.dumps(data)
execute_thread_tasks(proxy_list,
THREAD_NUMBERS,
role_proxy_operator,
request.user.username,
'PermRole',
data,
obj_uuid=role.uuid_id,
action='delete')
msg = u"删除系统用户[%s]成功" % role.name
res['content'] = msg
res['emer_status'] = msg
role.delete()
except ServerError, e:
res['flag'] = 'false'
msg = u"删除系统用户失败: %s" % e
res['content'] = msg
res['emer_status'] = msg
return HttpResponse(msg)
def perm_role_edit(request, res, *args):
"""
编辑系统用户
"""
# 渲染数据
res['operator'] = u"编辑系统用户"
res['emer_content'] = 6
if request.method == "GET":
role_id = request.GET.get("id")
role = PermRole.objects.get(id=int(role_id))
if not role:
return HttpResponse(u'系统用户不存在')
rest = {}
rest['Id'] = role.id
rest['role_name'] = role.name
rest['role_password'] = role.password
rest['role_comment'] = role.comment
rest['system_groups'] = role.system_groups
rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()])
return HttpResponse(json.dumps(rest), content_type='application/json')
else:
response = {'success': False, 'error': ''}
role_id = request.GET.get("id", '')
role = PermRole.objects.get(id=int(role_id))
role_name = request.POST.get("role_name")
role_password = request.POST.get("role_password")
role_comment = request.POST.get("role_comment")
role_sudo_names = request.POST.getlist("sudo_name")
role_sudos = [
PermSudo.objects.get(id=int(sudo_id))
for sudo_id in role_sudo_names
]
key_content = request.POST.get("role_key", "")
sudo_uuids = [item.uuid_id for item in role_sudos]
sys_groups = request.POST.get("sys_groups", '').strip()
try:
if not role:
raise ServerError('该系统用户不能存在')
if role_name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
if role_password:
encrypt_pass = CRYPTOR.encrypt(role_password)
role.password = encrypt_pass
role_key_content = "" # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥
# TODO 生成随机密码,生成秘钥对
if key_content:
try:
key_contents = json.dumps(gen_keys(key=key_content))
role.key_content = key_contents
role_key_content = key_contents
except SSHException:
raise ServerError(u'输入的密钥不合法')
# 跟新server上的permrole
role.name = role_name
role.comment = role_comment
role.system_groups = sys_groups
role.sudo = role_sudos
role.save()
# 更新proxy上的permrole
data = {
'name': role_name,
'password': role_password,
'comment': role_comment,
'sudo_uuids': sudo_uuids,
'key_content': role_key_content,
'sys_groups': sys_groups
}
data = json.dumps(data)
proxy_list = Proxy.objects.all()
execute_thread_tasks(proxy_list,
THREAD_NUMBERS,
role_proxy_operator,
request.user.username,
'PermRole',
data,
obj_uuid=role.uuid_id,
action='update')
# TODO 用户操作记录
res['content'] = u"编辑系统用户[%s]成功" % role.name
# TODO 告警事件记录
res['emer_status'] = u"编辑系统用户[%s]成功" % role.name
# TODO 页面返回信息
response['success'] = True
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"编辑系统用户失败:%s" % (e.message)
response['error'] = u"编辑系统用户失败:%s" % (e.message)
return HttpResponse(json.dumps(response),
content_type='application/json')
def perm_role_add(request, res, *args):
"""
添加系统用户 server和proxy上都添加
"""
response = {'success': False, 'error': ''}
res['operator'] = u"添加系统用户"
res['emer_content'] = 6
if request.method == "POST":
name = request.POST.get("role_name", "").strip()
comment = request.POST.get("role_comment", "")
password = request.POST.get("role_password", "")
key_content = request.POST.get("role_key", "")
sudo_ids = request.POST.getlist('sudo_name')
uuid_id = str(uuid.uuid1())
sys_groups = request.POST.get('sys_groups', '').strip()
try:
if get_object(PermRole, name=name):
raise ServerError(u'用户 %s已经存在' % name)
if name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
if name == "":
raise ServerError(u'系统用户名为空')
if password:
encrypt_pass = CRYPTOR.encrypt(password)
else:
encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
# 生成随机密码,生成秘钥对
sudos_obj = [
get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids
]
sudo_uuids = [item.uuid_id for item in sudos_obj]
try:
keys_content = json.dumps(gen_keys(key_content))
except Exception, e:
raise ServerError(e)
# # TODO 将数据保存到magicstack上
role = PermRole.objects.create(uuid_id=uuid_id,
name=name,
comment=comment,
password=encrypt_pass,
key_content=keys_content,
system_groups=sys_groups)
role.sudo = sudos_obj
role.save()
# TODO 将数据同时保存到proxy上
proxy_list = Proxy.objects.all()
data = {
'uuid_id': uuid_id,
'id': role.id,
'name': name,
'password': encrypt_pass,
'comment': comment,
'key_content': keys_content,
'sudo_uuids': sudo_uuids,
'sys_groups': sys_groups
}
data = json.dumps(data)
execute_thread_tasks(proxy_list,
THREAD_NUMBERS,
role_proxy_operator,
request.user.username,
'PermRole',
data,
obj_uuid=role.uuid_id,
action='add')
response['success'] = True
res['content'] = u'添加系统用户[%s]成功' % role.name
res['emer_status'] = u'添加系统用户[%s]成功' % role.name
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"添加系统用户失败:%s" (e.message)
response['error'] = u"添加系统用户失败:%s" % (e.message)
def perm_role_add(request, res, *args):
"""
添加系统用户 server和proxy上都添加
"""
response = {'success': False, 'error': ''}
res['operator'] = u"添加系统用户"
res['emer_content'] = 6
if request.method == "POST":
name = request.POST.get("role_name", "").strip()
comment = request.POST.get("role_comment", "")
password = request.POST.get("role_password", "")
key_content = request.POST.get("role_key", "")
sudo_ids = request.POST.getlist('sudo_name')
uuid_id = str(uuid.uuid1())
sys_groups = request.POST.get('sys_groups', '').strip()
try:
if get_object(PermRole, name=name):
raise ServerError(u'用户 %s已经存在' % name)
if name == "root":
raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
if name == "":
raise ServerError(u'系统用户名为空')
if password:
encrypt_pass = CRYPTOR.encrypt(password)
else:
encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
# 生成随机密码,生成秘钥对
sudos_obj = [get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids]
sudo_uuids = [item.uuid_id for item in sudos_obj]
try:
keys_content = json.dumps(gen_keys(key_content))
except Exception, e:
raise ServerError(e)
# # TODO 将数据保存到magicstack上
role = PermRole.objects.create(uuid_id=uuid_id, name=name, comment=comment, password=encrypt_pass,
key_content=keys_content, system_groups=sys_groups)
role.sudo = sudos_obj
role.save()
# TODO 将数据同时保存到proxy上
proxy_list = Proxy.objects.all()
data = {'uuid_id': uuid_id,
'id': role.id,
'name': name,
'password': encrypt_pass,
'comment': comment,
'key_content': keys_content,
'sudo_uuids': sudo_uuids,
'sys_groups': sys_groups}
data = json.dumps(data)
execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data,
obj_uuid=role.uuid_id, action='add')
response['success'] = True
res['content'] = u'添加系统用户[%s]成功'% role.name
res['emer_status'] = u'添加系统用户[%s]成功'% role.name
except ServerError, e:
res['flag'] = 'false'
res['content'] = e.message
res['emer_status'] = u"添加系统用户失败:%s"(e.message)
response['error'] = u"添加系统用户失败:%s"%(e.message)
