def perm_sudo_add(request, res, *args): """ list sudo commands alias """ res['operator'] = u"添加别名" response = {'success': False, 'error': ''} res['emer_content'] = 6 if request.method == "POST": try: name = request.POST.get("sudo_name").strip().upper() comment = request.POST.get("sudo_comment") commands = request.POST.get("sudo_commands").strip() if not name or not commands: raise ServerError(u"sudo name 和 commands是必填项!") pattern = re.compile(r'[\n,\r]') deal_space_commands = list_drop_str(pattern.split(commands), u'') deal_all_commands = map(trans_all, deal_space_commands) commands = ', '.join(deal_all_commands) logger.debug(u'添加sudo %s: %s' % (name, commands)) sudo_name_test = get_object(PermSudo, name=name) if sudo_name_test: raise ServerError(u"别名[%s]已存在" % name) sudo_uuid = str(uuid.uuid1()) # TODO 保存数据到magicstack sudo = PermSudo.objects.create(uuid_id=sudo_uuid, name=name.strip(), comment=comment, commands=commands) # TODO 保存数据到proxy上的数据库 proxy_list = Proxy.objects.all() data = { 'uuid_id': sudo_uuid, 'id': sudo.id, 'name': name, 'comment': comment, 'commands': commands } data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermSudo', data, obj_uuid=sudo.uuid_id, action='add') res['content'] = u"添加Sudo命令别名[%s]成功" % name res['emer_status'] = u"添加Sudo命令别名[%s]成功" % name response['success'] = True except ServerError as e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"添加Sudo命令别名失败:%s" % (e.message) response['error'] = res['emer_status'] return HttpResponse(json.dumps(response), content_type='application/json')
def perm_sudo_delete(request, res, *args): """ list sudo commands alias """ res['operator'] = '删除别名' res['emer_content'] = 6 if request.method == "POST": try: sudo_id = request.POST.get("id") sudo = PermSudo.objects.get(id=int(sudo_id)) # 数据库里删除记录 proxy_list = Proxy.objects.all() data = { 'name': sudo.name, } data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator,request.user.username, 'PermSudo', data, obj_uuid=sudo.uuid_id, action='delete') msg = u'删除Sudo别名[%s]成功'% sudo.name res['content'] = msg res['emer_status'] = msg sudo.delete() except Exception as e: res['flag'] = 'false' msg = u'删除Sudo别名[%s]失败:%s'% (sudo.name,e) res['content'] = msg res['emer_status'] = msg return HttpResponse(msg) else: res['flag'] = 'false' res['content'] = u'不支持该操作' res['emer_status'] = u"删除Sudo别名失败:不支持该操作" return HttpResponse(u"不支持该操作")
def asset_update_batch(request,res,*args): response = {'success':'', 'error':''} res['operator'] = res['content'] = u'批量更新主机' if request.method == 'POST': try: arg = request.GET.get('arg', '') name = unicode(request.user.username) + ' - ' + u'自动更新' if arg == 'all': asset_list = Asset.objects.all() else: asset_list = [] asset_id_all = request.POST.get('asset_id_all', '') asset_id_all = asset_id_all.split(',') for asset_id in asset_id_all: asset = Asset.objects.get(id=int(asset_id)) if asset: asset_list.append(asset) proxy_list = Proxy.objects.all() execute_thread_tasks(proxy_list, THREAD_NUMBERS, update_asset_info, asset_list, name) res['content'] = u'更新资产成功' response['success'] = u'批量更新成功!' except Exception as e: logger.error(e) res['flag'] = 'false' res['content'] = u'批量更新失败' response['error'] = e return HttpResponse(json.dumps(response), content_type='application/json')
def perm_sudo_add(request, res, *args): """ list sudo commands alias """ res['operator'] = u"添加别名" response ={'success': False, 'error': ''} res['emer_content'] = 6 if request.method == "POST": try: name = request.POST.get("sudo_name").strip().upper() comment = request.POST.get("sudo_comment") commands = request.POST.get("sudo_commands").strip() if not name or not commands: raise ServerError(u"sudo name 和 commands是必填项!") pattern = re.compile(r'[\n,\r]') deal_space_commands = list_drop_str(pattern.split(commands), u'') deal_all_commands = map(trans_all, deal_space_commands) commands = ', '.join(deal_all_commands) logger.debug(u'添加sudo %s: %s' % (name, commands)) sudo_name_test = get_object(PermSudo, name=name) if sudo_name_test: raise ServerError(u"别名[%s]已存在" %name) sudo_uuid = str(uuid.uuid1()) # TODO 保存数据到magicstack sudo = PermSudo.objects.create(uuid_id=sudo_uuid, name=name.strip(), comment=comment, commands=commands) # TODO 保存数据到proxy上的数据库 proxy_list = Proxy.objects.all() data = {'uuid_id': sudo_uuid, 'id': sudo.id, 'name': name, 'comment': comment, 'commands': commands} data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermSudo', data, obj_uuid=sudo.uuid_id, action='add') res['content'] = u"添加Sudo命令别名[%s]成功" % name res['emer_status'] = u"添加Sudo命令别名[%s]成功" % name response['success'] = True except ServerError as e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"添加Sudo命令别名失败:%s" % (e.message) response['error'] = res['emer_status'] return HttpResponse(json.dumps(response), content_type='application/json')
def asset_action(request, status): if request.method == 'POST': try: select_ids = request.POST.getlist('asset_id_all') select_ids = select_ids[0].split(',') asset_list = [] for item in select_ids: asset = get_object(Asset, id=int(item)) asset_list.append(asset) proxy_list = Proxy.objects.all() execute_thread_tasks(proxy_list, THREAD_NUMBERS, asset_operator, asset_list, status, request.user.username) result = 'running' except Exception as e: logger.debug(e) result = e return HttpResponse(json.dumps(result), content_type='application/json')
def asset_del(request,res, *args): """ del a asset 删除主机 """ response = {'msg': u'删除成功'} res['operator'] = res['content'] = u'删除主机' asset_id = request.GET.get('id', '') if asset_id: asset = get_object(Asset, id=int(asset_id)) if asset: proxy = asset.proxy param = {'names': [asset.name], 'id_unique': asset.id_unique} data = json.dumps(param) try: api = APIRequest('{0}/v1.0/system'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, code = api.req_del(data) logger.debug(u'删除单一资产result:%s'%result) if code == 200: asset.delete() else: response['msg'] = result['messege'] except Exception as e: logger.error(e) res['flag'] = 'false' res['content'] = e response['msg'] = e if request.method == 'POST': try: asset_id_all = request.POST.get('asset_id_all', '') asset_list = [] for asset_id in asset_id_all.split(','): asset = get_object(Asset, id=int(asset_id)) res['content'] += '%s ' % asset.name if asset: asset_list.append(asset) proxy_list = Proxy.objects.all() execute_thread_tasks(proxy_list, THREAD_NUMBERS, delete_asset_batch, asset_list) response['msg'] = u'批量删除主机成功' except Exception as e: logger.error(e) res['flag'] = 'false' res['content'] = e response['msg'] = e return HttpResponse(json.dumps(response), content_type='application/json')
def perm_role_push(request, *args): """ 推送系统用户 """ if request.method == 'GET': try: rest = {} role_id = request.GET.get('id') role = get_object(PermRole, id=int(role_id)) rest['Id'] = role.id rest['role_name'] = role.name return HttpResponse(json.dumps(rest), content_type='application/json') except Exception as e: logger.error(e) else: response = {'success': False, 'error': ''} try: role_id = request.GET.get('id') role = get_object(PermRole, id=int(role_id)) asset_ids = request.POST.getlist("assets") asset_group_ids = request.POST.getlist("asset_groups") assets_obj = [ Asset.objects.get(id=asset_id) for asset_id in asset_ids ] asset_groups_obj = [ AssetGroup.objects.get(id=asset_group_id) for asset_group_id in asset_group_ids ] group_assets_obj = [] for asset_group in asset_groups_obj: group_assets_obj.extend(asset_group.asset_set.all()) calc_assets = list(set(assets_obj) | set(group_assets_obj)) proxy_list = Proxy.objects.all() execute_thread_tasks(proxy_list, THREAD_NUMBERS, push_role_to_asset, calc_assets, role, request.user.username) response['success'] = True response['error'] = 'running ...' except Exception as e: response['error'] = e.message logger.error(e.message) return HttpResponse(json.dumps(response), content_type='application/json')
def perm_sudo_delete(request, res, *args): """ list sudo commands alias """ res['operator'] = '删除别名' res['emer_content'] = 6 if request.method == "POST": try: sudo_id = request.POST.get("id") sudo = PermSudo.objects.get(id=int(sudo_id)) # 数据库里删除记录 proxy_list = Proxy.objects.all() data = { 'name': sudo.name, } data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermSudo', data, obj_uuid=sudo.uuid_id, action='delete') msg = u'删除Sudo别名[%s]成功' % sudo.name res['content'] = msg res['emer_status'] = msg sudo.delete() except Exception as e: res['flag'] = 'false' msg = u'删除Sudo别名[%s]失败:%s' % (sudo.name, e) res['content'] = msg res['emer_status'] = msg return HttpResponse(msg) else: res['flag'] = 'false' res['content'] = u'不支持该操作' res['emer_status'] = u"删除Sudo别名失败:不支持该操作" return HttpResponse(u"不支持该操作")
def perm_role_push(request, *args): """ 推送系统用户 """ if request.method == 'GET': try: rest = {} role_id = request.GET.get('id') role = get_object(PermRole, id=int(role_id)) rest['Id'] = role.id rest['role_name'] = role.name return HttpResponse(json.dumps(rest), content_type='application/json') except Exception as e: logger.error(e) else: response = {'success': False, 'error': ''} try: role_id = request.GET.get('id') role = get_object(PermRole, id=int(role_id)) asset_ids = request.POST.getlist("assets") asset_group_ids = request.POST.getlist("asset_groups") assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids] asset_groups_obj = [AssetGroup.objects.get(id=asset_group_id) for asset_group_id in asset_group_ids] group_assets_obj = [] for asset_group in asset_groups_obj: group_assets_obj.extend(asset_group.asset_set.all()) calc_assets = list(set(assets_obj) | set(group_assets_obj)) proxy_list = Proxy.objects.all() execute_thread_tasks(proxy_list, THREAD_NUMBERS, push_role_to_asset, calc_assets, role, request.user.username) response['success'] = True response['error'] = 'running ...' except Exception as e: response['error'] = e.message logger.error(e.message) return HttpResponse(json.dumps(response), content_type='application/json')
msg_del_user = task.del_user(role.name, proxy, request.user.username) msg_del_sudo = task.del_user_sudo(role.uuid_id, proxy, request.user.username) except Exception, e: logger.warning(u"Recycle Role failed: %s" % e) raise ServerError(u"回收已推送的系统用户失败: %s" % e) logger.info(u"删除用户 %s - execute delete user: %s" % (role.name, msg_del_user)) logger.info(u"删除用户 %s - execute delete sudo: %s" % (role.name, msg_del_sudo)) # TODO: 判断返回结果,处理异常 # 删除proxy上的role, proxy上的role删除成功后再删除magicstack上的role proxy_list = Proxy.objects.all() data = { 'name': role.name, } data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS,role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='delete') msg = u"删除系统用户[%s]成功" % role.name res['content'] = msg res['emer_status'] = msg role.delete() except ServerError, e: res['flag'] = 'false' msg = u"删除系统用户失败: %s" %e res['content'] = msg res['emer_status'] = msg return HttpResponse(msg) @require_role('admin') def perm_role_detail(request):
def perm_role_edit(request, res, *args): """ 编辑系统用户 """ # 渲染数据 res['operator'] = u"编辑系统用户" res['emer_content'] = 6 if request.method == "GET": role_id = request.GET.get("id") role = PermRole.objects.get(id=int(role_id)) if not role: return HttpResponse(u'系统用户不存在') rest = {} rest['Id'] = role.id rest['role_name'] = role.name rest['role_password'] = role.password rest['role_comment'] = role.comment rest['system_groups'] = role.system_groups rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()]) return HttpResponse(json.dumps(rest), content_type='application/json') else: response = {'success': False, 'error': ''} role_id = request.GET.get("id", '') role = PermRole.objects.get(id=int(role_id)) role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [PermSudo.objects.get(id=int(sudo_id)) for sudo_id in role_sudo_names] key_content = request.POST.get("role_key", "") sudo_uuids = [item.uuid_id for item in role_sudos] sys_groups = request.POST.get("sys_groups",'').strip() try: if not role: raise ServerError('该系统用户不能存在') if role_name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass role_key_content = "" # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥 # TODO 生成随机密码,生成秘钥对 if key_content: try: key_contents = json.dumps(gen_keys(key=key_content)) role.key_content = key_contents role_key_content = key_contents except SSHException: raise ServerError(u'输入的密钥不合法') # 跟新server上的permrole role.name = role_name role.comment = role_comment role.system_groups = sys_groups role.sudo = role_sudos role.save() # 更新proxy上的permrole data = {'name': role_name, 'password': role_password, 'comment': role_comment, 'sudo_uuids': sudo_uuids, 'key_content': role_key_content, 'sys_groups': sys_groups} data = json.dumps(data) proxy_list = Proxy.objects.all() execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='update') # TODO 用户操作记录 res['content'] = u"编辑系统用户[%s]成功" % role.name # TODO 告警事件记录 res['emer_status'] = u"编辑系统用户[%s]成功" % role.name # TODO 页面返回信息 response['success'] = True except ServerError, e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"编辑系统用户失败:%s"%(e.message) response['error'] = u"编辑系统用户失败:%s"%(e.message) return HttpResponse(json.dumps(response), content_type='application/json')
def perm_sudo_edit(request, res, *args): """ 编辑别名 """ res['operator'] = "编辑别名" res['emer_content'] = 6 if request.method == "GET": sudo_id = request.GET.get("id") sudo = PermSudo.objects.get(id=sudo_id) rest = {} rest['Id'] = sudo.id rest['name'] = sudo.name rest['commands'] = sudo.commands rest['comment'] = sudo.comment return HttpResponse(json.dumps(rest), content_type='application/json') else: response = {'success': False, 'error': ''} try: sudo_id = request.GET.get("id") sudo = PermSudo.objects.get(id=int(sudo_id)) name = request.POST.get("sudo_name").upper() commands = request.POST.get("sudo_commands") comment = request.POST.get("sudo_comment") if not name or not commands: raise ServerError(u"sudo name 和 commands是必填项!") old_name = sudo.name if old_name == name: if len(PermSudo.objects.filter(name=name)) > 1: raise ServerError(u'别名[%s]已存在' % name) else: if len(PermSudo.objects.filter(name=name)) > 0: raise ServerError(u'别名[%s]已存在' % name) pattern = re.compile(r'[\n,\r]') deal_space_commands = list_drop_str(pattern.split(commands), u'') deal_all_commands = map(trans_all, deal_space_commands) commands = ', '.join(deal_all_commands).strip() sudo.name = name.strip() sudo.commands = commands sudo.comment = comment sudo.save() proxy_list = Proxy.objects.all() # 更新proxy上的数据 data = { 'name': name.strip(), 'comment': comment, 'commands': commands } data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermSudo', data, obj_uuid=sudo.uuid_id, action='update') msg = u"编辑Sudo命令别名[%s]成功" % sudo.name res['content'] = msg res['emer_status'] = msg response['success'] = True except ServerError as e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"编辑Sudo命令别名失败:%s" % (e.message) response['error'] = res['emer_status'] return HttpResponse(json.dumps(response), content_type='application/json')
def perm_sudo_edit(request, res, *args): """ 编辑别名 """ res['operator'] = "编辑别名" res['emer_content'] = 6 if request.method == "GET": sudo_id = request.GET.get("id") sudo = PermSudo.objects.get(id=sudo_id) rest = {} rest['Id'] = sudo.id rest['name'] = sudo.name rest['commands'] = sudo.commands rest['comment'] = sudo.comment return HttpResponse(json.dumps(rest), content_type='application/json') else: response = {'success': False, 'error': ''} try: sudo_id = request.GET.get("id") sudo = PermSudo.objects.get(id=int(sudo_id)) name = request.POST.get("sudo_name").upper() commands = request.POST.get("sudo_commands") comment = request.POST.get("sudo_comment") if not name or not commands: raise ServerError(u"sudo name 和 commands是必填项!") old_name = sudo.name if old_name == name: if len(PermSudo.objects.filter(name=name)) > 1: raise ServerError(u'别名[%s]已存在' % name) else: if len(PermSudo.objects.filter(name=name)) > 0: raise ServerError(u'别名[%s]已存在' % name) pattern = re.compile(r'[\n,\r]') deal_space_commands = list_drop_str(pattern.split(commands), u'') deal_all_commands = map(trans_all, deal_space_commands) commands = ', '.join(deal_all_commands).strip() sudo.name = name.strip() sudo.commands = commands sudo.comment = comment sudo.save() proxy_list = Proxy.objects.all() # 更新proxy上的数据 data = {'name': name.strip(), 'comment': comment, 'commands': commands} data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermSudo', data, obj_uuid=sudo.uuid_id, action='update') msg = u"编辑Sudo命令别名[%s]成功" % sudo.name res['content'] = msg res['emer_status'] = msg response['success'] = True except ServerError as e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"编辑Sudo命令别名失败:%s"%(e.message) response['error'] = res['emer_status'] return HttpResponse(json.dumps(response), content_type='application/json')
logger.info(u"删除用户 %s - execute delete user: %s" % (role.name, msg_del_user)) logger.info(u"删除用户 %s - execute delete sudo: %s" % (role.name, msg_del_sudo)) # TODO: 判断返回结果,处理异常 # 删除proxy上的role, proxy上的role删除成功后再删除magicstack上的role proxy_list = Proxy.objects.all() data = { 'name': role.name, } data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='delete') msg = u"删除系统用户[%s]成功" % role.name res['content'] = msg res['emer_status'] = msg role.delete() except ServerError, e: res['flag'] = 'false' msg = u"删除系统用户失败: %s" % e res['content'] = msg res['emer_status'] = msg return HttpResponse(msg)
def perm_role_edit(request, res, *args): """ 编辑系统用户 """ # 渲染数据 res['operator'] = u"编辑系统用户" res['emer_content'] = 6 if request.method == "GET": role_id = request.GET.get("id") role = PermRole.objects.get(id=int(role_id)) if not role: return HttpResponse(u'系统用户不存在') rest = {} rest['Id'] = role.id rest['role_name'] = role.name rest['role_password'] = role.password rest['role_comment'] = role.comment rest['system_groups'] = role.system_groups rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()]) return HttpResponse(json.dumps(rest), content_type='application/json') else: response = {'success': False, 'error': ''} role_id = request.GET.get("id", '') role = PermRole.objects.get(id=int(role_id)) role_name = request.POST.get("role_name") role_password = request.POST.get("role_password") role_comment = request.POST.get("role_comment") role_sudo_names = request.POST.getlist("sudo_name") role_sudos = [ PermSudo.objects.get(id=int(sudo_id)) for sudo_id in role_sudo_names ] key_content = request.POST.get("role_key", "") sudo_uuids = [item.uuid_id for item in role_sudos] sys_groups = request.POST.get("sys_groups", '').strip() try: if not role: raise ServerError('该系统用户不能存在') if role_name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if role_password: encrypt_pass = CRYPTOR.encrypt(role_password) role.password = encrypt_pass role_key_content = "" # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥 # TODO 生成随机密码,生成秘钥对 if key_content: try: key_contents = json.dumps(gen_keys(key=key_content)) role.key_content = key_contents role_key_content = key_contents except SSHException: raise ServerError(u'输入的密钥不合法') # 跟新server上的permrole role.name = role_name role.comment = role_comment role.system_groups = sys_groups role.sudo = role_sudos role.save() # 更新proxy上的permrole data = { 'name': role_name, 'password': role_password, 'comment': role_comment, 'sudo_uuids': sudo_uuids, 'key_content': role_key_content, 'sys_groups': sys_groups } data = json.dumps(data) proxy_list = Proxy.objects.all() execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='update') # TODO 用户操作记录 res['content'] = u"编辑系统用户[%s]成功" % role.name # TODO 告警事件记录 res['emer_status'] = u"编辑系统用户[%s]成功" % role.name # TODO 页面返回信息 response['success'] = True except ServerError, e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"编辑系统用户失败:%s" % (e.message) response['error'] = u"编辑系统用户失败:%s" % (e.message) return HttpResponse(json.dumps(response), content_type='application/json')
def perm_role_add(request, res, *args): """ 添加系统用户 server和proxy上都添加 """ response = {'success': False, 'error': ''} res['operator'] = u"添加系统用户" res['emer_content'] = 6 if request.method == "POST": name = request.POST.get("role_name", "").strip() comment = request.POST.get("role_comment", "") password = request.POST.get("role_password", "") key_content = request.POST.get("role_key", "") sudo_ids = request.POST.getlist('sudo_name') uuid_id = str(uuid.uuid1()) sys_groups = request.POST.get('sys_groups', '').strip() try: if get_object(PermRole, name=name): raise ServerError(u'用户 %s已经存在' % name) if name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if name == "": raise ServerError(u'系统用户名为空') if password: encrypt_pass = CRYPTOR.encrypt(password) else: encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) # 生成随机密码,生成秘钥对 sudos_obj = [ get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids ] sudo_uuids = [item.uuid_id for item in sudos_obj] try: keys_content = json.dumps(gen_keys(key_content)) except Exception, e: raise ServerError(e) # # TODO 将数据保存到magicstack上 role = PermRole.objects.create(uuid_id=uuid_id, name=name, comment=comment, password=encrypt_pass, key_content=keys_content, system_groups=sys_groups) role.sudo = sudos_obj role.save() # TODO 将数据同时保存到proxy上 proxy_list = Proxy.objects.all() data = { 'uuid_id': uuid_id, 'id': role.id, 'name': name, 'password': encrypt_pass, 'comment': comment, 'key_content': keys_content, 'sudo_uuids': sudo_uuids, 'sys_groups': sys_groups } data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='add') response['success'] = True res['content'] = u'添加系统用户[%s]成功' % role.name res['emer_status'] = u'添加系统用户[%s]成功' % role.name except ServerError, e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"添加系统用户失败:%s" (e.message) response['error'] = u"添加系统用户失败:%s" % (e.message)
def perm_role_add(request, res, *args): """ 添加系统用户 server和proxy上都添加 """ response = {'success': False, 'error': ''} res['operator'] = u"添加系统用户" res['emer_content'] = 6 if request.method == "POST": name = request.POST.get("role_name", "").strip() comment = request.POST.get("role_comment", "") password = request.POST.get("role_password", "") key_content = request.POST.get("role_key", "") sudo_ids = request.POST.getlist('sudo_name') uuid_id = str(uuid.uuid1()) sys_groups = request.POST.get('sys_groups', '').strip() try: if get_object(PermRole, name=name): raise ServerError(u'用户 %s已经存在' % name) if name == "root": raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!') if name == "": raise ServerError(u'系统用户名为空') if password: encrypt_pass = CRYPTOR.encrypt(password) else: encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20)) # 生成随机密码,生成秘钥对 sudos_obj = [get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids] sudo_uuids = [item.uuid_id for item in sudos_obj] try: keys_content = json.dumps(gen_keys(key_content)) except Exception, e: raise ServerError(e) # # TODO 将数据保存到magicstack上 role = PermRole.objects.create(uuid_id=uuid_id, name=name, comment=comment, password=encrypt_pass, key_content=keys_content, system_groups=sys_groups) role.sudo = sudos_obj role.save() # TODO 将数据同时保存到proxy上 proxy_list = Proxy.objects.all() data = {'uuid_id': uuid_id, 'id': role.id, 'name': name, 'password': encrypt_pass, 'comment': comment, 'key_content': keys_content, 'sudo_uuids': sudo_uuids, 'sys_groups': sys_groups} data = json.dumps(data) execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='add') response['success'] = True res['content'] = u'添加系统用户[%s]成功'% role.name res['emer_status'] = u'添加系统用户[%s]成功'% role.name except ServerError, e: res['flag'] = 'false' res['content'] = e.message res['emer_status'] = u"添加系统用户失败:%s"(e.message) response['error'] = u"添加系统用户失败:%s"%(e.message)