示例#1
0
def perm_sudo_add(request, res, *args):
    """
    list sudo commands alias
    """
    res['operator'] = u"添加别名"
    response = {'success': False, 'error': ''}
    res['emer_content'] = 6
    if request.method == "POST":
        try:
            name = request.POST.get("sudo_name").strip().upper()
            comment = request.POST.get("sudo_comment")
            commands = request.POST.get("sudo_commands").strip()

            if not name or not commands:
                raise ServerError(u"sudo name 和 commands是必填项!")

            pattern = re.compile(r'[\n,\r]')
            deal_space_commands = list_drop_str(pattern.split(commands), u'')
            deal_all_commands = map(trans_all, deal_space_commands)
            commands = ', '.join(deal_all_commands)
            logger.debug(u'添加sudo %s: %s' % (name, commands))

            sudo_name_test = get_object(PermSudo, name=name)
            if sudo_name_test:
                raise ServerError(u"别名[%s]已存在" % name)

            sudo_uuid = str(uuid.uuid1())
            # TODO 保存数据到magicstack
            sudo = PermSudo.objects.create(uuid_id=sudo_uuid,
                                           name=name.strip(),
                                           comment=comment,
                                           commands=commands)

            # TODO 保存数据到proxy上的数据库
            proxy_list = Proxy.objects.all()
            data = {
                'uuid_id': sudo_uuid,
                'id': sudo.id,
                'name': name,
                'comment': comment,
                'commands': commands
            }
            data = json.dumps(data)
            execute_thread_tasks(proxy_list,
                                 THREAD_NUMBERS,
                                 role_proxy_operator,
                                 request.user.username,
                                 'PermSudo',
                                 data,
                                 obj_uuid=sudo.uuid_id,
                                 action='add')
            res['content'] = u"添加Sudo命令别名[%s]成功" % name
            res['emer_status'] = u"添加Sudo命令别名[%s]成功" % name
            response['success'] = True
        except ServerError as e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"添加Sudo命令别名失败:%s" % (e.message)
            response['error'] = res['emer_status']
    return HttpResponse(json.dumps(response), content_type='application/json')
示例#2
0
def perm_sudo_delete(request, res, *args):
    """
    list sudo commands alias
    """
    res['operator'] = '删除别名'
    res['emer_content'] = 6
    if request.method == "POST":
        try:
            sudo_id = request.POST.get("id")
            sudo = PermSudo.objects.get(id=int(sudo_id))
            # 数据库里删除记录
            proxy_list = Proxy.objects.all()
            data = {
                'name': sudo.name,
            }
            data = json.dumps(data)
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator,request.user.username, 'PermSudo', data, obj_uuid=sudo.uuid_id, action='delete')
            msg = u'删除Sudo别名[%s]成功'% sudo.name
            res['content'] = msg
            res['emer_status'] = msg
            sudo.delete()
        except Exception as e:
            res['flag'] = 'false'
            msg = u'删除Sudo别名[%s]失败:%s'% (sudo.name,e)
            res['content'] = msg
            res['emer_status'] = msg
        return HttpResponse(msg)
    else:
        res['flag'] = 'false'
        res['content'] = u'不支持该操作'
        res['emer_status'] = u"删除Sudo别名失败:不支持该操作"
        return HttpResponse(u"不支持该操作")
示例#3
0
def asset_update_batch(request,res,*args):
    response = {'success':'', 'error':''}
    res['operator'] = res['content'] = u'批量更新主机'
    if request.method == 'POST':
        try:
            arg = request.GET.get('arg', '')
            name = unicode(request.user.username) + ' - ' + u'自动更新'
            if arg == 'all':
                asset_list = Asset.objects.all()
            else:
                asset_list = []
                asset_id_all = request.POST.get('asset_id_all', '')
                asset_id_all = asset_id_all.split(',')
                for asset_id in asset_id_all:
                    asset = Asset.objects.get(id=int(asset_id))
                    if asset:
                        asset_list.append(asset)
            proxy_list = Proxy.objects.all()
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, update_asset_info, asset_list, name)
            res['content'] = u'更新资产成功'
            response['success'] = u'批量更新成功!'
        except Exception as e:
            logger.error(e)
            res['flag'] = 'false'
            res['content'] = u'批量更新失败'
            response['error'] = e
        return HttpResponse(json.dumps(response), content_type='application/json')
示例#4
0
def perm_sudo_add(request, res, *args):
    """
    list sudo commands alias
    """
    res['operator'] = u"添加别名"
    response ={'success': False, 'error': ''}
    res['emer_content'] = 6
    if request.method == "POST":
        try:
            name = request.POST.get("sudo_name").strip().upper()
            comment = request.POST.get("sudo_comment")
            commands = request.POST.get("sudo_commands").strip()

            if not name or not commands:
                raise ServerError(u"sudo name 和 commands是必填项!")

            pattern = re.compile(r'[\n,\r]')
            deal_space_commands = list_drop_str(pattern.split(commands), u'')
            deal_all_commands = map(trans_all, deal_space_commands)
            commands = ', '.join(deal_all_commands)
            logger.debug(u'添加sudo %s: %s' % (name, commands))

            sudo_name_test = get_object(PermSudo, name=name)
            if sudo_name_test:
                raise ServerError(u"别名[%s]已存在" %name)

            sudo_uuid = str(uuid.uuid1())
            # TODO 保存数据到magicstack
            sudo = PermSudo.objects.create(uuid_id=sudo_uuid, name=name.strip(), comment=comment, commands=commands)

            # TODO 保存数据到proxy上的数据库
            proxy_list = Proxy.objects.all()
            data = {'uuid_id': sudo_uuid,
                    'id': sudo.id,
                    'name': name,
                    'comment': comment,
                    'commands': commands}
            data = json.dumps(data)
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermSudo', data,
                                 obj_uuid=sudo.uuid_id, action='add')
            res['content'] = u"添加Sudo命令别名[%s]成功" % name
            res['emer_status'] = u"添加Sudo命令别名[%s]成功" % name
            response['success'] = True
        except ServerError as e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"添加Sudo命令别名失败:%s" % (e.message)
            response['error'] = res['emer_status']
    return HttpResponse(json.dumps(response), content_type='application/json')
示例#5
0
def asset_action(request, status):
    if request.method == 'POST':
        try:
            select_ids = request.POST.getlist('asset_id_all')
            select_ids = select_ids[0].split(',')
            asset_list = []
            for item in select_ids:
                asset = get_object(Asset, id=int(item))
                asset_list.append(asset)
            proxy_list = Proxy.objects.all()
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, asset_operator, asset_list, status, request.user.username)
            result = 'running'
        except Exception as e:
            logger.debug(e)
            result = e
        return HttpResponse(json.dumps(result), content_type='application/json')
示例#6
0
def asset_del(request,res, *args):
    """
    del a asset
    删除主机
    """
    response = {'msg': u'删除成功'}
    res['operator'] = res['content'] = u'删除主机'
    asset_id = request.GET.get('id', '')
    if asset_id:
        asset = get_object(Asset, id=int(asset_id))
        if asset:
            proxy = asset.proxy
            param = {'names': [asset.name], 'id_unique': asset.id_unique}
            data = json.dumps(param)
            try:
                api = APIRequest('{0}/v1.0/system'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password))
                result, code = api.req_del(data)
                logger.debug(u'删除单一资产result:%s'%result)
                if code == 200:
                    asset.delete()
                else:
                    response['msg'] = result['messege']
            except Exception as e:
                logger.error(e)
                res['flag'] = 'false'
                res['content'] = e
                response['msg'] = e

    if request.method == 'POST':
        try:
            asset_id_all = request.POST.get('asset_id_all', '')
            asset_list = []
            for asset_id in asset_id_all.split(','):
                asset = get_object(Asset, id=int(asset_id))
                res['content'] += '%s   ' % asset.name
                if asset:
                    asset_list.append(asset)
            proxy_list = Proxy.objects.all()
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, delete_asset_batch, asset_list)
            response['msg'] = u'批量删除主机成功'
        except Exception as e:
            logger.error(e)
            res['flag'] = 'false'
            res['content'] = e
            response['msg'] = e
        return HttpResponse(json.dumps(response), content_type='application/json')
示例#7
0
def perm_role_push(request, *args):
    """
    推送系统用户
    """
    if request.method == 'GET':
        try:
            rest = {}
            role_id = request.GET.get('id')
            role = get_object(PermRole, id=int(role_id))
            rest['Id'] = role.id
            rest['role_name'] = role.name
            return HttpResponse(json.dumps(rest),
                                content_type='application/json')
        except Exception as e:
            logger.error(e)
    else:
        response = {'success': False, 'error': ''}
        try:
            role_id = request.GET.get('id')
            role = get_object(PermRole, id=int(role_id))
            asset_ids = request.POST.getlist("assets")
            asset_group_ids = request.POST.getlist("asset_groups")
            assets_obj = [
                Asset.objects.get(id=asset_id) for asset_id in asset_ids
            ]
            asset_groups_obj = [
                AssetGroup.objects.get(id=asset_group_id)
                for asset_group_id in asset_group_ids
            ]

            group_assets_obj = []
            for asset_group in asset_groups_obj:
                group_assets_obj.extend(asset_group.asset_set.all())
            calc_assets = list(set(assets_obj) | set(group_assets_obj))
            proxy_list = Proxy.objects.all()
            execute_thread_tasks(proxy_list, THREAD_NUMBERS,
                                 push_role_to_asset, calc_assets, role,
                                 request.user.username)
            response['success'] = True
            response['error'] = 'running ...'
        except Exception as e:
            response['error'] = e.message
            logger.error(e.message)
        return HttpResponse(json.dumps(response),
                            content_type='application/json')
示例#8
0
def perm_sudo_delete(request, res, *args):
    """
    list sudo commands alias
    """
    res['operator'] = '删除别名'
    res['emer_content'] = 6
    if request.method == "POST":
        try:
            sudo_id = request.POST.get("id")
            sudo = PermSudo.objects.get(id=int(sudo_id))
            # 数据库里删除记录
            proxy_list = Proxy.objects.all()
            data = {
                'name': sudo.name,
            }
            data = json.dumps(data)
            execute_thread_tasks(proxy_list,
                                 THREAD_NUMBERS,
                                 role_proxy_operator,
                                 request.user.username,
                                 'PermSudo',
                                 data,
                                 obj_uuid=sudo.uuid_id,
                                 action='delete')
            msg = u'删除Sudo别名[%s]成功' % sudo.name
            res['content'] = msg
            res['emer_status'] = msg
            sudo.delete()
        except Exception as e:
            res['flag'] = 'false'
            msg = u'删除Sudo别名[%s]失败:%s' % (sudo.name, e)
            res['content'] = msg
            res['emer_status'] = msg
        return HttpResponse(msg)
    else:
        res['flag'] = 'false'
        res['content'] = u'不支持该操作'
        res['emer_status'] = u"删除Sudo别名失败:不支持该操作"
        return HttpResponse(u"不支持该操作")
示例#9
0
def perm_role_push(request, *args):
    """
    推送系统用户
    """
    if request.method == 'GET':
        try:
            rest = {}
            role_id = request.GET.get('id')
            role = get_object(PermRole, id=int(role_id))
            rest['Id'] = role.id
            rest['role_name'] = role.name
            return HttpResponse(json.dumps(rest), content_type='application/json')
        except Exception as e:
            logger.error(e)
    else:
        response = {'success': False, 'error': ''}
        try:
            role_id = request.GET.get('id')
            role = get_object(PermRole, id=int(role_id))
            asset_ids = request.POST.getlist("assets")
            asset_group_ids = request.POST.getlist("asset_groups")
            assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids]
            asset_groups_obj = [AssetGroup.objects.get(id=asset_group_id) for asset_group_id in asset_group_ids]

            group_assets_obj = []
            for asset_group in asset_groups_obj:
                group_assets_obj.extend(asset_group.asset_set.all())
            calc_assets = list(set(assets_obj) | set(group_assets_obj))
            proxy_list = Proxy.objects.all()
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, push_role_to_asset, calc_assets, role, request.user.username)
            response['success'] = True
            response['error'] = 'running ...'
        except Exception as e:
            response['error'] = e.message
            logger.error(e.message)
        return HttpResponse(json.dumps(response), content_type='application/json')
示例#10
0
                        msg_del_user = task.del_user(role.name, proxy, request.user.username)
                        msg_del_sudo = task.del_user_sudo(role.uuid_id, proxy, request.user.username)
                    except Exception, e:
                        logger.warning(u"Recycle Role failed: %s" % e)
                        raise ServerError(u"回收已推送的系统用户失败: %s" % e)
                    logger.info(u"删除用户 %s - execute delete user: %s" % (role.name, msg_del_user))
                    logger.info(u"删除用户 %s - execute delete sudo: %s" % (role.name, msg_del_sudo))
                    # TODO: 判断返回结果,处理异常

            # 删除proxy上的role, proxy上的role删除成功后再删除magicstack上的role
            proxy_list = Proxy.objects.all()
            data = {
                'name': role.name,
            }
            data = json.dumps(data)
            execute_thread_tasks(proxy_list, THREAD_NUMBERS,role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='delete')
            msg = u"删除系统用户[%s]成功" % role.name
            res['content'] = msg
            res['emer_status'] = msg
            role.delete()
        except ServerError, e:
            res['flag'] = 'false'
            msg = u"删除系统用户失败: %s" %e
            res['content'] = msg
            res['emer_status'] = msg
        return HttpResponse(msg)



@require_role('admin')
def perm_role_detail(request):
示例#11
0
def perm_role_edit(request, res, *args):
    """
    编辑系统用户
    """
    # 渲染数据
    res['operator'] = u"编辑系统用户"
    res['emer_content'] = 6
    if request.method == "GET":
        role_id = request.GET.get("id")
        role = PermRole.objects.get(id=int(role_id))
        if not role:
            return HttpResponse(u'系统用户不存在')
        rest = {}
        rest['Id'] = role.id
        rest['role_name'] = role.name
        rest['role_password'] = role.password
        rest['role_comment'] = role.comment
        rest['system_groups'] = role.system_groups
        rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()])
        return HttpResponse(json.dumps(rest), content_type='application/json')
    else:
        response = {'success': False, 'error': ''}
        role_id = request.GET.get("id", '')
        role = PermRole.objects.get(id=int(role_id))
        role_name = request.POST.get("role_name")
        role_password = request.POST.get("role_password")
        role_comment = request.POST.get("role_comment")
        role_sudo_names = request.POST.getlist("sudo_name")
        role_sudos = [PermSudo.objects.get(id=int(sudo_id)) for sudo_id in role_sudo_names]
        key_content = request.POST.get("role_key", "")
        sudo_uuids = [item.uuid_id for item in role_sudos]
        sys_groups = request.POST.get("sys_groups",'').strip()
        try:
            if not role:
                raise ServerError('该系统用户不能存在')

            if role_name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')

            if role_password:
                encrypt_pass = CRYPTOR.encrypt(role_password)
                role.password = encrypt_pass

            role_key_content = ""    # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥
            # TODO 生成随机密码,生成秘钥对
            if key_content:
                try:
                    key_contents = json.dumps(gen_keys(key=key_content))
                    role.key_content = key_contents
                    role_key_content = key_contents
                except SSHException:
                    raise ServerError(u'输入的密钥不合法')
            # 跟新server上的permrole
            role.name = role_name
            role.comment = role_comment
            role.system_groups = sys_groups
            role.sudo = role_sudos
            role.save()

            # 更新proxy上的permrole
            data = {'name': role_name,
                    'password': role_password,
                    'comment': role_comment,
                    'sudo_uuids': sudo_uuids,
                    'key_content': role_key_content,
                    'sys_groups': sys_groups}
            data = json.dumps(data)
            proxy_list = Proxy.objects.all()
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data, obj_uuid=role.uuid_id, action='update')
            # TODO 用户操作记录
            res['content'] = u"编辑系统用户[%s]成功" % role.name
            # TODO 告警事件记录
            res['emer_status'] = u"编辑系统用户[%s]成功" % role.name
            # TODO 页面返回信息
            response['success'] = True
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"编辑系统用户失败:%s"%(e.message)
            response['error'] = u"编辑系统用户失败:%s"%(e.message)
        return HttpResponse(json.dumps(response), content_type='application/json')
示例#12
0
def perm_sudo_edit(request, res, *args):
    """
    编辑别名
    """
    res['operator'] = "编辑别名"
    res['emer_content'] = 6
    if request.method == "GET":
        sudo_id = request.GET.get("id")
        sudo = PermSudo.objects.get(id=sudo_id)
        rest = {}
        rest['Id'] = sudo.id
        rest['name'] = sudo.name
        rest['commands'] = sudo.commands
        rest['comment'] = sudo.comment
        return HttpResponse(json.dumps(rest), content_type='application/json')
    else:
        response = {'success': False, 'error': ''}
        try:
            sudo_id = request.GET.get("id")
            sudo = PermSudo.objects.get(id=int(sudo_id))
            name = request.POST.get("sudo_name").upper()
            commands = request.POST.get("sudo_commands")
            comment = request.POST.get("sudo_comment")

            if not name or not commands:
                raise ServerError(u"sudo name 和 commands是必填项!")

            old_name = sudo.name
            if old_name == name:
                if len(PermSudo.objects.filter(name=name)) > 1:
                    raise ServerError(u'别名[%s]已存在' % name)
            else:
                if len(PermSudo.objects.filter(name=name)) > 0:
                    raise ServerError(u'别名[%s]已存在' % name)

            pattern = re.compile(r'[\n,\r]')
            deal_space_commands = list_drop_str(pattern.split(commands), u'')
            deal_all_commands = map(trans_all, deal_space_commands)
            commands = ', '.join(deal_all_commands).strip()
            sudo.name = name.strip()
            sudo.commands = commands
            sudo.comment = comment
            sudo.save()
            proxy_list = Proxy.objects.all()
            # 更新proxy上的数据
            data = {
                'name': name.strip(),
                'comment': comment,
                'commands': commands
            }
            data = json.dumps(data)
            execute_thread_tasks(proxy_list,
                                 THREAD_NUMBERS,
                                 role_proxy_operator,
                                 request.user.username,
                                 'PermSudo',
                                 data,
                                 obj_uuid=sudo.uuid_id,
                                 action='update')

            msg = u"编辑Sudo命令别名[%s]成功" % sudo.name
            res['content'] = msg
            res['emer_status'] = msg
            response['success'] = True
        except ServerError as e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"编辑Sudo命令别名失败:%s" % (e.message)
            response['error'] = res['emer_status']
        return HttpResponse(json.dumps(response),
                            content_type='application/json')
示例#13
0
def perm_sudo_edit(request, res, *args):
    """
    编辑别名
    """
    res['operator'] = "编辑别名"
    res['emer_content'] = 6
    if request.method == "GET":
        sudo_id = request.GET.get("id")
        sudo = PermSudo.objects.get(id=sudo_id)
        rest = {}
        rest['Id'] = sudo.id
        rest['name'] = sudo.name
        rest['commands'] = sudo.commands
        rest['comment'] = sudo.comment
        return HttpResponse(json.dumps(rest), content_type='application/json')
    else:
        response = {'success': False, 'error': ''}
        try:
            sudo_id = request.GET.get("id")
            sudo = PermSudo.objects.get(id=int(sudo_id))
            name = request.POST.get("sudo_name").upper()
            commands = request.POST.get("sudo_commands")
            comment = request.POST.get("sudo_comment")

            if not name or not commands:
                raise ServerError(u"sudo name 和 commands是必填项!")

            old_name = sudo.name
            if old_name == name:
                if len(PermSudo.objects.filter(name=name)) > 1:
                    raise ServerError(u'别名[%s]已存在' % name)
            else:
                if len(PermSudo.objects.filter(name=name)) > 0:
                    raise ServerError(u'别名[%s]已存在' % name)

            pattern = re.compile(r'[\n,\r]')
            deal_space_commands = list_drop_str(pattern.split(commands), u'')
            deal_all_commands = map(trans_all, deal_space_commands)
            commands = ', '.join(deal_all_commands).strip()
            sudo.name = name.strip()
            sudo.commands = commands
            sudo.comment = comment
            sudo.save()
            proxy_list = Proxy.objects.all()
            # 更新proxy上的数据
            data = {'name': name.strip(),
                    'comment': comment,
                    'commands': commands}
            data = json.dumps(data)
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermSudo', data,
                                 obj_uuid=sudo.uuid_id, action='update')

            msg = u"编辑Sudo命令别名[%s]成功" % sudo.name
            res['content'] = msg
            res['emer_status'] = msg
            response['success'] = True
        except ServerError as e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"编辑Sudo命令别名失败:%s"%(e.message)
            response['error'] = res['emer_status']
        return HttpResponse(json.dumps(response), content_type='application/json')
示例#14
0
                    logger.info(u"删除用户 %s - execute delete user: %s" %
                                (role.name, msg_del_user))
                    logger.info(u"删除用户 %s - execute delete sudo: %s" %
                                (role.name, msg_del_sudo))
                    # TODO: 判断返回结果,处理异常

            # 删除proxy上的role, proxy上的role删除成功后再删除magicstack上的role
            proxy_list = Proxy.objects.all()
            data = {
                'name': role.name,
            }
            data = json.dumps(data)
            execute_thread_tasks(proxy_list,
                                 THREAD_NUMBERS,
                                 role_proxy_operator,
                                 request.user.username,
                                 'PermRole',
                                 data,
                                 obj_uuid=role.uuid_id,
                                 action='delete')
            msg = u"删除系统用户[%s]成功" % role.name
            res['content'] = msg
            res['emer_status'] = msg
            role.delete()
        except ServerError, e:
            res['flag'] = 'false'
            msg = u"删除系统用户失败: %s" % e
            res['content'] = msg
            res['emer_status'] = msg
        return HttpResponse(msg)

示例#15
0
def perm_role_edit(request, res, *args):
    """
    编辑系统用户
    """
    # 渲染数据
    res['operator'] = u"编辑系统用户"
    res['emer_content'] = 6
    if request.method == "GET":
        role_id = request.GET.get("id")
        role = PermRole.objects.get(id=int(role_id))
        if not role:
            return HttpResponse(u'系统用户不存在')
        rest = {}
        rest['Id'] = role.id
        rest['role_name'] = role.name
        rest['role_password'] = role.password
        rest['role_comment'] = role.comment
        rest['system_groups'] = role.system_groups
        rest['sudos'] = ','.join([str(item.id) for item in role.sudo.all()])
        return HttpResponse(json.dumps(rest), content_type='application/json')
    else:
        response = {'success': False, 'error': ''}
        role_id = request.GET.get("id", '')
        role = PermRole.objects.get(id=int(role_id))
        role_name = request.POST.get("role_name")
        role_password = request.POST.get("role_password")
        role_comment = request.POST.get("role_comment")
        role_sudo_names = request.POST.getlist("sudo_name")
        role_sudos = [
            PermSudo.objects.get(id=int(sudo_id))
            for sudo_id in role_sudo_names
        ]
        key_content = request.POST.get("role_key", "")
        sudo_uuids = [item.uuid_id for item in role_sudos]
        sys_groups = request.POST.get("sys_groups", '').strip()
        try:
            if not role:
                raise ServerError('该系统用户不能存在')

            if role_name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')

            if role_password:
                encrypt_pass = CRYPTOR.encrypt(role_password)
                role.password = encrypt_pass

            role_key_content = ""  # key_content为空表示用户秘钥不变,不为空就根据私钥生成公钥
            # TODO 生成随机密码,生成秘钥对
            if key_content:
                try:
                    key_contents = json.dumps(gen_keys(key=key_content))
                    role.key_content = key_contents
                    role_key_content = key_contents
                except SSHException:
                    raise ServerError(u'输入的密钥不合法')
            # 跟新server上的permrole
            role.name = role_name
            role.comment = role_comment
            role.system_groups = sys_groups
            role.sudo = role_sudos
            role.save()

            # 更新proxy上的permrole
            data = {
                'name': role_name,
                'password': role_password,
                'comment': role_comment,
                'sudo_uuids': sudo_uuids,
                'key_content': role_key_content,
                'sys_groups': sys_groups
            }
            data = json.dumps(data)
            proxy_list = Proxy.objects.all()
            execute_thread_tasks(proxy_list,
                                 THREAD_NUMBERS,
                                 role_proxy_operator,
                                 request.user.username,
                                 'PermRole',
                                 data,
                                 obj_uuid=role.uuid_id,
                                 action='update')
            # TODO 用户操作记录
            res['content'] = u"编辑系统用户[%s]成功" % role.name
            # TODO 告警事件记录
            res['emer_status'] = u"编辑系统用户[%s]成功" % role.name
            # TODO 页面返回信息
            response['success'] = True
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"编辑系统用户失败:%s" % (e.message)
            response['error'] = u"编辑系统用户失败:%s" % (e.message)
        return HttpResponse(json.dumps(response),
                            content_type='application/json')
示例#16
0
def perm_role_add(request, res, *args):
    """
    添加系统用户 server和proxy上都添加
    """
    response = {'success': False, 'error': ''}
    res['operator'] = u"添加系统用户"
    res['emer_content'] = 6
    if request.method == "POST":
        name = request.POST.get("role_name", "").strip()
        comment = request.POST.get("role_comment", "")
        password = request.POST.get("role_password", "")
        key_content = request.POST.get("role_key", "")
        sudo_ids = request.POST.getlist('sudo_name')
        uuid_id = str(uuid.uuid1())
        sys_groups = request.POST.get('sys_groups', '').strip()

        try:
            if get_object(PermRole, name=name):
                raise ServerError(u'用户 %s已经存在' % name)
            if name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
            if name == "":
                raise ServerError(u'系统用户名为空')

            if password:
                encrypt_pass = CRYPTOR.encrypt(password)
            else:
                encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
            # 生成随机密码,生成秘钥对
            sudos_obj = [
                get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids
            ]
            sudo_uuids = [item.uuid_id for item in sudos_obj]
            try:
                keys_content = json.dumps(gen_keys(key_content))
            except Exception, e:
                raise ServerError(e)

            #  # TODO 将数据保存到magicstack上
            role = PermRole.objects.create(uuid_id=uuid_id,
                                           name=name,
                                           comment=comment,
                                           password=encrypt_pass,
                                           key_content=keys_content,
                                           system_groups=sys_groups)
            role.sudo = sudos_obj
            role.save()

            # TODO 将数据同时保存到proxy上
            proxy_list = Proxy.objects.all()
            data = {
                'uuid_id': uuid_id,
                'id': role.id,
                'name': name,
                'password': encrypt_pass,
                'comment': comment,
                'key_content': keys_content,
                'sudo_uuids': sudo_uuids,
                'sys_groups': sys_groups
            }
            data = json.dumps(data)
            execute_thread_tasks(proxy_list,
                                 THREAD_NUMBERS,
                                 role_proxy_operator,
                                 request.user.username,
                                 'PermRole',
                                 data,
                                 obj_uuid=role.uuid_id,
                                 action='add')
            response['success'] = True
            res['content'] = u'添加系统用户[%s]成功' % role.name
            res['emer_status'] = u'添加系统用户[%s]成功' % role.name
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"添加系统用户失败:%s" (e.message)
            response['error'] = u"添加系统用户失败:%s" % (e.message)
示例#17
0
def perm_role_add(request, res, *args):
    """
    添加系统用户 server和proxy上都添加
    """
    response = {'success': False, 'error': ''}
    res['operator'] = u"添加系统用户"
    res['emer_content'] = 6
    if request.method == "POST":
        name = request.POST.get("role_name", "").strip()
        comment = request.POST.get("role_comment", "")
        password = request.POST.get("role_password", "")
        key_content = request.POST.get("role_key", "")
        sudo_ids = request.POST.getlist('sudo_name')
        uuid_id = str(uuid.uuid1())
        sys_groups = request.POST.get('sys_groups', '').strip()

        try:
            if get_object(PermRole, name=name):
                raise ServerError(u'用户 %s已经存在' % name)
            if name == "root":
                raise ServerError(u'禁止使用root用户作为系统用户,这样非常危险!')
            if name == "":
                raise ServerError(u'系统用户名为空')

            if password:
                encrypt_pass = CRYPTOR.encrypt(password)
            else:
                encrypt_pass = CRYPTOR.encrypt(CRYPTOR.gen_rand_pass(20))
            # 生成随机密码,生成秘钥对
            sudos_obj = [get_object(PermSudo, id=int(sudo_id)) for sudo_id in sudo_ids]
            sudo_uuids = [item.uuid_id for item in sudos_obj]
            try:
                keys_content = json.dumps(gen_keys(key_content))
            except Exception, e:
                raise ServerError(e)

            #  # TODO 将数据保存到magicstack上
            role = PermRole.objects.create(uuid_id=uuid_id, name=name, comment=comment, password=encrypt_pass,
                                           key_content=keys_content, system_groups=sys_groups)
            role.sudo = sudos_obj
            role.save()

            # TODO 将数据同时保存到proxy上
            proxy_list = Proxy.objects.all()
            data = {'uuid_id': uuid_id,
                    'id': role.id,
                    'name': name,
                    'password': encrypt_pass,
                    'comment': comment,
                    'key_content': keys_content,
                    'sudo_uuids': sudo_uuids,
                    'sys_groups': sys_groups}
            data = json.dumps(data)
            execute_thread_tasks(proxy_list, THREAD_NUMBERS, role_proxy_operator, request.user.username, 'PermRole', data,
                                 obj_uuid=role.uuid_id, action='add')
            response['success'] = True
            res['content'] = u'添加系统用户[%s]成功'% role.name
            res['emer_status'] = u'添加系统用户[%s]成功'% role.name
        except ServerError, e:
            res['flag'] = 'false'
            res['content'] = e.message
            res['emer_status'] = u"添加系统用户失败:%s"(e.message)
            response['error'] = u"添加系统用户失败:%s"%(e.message)