Skip to content

J
jumpserver

gjl2004yn / jumpserver
与 Fork 源项目一致

从无法访问的项目Fork

通知 2
Star 0
Fork 0
J
jumpserver

体验新版 GitCode,发现更多精彩内容 >>

提交 01e50d59 编写于 作者: baltery's avatar baltery
浏览文件
操作

完成AdHoc JMSHost JMSInventory

上级 0524e8dd
展开全部 显示空白变更内容
内联 并排
Showing with 300 addition and 833 deletion
apps/assets/models/asset.py
浏览文件 @ 01e50d59
......@@ -87,6 +87,18 @@ class Asset(models.Model):
def to_json(self):
pass
def _to_secret_json(self):
"""Ansible use it create inventory"""
return {
'hostname': self.hostname,
'ip': self.ip,
'port': self.port,
'groups': [group.name for group in self.groups.all()],
'username': self.admin_user.username,
'password': self.admin_user.password,
'private_key': self.admin_user.private_key,
}
class Meta:
unique_together = ('ip', 'port')
......
apps/assets/models/user.py
浏览文件 @ 01e50d59
......@@ -9,7 +9,7 @@ import logging
from django.utils.translation import ugettext_lazy as _
from django.core.exceptions import ValidationError
from common.utils import signer, validate_ssh_private_key
from common.utils import signer, validate_ssh_private_key, ssh_key_string_to_obj
__all__ = ['AdminUser', 'SystemUser', 'private_key_validator']
logger = logging.getLogger(__name__)
......@@ -24,12 +24,20 @@ def private_key_validator(value):
class AdminUser(models.Model):
BECOME_METHOD_CHOICES = (
('sudo', 'sudo'),
('su', 'su'),
)
name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
username = models.CharField(max_length=16, verbose_name=_('Username'))
_password = models.CharField(max_length=256, blank=True, null=True, verbose_name=_('Password'))
_private_key = models.CharField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'),
validators=[private_key_validator,])
_public_key = models.CharField(max_length=4096, blank=True, verbose_name=_('SSH public key'))
become = models.BooleanField(default=True)
become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4)
become_user = models.CharField(default='root', max_length=64)
become_password = models.CharField(default='', max_length=128)
comment = models.TextField(blank=True, verbose_name=_('Comment'))
date_created = models.DateTimeField(auto_now_add=True, null=True)
created_by = models.CharField(max_length=32, null=True, verbose_name=_('Created by'))
......@@ -41,7 +49,10 @@ class AdminUser(models.Model):
@property
def password(self):
if self._password:
return signer.unsign(self._password)
else:
return ''
@password.setter
def password(self, password_raw):
......@@ -49,7 +60,11 @@ class AdminUser(models.Model):
@property
def private_key(self):
return signer.unsign(self._private_key)
if self._private_key:
key_str = signer.unsign(self._private_key)
return ssh_key_string_to_obj(key_str)
else:
return None
@private_key.setter
def private_key(self, private_key_raw):
......
apps/ops/api/serializers.py
浏览文件 @ 01e50d59
# ~*~ coding: utf-8 ~*~
from __future__ import unicode_literals
from ops.models import *
from rest_framework import serializers
class HostAliaSerializer(serializers.ModelSerializer):
class Meta:
model = HostAlia
class CmdAliaSerializer(serializers.ModelSerializer):
class Meta:
model = CmdAlia
class UserAliaSerializer(serializers.ModelSerializer):
class Meta:
model = UserAlia
class RunasAliaSerializer(serializers.ModelSerializer):
class Meta:
model = RunasAlia
class ExtraconfSerializer(serializers.ModelSerializer):
class Meta:
model = Extra_conf
class PrivilegeSerializer(serializers.ModelSerializer):
class Meta:
model = Privilege
class SudoSerializer(serializers.ModelSerializer):
class Meta:
model = Sudo
class CronTableSerializer(serializers.ModelSerializer):
class Meta:
model = CronTable
class TaskSerializer(serializers.ModelSerializer):
sub_tasks = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
class Meta:
model = Task
read_only_fields = ('record',)
class SubTaskSerializer(serializers.ModelSerializer):
class Meta:
model = SubTask
apps/ops/api/views.py
浏览文件 @ 01e50d59
......@@ -5,75 +5,3 @@ from rest_framework import viewsets
from serializers import *
from permissions import *
__all__ = ["HostAliaViewSet",
"CmdAliaViewSet",
"UserAliaViewSet",
"RunasAliaViewSet",
"ExtraconfViewSet",
"PrivilegeViewSet",
"SudoViewSet",
"CronTableViewSet",
"TaskViewSet",
"SubTaskViewSet",
]
class HostAliaViewSet(viewsets.ModelViewSet):
queryset = HostAlia.objects.all()
serializer_class = HostAliaSerializer
permission_classes = (AdminUserRequired,)
class CmdAliaViewSet(viewsets.ModelViewSet):
queryset = CmdAlia.objects.all()
serializer_class = CmdAliaSerializer
permission_classes = (AdminUserRequired,)
class UserAliaViewSet(viewsets.ModelViewSet):
queryset = UserAlia.objects.all()
serializer_class = UserAliaSerializer
permission_classes = (AdminUserRequired,)
class RunasAliaViewSet(viewsets.ModelViewSet):
queryset = RunasAlia.objects.all()
serializer_class = RunasAliaSerializer
permission_classes = (AdminUserRequired,)
class ExtraconfViewSet(viewsets.ModelViewSet):
queryset = Extra_conf.objects.all()
serializer_class = ExtraconfSerializer
permission_classes = (AdminUserRequired,)
class PrivilegeViewSet(viewsets.ModelViewSet):
queryset = Privilege.objects.all()
serializer_class = PrivilegeSerializer
permission_classes = (AdminUserRequired,)
class SudoViewSet(viewsets.ModelViewSet):
queryset = Sudo.objects.all()
serializer_class = SudoSerializer
permission_classes = (AdminUserRequired,)
class CronTableViewSet(viewsets.ModelViewSet):
queryset = CronTable.objects.all()
serializer_class = CronTableSerializer
permission_classes = (AdminUserRequired,)
class TaskViewSet(viewsets.ModelViewSet):
queryset = Task.objects.all()
serializer_class = TaskSerializer
permission_classes = (AdminUserRequired,)
class SubTaskViewSet(viewsets.ModelViewSet):
queryset = SubTask.objects.all()
serializer_class = SubTaskSerializer
permission_classes = (AdminUserRequired,)
apps/ops/models/__init__.py
浏览文件 @ 01e50d59
from ansible import *
from cron import *
from sudo import *
from utils import *
from task import *
apps/ops/models/cron.py 已删除 100644 → 0
浏览文件 @ 0524e8dd
# ~*~ coding: utf-8 ~*~
from __future__ import unicode_literals, absolute_import
import logging
from django.db import models
from assets.models import Asset
from django.utils.translation import ugettext_lazy as _
logger = logging.getLogger(__name__)
__all__ = ["CronTable"]
class CronTable(models.Model):
name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('Name'),
help_text=_("Description of a crontab entry"))
month = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Month'),
help_text=_("Month of the year the job should run ( 1-12, *, */2, etc )"))
weekday = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('WeekDay'),
help_text=_("Day of the week that the job should run"
" ( 0-6 for Sunday-Saturday, *, etc )"))
day = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Day'),
help_text=_("Day of the month the job should run ( 1-31, *, */2, etc )"))
hour = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Hour'),
help_text=_("Hour when the job should run ( 0-23, *, */2, etc )"))
minute = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Minute'),
help_text=_("Minute when the job should run ( 0-59, *, */2, etc )"))
job = models.CharField(max_length=4096, blank=True, null=True, verbose_name=_('Job'),
help_text=_("The command to execute or, if env is set, the value of "
"environment variable. Required if state=present."))
user = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('User'),
help_text=_("The specific user whose crontab should be modified."))
asset = models.ForeignKey(Asset, null=True, blank=True, related_name='crontables')
@property
def describe(self):
return "http://docs.ansible.com/ansible/cron_module.html"
@classmethod
def generate_fake(cls, count=20):
from random import seed, choice
import forgery_py
seed()
for i in range(count):
cron = cls(name=forgery_py.name.full_name(),
month=str(choice(range(1,13))),
weekday=str(choice(range(0,7))),
day=str(choice(range(1,32))),
hour=str(choice(range(0,24))),
minute=str(choice(range(0,60))),
job=forgery_py.lorem_ipsum.sentence(),
user=forgery_py.name.first_name(),
)
try:
cron.save()
logger.debug('Generate fake cron: %s' % cron.name)
except Exception as e:
print('Error: %s, continue...' % e.message)
continue
\ No newline at end of file
apps/ops/models/sudo.py 已删除 100644 → 0
浏览文件 @ 0524e8dd
# ~*~ coding: utf-8 ~*~
from __future__ import unicode_literals, absolute_import
import logging
from jinja2 import Template
from django.db import models
from django.utils.timezone import now
from assets.models import Asset, AssetGroup
from django.utils.translation import ugettext_lazy as _
logger = logging.getLogger(__name__)
__all__ = ["HostAlia", "UserAlia", "CmdAlia", "RunasAlia", "Privilege", "Extra_conf", "Sudo"]
class HostAlia(models.Model):
name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('Host_Alias'))
host_items = models.TextField(blank=True, null=True, verbose_name=_('Host_Items'))
def __unicode__(self):
return self.name
@classmethod
def generate_fake(cls, count=20):
from random import seed
import forgery_py
seed()
for i in range(count):
hostA = cls(name=forgery_py.name.full_name(),
host_items=forgery_py.lorem_ipsum.sentence(),
)
try:
hostA.save()
logger.debug('Generate fake host alia: %s' % hostA.name)
except Exception as e:
print('Error: %s, continue...' % e.message)
continue
class UserAlia(models.Model):
name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('User_Alias'))
user_items = models.TextField(blank=True, null=True, verbose_name=_('Host_Items'))
def __unicode__(self):
return self.name
@classmethod
def generate_fake(cls, count=20):
from random import seed
import forgery_py
seed()
for i in range(count):
userA = cls(name=forgery_py.name.full_name(),
user_items=forgery_py.lorem_ipsum.sentence(),
)
try:
userA.save()
logger.debug('Generate fake host alia: %s' % userA.name)
except Exception as e:
print('Error: %s, continue...' % e.message)
continue
class CmdAlia(models.Model):
name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('Command_Alias'))
cmd_items = models.TextField(blank=True, null=True, verbose_name=_('Host_Items'))
def __unicode__(self):
return self.name
@classmethod
def generate_fake(cls, count=20):
from random import seed
import forgery_py
seed()
for i in range(count):
cmdA = cls(name=forgery_py.name.full_name(),
cmd_items=forgery_py.lorem_ipsum.sentence(),
)
try:
cmdA.save()
logger.debug('Generate fake command alia: %s' % cmdA.name)
except Exception as e:
print('Error: %s, continue...' % e.message)
continue
class RunasAlia(models.Model):
name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('Runas_Alias'))
runas_items = models.TextField(blank=True, null=True, verbose_name=_('Host_Items'))
def __unicode__(self):
return self.name
@classmethod
def generate_fake(cls, count=20):
from random import seed
import forgery_py
seed()
for i in range(count):
runas = cls(name=forgery_py.name.full_name(),
runas_items=forgery_py.lorem_ipsum.sentence(),
)
try:
runas.save()
logger.debug('Generate fake RunAs alia: %s' % runas.name)
except Exception as e:
print('Error: %s, continue...' % e.message)
continue
class Privilege(models.Model):
name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
user = models.ForeignKey(UserAlia, blank=True, null=True, related_name='privileges')
host = models.ForeignKey(HostAlia, blank=True, null=True, related_name='privileges')
runas = models.ForeignKey(RunasAlia, blank=True, null=True, related_name='privileges')
command = models.ForeignKey(CmdAlia, blank=True, null=True, related_name='privileges')
nopassword = models.BooleanField(default=True, verbose_name=_('Is_NoPassword'))
comment = models.TextField(blank=True, null=True, verbose_name=_('Comment'))
def __unicode__(self):
return "[%s %s %s %s %s]" % (self.user.name,
self.host.name,
self.runas.name,
self.command.name,
self.nopassword)
def to_tuple(self):
return self.user.name, self.host.name, self.runas.name, self.command.name, self.nopassword
@classmethod
def generate_fake(cls, count=20):
from random import seed, choice
import forgery_py
seed()
for i in range(count):
pri = cls(name=forgery_py.name.full_name(),
comment=forgery_py.lorem_ipsum.sentence(),
)
try:
pri.user = choice(UserAlia.objects.all())
pri.host = choice(HostAlia.objects.all())
pri.runas = choice(RunasAlia.objects.all())
pri.command = choice(CmdAlia.objects.all())
pri.save()
logger.debug('Generate fake privileges: %s' % pri.name)
except Exception as e:
print('Error: %s, continue...' % e.message)
continue
class Extra_conf(models.Model):
line = models.TextField(blank=True, null=True, verbose_name=_('Extra_Item'),
help_text=_('The extra sudo config line.'))
def __unicode__(self):
return self.line
class Sudo(models.Model):
"""
Sudo配置文件对象, 用于配置sudo的配置文件
:param extra_lines: <list> [<line1>, <line2>,...]
:param privileges: <list> [(user, host, runas, command, nopassword),]
"""
name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'),
help_text=_('Name for this sudo'))
created_time = models.DateTimeField(verbose_name=_('Created Time'), auto_created=True,
help_text=_('The create time of this sudo'))
modify_time = models.DateTimeField(auto_now=True, verbose_name=_('Modify Time'),
help_text=_('The recent modify time of this sudo'))
assets = models.ManyToManyField(Asset, blank=True, related_name='sudos')
asset_groups = models.ManyToManyField(AssetGroup, blank=True, related_name='sudos')
extra_lines = models.ManyToManyField(Extra_conf, related_name='sudos', blank=True)
privilege_items = models.ManyToManyField(Privilege, related_name='sudos', blank=True)
@property
def all_assets(self):
assets = list(self.assets.all())
for group in self.asset_groups.all():
for asset in group.assets.all():
if asset not in assets:
assets.append(asset)
return assets
@property
def users(self):
return {privilege.user.name: privilege.user.user_items.split(',') for privilege in self.privilege_items.all()}
@property
def commands(self):
return {privilege.command.name: privilege.command.cmd_items.split(',') for privilege in self.privilege_items.all()}
@property
def hosts(self):
return {privilege.host.name: privilege.host.host_items.split(',') for privilege in self.privilege_items.all()}
@property
def runas(self):
return {privilege.runas.name: privilege.runas.runas_items.split(',') for privilege in self.privilege_items.all()}
@property
def extras(self):
return [extra.line for extra in self.extra_lines.all()]
@property
def privileges(self):
return [privilege.to_tuple() for privilege in self.privilege_items.all()]
@property
def content(self):
template = Template(self.__sudoers_jinja2_tmp__)
context = {"User_Alias": self.users,
"Cmnd_Alias": self.commands,
"Host_Alias": self.hosts,
"Runas_Alias": self.runas,
"Extra_Lines": self.extras,
"Privileges": self.privileges}
return template.render(context)
@property
def __sudoers_jinja2_tmp__(self):
return """# management by JumpServer
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# JumpServer Generate Other Configure is here
{% if Extra_Lines -%}
{% for line in Extra_Lines -%}
{{ line }}
{% endfor %}
{%- endif %}
# Host alias specification
{% if Host_Alias -%}
{% for flag, items in Host_Alias.iteritems() -%}
Host_Alias {{ flag }} = {{ items|join(', ') }}
{% endfor %}
{%- endif %}
# User alias specification
{% if User_Alias -%}
{% for flag, items in User_Alias.iteritems() -%}
User_Alias {{ flag }} = {{ items|join(', ') }}
{% endfor %}
{%- endif %}
# Cmnd alias specification
{% if Cmnd_Alias -%}
{% for flag, items in Cmnd_Alias.iteritems() -%}
Cmnd_Alias {{ flag }} = {{ items|join(', ') }}
{% endfor %}
{%- endif %}
# Run as alias specification
{% if Runas_Alias -%}
{% for flag, items in Runas_Alias.iteritems() -%}
Runas_Alias {{ flag }} = {{ items|join(', ') }}
{% endfor %}
{%- endif %}
# User privilege specification
root ALL=(ALL:ALL) ALL
# JumpServer Generate User privilege is here.
# Note privileges is a tuple list like [(user, host, runas, command, nopassword),]
{% if Privileges -%}
{% for User_Flag, Host_Flag, Runas_Flag, Command_Flag, NopassWord in Privileges -%}
{% if NopassWord -%}
{{ User_Flag }} {{ Host_Flag }}=({{ Runas_Flag }}) NOPASSWD: {{ Command_Flag }}
{%- else -%}
{{ User_Flag }} {{ Host_Flag }}=({{ Runas_Flag }}) {{ Command_Flag }}
{%- endif %}
{% endfor %}
{%- endif %}
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
"""
@classmethod
def generate_fake(cls, count=20):
from random import seed, choice
import forgery_py
seed()
for i in range(count):
sudo = cls(name=forgery_py.name.full_name(),
created_time=now()
)
try:
sudo.save()
sudo.privilege_items = [choice(Privilege.objects.all())]
sudo.save()
logger.debug('Generate fake cron: %s' % sudo.name)
except Exception as e:
print('Error: %s, continue...' % e.message)
continue
\ No newline at end of file
apps/ops/models/utils.py
浏览文件 @ 01e50d59
......@@ -2,13 +2,10 @@
from __future__ import unicode_literals
from ansible import *
from cron import *
from sudo import *
__all__ = ["generate_fake"]
def generate_fake():
for cls in (TaskRecord, AnsiblePlay, AnsibleTask, AnsibleHostResult, CronTable,
HostAlia, UserAlia, CmdAlia, RunasAlia, Privilege, Sudo):
for cls in (TaskRecord, AnsiblePlay, AnsibleTask, AnsibleHostResult):
cls.generate_fake()
\ No newline at end of file
apps/ops/urls/api_urls.py
浏览文件 @ 01e50d59
......@@ -2,20 +2,6 @@
from __future__ import unicode_literals
from rest_framework.routers import DefaultRouter
from ops import api as v1_api
__all__ = ["urlpatterns"]
api_router = DefaultRouter()
api_router.register(r'v1/host_alia', v1_api.HostAliaViewSet)
api_router.register(r'v1/user_alia', v1_api.UserAliaViewSet)
api_router.register(r'v1/cmd_alia', v1_api.CmdAliaViewSet)
api_router.register(r'v1/runas_alia', v1_api.RunasAliaViewSet)
api_router.register(r'v1/extra_conf', v1_api.ExtraconfViewSet)
api_router.register(r'v1/privilege', v1_api.PrivilegeViewSet)
api_router.register(r'v1/sudo', v1_api.SudoViewSet)
api_router.register(r'v1/cron', v1_api.CronTableViewSet)
api_router.register(r'v1/task', v1_api.TaskViewSet)
api_router.register(r'v1/subtask', v1_api.SubTaskViewSet)
urlpatterns = api_router.urls
\ No newline at end of file
urlpatterns = []
\ No newline at end of file
apps/ops/urls/view_urls.py
浏览文件 @ 01e50d59
......@@ -8,18 +8,6 @@ from ops import views as page_view
__all__ = ["urlpatterns"]
urlpatterns = [
# Resource Sudo url
url(r'^sudo/list$', page_view.SudoListView.as_view(), name='page-sudo-list'),
url(r'^sudo/create$', page_view.SudoCreateView.as_view(), name='page-sudo-create'),
url(r'^sudo/(?P<pk>[0-9]+)/detail$', page_view.SudoDetailView.as_view(), name='page-sudo-detail'),
url(r'^sudo/(?P<pk>[0-9]+)/update$', page_view.SudoUpdateView.as_view(), name='page-sudo-update'),
# Resource Cron url
url(r'^cron/list$', page_view.CronListView.as_view(), name='page-cron-list'),
url(r'^cron/create$', page_view.CronCreateView.as_view(), name='page-cron-create'),
url(r'^cron/(?P<pk>[0-9]+)/detail$', page_view.CronDetailView.as_view(), name='page-cron-detail'),
url(r'^cron/(?P<pk>[0-9]+)/update$', page_view.CronUpdateView.as_view(), name='page-cron-update'),
# TResource Task url
url(r'^task/list$', page_view.TaskListView.as_view(), name='page-task-list'),
url(r'^task/create$', page_view.TaskCreateView.as_view(), name='page-task-create'),
......
apps/ops/utils/ansible_api.py
浏览文件 @ 01e50d59
此差异已折叠。
apps/ops/views.py
浏览文件 @ 01e50d59
......@@ -8,54 +8,9 @@ from django.views.generic.detail import DetailView, SingleObjectMixin
from users.utils import AdminUserRequiredMixin
from ops.utils.mixins import CreateSudoPrivilegesMixin, ListSudoPrivilegesMixin
from ops.models import *
from .models import Task
class SudoListView(AdminUserRequiredMixin, ListSudoPrivilegesMixin, ListView):
paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
model = Sudo
context_object_name = 'sudos'
template_name = 'sudo/list.html'
class SudoCreateView(AdminUserRequiredMixin, CreateSudoPrivilegesMixin, CreateView):
model = Sudo
template_name = 'sudo/create.html'
class SudoUpdateView(AdminUserRequiredMixin, UpdateView):
model = Sudo
template_name = 'sudo/update.html'
class SudoDetailView(DetailView):
model = Sudo
context_object_name = 'sudo'
template_name = 'sudo/detail.html'
class CronListView(AdminUserRequiredMixin, ListView):
paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
model = CronTable
context_object_name = 'crons'
template_name = 'cron/list.html'
class CronCreateView(AdminUserRequiredMixin, CreateView):
model = CronTable
template_name = 'cron/create.html'
class CronUpdateView(AdminUserRequiredMixin, UpdateView):
model = CronTable
template_name = 'cron/update.html'
class CronDetailView(DetailView):
model = CronTable
context_object_name = 'cron'
template_name = 'cron/detail.html'
class TaskListView(AdminUserRequiredMixin, ListView):
paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
model = Task
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册