Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
gjl2004yn
jumpserver
提交
8eb46b64
J
jumpserver
项目概览
gjl2004yn
/
jumpserver
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jumpserver
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
8eb46b64
编写于
12月 01, 2020
作者:
X
xinwen
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
fix(assets): 推送动态系统用户未指定 username 取全部 usernames
上级
c389c5f5
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
46 addition
and
31 deletion
+46
-31
apps/assets/tasks/push_system_user.py
apps/assets/tasks/push_system_user.py
+46
-31
未找到文件。
apps/assets/tasks/push_system_user.py
浏览文件 @
8eb46b64
...
...
@@ -7,7 +7,7 @@ from django.utils.translation import ugettext as _
from
django.db.models
import
Empty
from
common.utils
import
encrypt_password
,
get_logger
from
assets.models
import
SystemUser
,
Asset
from
assets.models
import
SystemUser
,
Asset
,
AuthBook
from
orgs.utils
import
org_aware_func
,
tmp_to_root_org
from
.
import
const
from
.utils
import
clean_ansible_task_hosts
,
group_asset_by_platform
...
...
@@ -190,15 +190,12 @@ def get_push_system_user_tasks(system_user, platform="unixlike", username=None):
@
org_aware_func
(
"system_user"
)
def
push_system_user_util
(
system_user
,
assets
,
task_name
,
username
=
None
):
from
ops.utils
import
update_or_create_ansible_task
hos
ts
=
clean_ansible_task_hosts
(
assets
,
system_user
=
system_user
)
if
not
hos
ts
:
asse
ts
=
clean_ansible_task_hosts
(
assets
,
system_user
=
system_user
)
if
not
asse
ts
:
return
{}
platform_hosts_map
=
{}
hosts_sorted
=
sorted
(
hosts
,
key
=
group_asset_by_platform
)
platform_hosts
=
groupby
(
hosts_sorted
,
key
=
group_asset_by_platform
)
for
i
in
platform_hosts
:
platform_hosts_map
[
i
[
0
]]
=
list
(
i
[
1
])
assets_sorted
=
sorted
(
assets
,
key
=
group_asset_by_platform
)
platform_hosts
=
groupby
(
assets_sorted
,
key
=
group_asset_by_platform
)
def
run_task
(
_tasks
,
_hosts
):
if
not
_tasks
:
...
...
@@ -209,23 +206,51 @@ def push_system_user_util(system_user, assets, task_name, username=None):
)
task
.
run
()
for
platform
,
_hosts
in
platform_hosts_map
.
items
():
if
not
_hosts
:
if
system_user
.
username_same_with_user
:
if
username
is
None
:
# 动态系统用户,但是没有指定 username
usernames
=
list
(
system_user
.
users
.
all
().
values_list
(
'username'
,
flat
=
True
).
distinct
())
else
:
usernames
=
[
username
]
else
:
# 非动态系统用户指定 username 无效
assert
username
is
None
,
'Only Dynamic user can assign `username`'
usernames
=
[
system_user
.
username
]
for
platform
,
_assets
in
platform_hosts
:
_assets
=
list
(
_assets
)
if
not
_assets
:
continue
print
(
_
(
"Start push system user for platform: [{}]"
).
format
(
platform
))
print
(
_
(
"Hosts count: {}"
).
format
(
len
(
_
hos
ts
)))
print
(
_
(
"Hosts count: {}"
).
format
(
len
(
_
asse
ts
)))
# 如果没有特殊密码设置,就不需要单独推送某台机器了
if
not
system_user
.
has_special_auth
(
username
=
username
):
logger
.
debug
(
"System user not has special auth"
)
tasks
=
get_push_system_user_tasks
(
system_user
,
platform
,
username
=
username
)
run_task
(
tasks
,
_hosts
)
continue
id_asset_map
=
{
_asset
.
id
:
_asset
for
_asset
in
_assets
}
assets_id
=
id_asset_map
.
keys
()
no_special_auth
=
[]
special_auth_set
=
set
()
auth_books
=
AuthBook
.
objects
.
filter
(
username__in
=
usernames
,
asset_id__in
=
assets_id
)
for
auth_book
in
auth_books
:
special_auth_set
.
add
((
auth_book
.
username
,
auth_book
.
asset_id
))
for
_host
in
_hosts
:
system_user
.
load_asset_special_auth
(
_host
,
username
=
username
)
tasks
=
get_push_system_user_tasks
(
system_user
,
platform
,
username
=
username
)
run_task
(
tasks
,
[
_host
])
for
_username
in
usernames
:
no_special_assets
=
[]
for
asset_id
in
assets_id
:
if
(
_username
,
asset_id
)
not
in
special_auth_set
:
no_special_assets
.
append
(
id_asset_map
[
asset_id
])
if
no_special_assets
:
no_special_auth
.
append
((
_username
,
no_special_assets
))
for
_username
,
no_special_assets
in
no_special_auth
:
tasks
=
get_push_system_user_tasks
(
system_user
,
platform
,
username
=
_username
)
run_task
(
tasks
,
no_special_assets
)
for
auth_book
in
auth_books
:
system_user
.
_merge_auth
(
auth_book
)
tasks
=
get_push_system_user_tasks
(
system_user
,
platform
,
username
=
auth_book
.
username
)
asset
=
id_asset_map
[
auth_book
.
asset_id
]
run_task
(
tasks
,
[
asset
])
@
shared_task
(
queue
=
"ansible"
)
...
...
@@ -264,16 +289,6 @@ def push_system_user_to_assets(system_user_id, assets_id, username=None):
assets
=
get_objects
(
Asset
,
assets_id
)
task_name
=
_
(
"Push system users to assets: {}"
).
format
(
system_user
.
name
)
if
username
is
None
and
system_user
.
username_same_with_user
:
# 动态系统用户,把与系统用户关联的所有用户推送到新关联的资产上
usernames
=
system_user
.
users
.
all
().
values_list
(
'username'
,
flat
=
True
).
distinct
()
ret
=
[]
for
username
in
usernames
:
ret
.
append
(
push_system_user_util
(
system_user
,
assets
,
task_name
,
username
=
username
)
)
return
ret
return
push_system_user_util
(
system_user
,
assets
,
task_name
,
username
=
username
)
# @shared_task
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录