我的书签
添加书签
移除书签API 文档
版本小于 v2.6 需要打开 debug 模式
...# 如果版本更低的话,配置文件是 config.py# Debug = trueDEBUG: true
JumpServer API 支持的认证有以下几种方式
Session 登录后可以直接使用 session_id 作为认证方式Token 获取一次性 Token,该 Token 有有效期, 过期作废Private Token 永久 TokenAccess Key 对 Http Header 进行签名
Session
用户通过页面后登录,cookie 中会存在 sessionid,请求时同样把 sessionid 放到 cookie 中
curl -X POST http://localhost/api/v1/authentication/auth/ \-H 'Content-Type: application/json' \-d '{"username": "admin", "password": "admin"}'
Python
# Python 示例# pip install requestsimport requests, jsondef get_token(jms_url, username, password):url = jms_url + '/api/v1/authentication/auth/'query_args = {"username": username,"password": password}response = requests.post(url, data=query_args)return json.loads(response.text)['token']def get_user_info(jms_url, token):url = jms_url + '/api/v1/users/users/'headers = {"Authorization": 'Bearer ' + token,'X-JMS-ORG': '00000000-0000-0000-0000-000000000002'}response = requests.get(url, headers=headers)print(json.loads(response.text))if __name__ == '__main__':jms_url = 'https://demo.jumpserver.org'username = 'admin'password = 'admin'token = get_token(jms_url, username, password)get_user_info(jms_url, token)
Golang
Private Token
docker exec -it jms_core /bin/bashcd /opt/jumpserver/appspython manage.py shellfrom users.models import Useru = User.objects.get(username='admin')u.create_private_token()
已经存在 private_token,可以直接获取即可
u.private_token
以 PrivateToken: 937b38011acf499eb474e2fecb424ab3 为例:
curl http://demo.jumpserver.org/api/v1/users/users/ \-H 'Authorization: Token 937b38011acf499eb474e2fecb424ab3' \-H 'Content-Type: application/json' \-H 'X-JMS-ORG: 00000000-0000-0000-0000-000000000002'
# Python 示例# pip install requestsimport requests, jsondef get_user_info(jms_url, token):url = jms_url + '/api/v1/users/users/'headers = {"Authorization": 'Token ' + token,'X-JMS-ORG': '00000000-0000-0000-0000-000000000002'}response = requests.get(url, headers=headers)print(json.loads(response.text))if __name__ == '__main__':jms_url = 'https://demo.jumpserver.org'token = '937b38011acf499eb474e2fecb424ab3'get_user_info(jms_url, token)
Golang
Access Key
在 Web 页面 API Key 列表创建或获取 AccessKeyID AccessKeySecret
Python
# Python 示例# pip install requests drf-httpsigimport requests, datetime, jsonfrom httpsig.requests_auth import HTTPSignatureAuthdef get_auth(KeyID, SecretID):signature_headers = ['(request-target)', 'accept', 'date']auth = HTTPSignatureAuth(key_id=KeyID, secret=SecretID, algorithm='hmac-sha256', headers=signature_headers)return authdef get_user_info(jms_url, auth):url = jms_url + '/api/v1/users/users/'gmt_form = '%a, %d %b %Y %H:%M:%S GMT'headers = {'Accept': 'application/json','X-JMS-ORG': '00000000-0000-0000-0000-000000000002','Date': datetime.datetime.utcnow().strftime(gmt_form)}response = requests.get(url, auth=auth, headers=headers)print(json.loads(response.text))if __name__ == '__main__':jms_url = 'https://demo.jumpserver.org'KeyID = 'AccessKeyID'SecretID = 'AccessKeySecret'auth = get_auth(KeyID, SecretID)get_user_info(jms_url, auth)
Golang
// Golang 示例package mainimport ("fmt""io/ioutil""log""net/http""time""gopkg.in/twindagger/httpsig.v1")type SigAuth string {KeyID stringSecretID string}func (auth *SigAuth) Sign(r *http.Request) error {headers := []string{"(request-target)", "date"}signer, err := httpsig.NewRequestSigner(auth.KeyID, auth.SecretID, "hmac-sha256")if err != nil {return err}return signer.SignRequest(r, headers, nil)}func GetUserInfo(jms_url string, auth *SigAuth) {url := jms_url + "/api/v1/users/users/"gmt_fmt := "Mon, 02 Jan 2006 15:04:05 GMT"client := &http.Client{}req, err := http.NewRequest("GET", url, nil)req.Header.Add("Date", time.Now().Format(gmt_fmt))req.Header.Add("Accept", "application/json")req.Header.Add("X-JMS-ORG", "00000000-0000-0000-0000-000000000002")if err != nil {log.Fatal(err)}if err := auth.Sign(req); err != nil {log.Fatal(err)}resp, err := client.Do(req)if err != nil {log.Fatal(err)}defer resp.Body.Close()body, err := ioutil.ReadAll(resp.Body)if err != nil {log.Fatal(err)}fmt.Println(string(body))}func main() {jms_url := "https://demo.jumpserver.org"auth := SigAuth{KeyID: "AccessKeyID",SecretID: "AccessKeySecret",}GetUserInfo(jms_url, &auth)}
#!/usr/bin/env python3# -*- coding:utf-8 -*-import sys, requests, timeclass HTTP:server = Nonetoken = None@classmethoddef get_token(cls, username, password):data = {'username': username, 'password': password}url = "/api/v1/authentication/auth/"res = requests.post(cls.server + url, data)res_data = res.json()if res.status_code in [200, 201] and res_data:token = res_data.get('token')cls.token = tokenelse:print("获取 token 错误, 请检查输入项是否正确")sys.exit()@classmethoddef get(cls, url, params=None, **kwargs):url = cls.server + urlheaders = {'Authorization': "Bearer {}".format(cls.token),'X-JMS-ORG': '00000000-0000-0000-0000-000000000002'}kwargs['headers'] = headersres = requests.get(url, params, **kwargs)return res@classmethoddef post(cls, url, data=None, json=None, **kwargs):url = cls.server + urlheaders = {'Authorization': "Bearer {}".format(cls.token),'X-JMS-ORG': '00000000-0000-0000-0000-000000000002'}kwargs['headers'] = headersres = requests.post(url, data, json, **kwargs)return resclass User(object):def __init__(self):self.id = Noneself.name = user_nameself.username = user_usernameself.email = user_emaildef exist(self):url = '/api/v1/users/users/'params = {'username': self.username}res = HTTP.get(url, params=params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建用户 {}".format(self.username))url = '/api/v1/users/users/'data = {'name': self.name,'username': self.username,'email': self.email,'is_active': True}res = HTTP.post(url, json=data)self.id = res.json().get('id')def perform(self):self.exist()class Node(object):def __init__(self):self.id = Noneself.name = asset_node_namedef exist(self):url = '/api/v1/assets/nodes/'params = {'value': self.name}res = HTTP.get(url, params=params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建资产节点 {}".format(self.name))url = '/api/v1/assets/nodes/'data = {'value': self.nameres = HTTP.post(url, json=data)def perform(self):self.exist()class AdminUser(object):def __init__(self):self.id = Noneself.name = assets_admin_nameself.username = assets_admin_usernameself.password = assets_admin_passworddef exist(self):url = '/api/v1/assets/admin-user/'params = {'username': self.name}res = HTTP.get(url, params=params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建管理用户 {}".format(self.name))url = '/api/v1/assets/admin-users/'data = {'name': self.name,'username': self.username,'password': self.password}res = HTTP.post(url, json=data)self.id = res.json().get('id')def perform(self):self.exist()class Asset(object):def __init__(self):self.id = Noneself.name = asset_nameself.ip = asset_ipself.platform = asset_platformself.protocols = asset_protocolsself.admin_user = AdminUser()self.node = Node()def exist(self):url = '/api/v1/assets/assets/'params = {'hostname': self.name}res = HTTP.get(url, params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建资产 {}".format(self.ip))self.admin_user.perform()self.node.perform()url = '/api/v1/assets/assets/'data = {'hostname': self.ip,'ip': self.ip,'platform': self.platform,'protocols': self.protocols,'admin_user': self.admin_user.id,'nodes': [self.node.id],'is_active': True}res = HTTP.post(url, json=data)self.id = res.json().get('id')def perform(self):self.exist()class SystemUser(object):def __init__(self):self.id = Noneself.name = assets_system_nameself.username = assets_system_usernamedef exist(self):url = '/api/v1/assets/system-users/'params = {'name': self.name}res = HTTP.get(url, params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建系统用户 {}".format(self.name))url = '/api/v1/assets/system-users/'data = {'name': self.name,'username': self.username,'login_mode': 'auto','protocol': 'ssh','auto_push': True,'sudo': 'All','shell': '/bin/bash','auto_generate_key': True,'is_active': True}res = HTTP.post(url, json=data)self.id = res.json().get('id')def perform(self):self.exist()class AssetPermission(object):def __init__(self):self.name = perm_nameself.user = User()self.asset = Asset()self.system_user = SystemUser()def create(self):print("创建资产授权名称 {}".format(self.name))url = '/api/v1/perms/asset-permissions/'data = {'name': self.name,'users': [self.user.id],'assets': [self.asset.id],'system_users': [self.system_user.id],'actions': ['all'],'is_active': True,'date_start': perm_date_start,'date_expired': perm_date_expired}res = HTTP.post(url, json=data)res_data = res.json()if res.status_code in [200, 201] and res_data:print("创建资产授权规则成功: ", res_data)else:print("创建授权规则失败: ", res_data)def perform(self):self.user.perform()self.asset.perform()self.system_user.perform()self.create()class APICreateAssetPermission(object):def __init__(self):self.jms_url = jms_urlself.username = jms_usernameself.password = jms_passwordself.token = Noneself.server = Nonedef init_http(self):HTTP.server = self.jms_urlHTTP.get_token(self.username, self.password)def perform(self):self.init_http()self.perm = AssetPermission()self.perm.perform()if __name__ == '__main__':# jumpserver url 地址jms_url = 'http://192.168.100.244'# 管理员账户jms_username = 'admin'jms_password = 'admin'# 资产节点asset_node_name = 'test'# 资产信息asset_name = '192.168.100.1'asset_ip = '192.168.100.1'asset_platform = 'Linux'asset_protocols = ['ssh/22']# 资产管理用户assets_admin_name = 'test_root'assets_admin_username = 'root'assets_admin_password = 'test123456'# 资产系统用户assets_system_name = 'test'assets_system_username = 'test'# 用户用户名user_name = '测试用户'user_username = 'test'user_email = 'test@jumpserver.org'# 资产授权perm_name = 'AutoPerm' +'_'+ (time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))perm_date_start = '2021-05-01 14:25:47 +0800'perm_date_expired = '2021-06-01 14:25:47 +0800'api = APICreateAssetPermission()api.perform()
Access Key
#!/usr/bin/env python3# -*- coding:utf-8 -*-import sys, requests, time, datetimefrom httpsig.requests_auth import HTTPSignatureAuthclass HTTP:server = Noneauth = None@classmethoddef get_auth(cls, accesskeyid, accesskeysecret):signature_headers = ['(request-target)', 'accept', 'date']auth = HTTPSignatureAuth(key_id=accesskeyid, secret=accesskeysecret, algorithm='hmac-sha256', headers=signature_headers)cls.auth = auth@classmethoddef get(cls, url, params=None, **kwargs):url = cls.server + urlGMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'headers = {'Accept': 'application/json','X-JMS-ORG': '00000000-0000-0000-0000-000000000002','Date': datetime.datetime.utcnow().strftime(GMT_FORMAT)}kwargs['auth'] = cls.authkwargs['headers'] = headersres = requests.get(url, params, **kwargs)return res@classmethoddef post(cls, url, data=None, json=None, **kwargs):url = cls.server + urlGMT_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'headers = {'Accept': 'application/json','X-JMS-ORG': '00000000-0000-0000-0000-000000000002','Date': datetime.datetime.utcnow().strftime(GMT_FORMAT)}kwargs['auth'] = cls.authkwargs['headers'] = headersres = requests.post(url, data, json, **kwargs)return resclass User(object):def __init__(self):self.id = Noneself.username = user_usernamedef exist(self):url = '/api/v1/users/users/'params = {'username': self.username}res = HTTP.get(url, params=params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建用户 {}".format(self.username))url = '/api/v1/users/users/'data = {'name': self.name,'username': self.username,'email': self.email,'is_active': True}res = HTTP.post(url, json=data)self.id = res.json().get('id')def perform(self):self.exist()class Node(object):def __init__(self):self.id = Noneself.name = asset_node_namedef exist(self):url = '/api/v1/assets/nodes/'params = {'value': self.name}res = HTTP.get(url, params=params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建资产节点 {}".format(self.name))url = '/api/v1/assets/nodes/'data = {'value': self.name}res = HTTP.post(url, json=data)self.id = res.json().get('id')def perform(self):self.exist()class AdminUser(object):def __init__(self):self.id = Noneself.name = assets_admin_nameself.username = assets_admin_usernameself.password = assets_admin_passworddef exist(self):url = '/api/v1/assets/admin-user/'params = {'username': self.name}res = HTTP.get(url, params=params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建管理用户 {}".format(self.name))url = '/api/v1/assets/admin-users/'data = {'name': self.name,'username': self.username,'password': self.password}res = HTTP.post(url, json=data)self.id = res.json().get('id')def perform(self):self.exist()class Asset(object):def __init__(self):self.id = Noneself.name = asset_nameself.ip = asset_ipself.platform = asset_platformself.protocols = asset_protocolsself.admin_user = AdminUser()self.node = Node()def exist(self):url = '/api/v1/assets/assets/'params = {'hostname': self.name}res = HTTP.get(url, params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建资产 {}".format(self.ip))self.admin_user.perform()self.node.perform()url = '/api/v1/assets/assets/'data = {'hostname': self.ip,'ip': self.ip,'platform': self.platform,'protocols': self.protocols,'admin_user': self.admin_user.id,'nodes': [self.node.id],'is_active': True}res = HTTP.post(url, json=data)self.id = res.json().get('id')def perform(self):self.exist()class SystemUser(object):def __init__(self):self.id = Noneself.name = assets_system_nameself.username = assets_system_usernamedef exist(self):url = '/api/v1/assets/system-users/'params = {'name': self.name}res = HTTP.get(url, params)res_data = res.json()if res.status_code in [200, 201] and res_data:self.id = res_data[0].get('id')else:self.create()def create(self):print("创建系统用户 {}".format(self.name))url = '/api/v1/assets/system-users/'data = {'name': self.name,'username': self.username,'login_mode': 'auto','protocol': 'ssh','auto_push': True,'sudo': 'All','shell': '/bin/bash','auto_generate_key': True,'is_active': True}res = HTTP.post(url, json=data)self.id = res.json().get('id')def perform(self):self.exist()class AssetPermission(object):def __init__(self):self.name = perm_nameself.user = User()self.asset = Asset()self.system_user = SystemUser()def create(self):print("创建资产授权名称 {}".format(self.name))url = '/api/v1/perms/asset-permissions/'data = {'name': self.name,'users': [self.user.id],'assets': [self.asset.id],'system_users': [self.system_user.id],'actions': ['all'],'is_active': True,'date_start': perm_date_start,'date_expired': perm_date_expired}res = HTTP.post(url, json=data)res_data = res.json()if res.status_code in [200, 201] and res_data:print("创建资产授权规则成功: ", res_data)else:print("创建授权规则失败: ", res_data)def perform(self):self.user.perform()self.asset.perform()self.system_user.perform()self.create()class APICreateAssetPermission(object):def __init__(self):self.jms_url = jms_urlself.accesskeyid = jms_accesskeyidself.accesskeysecret = jms_accesskeysecretself.auth = Noneself.server = Nonedef init_http(self):HTTP.server = self.jms_urlHTTP.get_auth(self.accesskeyid, self.accesskeysecret)def perform(self):self.init_http()self.perm = AssetPermission()self.perm.perform()if __name__ == '__main__':# jumpserver url 地址jms_url = 'http://192.168.100.244'# 管理员 AK SKjms_accesskeyid = ''jms_accesskeysecret = ''# 资产节点asset_node_name = 'test'# 资产信息asset_name = '192.168.100.1'asset_ip = '192.168.100.1'asset_platform = 'Linux'asset_protocols = ['ssh/22']# 资产管理用户assets_admin_name = 'test_root'assets_admin_username = 'root'assets_admin_password = 'test123456'# 资产系统用户assets_system_name = 'test'assets_system_username = 'test'# 用户用户名user_name = '测试用户'user_username = 'test'user_email = 'test@jumpserver.org'# 资产授权perm_name = 'AutoPerm' +'_'+ (time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))perm_date_start = '2021-05-01 14:25:47 +0800'perm_date_expired = '2021-06-01 14:25:47 +0800'api.perform()
