def list_apps(self, con_moniker, perf=False):
if not isinstance(con_moniker, EAAItem):
raise TypeError("con_moniker")
if perf:
perf_by_apphost = self.perf_apps(con_moniker.uuid)
line_fmt = "{app_id},{app_name},{perf_upd},{active}"
cli.header("#app_id,app_name,perf_upd,active")
else:
line_fmt = "{app_id},{app_name}"
cli.header("#app_id,app_name")
for c, (app_id, app_name,
app_host) in enumerate(self.findappbyconnector(con_moniker),
start=1):
perf_data = {}
if perf:
perf_data = perf_by_apphost.get(app_host, {})
cli.print(
line_fmt.format(app_id=app_id,
app_name=app_name,
perf_upd=perf_data.get('timestamp',
ConnectorAPI.NODATA),
active=perf_data.get('active',
ConnectorAPI.NODATA)))
cli.footer("%s application(s) attached to connector %s" %
(c, con_moniker.uuid))
def loadgroups(self, app_moniker):
"""Directory+Groups allowed to access this application."""
url_params = {'limit': 0, 'expand': 'true', 'expand_sdk': 'true'}
url = 'mgmt-pop/apps/{applicationId}/groups'.format(applicationId=app_moniker.uuid)
result = self.get(url, url_params)
count = 0
allowed_groups = result.json().get('objects')
if not self._config.batch:
cli.header("# Allowed Groups to access app %s" % app_moniker)
cli.header("# appgroup_id,group_id,group_name,dir_name,mfa")
for count, group in enumerate(allowed_groups, start=1):
association = group.get('resource_uri', {}).get('href')
cli.print("{prefix1}{appgroup_id},{prefix2}{group_id},{name},{dir_name},{mfa}".format(
prefix1=EAAItem.Type.ApplicationGroupAssociation.scheme,
appgroup_id=association.split('/')[-1],
prefix2=EAAItem.Type.Group.scheme,
group_id=group.get('group').get('group_uuid_url'),
name=group.get('group').get('name'),
dir_name=group.get('group').get('dir_name'),
mfa=group.get('enable_mfa')
))
if not self._config.batch:
cli.print("# %s groups configured to access application %s" % (count, app_moniker))
return allowed_groups
def list(self, perf=False):
"""
Display the list of EAA connectors as comma separated CSV
"""
url_params = {'expand': 'true', 'limit': ConnectorAPI.LIMIT_SOFT}
data = self.get('mgmt-pop/agents', params=url_params)
connectors = data.json()
total_con = 0
header = '#Connector-id,name,reachable,status,version,privateip,publicip,debug'
format_line = "{scheme}{con_id},{name},{reachable},{status},{version},{privateip},{publicip},{debugchan}"
if perf:
header += ",CPU%,Mem%,Disk%,NetworkMbps,do_total,do_idle,do_active"
format_line += ",{ts},{cpu},{mem},{disk},{network},{dialout_total},{dialout_idle},{dialout_active}"
if perf: # Add performance metrics in the report
perf_res_list = None
with Pool(ConnectorAPI.POOL_SIZE) as p:
perf_res_list = p.map(
self.perf_system,
[c.get('uuid_url') for c in connectors.get('objects', [])])
perf_res = dict(perf_res_list)
cli.header(header)
perf_latest = {}
for total_con, c in enumerate(connectors.get('objects', []), start=1):
if perf:
perf_latest = perf_res.get(c.get('uuid_url'), {})
cli.print(
format_line.format(
scheme=EAAItem.Type.Connector.scheme,
con_id=c.get('uuid_url'),
name=c.get('name'),
reachable=c.get('reach'),
status=c.get('status'),
version=(c.get('agent_version')
or '').replace('AGENT-', '').strip(),
privateip=c.get('private_ip'),
publicip=c.get('public_ip'),
debugchan='Y' if c.get('debug_channel_permitted') else 'N',
ts=perf_latest.get('timestamp') or ConnectorAPI.NODATA,
cpu=perf_latest.get('cpu_pct') or ConnectorAPI.NODATA,
disk=perf_latest.get('disk_pct') or ConnectorAPI.NODATA,
mem=perf_latest.get('mem_pct') or ConnectorAPI.NODATA,
network=perf_latest.get('network_traffic_mbps')
or ConnectorAPI.NODATA,
dialout_total=perf_latest.get('dialout_total')
or ConnectorAPI.NODATA,
dialout_idle=perf_latest.get('dialout_idle')
or ConnectorAPI.NODATA,
dialout_active=perf_latest.get('dialout_active')
or ConnectorAPI.NODATA))
cli.footer("Total %s connector(s)" % total_con)
def swap(self, old_con_id, new_con_id, dryrun=False):
"""
Replace an EAA connector with another in:
- application
- directory
Args:
old_con_id (EAAItem): Existing connector to be replaced
new_con_id (EAAItem): New connector to attach on the applications and directories
dryrun (bool, optional): Enable dry run. Defaults to False.
"""
infos_by_conid = {}
old_con = EAAItem(old_con_id)
new_con = EAAItem(new_con_id)
for c in [old_con, new_con]:
connector_info = self.load(c)
if not connector_info:
cli.print_error("EAA connector %s not found." % c)
cli.print_error("Please check with command 'akamai eaa connector'.")
cli.exit(2)
# Save the details for better
infos_by_conid[c] = connector_info
app_api = ApplicationAPI(self._config)
app_processed = 0
cli.header("#Operation,connector-id,connector-name,app-id,app-name")
for app_using_old_con, app_name, app_host in self.findappbyconnector(old_con):
if dryrun:
cli.print("DRYRUN +,%s,%s,%s,%s" % (
new_con, infos_by_conid[new_con].get('name'),
app_using_old_con, app_name))
cli.print("DRYRUN -,%s,%s,%s,%s" % (
old_con, infos_by_conid[old_con].get('name'),
app_using_old_con, app_name))
else:
app_api.attach_connectors(app_using_old_con, [{'uuid_url': new_con.uuid}])
cli.print("+,%s,%s,%s,%s" % (
new_con, infos_by_conid[new_con].get('name'),
app_using_old_con, app_name))
app_api.detach_connectors(app_using_old_con, [{'uuid_url': old_con.uuid}])
cli.print("-,%s,%s,%s,%s" % (
old_con, infos_by_conid[old_con].get('name'),
app_using_old_con, app_name))
app_processed += 1
if app_processed == 0:
cli.footer("Connector %s is not used by any application." % old_con_id)
cli.footer("Check with command 'akamai eaa connector %s apps'" % old_con_id)
else:
cli.footer("Connector swapped in %s application(s)." % app_processed)
cli.footer("Updated application(s) is/are marked as ready to deploy")
def list_groups(self):
url_params = {'limit': 0}
url = 'mgmt-pop/directories/{directory_id}/groups'.format(
directory_id=self._directory_id)
if self._config.search_pattern:
url_params = url_params.update({'q': self._config.search_pattern})
resp = self.get(url, params=url_params)
resj = resp.json()
cli.header("#GroupID,name,last_sync")
for u in resj.get('objects'):
print('{scheme}{uuid},{name},{last_sync_time}'.format(
scheme=EAAItem.Type.Group.scheme,
uuid=u.get('uuid_url'),
name=u.get('name'),
last_sync_time=u.get('last_sync_time')))
def list(self):
url_params = {'limit': MAX_RESULT}
search_idp = self.get('mgmt-pop/idp', params=url_params)
cli.header("#IdP-id,name,status,certificate,client,dp")
idps = search_idp.json()
for i in idps.get('objects', []):
cli.print(
"idp://{idp_id},{name},{status},{cert},{client},{dp}".format(
idp_id=i.get('uuid_url'),
name=i.get('name'),
status=ApplicationAPI.Status(i.get('idp_status')).name,
cert=(("crt://%s" %
i.get('cert')) if i.get('cert') else '-'),
client=('Y' if i.get('enable_access_client') else 'N'),
dp=('Y' if i.get('enable_device_posture') else 'N')))
def status(self):
"""
Display status for a particular certificate.
"""
cert_moniker = EAAItem(self._config.certificate_id)
cli.header("#App/IdP ID,name,status")
app_api = ApplicationAPI(config)
for app_id, app_name in self.findappsbycert(cert_moniker.uuid):
# We don't need much info so expand=False to keep it quick
app_config = app_api.load(app_id, expand=False)
# cli.print(app_config)
app_status = ApplicationAPI.Status(app_config.get('app_status'))
cli.print("%s,%s,%s" % (app_id, app_name, app_status.name))
idp_api = IdentityProviderAPI(config)
for idp_id, idp_name in self.findidpbycert(cert_moniker.uuid):
idp_config = idp_api.load(idp_id)
idp_status = ApplicationAPI.Status(idp_config.get('idp_status'))
cli.print("%s,%s,%s" % (idp_id, idp_name, idp_status.name))
def list_directories(self):
if self._directory_id:
if self._config.users:
if self._config.search_pattern and not self._config.batch:
cli.header(
"# list users matching %s in %s" %
(self._config.search_pattern, self._directory_id))
self.list_users(self._config.search_pattern)
elif self._config.groups:
if self._config.search_pattern and not self._config.batch:
cli.header("# list groups matching %s" %
self._config.search_pattern)
self.list_groups()
else:
resp = self.get("mgmt-pop/directories")
if resp.status_code != 200:
logging.error("Error retrieve directories (%s)" %
resp.status_code)
resj = resp.json()
# print(resj)
if not self._config.batch:
cli.header("#dir_id,dir_name,status,user_count")
total_dir = 0
for total_dir, d in enumerate(resj.get("objects"), start=1):
cli.print(
"{scheme}{dirid},{name},{status},{user_count}".format(
scheme=EAAItem.Type.Directory.scheme,
dirid=d.get("uuid_url"),
name=d.get("name"),
status=d.get("directory_status"),
user_count=d.get("user_count")))
if total_dir == 0:
cli.footer("No EAA Directory configuration found.")
elif total_dir == 1:
cli.footer("One EAA Directory configuration found.")
else:
cli.footer("%d EAA Directory configurations found." %
total_dir)