def __init__(self, driver, base_url, url, remote_serial, pin, remote_otp_length=6):
"""Currently only supports enrolling remote tokens using the remote
serial. PIN is always checked locally.
"""
Token.__init__(self, driver=driver, base_url=base_url)
select_tag = driver.find_element_by_id("tokentype")
select(driver, select_element=select_tag, option_text="Remote token")
driver.find_element_by_id("remote_server").clear()
driver.find_element_by_id("remote_server").send_keys(url)
driver.find_element_by_id("remote_otplen").clear()
driver.find_element_by_id("remote_otplen").send_keys(remote_otp_length)
driver.find_element_by_id("remote_serial").clear()
driver.find_element_by_id("remote_serial").send_keys(remote_serial)
driver.find_element_by_id("remote_pin1").clear()
driver.find_element_by_id("remote_pin1").send_keys(pin)
driver.find_element_by_id("remote_pin2").clear()
driver.find_element_by_id("remote_pin2").send_keys(pin)
driver.find_element_by_id("button_enroll_enroll").click()
time.sleep(1)
info_boxes = driver.find_elements_by_css_selector("#info_box > .info_box > span")
for box in info_boxes:
if box.text.startswith("created token with serial"):
self.serial = box.find_element_by_tag_name("span").text
if not self.serial or not self.serial.startswith("LSRE"):
raise Exception("Remote token was not enrolled correctly.")
def get_user_element(self, username):
"""Return element for the user in question
"""
usertab = self._open_tab_user_view()
usertab_id = usertab.get_attribute("id")
search_box = self._get_searchbox_element()
search_box.clear()
search_box.send_keys(username)
select_type = usertab.find_element_by_css_selector(
"div.flexigrid > div.sDiv > div.sDiv2 > "
"select[name=\"qtype\"]"
)
select(self.driver, select_type, "Username")
self._submit_search()
self.wait_for_grid_loading()
usernames = self.driver.find_elements_by_css_selector(
'#%s #user_table [abbr="username"] div' % usertab_id)
for user in usernames:
if user.text == username:
return user
return None
def select_user(self, username):
"""Selects (clicks on) a user in the WebUI. This function does not reload
the page (because otherwise the selection would be lost) neither before
nor after the selection.
"""
self._select_realm()
tab_id = self._open_tab_user_view()
search_box = self.driver.find_element_by_css_selector("#%s > div.flexigrid "
"> div.sDiv > div.sDiv2 > input[name=\"q\"]" % tab_id)
search_box.clear()
search_box.send_keys(username)
select_type = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid > div.sDiv > div.sDiv2 > "
"select[name=\"qtype\"]" % tab_id
)
select(self.driver, select_type, "in username")
time.sleep(1)
submit_button = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid > div.sDiv > div.sDiv2 > "
"input[name=\"search_button\"]" % tab_id
)
submit_button.click()
time.sleep(2)
usernames = self.driver.find_elements_by_css_selector("#user_table tr "
"td:first-child div")
for user in usernames:
if user.text == username:
user.click()
def user_exists(self, username):
"""Return True if users exists in the current realm"""
self.driver.get(self.base_url + "/manage")
self._select_realm()
tab_id = self._open_tab_user_view()
search_box = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid "
"> div.sDiv > div.sDiv2 > input[name=\"q\"]" % tab_id)
search_box.send_keys(username)
select_type = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid > div.sDiv > div.sDiv2 > "
"select[name=\"qtype\"]" % tab_id)
select(self.driver, select_type, "in username")
time.sleep(1)
submit_button = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid > div.sDiv > div.sDiv2 > "
"input[name=\"search_button\"]" % tab_id)
submit_button.click()
time.sleep(2)
usernames = self.driver.find_elements_by_css_selector(
"#user_table tr "
"td:first-child div")
for user in usernames:
if user.text == username:
return True
return False
def select_user(self, username):
"""Selects (clicks on) a user in the WebUI. This function does not reload
the page (because otherwise the selection would be lost) neither before
nor after the selection.
"""
self._select_realm()
tab_id = self._open_tab_user_view()
search_box = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid "
"> div.sDiv > div.sDiv2 > input[name=\"q\"]" % tab_id)
search_box.clear()
search_box.send_keys(username)
select_type = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid > div.sDiv > div.sDiv2 > "
"select[name=\"qtype\"]" % tab_id)
select(self.driver, select_type, "in username")
time.sleep(1)
submit_button = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid > div.sDiv > div.sDiv2 > "
"input[name=\"search_button\"]" % tab_id)
submit_button.click()
time.sleep(2)
usernames = self.driver.find_elements_by_css_selector(
"#user_table tr "
"td:first-child div")
for user in usernames:
if user.text == username:
user.click()
def get_user_element(self, username):
"""Return element for the user in question
"""
usertab = self._open_tab_user_view()
usertab_id = usertab.get_attribute("id")
search_box = self._get_searchbox_element()
search_box.clear()
search_box.send_keys(username)
select_type = usertab.find_element_by_css_selector(
"div.flexigrid > div.sDiv > div.sDiv2 > "
"select[name=\"qtype\"]")
select(self.driver, select_type, "Username")
self._submit_search()
self.wait_for_grid_loading()
usernames = self.driver.find_elements_by_css_selector(
'#%s #user_table [abbr="username"] div' % usertab_id)
for user in usernames:
if user.text == username:
return user
return None
def __init__(self,
driver,
base_url,
pin="",
description="Selenium enrolled"):
Token.__init__(self, driver=driver, base_url=base_url)
select_tag = driver.find_element_by_id("tokentype")
select(driver, select_element=select_tag, option_text="Simple Pass Token")
driver.find_element_by_id("spass_pin1").clear()
driver.find_element_by_id("spass_pin1").send_keys(pin)
driver.find_element_by_id("spass_pin2").clear()
driver.find_element_by_id("spass_pin2").send_keys(pin)
driver.find_element_by_id("enroll_spass_desc").clear()
driver.find_element_by_id("enroll_spass_desc").send_keys(description)
driver.find_element_by_id("button_enroll_enroll").click()
# Wait for API call to complete
WebDriverWait(self.driver, 10).until_not(
EC.visibility_of_element_located((By.ID, "do_waiting")))
info_boxes = driver.find_elements_by_css_selector("#info_box > .info_box > span")
for box in info_boxes:
if box.text.startswith("created token with serial"):
self.serial = box.find_element_by_tag_name("span").text
if not self.serial or not self.serial.startswith("LSSP"):
raise Exception("Simple pass token was not enrolled correctly.")
def __init__(self, driver, base_url, pin, phone="", description=""):
Token.__init__(self, driver=driver, base_url=base_url)
select_tag = driver.find_element_by_id("tokentype")
select(driver, select_element=select_tag, option_text="SMS OTP")
driver.find_element_by_id("enroll_sms_desc").clear()
driver.find_element_by_id("enroll_sms_desc").send_keys(description)
if phone:
driver.find_element_by_id("sms_phone").clear()
driver.find_element_by_id("sms_phone").send_keys(phone)
driver.find_element_by_id("sms_pin1").clear()
driver.find_element_by_id("sms_pin1").send_keys(pin)
driver.find_element_by_id("sms_pin2").clear()
driver.find_element_by_id("sms_pin2").send_keys(pin)
driver.find_element_by_id("button_enroll_enroll").click()
# Wait for API call to complete
WebDriverWait(self.driver, 10).until_not(
EC.visibility_of_element_located((By.ID, "do_waiting")))
info_boxes = driver.find_elements_by_css_selector(
"#info_box > .info_box > span")
for box in info_boxes:
if box.text.startswith("created token with serial"):
self.serial = box.find_element_by_tag_name("span").text
if not self.serial or not self.serial.startswith("LSSM"):
raise Exception("SMS token was not enrolled correctly.")
def user_exists(self, username):
"""Return True if users exists in the current realm"""
self.driver.get(self.base_url + "/manage/")
self._select_realm()
tab_id = self._open_tab_user_view()
search_box = self.driver.find_element_by_css_selector("#%s > div.flexigrid "
"> div.sDiv > div.sDiv2 > input[name=\"q\"]" % tab_id)
search_box.send_keys(username)
select_type = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid > div.sDiv > div.sDiv2 > "
"select[name=\"qtype\"]" % tab_id
)
select(self.driver, select_type, "in username")
time.sleep(1)
submit_button = self.driver.find_element_by_css_selector(
"#%s > div.flexigrid > div.sDiv > div.sDiv2 > "
"input[name=\"search_button\"]" % tab_id
)
submit_button.click()
time.sleep(2)
usernames = self.driver.find_elements_by_css_selector("#user_table tr "
"td:first-child div")
for user in usernames:
if user.text == username:
return True
return False
def select_realm(self, realm_name=None):
"""We assume we are one the main page /manage and then select
the realm from the <select> dropdown on the left
"""
if not realm_name:
realm_name = self.realm_name
else:
realm_name = realm_name.lower()
realm_select = self.driver.find_element_by_id('realm')
select(self.driver, realm_select, realm_name)
self.wait_for_grid_loading()
def select_realm(self, realm_name=None):
"""We assume we are one the main page /manage and then select
the realm from the <select> dropdown on the left
"""
if not realm_name:
realm_name = self.realm_name
else:
realm_name = realm_name.lower()
realm_select = self.driver.find_element_by_id('realm')
WebDriverWait(self.driver, 6).until(
EC.visibility_of_element_located((By.ID, "realm")))
select(self.driver, realm_select, realm_name)
self.wait_for_grid_loading()
def select_realm(self, realm_name=None):
"""We assume we are one the main page /manage and then select
the realm from the <select> dropdown on the left
"""
if not realm_name:
realm_name = self.realm_name
else:
realm_name = realm_name.lower()
realm_select = self.driver.find_element_by_id('realm')
WebDriverWait(self.driver, 6).until(
EC.visibility_of_element_located(
(By.ID, "realm"))
)
select(self.driver, realm_select, realm_name)
self.wait_for_grid_loading()
def __init__(self, driver, base_url, name, scope, action, realm):
"""Opens the LinOTP manage interface and creates a Policy"""
self.name = name
self.scope = scope
self.action = action
self.realm = realm
driver.get(base_url + "/manage/")
driver.find_element_by_xpath("//div[@id='tabs']/ul/li[3]/a").click()
driver.find_element_by_id("policy_active").click()
driver.find_element_by_id("policy_name").clear()
driver.find_element_by_id("policy_name").send_keys(self.name)
scope_select = driver.find_element_by_id('policy_scope_combo')
select(driver, scope_select, self.scope)
driver.find_element_by_id("policy_action").clear()
driver.find_element_by_id("policy_action").send_keys(self.action)
driver.find_element_by_id("policy_realm").clear()
driver.find_element_by_id("policy_realm").send_keys(self.realm)
driver.find_element_by_id("button_policy_add").click()
def __init__(self, driver, base_url, name, scope, action, realm):
"""Opens the LinOTP manage interface and creates a Policy"""
self.name = name
self.scope = scope
self.action = action
self.realm = realm
driver.get(base_url + "/manage/")
driver.find_element_by_xpath("//div[@id='tabs']/ul/li[3]/a").click()
driver.find_element_by_id("policy_active").click()
driver.find_element_by_id("policy_name").clear()
driver.find_element_by_id("policy_name").send_keys(self.name)
scope_select = driver.find_element_by_id('policy_scope_combo')
select(driver, scope_select, self.scope)
driver.find_element_by_id("policy_action").clear()
driver.find_element_by_id("policy_action").send_keys(self.action)
driver.find_element_by_id("policy_realm").clear()
driver.find_element_by_id("policy_realm").send_keys(self.realm)
driver.find_element_by_id("button_policy_add").click()
def __init__(self, driver, base_url, pin, phone="", description=""):
Token.__init__(self, driver=driver, base_url=base_url)
select_tag = driver.find_element_by_id("tokentype")
select(driver, select_element=select_tag, option_text="SMS OTP")
driver.find_element_by_id("enroll_sms_desc").clear()
driver.find_element_by_id("enroll_sms_desc").send_keys(description)
if phone:
driver.find_element_by_id("sms_phone").clear()
driver.find_element_by_id("sms_phone").send_keys(email)
driver.find_element_by_id("button_enroll_enroll").click()
self.serial = driver.find_element_by_css_selector("#info_box > #info_text > span").text
if not self.serial or not self.serial.startswith("LSSM"):
raise Exception("SMS token was not enrolled correctly.")
driver.find_element_by_id("pin1").clear()
driver.find_element_by_id("pin1").send_keys(pin)
driver.find_element_by_id("pin2").clear()
driver.find_element_by_id("pin2").send_keys(pin)
time.sleep(1)
driver.find_element_by_id("button_setpin_setpin").click()
def __init__(self, driver, base_url, pin, email="", description=""):
Token.__init__(self, driver=driver, base_url=base_url)
select_tag = driver.find_element_by_id("tokentype")
select(driver, select_element=select_tag, option_text="E-mail token")
driver.find_element_by_id("enroll_email_desc").clear()
driver.find_element_by_id("enroll_email_desc").send_keys(description)
driver.find_element_by_id("email_pin1").clear()
driver.find_element_by_id("email_pin1").send_keys(pin)
driver.find_element_by_id("email_pin2").clear()
driver.find_element_by_id("email_pin2").send_keys(pin)
if email:
driver.find_element_by_id("email_address").clear()
driver.find_element_by_id("email_address").send_keys(email)
driver.find_element_by_id("button_enroll_enroll").click()
time.sleep(1)
info_boxes = driver.find_elements_by_css_selector("#info_box > .info_box > span")
for box in info_boxes:
if box.text.startswith("created token with serial"):
self.serial = box.find_element_by_tag_name("span").text
if not self.serial or not self.serial.startswith("LSEM"):
raise Exception("E-mail token was not enrolled correctly.")
def set_new_policy(self, policy):
"""
Create a policy using the UI elements
"""
self.open_tab()
driver = self.driver
policy_active_cb = self.find_by_id("policy_active")
if not policy_active_cb.is_selected():
policy_active_cb.click()
fill_form_element(driver, "policy_name", policy.name)
scope_select = self.find_by_id('policy_scope_combo')
select(driver, scope_select, policy.scope)
fill_form_element(driver, "policy_action", policy.action)
fill_form_element(driver, "policy_realm", policy.realm)
fill_form_element(driver, "policy_name", policy.name)
self.find_by_id("button_policy_add").click()
self.wait_for_waiting_finished()
def set_new_policy(self, policy):
"""
Create a policy using the UI elements
"""
self.open_tab()
driver = self.driver
policy_active_cb = self.find_by_id("policy_active")
if not policy_active_cb.is_selected():
policy_active_cb.click()
fill_form_element(driver, "policy_name", policy.name)
scope_select = self.find_by_id('policy_scope_combo')
select(driver, scope_select, policy.scope)
fill_form_element(driver, "policy_action", policy.action)
fill_form_element(driver, "policy_realm", policy.realm)
fill_form_element(driver, "policy_name", policy.name)
fill_form_element(driver, "policy_user", policy.user)
self.find_by_id("button_policy_add").click()
self.wait_for_waiting_finished()
def __init__(self,
driver,
base_url,
pin="",
hmac_key="",
generate_key=False,
otp_length=6,
hash_algorithm="sha1",
description="Selenium enrolled"):
"""
"""
assert bool(hmac_key) ^ bool(generate_key) # xor
Token.__init__(self, driver=driver, base_url=base_url)
select_tag = driver.find_element_by_id("tokentype")
select(driver,
select_element=select_tag,
option_text="HMAC eventbased")
wel_hmac_key_rb_gen = driver.find_element_by_id("hmac_key_rb_gen")
wel_hmac_key_rb_no = driver.find_element_by_id("hmac_key_rb_no")
wel_hmac_key = driver.find_element_by_id("hmac_key")
wel_hmac_otplen = driver.find_element_by_id("hmac_otplen")
wel_hmac_algorithm = driver.find_element_by_id("hmac_algorithm")
wel_enroll_hmac_desc = driver.find_element_by_id("enroll_hmac_desc")
if hmac_key:
wel_hmac_key_rb_no.click() # select: seed input - no random see
wel_hmac_key.clear()
wel_hmac_key.send_keys(hmac_key)
elif generate_key:
wel_hmac_key_rb_gen.click() # select: random seed
select(driver,
select_element=wel_hmac_otplen,
option_text=str(otp_length))
select(driver,
select_element=wel_hmac_algorithm,
option_text=hash_algorithm)
driver.find_element_by_id("hmac_pin1").clear()
driver.find_element_by_id("hmac_pin1").send_keys(pin)
driver.find_element_by_id("hmac_pin2").clear()
driver.find_element_by_id("hmac_pin2").send_keys(pin)
wel_enroll_hmac_desc.send_keys(description)
driver.find_element_by_id("button_enroll_enroll").click()
# Wait for API call to complete
WebDriverWait(self.driver, 10).until_not(
EC.visibility_of_element_located((By.ID, "do_waiting")))
info_boxes = driver.find_elements_by_css_selector(
"#info_box > .info_box > span")
for box in info_boxes:
if box.text.startswith("created token with serial"):
self.serial = box.find_element_by_tag_name("span").text
if not self.serial or not self.serial.startswith("OATH"):
raise Exception("HMAC/HOTP token was not enrolled correctly.")
def __init__(
self,
driver,
base_url,
pin="",
hmac_key="",
generate_key=False,
otp_length=6,
hash_algorithm="sha1",
description="Selenium enrolled",
):
"""
"""
assert bool(hmac_key) ^ bool(generate_key) # xor
Token.__init__(self, driver=driver, base_url=base_url)
select_tag = driver.find_element_by_id("tokentype")
select(driver, select_element=select_tag, option_text="HMAC eventbased")
wel_hmac_key_rb_gen = driver.find_element_by_id("hmac_key_rb_gen")
wel_hmac_key_rb_no = driver.find_element_by_id("hmac_key_rb_no")
wel_hmac_key = driver.find_element_by_id("hmac_key")
wel_hmac_otplen = driver.find_element_by_id("hmac_otplen")
wel_hmac_algorithm = driver.find_element_by_id("hmac_algorithm")
wel_enroll_hmac_desc = driver.find_element_by_id("enroll_hmac_desc")
if hmac_key:
wel_hmac_key_rb_no.click() # select: seed input - no random see
wel_hmac_key.clear()
wel_hmac_key.send_keys(hmac_key)
elif generate_key:
wel_hmac_key_rb_gen.click() # select: random seed
select(driver, select_element=wel_hmac_otplen, option_text=str(otp_length))
select(driver, select_element=wel_hmac_algorithm, option_text=hash_algorithm)
driver.find_element_by_id("hmac_pin1").clear()
driver.find_element_by_id("hmac_pin1").send_keys(pin)
driver.find_element_by_id("hmac_pin2").clear()
driver.find_element_by_id("hmac_pin2").send_keys(pin)
wel_enroll_hmac_desc.send_keys(description)
driver.find_element_by_id("button_enroll_enroll").click()
# Wait for API call to complete
WebDriverWait(self.driver, 10).until_not(EC.visibility_of_element_located((By.ID, "do_waiting")))
info_boxes = driver.find_elements_by_css_selector("#info_box > .info_box > span")
for box in info_boxes:
if box.text.startswith("created token with serial"):
self.serial = box.find_element_by_tag_name("span").text
if not self.serial or not self.serial.startswith("OATH"):
raise Exception("HMAC/HOTP token was not enrolled correctly.")
def main():
toolAckMessage = "Amazon Macie is not a free service. By using this tool you acknowledge you are responsible for all charges and actions!"
print_headline("Amazon Macie Activation Process Tool")
print("!!!!!!!!!!")
print_warning(toolAckMessage)
print_info(
"See Amazon Macie pricing: https://aws.amazon.com/macie/pricing/")
print("!!!!!!!!!!")
cont = confirmation("Do you wish to continue?")
if not cont:
sys.exit(0)
print_padding(len(toolAckMessage), '-')
selectedOrg = select("Select organization root:", get_roots(),
lambda x: x['Name'])
selectedOu = select("Select Child OU:", list_ous(selectedOrg['Id']),
lambda x: x['Name'])
allAccounts = confirmation("Do you want to use all accounts in the OU?")
accounts = list_accounts(selectedOu['Id'])
selectedAccounts = accounts
if allAccounts == False:
selectedAccounts = [
select("Select Target Account:", accounts, lambda x: x['Name'])
]
rawTags = ask(
"What tags should be added to the Macie enrolled accounts? (Format: key:value;key:value)"
)
tags = {}
for t in rawTags.split(';'):
spl = t.split(':')
tags[spl[0]] = spl[1]
listOfAccountConfirm = '\n'.join(
sorted(entry['Id'] for entry in selectedAccounts))
agree = confirmation(
'Accounts:\n{2}\nDo you wish to enable Macie in {0} account{1}?'.
format(len(selectedAccounts),
's' if len(selectedAccounts) == 0 else '',
listOfAccountConfirm))
if agree == False:
sys.exit(0)
# Create Macie Client and set the parent account as the delgated org account
parentAccountId = get_account_id()
rootMacie = boto3.client('macie2')
print('Making {0} the Macie admin account'.format(parentAccountId))
try:
rootMacie.enable_organization_admin_account(
adminAccountId=parentAccountId)
print('Enabling auto-enable in {0}'.format(parentAccountId))
rootMacie.update_organization_configuration(autoEnable=True)
except:
pass
for selectedAccount in selectedAccounts:
print('Associating {0} with master account {1} and enabling Macie'.
format(selectedAccount['Id'], parentAccountId))
rootMacie.create_member(account={
'accountId': selectedAccount['Id'],
'email': selectedAccount['Email']
},
tags=tags)
pass
def _select_realm(self):
"""We assume we are one the main page /manage and then select
the realm from the <select> dropdown on the left
"""
realm_select = self.driver.find_element_by_id('realm')
select(self.driver, realm_select, self.realm_name)
def _select_realm(self):
"""We assume we are one the main page /manage/ and then select
the realm from the <select> dropdown on the left
"""
realm_select = self.driver.find_element_by_id('realm')
select(self.driver, realm_select, self.realm_name)
