Beispiel #1
0
def _modify(isim_application: ISIMApplication,
            person_dn: str,
            full_name: Optional[str] = None,
            surname: Optional[str] = None,
            aliases: Optional[List[str]] = None,
            password: Optional[str] = None,
            role_dns: Optional[List[str]] = None) -> IBMResponse:
    """
    Modify the attributes of an existing Person. Only arguments with a value will be changed. Any arguments set to None
        will be left as they are. To set an attribute to an empty value, use an empty string or empty list.
    :param isim_application: The ISIMApplication instance to connect to.
    :param person_dn: The DN of the existing person to modify.
    :param full_name: The full name of the person.
    :param surname: The surname of the person.
    :param aliases: A list of aliases for the person.
    :param password: A password to use as the preferred password for the person.
    :param role_dns: A list of DNs corresponding to roles that the person will be part of.
    :return: An IBMResponse object. If the call was successful, the data field will be empty.
    """
    # Retrieve the attribute type
    attribute_type_response = isim_application.retrieve_soap_type(
        soap_service, "ns1:WSAttribute", requires_version=requires_version)
    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if attribute_type_response['rc'] != 0:
        return attribute_type_response
    attr_type = attribute_type_response['data']

    data = []

    # Add the person DN to the request
    data.append(person_dn)

    # Setup the list of modified attributes and add them to the request
    attribute_list = _build_person_attributes_list(attr_type=attr_type,
                                                   full_name=full_name,
                                                   surname=surname,
                                                   aliases=aliases,
                                                   password=password,
                                                   role_dns=role_dns)

    data.append(attribute_list)

    # Leave the date object empty
    data.append(None)

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Modifying a Person",
        soap_service,
        "modifyPerson",
        data,
        requires_version=requires_version)
    return ret_obj
def search(isim_application: ISIMApplication,
           container_dn: Optional[str],
           ldap_filter: str = "(errolename=*)",
           check_mode=False,
           force=False) -> IBMResponse:
    """
    Search for a role using a filter.
    :param isim_application: The ISIMApplication instance to connect to.
    :param container_dn: The optional DN of a container to search in. Set to None to search everywhere.
    :param ldap_filter: An LDAP filter string to search for.
    :param check_mode: Set to True to enable check mode.
    :param force: Set to True to force execution regardless of current state.
    :return: An IBMResponse object. If the call was successful, the data field will contain a list of the Python dict
        representations of each role matching the filter.
    """
    # The session object is handled by the ISIMApplication instance
    data = []
    if container_dn is None:
        # Add the filter string to the request
        data.append(ldap_filter)

        # Invoke the call
        ret_obj = isim_application.invoke_soap_request(
            "Searching for roles",
            soap_service,
            "searchRoles",
            data,
            requires_version=requires_version)
    else:
        # Retrieve the container object (the business unit)
        container_response = isimws.isim.container.get(
            isim_application=isim_application, container_dn=container_dn)

        # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
        if container_response['rc'] != 0:
            return container_response

        container_object = container_response['data']
        data.append(container_object)

        # Add the filter string to the request
        data.append(ldap_filter)

        # Invoke the call
        ret_obj = isim_application.invoke_soap_request(
            "Searching for roles in container " + container_dn,
            soap_service,
            "searchForRolesInContainer",
            data,
            requires_version=requires_version)
    return ret_obj
Beispiel #3
0
def search(isim_application: ISIMApplication,
           ldap_filter: str = "(uid=*)",
           check_mode=False,
           force=False) -> IBMResponse:
    """
    Search for a person using a filter. The search is performed from the root.
    :param isim_application: The ISIMApplication instance to connect to.
    :param ldap_filter: An LDAP filter string to search for.
    :param check_mode: Set to True to enable check mode.
    :param force: Set to True to force execution regardless of current state.
    :return: An IBMResponse object. If the call was successful, the data field will contain a list of the Python dict
        representations of each role matching the filter.
    """
    # The session object is handled by the ISIMApplication instance
    data = []

    # Add the filter string to the request
    data.append(ldap_filter)

    # Add an empty attribute list to the request
    data.append("")

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Searching for people",
        soap_service,
        "searchPersonsFromRoot",
        data,
        requires_version=requires_version)
    return ret_obj
def get(isim_application: ISIMApplication,
        role_dn: str,
        check_mode=False,
        force=False) -> IBMResponse:
    """
    Get a role by it's DN.
    :param isim_application: The ISIMApplication instance to connect to.
    :param role_dn: The ITIM DN of the role.
    :param check_mode: Set to True to enable check mode.
    :param force: Set to True to force execution regardless of current state.
    :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict
        representation of the role.
    """
    # The session object is handled by the ISIMApplication instance
    # Add the dn string to the request
    data = [role_dn]

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Retrieving a static role",
        soap_service,
        "lookupRole",
        data,
        requires_version=requires_version)
    return ret_obj
def _get_attribute_by_filter(isim_application: ISIMApplication,
                             search_filter: str,
                             attribute_name: str) -> IBMResponse:
    """
    Look up workflows using an LDAP filter and return a list of values for a specific LDAP attribute. Produces a list
        of attribute values with each entry corresponding to one of the workflows that was selected by the filter.
    :param: search_filter: An LDAP search filter to select workflows with.
    :param: attribute_name: The name of the LDAP attribute to retrieve.
    :return: An IBMResponse object. If the call was successful, the data field will contain a list of values.
    """

    # Get the required SOAP types for the API call
    search_arguments_type_response = isim_application.retrieve_soap_type(
        "WSSearchDataService", "ns1:WSSearchArguments")

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if search_arguments_type_response['rc'] != 0:
        return search_arguments_type_response
    search_arguments_type = search_arguments_type_response['data']

    # The session object is handled by the ISIMApplication instance

    data = []
    search_arguments_object = search_arguments_type()

    search_arguments_object['category'] = 'Workflow'
    search_arguments_object['returnedAttributeName'] = attribute_name
    search_arguments_object['filter'] = str(search_filter)
    search_arguments_object['base'] = 'global'  # 'global' or 'org'

    data.append(search_arguments_object)

    # Invoke the call
    return isim_application.invoke_soap_request("Retrieving a workflow",
                                                "WSSearchDataService",
                                                "findSearchFilterObjects",
                                                data)
Beispiel #6
0
def get(isim_application: ISIMApplication,
        container_dn: str,
        check_mode=False,
        force=False) -> IBMResponse:
    # The session object is handled by the ISIMApplication instance
    # Add the dn string
    data = [container_dn]

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Retrieving an organisational container",
        soap_service,
        "lookupContainer",
        data,
        requires_version=requires_version)

    return ret_obj
    def __init__(self, isim_application: ISIMApplication):
        self.isim_application = isim_application

        # Retrieve organization DN mappings from the ISIMApplication
        self.organization_map = {}
        response = isim_application.invoke_soap_request(
            "Retrieving organizations list",
            "WSOrganizationalContainerService", "getOrganizationTree", [])

        if response['rc'] != 0:
            raise ValueError(
                'Cannot retrieve organization information from the application server.'
            )

        organization_info = response['data']
        for org in organization_info:
            self.organization_map[org['name']] = org['itimDN']
Beispiel #8
0
def get_all(isim_application: ISIMApplication, check_mode=False, force=False) -> IBMResponse:
    """
    Get a list of all organizations in the system.
    :param isim_application: The ISIMApplication instance to connect to.
    :param check_mode: Set to True to enable check mode.
    :param force: Set to True to force execution regardless of current state.
    :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict
        representation of the role.
    """
    # The session object is handled by the ISIMApplication instance
    data = []

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request("Retrieving organizations list",
                                                   soap_service,
                                                   "getOrganizationTree",
                                                   data,
                                                   requires_version=requires_version)

    ret_obj = strip_zeep_element_data(ret_obj)

    return ret_obj
def search(isim_application: ISIMApplication,
           container_dn: str,
           policy_name: str,
           check_mode=False,
           force=False) -> IBMResponse:
    """
    Search for a provisioning policy by it's name.
    :param isim_application: The ISIMApplication instance to connect to.
    :param container_dn: The DN of the container to search in.
    :param policy_name: The name of the provisioning policy to search for.
    :param check_mode: Set to True to enable check mode
    :param force: Set to True to force execution regardless of current state
    :return: An IBMResponse object. If the call was successful, the data field will contain a lst of the Python dict
        representations of each provisioning policy matching the criteria.
    """
    data = []
    # Add the add the container object to the request
    container_response = isimws.isim.container.get(
        isim_application=isim_application, container_dn=container_dn)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if container_response['rc'] != 0:
        return container_response

    container_object = container_response['data']
    data.append(container_object)

    # Add the policy name to the request
    data.append(str(policy_name))

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Searching for a provisioning policy",
        soap_service,
        "getPolicies",
        data,
        requires_version=requires_version)
    return ret_obj
def _create(isim_application: ISIMApplication,
            container_dn: str,
            name: str,
            role_classification: str,
            description: str = "",
            role_owner_dns: List[str] = [],
            user_owner_dns: List[str] = [],
            enable_access: bool = False,
            common_access: bool = False,
            access_type: str = "",
            access_image_uri: str = "",
            access_search_terms: List[str] = [],
            access_additional_info: str = "",
            access_badges: List[Dict[str, str]] = [],
            assignment_attributes: List[str] = []) -> IBMResponse:
    """
    Create a Role. To set an attribute to an empty value, use an empty string or empty list. Do not use None as this
        indicates no change, which is not applicable to a create operation.
    :param isim_application: The ISIMApplication instance to connect to.
    :param container_dn: The DN of the container (business unit) to create the role under.
    :param name: The role name.
    :param role_classification: Set to either "application" or "business".
    :param description: A description of the role.
    :param role_owner_dns: A list of DNs corresponding to the roles that own this role.
    :param user_owner_dns: A list of DNs corresponding to the users that own this role.
    :param enable_access: Set to True to enable access for the role.
    :param common_access: Set to True to show the role as a common access.
    :param access_type: Set to one of 'application', 'emailgroup', 'sharedfolder' or 'role'.
    :param access_image_uri: The URI of an image to use for the access icon.
    :param access_search_terms: A list of search terms for the access.
    :param access_additional_info: Additional information about the acceess.
    :param access_badges: A list of dicts representing badges for the access. Each entry in the list must contain the
        keys 'text' and 'colour' with string values.
    :param assignment_attributes: A list of attribute names to assign to the role.
    :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict
        representation of the action taken by the server.
    """
    data = []

    # Get the required SOAP types
    role_type_response = isim_application.retrieve_soap_type(
        soap_service, "ns1:WSRole", requires_version=requires_version)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if role_type_response['rc'] != 0:
        return role_type_response
    role_type = role_type_response['data']

    # Retrieve the attribute type
    attribute_type_response = isim_application.retrieve_soap_type(
        soap_service, "ns1:WSAttribute", requires_version=requires_version)
    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if attribute_type_response['rc'] != 0:
        return attribute_type_response
    attr_type = attribute_type_response['data']

    # Retrieve the container object (the business unit)
    container_response = isimws.isim.container.get(
        isim_application=isim_application, container_dn=container_dn)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if container_response['rc'] != 0:
        return container_response

    container_object = container_response['data']
    data.append(container_object)

    # Setup the role object
    role_object = role_type()

    role_object['name'] = name
    role_object['description'] = description
    role_object['select'] = False

    # Populate the role attributes
    attribute_list = _build_role_attributes_list(
        attr_type=attr_type,
        role_classification=role_classification,
        description=description,
        role_owner_dns=role_owner_dns,
        user_owner_dns=user_owner_dns,
        enable_access=enable_access,
        common_access=common_access,
        access_type=access_type,
        access_image_uri=access_image_uri,
        access_search_terms=access_search_terms,
        access_additional_info=access_additional_info,
        access_badges=access_badges,
        assignment_attributes=assignment_attributes)

    role_object['attributes'] = {'item': attribute_list}
    data.append(role_object)

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Creating a Role",
        soap_service,
        "createStaticRole",
        data,
        requires_version=requires_version)
    return ret_obj
Beispiel #11
0
def main():
    module = AnsibleModule(argument_spec=dict(log=dict(
        required=False,
        default='INFO',
        choices=['DEBUG', 'INFO', 'ERROR', 'CRITICAL']),
                                              hostname=dict(required=True),
                                              app_port=dict(required=False,
                                                            default=9082,
                                                            type='int'),
                                              root_dn=dict(required=True),
                                              action=dict(required=True),
                                              force=dict(required=False,
                                                         default=False,
                                                         type='bool'),
                                              username=dict(required=False),
                                              password=dict(required=True,
                                                            no_log=True),
                                              isimapi=dict(required=False,
                                                           type='dict')),
                           supports_check_mode=True)

    module.debug('Started isim module')

    # Process all Arguments
    logLevel = module.params['log']
    force = module.params['force']
    action = module.params['action']
    hostname = module.params['hostname']
    app_port = module.params['app_port']
    root_dn = module.params['root_dn']
    username = module.params['username']
    password = module.params['password']

    # Setup logging for format, set log level and redirect to string
    strlog = StringIO()
    DEFAULT_LOGGING = {
        'version': 1,
        'disable_existing_loggers': False,
        'formatters': {
            'standard': {
                'format':
                '[%(asctime)s] [PID:%(process)d TID:%(thread)d] [%(levelname)s] [%(name)s] [%(funcName)s():%(lineno)s] %(message)s'
            },
        },
        'handlers': {
            'default': {
                'level': logLevel,
                'formatter': 'standard',
                'class': 'logging.StreamHandler',
                'stream': strlog
            },
        },
        'loggers': {
            '': {
                'handlers': ['default'],
                'level': logLevel,
                'propagate': True
            },
            'requests.packages.urllib3.connectionpool': {
                'handlers': ['default'],
                'level': 'ERROR',
                'propagate': True
            }
        }
    }
    logging.config.dictConfig(DEFAULT_LOGGING)

    # Create application user to be used for all calls
    if username == '' or username is None:
        u = ISIMApplicationUser(password=password)
    else:
        u = ISIMApplicationUser(username=username, password=password)

    # Create application object to be used for all calls
    isim_server = ISIMApplication(hostname=hostname,
                                  root_dn=root_dn,
                                  user=u,
                                  port=app_port)

    # Create options string to pass to action method
    options = 'isim_application=isim_server, force=' + str(force)
    if module.check_mode is True:
        options = options + ', check_mode=True'
    if isinstance(module.params['isimapi'], dict):
        for key, value in module.params['isimapi'].items():
            if isinstance(value, str):
                options = options + ', ' + key + '="' + value + '"'
            else:
                options = options + ', ' + key + '=' + str(value)
    module.debug('Option to be passed to action: ' + options)

    # Dynamically process the action to be invoked
    # Simple check to restrict calls to just "isim" ones for safety
    if action.startswith('isimws.isim.'):
        try:
            module_name, method_name = action.rsplit('.', 1)
            module.debug('Action method to be imported from module: ' +
                         module_name)
            module.debug('Action method name is: ' + method_name)
            mod = importlib.import_module(module_name)
            func_ptr = getattr(
                mod, method_name)  # Convert action to actual function pointer
            func_call = 'func_ptr(' + options + ')'

            startd = datetime.datetime.now()

            # Execute requested 'action'
            ret_obj = eval(func_call)

            endd = datetime.datetime.now()
            delta = endd - startd

            ret_obj['stdout'] = strlog.getvalue()
            ret_obj['stdout_lines'] = strlog.getvalue().split()
            ret_obj['start'] = str(startd)
            ret_obj['end'] = str(endd)
            ret_obj['delta'] = str(delta)
            ret_obj['cmd'] = action + "(" + options + ")"
            # ret_obj['ansible_facts'] = isim_server.facts

            module.exit_json(**ret_obj)

        except ImportError:
            module.fail_json(
                name=action,
                msg='Error> action belongs to a module that is not found!',
                log=strlog.getvalue())
        except AttributeError:
            module.fail_json(
                name=action,
                msg=
                'Error> invalid action was specified, method not found in module!',
                log=strlog.getvalue())
        # except TypeError:
        #     module.fail_json(name=action,
        #                      msg='Error> action does not have the right set of arguments or there is a code bug! Options: ' + options,
        #                      log=strlog.getvalue())
        except IBMError as e:
            module.fail_json(name=action, msg=str(e), log=strlog.getvalue())
    else:
        module.fail_json(
            name=action,
            msg='Error> invalid action specified, needs to be isim!',
            log=strlog.getvalue())
Beispiel #12
0
def _modify(isim_application: ISIMApplication,
            container_dn: str,
            profile: str,
            description: Optional[str] = None,
            associated_people_dns: Optional[List[str]] = None) -> IBMResponse:
    """
    Modify the attributes of an existing Container. Only arguments with a value will be changed. Any arguments set to
        None will be left as they are. To set an attribute to an empty value, use an empty string or empty list.
    :param isim_application: The ISIMApplication instance to connect to.
    :param container_dn: The DN of the existing container to modify.
    :param profile: The container profile to use. Valid values are 'Organization', 'OrganizationalUnit',
        'BPOrganization', 'Location', or 'AdminDomain'. Note that this value cannot be modified- this argument is only
        used to determine how to process the other arguments.
    :param description: A description of the container. Will be ignored if the selected container profile doesn't use
        a description.
    :param associated_people_dns: A list of DNs corresponding to the people associated with the container. The way this
        list will be interpreted changes depending on the selected container profile. For an organization, it will be
        ignored. For an organizational unit or location, the first entry in the list will be set as the supervisor, and
        the other entries will be ignored. For a business partner unit, the first entry in the list will be set as the
        sponsor, and the other entries will be ignored. For an admin domain, each entry in the list will be set as an
        administrator of the admin domain.
    :return: An IBMResponse object. If the call was successful, the data field will be empty.
    """

    # Get the required SOAP types
    container_type_response = isim_application.retrieve_soap_type(
        soap_service,
        "ns1:WSOrganizationalContainer",
        requires_version=requires_version)
    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if container_type_response['rc'] != 0:
        return container_type_response
    container_type = container_type_response['data']

    # Retrieve the attribute type
    attribute_type_response = isim_application.retrieve_soap_type(
        soap_service, "ns1:WSAttribute", requires_version=requires_version)
    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if attribute_type_response['rc'] != 0:
        return attribute_type_response
    attr_type = attribute_type_response['data']

    data = []

    # Setup the container object
    container_object = container_type()

    container_object['select'] = False
    container_object['itimDN'] = container_dn

    # Populate the container attributes
    attribute_list = _build_container_attributes_list(
        attr_type=attr_type,
        name=None,
        profile=profile,
        description=description,
        associated_people_dns=associated_people_dns)

    container_object['attributes'] = {'item': attribute_list}
    data.append(container_object)

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Modifying a Container",
        soap_service,
        "modifyContainer",
        data,
        requires_version=requires_version)
    return ret_obj
Beispiel #13
0
def _create(isim_application: ISIMApplication,
            parent_container_dn: str,
            profile: str,
            name: str,
            description: str = "",
            associated_people_dns: List[str] = []) -> IBMResponse:
    """
    Create a Container. To set an attribute to an empty value, use an empty string or empty list. Do not use None as
    this indicates no change, which is not applicable to a create operation.
    :param isim_application: The ISIMApplication instance to connect to.
    :param parent_container_dn: The DN of the existing container (business unit) to create the container under. To
        create an Organization, you must specify the root container here, e.g. "ou=demo,dc=com".
    :param profile: The container profile to use. Valid values are 'Organization', 'OrganizationalUnit',
        'BPOrganization', 'Location', or 'AdminDomain'.
    :param name: The container name. This will be automatically applied to the correct attribute depending on the
        container profile selected.
    :param description: A description of the container. Will be ignored if the selected container profile doesn't use
        a description.
    :param associated_people_dns: A list of DNs corresponding to the people associated with the container. The way this
        list will be interpreted changes depending on the selected container profile. For an organization, it will be
        ignored. For an organizational unit or location, the first entry in the list will be set as the supervisor, and
        the other entries will be ignored. For a business partner unit, the first entry in the list will be set as the
        sponsor, and the other entries will be ignored. For an admin domain, each entry in the list will be set as an
        administrator of the admin domain.
    :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict
        representation of the action taken by the server.
    """
    data = []

    # Get the required SOAP types
    container_type_response = isim_application.retrieve_soap_type(
        soap_service,
        "ns1:WSOrganizationalContainer",
        requires_version=requires_version)
    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if container_type_response['rc'] != 0:
        return container_type_response
    container_type = container_type_response['data']

    # Retrieve the attribute type
    attribute_type_response = isim_application.retrieve_soap_type(
        soap_service, "ns1:WSAttribute", requires_version=requires_version)
    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if attribute_type_response['rc'] != 0:
        return attribute_type_response
    attr_type = attribute_type_response['data']

    # Retrieve the parent container object (the business unit)
    parent_container_response = isimws.isim.container.get(
        isim_application=isim_application, container_dn=parent_container_dn)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if parent_container_response['rc'] != 0:
        return parent_container_response

    parent_container_object = parent_container_response['data']
    data.append(parent_container_object)

    # Setup the new container object
    container_object = container_type()

    container_object['select'] = False
    container_object['name'] = name

    # The SOAP API uses different profile names depending on which operation is being performed for some reason. We
    # set the profile name here according to what is expected for a create operation.
    if profile == "BPOrganization":
        container_object['profileName'] = "BusinessPartnerOrganization"
    elif profile == "AdminDomain":
        container_object['profileName'] = "SecurityDomain"
    else:
        container_object['profileName'] = profile

    # Populate the container attributes
    attribute_list = _build_container_attributes_list(
        attr_type=attr_type,
        name=name,
        profile=profile,
        description=description,
        associated_people_dns=associated_people_dns)

    container_object['attributes'] = {'item': attribute_list}
    data.append(container_object)

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Creating a Container",
        soap_service,
        "createContainer",
        data,
        requires_version=requires_version)
    return ret_obj
Beispiel #14
0
def _create(isim_application: ISIMApplication,
            container_dn: str,
            uid: str,
            profile: str,
            full_name: str,
            surname: str,
            aliases: List[str] = [],
            password: str = "",
            role_dns: List[str] = []) -> IBMResponse:
    """
    Create a Person. To set an attribute to an empty value, use an empty string or empty list. Do not use None as this
        indicates no change, which is not applicable to a create operation.
    :param isim_application: The ISIMApplication instance to connect to.
    :param container_dn: The DN of the container (business unit) to create the person under.
    :param uid: The username or UID for the person.
    :param profile: The name of the profile to use for the person. Currently only "Person" is supported.
    :param full_name: The full name of the person.
    :param surname: The surname of the person.
    :param aliases: A list of aliases for the person.
    :param password: A password to use as the preferred password for the person.
    :param role_dns: A list of DNs corresponding to roles that the person will be part of.
    :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict
        representation of the action taken by the server.
    """
    data = []

    # Get the required SOAP types
    person_type_response = isim_application.retrieve_soap_type(
        soap_service, "ns1:WSPerson", requires_version=requires_version)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if person_type_response['rc'] != 0:
        return person_type_response
    person_type = person_type_response['data']

    attribute_type_response = isim_application.retrieve_soap_type(
        soap_service, "ns1:WSAttribute", requires_version=requires_version)
    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if attribute_type_response['rc'] != 0:
        return attribute_type_response
    attr_type = attribute_type_response['data']

    # Retrieve the container object (the business unit)
    container_response = isimws.isim.container.get(
        isim_application=isim_application, container_dn=container_dn)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if container_response['rc'] != 0:
        return container_response

    container_object = container_response['data']
    data.append(container_object)

    # Setup the person object
    person_object = person_type()

    # Check that the profile is valid
    if profile.lower() == "person":
        person_object['profileName'] = "Person"
    else:
        raise ValueError(profile + "is not a valid profile. Must be 'Person'.")

    person_object['select'] = False

    attribute_list = _build_person_attributes_list(attr_type=attr_type,
                                                   uid=uid,
                                                   surname=surname,
                                                   full_name=full_name,
                                                   aliases=aliases,
                                                   password=password,
                                                   role_dns=role_dns)

    person_object['attributes'] = {'item': attribute_list}
    data.append(person_object)

    # Leave the date object empty
    data.append(None)

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Creating a Person",
        soap_service,
        "createPerson",
        data,
        requires_version=requires_version)
    return ret_obj
def _modify(isim_application: ISIMApplication,
            policy_dn: str,
            container_dn: str,
            name: str,
            priority: int,
            description: Optional[str] = None,
            keywords: Optional[str] = None,
            caption: Optional[str] = None,
            available_to_subunits: Optional[bool] = None,
            enabled: Optional[bool] = None,
            membership_type: Optional[str] = None,
            membership_role_dns: Optional[List[str]] = None,
            entitlements: List[Dict] = []) -> IBMResponse:
    """
    Modify an existing provisioning policy. Due to differences in the SOAP API, this function works differently to the
        _modify functions for other types of objects. Ordinarily None would indicate no change, but here it applies an
        empty value. Setting an empty string or list will set the value to a literal empty string or list, which may
        cause problems. There is no concept of 'no change' with this API- all attributes must be set regardless of
        whether they already have a value.
    :param isim_application: The ISIMApplication instance to connect to.
    :param policy_dn: The DN of the existing policy to modify.
    :param container_dn: The DN of the container (business unit) that the policy exists in.
    :param name: The name of the policy.
    :param priority: An integer greater than 0 representing the priority of the policy.
    :param description: A description for the policy.
    :param keywords: A keywords string for the policy.
    :param caption: A caption for the policy.
    :param available_to_subunits: Set to True to make the policy available to services in subunits of the selected
        business unit, or False to make it available to this business unit only.
    :param enabled: Set to True to enable the policy, or False to disable it.
    :param membership_type: A string value determining how membership of the policy will be determined. Valid values
        are 'all' (for all users in the organization), 'other' (for all other users who are not granted to the
        entitlement(s) defined by this provisioning policy via other policies), or 'roles' (to specify specific roles
        using the membership_roles argument).
    :param membership_role_dns: A list of DNs of the roles to use to determine membership. This argument will be
        ignored if membership_type is not set to 'roles'. This list cannot be empty if membership_type is set to
        'roles'.
    :param entitlements: A list of dicts representing entitlements for the policy. This list must contain at least
        one entry. Each entry is expected to contain the following keys:
            {
                automatic: bool # Set to True for automatic provisioning, or False for manual provisioning.
                ownership_type: str # Valid values are 'all', 'device', 'individual', 'system', or 'vendor'.
                target_type: str # Determines how services will be targeted. Valid values are 'all' (for all services),
                    'type' (for a service type), 'policy' (for a service selection policy), or 'specific' (for a
                    specific service).
                service_type: str # This attribute is only required if the target_type is set to 'type' or 'policy'.
                    Provide the exact name of the service profile to target. Note that it is case-sensitive.
                service_dn: str # This attribute is only required if the target_type is set to 'specific'. Provide the
                    DN of the service to target.
                workflow_dn: str # Set to the DN of a workflow to use, or None to not use a workflow.
            }
        Note: This API does not currently support adding service tags to entitlements.
    :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict
        representation of the action taken by the server.
    """
    data = []

    # Get the required SOAP types

    # Get the policy type
    policy_type_response = isim_application.retrieve_soap_type(
        soap_service,
        "ns1:WSProvisioningPolicy",
        requires_version=requires_version)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if policy_type_response['rc'] != 0:
        return policy_type_response
    policy_type = policy_type_response['data']

    # Get the policy membership type
    policy_membership_type_response = isim_application.retrieve_soap_type(
        soap_service,
        "ns1:WSProvisioningPolicyMembership",
        requires_version=requires_version)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if policy_membership_type_response['rc'] != 0:
        return policy_membership_type_response
    policy_membership_type = policy_membership_type_response['data']

    # Get the policy entitlement type
    policy_entitlement_type_response = isim_application.retrieve_soap_type(
        soap_service,
        "ns1:WSProvisioningPolicyEntitlement",
        requires_version=requires_version)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if policy_entitlement_type_response['rc'] != 0:
        return policy_entitlement_type_response
    policy_entitlement_type = policy_entitlement_type_response['data']

    # Get the service target type
    service_target_type_response = isim_application.retrieve_soap_type(
        soap_service, "ns1:WSServiceTarget", requires_version=requires_version)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if service_target_type_response['rc'] != 0:
        return service_target_type_response
    service_target_type = service_target_type_response['data']

    # Retrieve the container object (the business unit)
    container_response = isimws.isim.container.get(
        isim_application=isim_application, container_dn=container_dn)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if container_response['rc'] != 0:
        return container_response

    container_object = container_response['data']
    data.append(container_object)

    # Setup the policy object
    policy_object = _setup_policy_object(
        policy_type=policy_type,
        policy_entitlement_type=policy_entitlement_type,
        service_target_type=service_target_type,
        policy_membership_type=policy_membership_type,
        container_object=container_object,
        name=name,
        priority=priority,
        description=description,
        keywords=keywords,
        caption=caption,
        available_to_subunits=available_to_subunits,
        enabled=enabled,
        membership_type=membership_type,
        membership_role_dns=membership_role_dns,
        entitlements=entitlements)

    policy_object[
        'itimDN'] = policy_dn  # Add the policy DN so that the existing policy can be identified

    data.append(policy_object)

    # Leave the date object empty
    data.append(None)

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Modifying a provisioning policy",
        soap_service,
        "modifyPolicy",
        data,
        requires_version=requires_version)
    return ret_obj
def _modify(isim_application: ISIMApplication,
            role_dn: str,
            role_classification: Optional[str] = None,
            description: Optional[str] = None,
            role_owner_dns: Optional[List[str]] = None,
            user_owner_dns: Optional[List[str]] = None,
            enable_access: Optional[bool] = None,
            common_access: Optional[bool] = None,
            access_type: Optional[str] = None,
            access_image_uri: Optional[str] = None,
            access_search_terms: Optional[List[str]] = None,
            access_additional_info: Optional[str] = None,
            access_badges: Optional[List[Dict[str, str]]] = None,
            assignment_attributes: Optional[List[str]] = None) -> IBMResponse:
    """
    Modify the attributes of an existing Role. Only arguments with a value will be changed. Any arguments set to None
        will be left as they are. The one exception to this is role_owners and user_owners. If you set either one, it
        will overwrite all existing owners, both role and user. To set an attribute to an empty value, use an empty
        string or empty list.
    :param isim_application: The ISIMApplication instance to connect to.
    :param role_dn: The DN of the existing role to modify.
    :param role_classification: Set to either "application" or "business".
    :param description: A description of the role.
    :param role_owner_dns: A list of DNs corresponding to the roles that own this role.
    :param user_owner_dns: A list of DNs corresponding to the users that own this role.
    :param enable_access: Set to True to enable access for the role.
    :param common_access: Set to True to show the role as a common access.
    :param access_type: Set to one of 'application', 'emailgroup', 'sharedfolder' or 'role'.
    :param access_image_uri: The URI of an image to use for the access icon.
    :param access_search_terms: A list of search terms for the access.
    :param access_additional_info: Additional information about the acceess.
    :param access_badges: A list of dicts representing badges for the access. Each entry in the list must contain the
        keys 'text' and 'colour' with string values.
    :param assignment_attributes: A list of attribute names to assign to the role.
    :return: An IBMResponse object. If the call was successful, the data field will be empty.
    """
    # Retrieve the attribute type
    attribute_type_response = isim_application.retrieve_soap_type(
        soap_service, "ns1:WSAttribute", requires_version=requires_version)
    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if attribute_type_response['rc'] != 0:
        return attribute_type_response
    attr_type = attribute_type_response['data']

    data = []

    # Add the role DN to the request
    data.append(role_dn)

    # Setup the list of modified attributes and add them to the request
    attribute_list = _build_role_attributes_list(
        attr_type=attr_type,
        role_classification=role_classification,
        description=description,
        role_owner_dns=role_owner_dns,
        user_owner_dns=user_owner_dns,
        enable_access=enable_access,
        common_access=common_access,
        access_type=access_type,
        access_image_uri=access_image_uri,
        access_search_terms=access_search_terms,
        access_additional_info=access_additional_info,
        access_badges=access_badges,
        assignment_attributes=assignment_attributes)

    data.append(attribute_list)

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Modifying a Role",
        soap_service,
        "modifyStaticRole",
        data,
        requires_version=requires_version)
    return ret_obj
Beispiel #17
0
def search(isim_application: ISIMApplication,
           parent_dn: str,
           container_name: str,
           profile: str,
           check_mode=False,
           force=False) -> IBMResponse:
    """
    Search for a container by it's name.
    :param isim_application: The ISIMApplication instance to connect to.
    :param parent_dn: The DN of the parent container to search under. All descendants of this container will be
        searched, not just direct children. To search for an Organization, you must specify the root container here,
        e.g. "ou=demo,dc=com".
    :param container_name: The name of the container to search for. Only containers that exactly match the name will
        appear in the results.
    :param container_name: The name of the container to search for.
    :param profile: The type of container to search for. Valid values are 'Organization', 'OrganizationalUnit',
        'BPOrganization', 'Location', or 'AdminDomain'.
    :param check_mode: Set to True to enable check mode.
    :param force: Set to True to force execution regardless of current state.
    :return: An IBMResponse object. If the call was successful, the data field will contain a list of the Python dict
        representations of each role matching the filter.
    """
    # The session object is handled by the ISIMApplication instance
    data = []

    # Retrieve the parent container object
    container_response = isimws.isim.container.get(
        isim_application=isim_application, container_dn=parent_dn)

    # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it
    if container_response['rc'] != 0:
        return container_response

    container_object = container_response['data']
    data.append(container_object)

    # Add the container profile name to the request
    if not (profile == "Organization" or profile == "OrganizationalUnit"
            or profile == "Location" or profile == "AdminDomain"
            or profile == "BPOrganization"):
        raise ValueError(
            "'" + profile +
            "' is not a valid container profile. Valid values are 'Organization', "
            "'OrganizationalUnit', 'BPOrganization', 'Location', or 'AdminDomain'."
        )
    data.append(profile)

    # Add the container name to the request
    data.append(container_name)

    # Invoke the call
    ret_obj = isim_application.invoke_soap_request(
        "Searching for containers",
        soap_service,
        "searchContainerByName",
        data,
        requires_version=requires_version)

    ret_obj = strip_zeep_element_data(ret_obj)

    return ret_obj
Beispiel #18
0
# Function to pretty print JSON data
def pretty_print(jdata):
    pp = pprint.PrettyPrinter(indent=2)
    pp.pprint(jdata)


if __name__ == "__main__":
    """
    This test program should not execute when imported, which would otherwise
    cause problems when generating the documentation.
    """
    # Create a user credential for ISIM application
    u = ISIMApplicationUser(username="******", password="******")
    # Create an ISIM application with above credential
    isim_server = ISIMApplication(hostname="192.168.1.56",
                                  root_dn="ou=demo,dc=com",
                                  user=u,
                                  port=9082)

    dn_encoder = DNEncoder(isim_server)

    # # Idempotently apply a person configuration
    # print("Applying a person configuration...")
    # pretty_print(isimws.isim.person.apply(isim_application=isim_server,
    #                                       container_path="//demo",
    #                                       uid="cspeed",
    #                                       profile="Person",
    #                                       full_name="Claude Speed",
    #                                       surname="Speed",
    #                                       aliases=["CS", "Claude"],
    #                                       password="******",
    #                                       roles=[