def config():
with open(config_file_name, "r") as f:
conf_dict = yaml.load(f)
creds = conf_dict["test_org"]
conn = umapi_client.Connection(
ims_host='ims-na1-stg1.adobelogin.com',
user_management_endpoint=
'https://usermanagement-stage.adobe.io/v2/usermanagement',
org_id=creds["org_id"],
auth_dict=creds)
return conn, conf_dict
def connect_umapi(config, test_mode):
server_config = config["server"]
auth_config = config["enterprise"]
if server_config and all(k in server_config
for k in ("host", "endpoint", "ims_host")):
conn = umapi_client.Connection(org_id=auth_config["org_id"],
auth_dict=auth_config,
ims_host=server_config["ims_host"],
user_management_endpoint="https://" +
server_config["host"] +
server_config["endpoint"],
test_mode=test_mode)
else:
conn = umapi_client.Connection(org_id=auth_config["org_id"],
auth_dict=auth_config,
test_mode=test_mode)
logger.log(
logging.INFO, "Connected to %s , TEST-MODE: %s" %
(auth_config["org_id"], str(test_mode)))
return conn
def test_conn_and_status(config):
# first create conn using key file, as usual
conn1, params = config
_, status = conn1.status(remote=True)
logging.info("Server connection from key file, status is %s", status)
assert status["state"] == "LIVE"
# next create conn using key data
creds = params["test_org"]
key_file = creds.pop("private_key_file")
with open(key_file) as f:
creds["private_key_data"] = f.read()
conn2 = umapi_client.Connection(org_id=creds["org_id"], auth_dict=creds)
_, status = conn2.status(remote=True)
logging.info("Server connection from key data, status is %s", status)
assert status["state"] == "LIVE"
def __init__(self, name, caller_options):
"""
:type name: str
:type caller_options: dict
"""
self.name = 'umapi' + name
caller_config = user_sync.config.DictConfig(
self.name + ' configuration', caller_options)
builder = user_sync.config.OptionsBuilder(caller_config)
builder.set_string_value('logger_name', self.name)
builder.set_bool_value('test_mode', False)
options = builder.get_options()
server_config = caller_config.get_dict_config('server', True)
server_builder = user_sync.config.OptionsBuilder(server_config)
server_builder.set_string_value('host', 'usermanagement.adobe.io')
server_builder.set_string_value('endpoint', '/v2/usermanagement')
server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com')
server_builder.set_string_value('ims_endpoint_jwt',
'/ims/exchange/jwt')
server_builder.set_int_value('timeout', 120)
server_builder.set_int_value('retries', 3)
options['server'] = server_options = server_builder.get_options()
enterprise_config = caller_config.get_dict_config('enterprise')
enterprise_builder = user_sync.config.OptionsBuilder(enterprise_config)
enterprise_builder.require_string_value('org_id')
enterprise_builder.require_string_value('tech_acct')
options[
'enterprise'] = enterprise_options = enterprise_builder.get_options(
)
self.options = options
self.logger = logger = user_sync.connector.helper.create_logger(
options)
if server_config:
server_config.report_unused_values(logger)
logger.debug('UMAPI initialized with options: %s', options)
ims_host = server_options['ims_host']
self.org_id = org_id = enterprise_options['org_id']
auth_dict = {
'org_id':
org_id,
'tech_acct_id':
enterprise_options['tech_acct'],
'api_key':
enterprise_config.get_credential('api_key', org_id),
'client_secret':
enterprise_config.get_credential('client_secret', org_id),
}
# get the private key
key_path = enterprise_config.get_string('priv_key_path', True)
if key_path:
data_setting = enterprise_config.has_credential('priv_key_data')
if data_setting:
raise AssertionException(
'%s: cannot specify both "priv_key_path" and "%s"' %
(enterprise_config.get_full_scope(), data_setting))
logger.debug('%s: reading private key data from file %s',
self.name, key_path)
try:
with open(key_path, 'r') as f:
key_data = f.read()
except IOError as e:
raise AssertionException(
'%s: cannot read file "%s": %s' %
(enterprise_config.get_full_scope(), key_path, e))
else:
key_data = enterprise_config.get_credential(
'priv_key_data', org_id)
# decrypt the private key, if needed
passphrase = enterprise_config.get_credential('priv_key_pass', org_id,
True)
if passphrase:
try:
key_data = str(
RSA.importKey(
key_data,
passphrase=passphrase).exportKey().decode('ascii'))
except (ValueError, IndexError, TypeError) as e:
raise AssertionException(
'%s: Error decrypting private key, either the password is wrong or: %s'
% (enterprise_config.get_full_scope(), e))
auth_dict['private_key_data'] = key_data
# this check must come after we fetch all the settings
enterprise_config.report_unused_values(logger)
# open the connection
um_endpoint = "https://" + server_options['host'] + server_options[
'endpoint']
logger.debug('%s: creating connection for org %s at endpoint %s',
self.name, org_id, um_endpoint)
try:
self.connection = connection = umapi_client.Connection(
org_id=org_id,
auth_dict=auth_dict,
ims_host=ims_host,
ims_endpoint_jwt=server_options['ims_endpoint_jwt'],
user_management_endpoint=um_endpoint,
test_mode=options['test_mode'],
user_agent="user-sync/" + app_version,
logger=self.logger,
timeout_seconds=float(server_options['timeout']),
retry_max_attempts=server_options['retries'] + 1,
)
except Exception as e:
raise AssertionException(
"Connection to org %s at endpoint %s failed: %s" %
(org_id, um_endpoint, e))
logger.debug('%s: connection established', self.name)
# wrap the connection in an action manager
self.action_manager = ActionManager(connection, org_id, logger)
def __init__(self, name, caller_options):
'''
:type name: str
:type caller_options: dict
'''
caller_config = user_sync.config.DictConfig(
'"%s umapi options"' % name, caller_options)
builder = user_sync.config.OptionsBuilder(caller_config)
builder.set_string_value('logger_name', 'umapi' + name)
builder.set_bool_value('test_mode', False)
options = builder.get_options()
server_config = caller_config.get_dict_config('server', True)
server_builder = user_sync.config.OptionsBuilder(server_config)
server_builder.set_string_value('host', 'usermanagement.adobe.io')
server_builder.set_string_value('endpoint', '/v2/usermanagement')
server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com')
server_builder.set_string_value('ims_endpoint_jwt',
'/ims/exchange/jwt')
options['server'] = server_options = server_builder.get_options()
enterprise_config = caller_config.get_dict_config('enterprise')
enterprise_builder = user_sync.config.OptionsBuilder(enterprise_config)
enterprise_builder.require_string_value('org_id')
enterprise_builder.require_string_value('api_key')
enterprise_builder.require_string_value('client_secret')
enterprise_builder.require_string_value('tech_acct')
enterprise_builder.require_string_value('priv_key_path')
options[
'enterprise'] = enterprise_options = enterprise_builder.get_options(
)
self.options = options
self.logger = logger = helper.create_logger(options)
caller_config.report_unused_values(logger)
ims_host = server_options['ims_host']
self.org_id = org_id = enterprise_options['org_id']
api_key = enterprise_options['api_key']
private_key_file_path = enterprise_options['priv_key_path']
um_endpoint = "https://" + server_options['host'] + server_options[
'endpoint']
logger.debug(
'Creating connection for org id: "%s" using private key file: "%s"',
org_id, private_key_file_path)
auth_dict = {
"org_id": org_id,
"tech_acct_id": enterprise_options['tech_acct'],
"api_key": api_key,
"client_secret": enterprise_options['client_secret'],
"private_key_file": private_key_file_path
}
try:
self.connection = connection = umapi_client.Connection(
org_id=org_id,
auth_dict=auth_dict,
ims_host=ims_host,
ims_endpoint_jwt=server_options['ims_endpoint_jwt'],
user_management_endpoint=um_endpoint,
test_mode=options['test_mode'],
user_agent="user-sync/" + APP_VERSION,
logger=self.logger,
)
except Exception as e:
raise AssertionException(
"UMAPI connection to org id '%s' failed: %s" % (org_id, e))
logger.debug('API initialized on: %s', um_endpoint)
self.action_manager = ActionManager(connection, org_id, logger)
def __init__(self, name, caller_options):
'''
:type name: str
:type caller_options: dict
'''
self.name = 'umapi' + name
caller_config = user_sync.config.DictConfig(
self.name + ' configuration', caller_options)
builder = user_sync.config.OptionsBuilder(caller_config)
builder.set_string_value('logger_name', self.name)
builder.set_bool_value('test_mode', False)
options = builder.get_options()
server_config = caller_config.get_dict_config('server', True)
server_builder = user_sync.config.OptionsBuilder(server_config)
server_builder.set_string_value('host', 'usermanagement.adobe.io')
server_builder.set_string_value('endpoint', '/v2/usermanagement')
server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com')
server_builder.set_string_value('ims_endpoint_jwt',
'/ims/exchange/jwt')
options['server'] = server_options = server_builder.get_options()
enterprise_config = caller_config.get_dict_config('enterprise')
enterprise_builder = user_sync.config.OptionsBuilder(enterprise_config)
enterprise_builder.require_string_value('org_id')
enterprise_builder.require_string_value('tech_acct')
options[
'enterprise'] = enterprise_options = enterprise_builder.get_options(
)
self.options = options
self.logger = logger = helper.create_logger(options)
if server_config: server_config.report_unused_values(logger)
logger.debug('UMAPI initialized with options: %s', options)
# set up the auth dict for umapi-client
ims_host = server_options['ims_host']
self.org_id = org_id = enterprise_options['org_id']
auth_dict = {
'org_id':
org_id,
'tech_acct_id':
enterprise_options['tech_acct'],
'api_key':
enterprise_config.get_credential('api_key', org_id),
'client_secret':
enterprise_config.get_credential('client_secret', org_id),
}
# get the private key
key_path = enterprise_config.get_string('priv_key_path', True)
if key_path:
data_setting = enterprise_config.has_credential('priv_key_data')
if data_setting:
raise AssertionException(
'%s: cannot specify both "priv_key_path" and "%s"' %
(enterprise_config.get_full_scope(), data_setting))
logger.debug('%s: reading private key data from file %s',
self.name, key_path)
auth_dict['private_key_file'] = key_path
else:
auth_dict['private_key_data'] = enterprise_config.get_credential(
'priv_key_data', org_id)
# this check must come after we fetch all the settings
enterprise_config.report_unused_values(logger)
# open the connection
um_endpoint = "https://" + server_options['host'] + server_options[
'endpoint']
logger.debug('%s: creating connection for org %s at endpoint %s',
self.name, org_id, um_endpoint)
try:
self.connection = connection = umapi_client.Connection(
org_id=org_id,
auth_dict=auth_dict,
ims_host=ims_host,
ims_endpoint_jwt=server_options['ims_endpoint_jwt'],
user_management_endpoint=um_endpoint,
test_mode=options['test_mode'],
user_agent="user-sync/" + APP_VERSION,
logger=self.logger,
)
except Exception as e:
raise AssertionException(
"Connection to org %s at endpoint %s failed: %s" %
(org_id, um_endpoint, e))
logger.debug('%s: connection established', self.name)
# wrap the connection in an action manager
self.action_manager = ActionManager(connection, org_id, logger)
def __init__(self, caller_options):
caller_config = user_sync.config.DictConfig('<%s configuration>' % self.name, caller_options)
builder = user_sync.config.OptionsBuilder(caller_config)
# Let just ignore this
builder.set_string_value('user_identity_type', None)
builder.set_string_value('identity_type_filter', 'all')
options = builder.get_options()
if not options['identity_type_filter'] == 'all':
try:
options['identity_type_filter'] = parse_identity_type(options['identity_type_filter'])
except Exception as e:
raise AssertionException("Error parsing identity_type_filter option: %s" % e)
self.filter_by_identity_type = options['identity_type_filter']
server_config = caller_config.get_dict_config('server', True)
server_builder = user_sync.config.OptionsBuilder(server_config)
server_builder.set_string_value('host', 'usermanagement.adobe.io')
server_builder.set_string_value('endpoint', '/v2/usermanagement')
server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com')
server_builder.set_string_value('ims_endpoint_jwt', '/ims/exchange/jwt')
server_builder.set_int_value('timeout', 120)
server_builder.set_int_value('retries', 3)
options['server'] = server_options = server_builder.get_options()
enterprise_config = caller_config.get_dict_config('integration')
integration_builder = user_sync.config.OptionsBuilder(enterprise_config)
integration_builder.require_string_value('org_id')
integration_builder.require_string_value('tech_acct')
options['integration'] = integration_options = integration_builder.get_options()
self.logger = logger = user_sync.connector.helper.create_logger(options)
logger.debug('%s initialized with options: %s', self.name, options)
self.options = options
ims_host = server_options['ims_host']
self.org_id = org_id = integration_options['org_id']
auth_dict = make_auth_dict(self.name, enterprise_config, org_id, integration_options['tech_acct'], logger)
# this check must come after we fetch all the settings
caller_config.report_unused_values(logger)
# open the connection
um_endpoint = "https://" + server_options['host'] + server_options['endpoint']
logger.debug('%s: creating connection for org %s at endpoint %s', self.name, org_id, um_endpoint)
try:
self.connection = umapi_client.Connection(
org_id=org_id,
auth_dict=auth_dict,
ims_host=ims_host,
ims_endpoint_jwt=server_options['ims_endpoint_jwt'],
user_management_endpoint=um_endpoint,
test_mode=False,
user_agent="user-sync/" + app_version,
logger=self.logger,
timeout_seconds=float(server_options['timeout']),
retry_max_attempts=server_options['retries'] + 1,
)
except Exception as e:
raise AssertionException("Connection to org %s at endpoint %s failed: %s" % (org_id, um_endpoint, e))
logger.debug('%s: connection established', self.name)
self.umapi_users = []
self.user_by_usr_key = {}
def __init__(self, name, caller_options):
"""
:type name: str
:type caller_options: dict
"""
self.name = 'umapi' + name
caller_config = user_sync.config.DictConfig(
self.name + ' configuration', caller_options)
self.trusted = caller_config.get_bool('trusted', True)
if self.trusted is None:
self.trusted = False
builder = user_sync.config.OptionsBuilder(caller_config)
builder.set_string_value('logger_name', self.name)
builder.set_bool_value('test_mode', False)
options = builder.get_options()
server_config = caller_config.get_dict_config('server', True)
server_builder = user_sync.config.OptionsBuilder(server_config)
server_builder.set_string_value('host', 'usermanagement.adobe.io')
server_builder.set_string_value('endpoint', '/v2/usermanagement')
server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com')
server_builder.set_string_value('ims_endpoint_jwt',
'/ims/exchange/jwt')
server_builder.set_int_value('timeout', 120)
server_builder.set_int_value('retries', 3)
server_builder.set_bool_value('ssl_verify', True)
options['server'] = server_options = server_builder.get_options()
enterprise_config = caller_config.get_dict_config('enterprise')
enterprise_builder = user_sync.config.OptionsBuilder(enterprise_config)
enterprise_builder.require_string_value('org_id')
enterprise_builder.require_string_value('tech_acct')
options[
'enterprise'] = enterprise_options = enterprise_builder.get_options(
)
self.options = options
self.logger = logger = user_sync.connector.helper.create_logger(
options)
if server_config:
server_config.report_unused_values(logger)
logger.debug('UMAPI initialized with options: %s', options)
ims_host = server_options['ims_host']
self.org_id = org_id = enterprise_options['org_id']
auth_dict = make_auth_dict(self.name, enterprise_config, org_id,
enterprise_options['tech_acct'], logger)
# this check must come after we fetch all the settings
enterprise_config.report_unused_values(logger)
# open the connection
um_endpoint = "https://" + server_options['host'] + server_options[
'endpoint']
logger.debug('%s: creating connection for org %s at endpoint %s',
self.name, org_id, um_endpoint)
try:
self.connection = connection = umapi_client.Connection(
org_id=org_id,
auth_dict=auth_dict,
ims_host=ims_host,
ims_endpoint_jwt=server_options['ims_endpoint_jwt'],
user_management_endpoint=um_endpoint,
test_mode=options['test_mode'],
user_agent="user-sync/" + app_version,
logger=self.logger,
timeout_seconds=float(server_options['timeout']),
retry_max_attempts=server_options['retries'] + 1,
ssl_verify=server_options['ssl_verify'])
except Exception as e:
raise AssertionException(
"Connection to org %s at endpoint %s failed: %s" %
(org_id, um_endpoint, e))
logger.debug('%s: connection established', self.name)
# wrap the connection in an action manager
self.action_manager = ActionManager(connection, org_id, logger)
def config():
with open(config_file_name, "r") as f:
conf_dict = yaml.load(f)
creds = conf_dict["test_org"]
conn = umapi_client.Connection(org_id=creds["org_id"], auth_dict=creds)
return conn, conf_dict
'-r',
'--reverse',
help=
'reverse conversion (go from username to email, rather than email to username)',
dest='from_email',
action='store_false',
default=True)
args = parser.parse_args()
with open(args.config_filename, "r") as f:
config = yaml.load(f)
conn = umapi_client.Connection(
org_id=config["org_id"],
auth_dict=config,
test_mode=args.test_mode,
# ims_host='ims-na1-stg1.adobelogin.com',
ims_endpoint_jwt='/ims/exchange/jwt',
# user_management_endpoint='https://usermanagement-stage.adobe.io/v2/usermanagement',
logger=logger)
cols = ['Username', 'Email', 'New Email', 'New Username']
actions = {}
for user_rec in CSVAdapter.read_csv_rows(args.users_filename,
recognized_column_names=cols):
username, email, new_email, new_username, domain = \
user_rec.get('Username'), user_rec.get('Email'), user_rec.get('New Email'),user_rec.get('New Username'), user_rec.get('Domain')
if not username or not email:
logger.warning(
"Skipping input record with missing Username and/or Email: %s"
% user_rec)
def scan_umapi(log: logging.Logger, options: Any, output_folder: Path) -> None:
"""
Call Adobe umapi and serialize results to compressed xml document
:param log:
:param options:
:param output_folder:
:return:
"""
scanned_groups = 0
scanned_users = 0
org_id = config['org_id']
# noinspection SpellCheckingInspection
ext = ".scaa"
output_file = output_folder.joinpath(options.uuid + ext)
start_time = time.time()
doc = Document()
xml = doc.createElement('octoscan')
xml.setAttribute("uuid", options.uuid)
xml.setAttribute("timestamp",
datetime.utcnow().replace(microsecond=0).isoformat())
xml.setAttribute("build", octoscan_build)
doc.appendChild(xml)
octoscan_config = doc.createElement('octoscan_config')
if len(options.tag) > 0:
append_info_element(doc, octoscan_config, 'tag', 'S', options.tag)
append_info_element(doc, octoscan_config, 'OutputFolder', 'S',
str(output_folder))
xml.appendChild(octoscan_config)
meta = doc.createElement('meta')
append_info_element(doc, meta, 'org_id', 'S', org_id)
append_info_element(doc, meta, 'tech_acct_id', 'S', config['tech_acct_id'])
xml.appendChild(meta)
conn = None
try:
conn = umapi_client.Connection(org_id=org_id, auth_dict=config)
except Exception as e:
log.exception(e)
if not conn:
log.error("Failed to connect to Adobe cloud")
groups = doc.createElement('groups')
umapi_groups = umapi_client.GroupsQuery(conn)
for umapi_group in umapi_groups:
g = doc.createElement('group')
g.setAttribute('name', umapi_group['groupName'])
append_dict(doc, g, umapi_group)
scanned_groups += 1
groups.appendChild(g)
xml.appendChild(groups)
users = doc.createElement('users')
umapi_users = umapi_client.UsersQuery(conn)
for umapi_user in umapi_users:
u = doc.createElement('user')
u.setAttribute('name', umapi_user['username'])
append_dict(doc, u, umapi_user)
scanned_users += 1
users.appendChild(u)
xml.appendChild(users)
end_time = time.time()
performance = doc.createElement('octoscan_performance')
append_info_element(doc, performance, 'seconds', 'I',
str(int(end_time - start_time)))
xml.appendChild(performance)
with gzip.open(output_file, 'w') as f_out:
f_out.write(doc.toprettyxml(indent="\t").encode('utf-8'))
print(output_file)
log.info(
f"Adobe umapi {scanned_users} users {scanned_groups} groups scanned output to {output_file}"
)