def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
msg = f'Attempting to reset MFA factors for user ID {MODULE_OPTIONS["id"]["value"]}'
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.echo(f"[*] {msg}")
url = f'{ctx.obj.base_url}/users/{MODULE_OPTIONS["id"]["value"]}/lifecycle/reset_factors'
headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": f"SSWS {ctx.obj.api_token}",
}
params = {}
payload = {}
try:
response = ctx.obj.session.post(url,
headers=headers,
params=params,
json=payload,
timeout=7)
except Exception as e:
LOGGER.error(e, exc_info=True)
index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=e)
click.secho(f"[!] {URL_OR_API_TOKEN_ERROR}", fg="red")
response = None
if response.ok:
msg = f'MFA factors reset for user {MODULE_OPTIONS["id"]["value"]}'
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.secho(f"[*] {msg}", fg="green")
get_user_object(ctx, MODULE_OPTIONS["id"]["value"])
else:
msg = (
f"Error resetting MFA factors for Okta user\n"
f" Response Code: {response.status_code} | Response Reason: {response.reason}\n"
f' Error Code: {response.json().get("errorCode")} | Error Summary: {response.json().get("errorSummary")}'
)
LOGGER.error(msg)
index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=msg)
click.secho(f"[!] {msg}", fg="red")
click.echo(
"Check that the user's status is ACTIVE and that they have at least one factor enrolled"
)
return
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
policy_id = MODULE_OPTIONS["policy_id"]["value"]
rule_id = MODULE_OPTIONS["rule_id"]["value"]
rule = get_policy_rule(ctx, policy_id, rule_id)
if rule:
if rule["status"] == "ACTIVE":
click.echo("[*] Rule is ACTIVE")
if click.confirm(
f'[*] Do you want to deactivate rule {rule_id} ({rule["name"]})?',
default=True):
msg = f'Attempting to deactivate rule {rule_id} ({rule["name"]}) in policy {policy_id}'
LOGGER.info(msg)
index_event(ctx.obj.es,
module=__name__,
event_type="INFO",
event=msg)
click.echo(f"[*] {msg}")
set_policy_rule_state(ctx,
policy_id,
rule_id,
operation="DEACTIVATE")
elif rule["status"] == "INACTIVE":
click.echo("[*] Rule is INACTIVE")
if click.confirm(
f'[*] Do you want to activate rule {rule_id} ({rule["name"]})?',
default=True):
msg = f'Attempting to activate rule {rule_id} ({rule["name"]}) in policy {policy_id}'
LOGGER.info(msg)
index_event(ctx.obj.es,
module=__name__,
event_type="INFO",
event=msg)
click.echo(f"[*] {msg}")
set_policy_rule_state(ctx,
policy_id,
rule_id,
operation="ACTIVATE")
else:
click.echo(f'[*] Rule status is {rule["status"]}')
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
msg = f'Attempting to get profile and group memberships for user ID {MODULE_OPTIONS["id"]["value"]}'
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.echo(f"[*] {msg}")
get_user_object(ctx, MODULE_OPTIONS["id"]["value"])
get_user_groups(ctx, MODULE_OPTIONS["id"]["value"])
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
zone_id = MODULE_OPTIONS["id"]["value"]
zone = get_zone_object(ctx, zone_id)
if zone:
if zone["status"] == "ACTIVE":
click.echo("[*] Zone is ACTIVE")
if click.confirm(
f'[*] Do you want to deactivate zone {zone_id} ({zone["name"]})?',
default=True):
msg = f'Attempting to deactivate zone {zone_id} ({zone["name"]})'
LOGGER.info(msg)
index_event(ctx.obj.es,
module=__name__,
event_type="INFO",
event=msg)
click.echo(f"[*] {msg}")
set_zone_state(ctx, zone["id"], operation="DEACTIVATE")
elif zone["status"] == "INACTIVE":
click.echo("[*] Zone is INACTIVE")
if click.confirm(
f'[*] Do you want to activate zone {zone_id} ({zone["name"]})?',
default=True):
msg = f'Attempting to activate zone {zone_id} ({zone["name"]})'
LOGGER.info(msg)
index_event(ctx.obj.es,
module=__name__,
event_type="INFO",
event=msg)
click.echo(f"[*] {msg}")
set_zone_state(ctx, zone["id"], operation="ACTIVATE")
else:
click.echo(f'[*] Policy status is {zone["status"]}')
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
user_id = MODULE_OPTIONS["id"]["value"]
click.echo("""[*] Attempting to retrieve user's current state""")
error = get_user_object(ctx, user_id)
if error:
return
click.echo("[*] Available lifecycle operations:")
for index, operation in enumerate(LIFECYCLE_OPERATIONS):
click.echo(
f'{index + 1}. {operation["operation"]} - {operation["description"]}'
)
while True:
choice = click.prompt(
"[*] Which state do you want to transition the user to?", type=int)
if (choice > 0) and (choice <= len(LIFECYCLE_OPERATIONS)):
lifecycle_operation = LIFECYCLE_OPERATIONS[choice - 1]["operation"]
msg = f"Attempting to {lifecycle_operation} user ID {user_id}"
LOGGER.info(msg)
index_event(ctx.obj.es,
module=__name__,
event_type="INFO",
event=msg)
click.echo(f"[*] {msg}")
execute_lifecycle_operation(ctx, user_id, lifecycle_operation)
return
else:
click.secho("[!] Invalid option selected", fg="red")
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
policy_id = MODULE_OPTIONS["id"]["value"]
policy = get_policy_object(ctx, policy_id)
if policy:
original_name = policy["name"]
new_name = f'{policy["name"]} TEMP_STRING'
# Rename the policy
rename_policy(ctx, policy_id, policy["type"], original_name, new_name)
# Change the policy name back to its original value
rename_policy(ctx, policy_id, policy["type"], new_name, original_name)
return
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
msg = f'Attempting to get policy object for policy ID {MODULE_OPTIONS["id"]["value"]}'
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.echo(f"[*] {msg}")
policy = get_policy_object(ctx, MODULE_OPTIONS["id"]["value"], rules=True)
if policy:
print_policy_object(policy)
if click.confirm(
f"[*] Do you want to save policy {policy['id']} ({policy['name']}) to a file?",
default=True):
file_path = f'{ctx.obj.data_dir}/{ctx.obj.profile_id}_policy_{policy["id"]}'
write_json_file(file_path, policy)
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
zone_id = MODULE_OPTIONS["id"]["value"]
zone = get_zone_object(ctx, zone_id)
if zone:
original_name = zone["name"]
new_name = f'{zone["name"]} TEMP_STRING'
# Rename the zone
rename_zone(ctx, zone, original_name, new_name)
# Change the policy name back to its original value
rename_zone(ctx, zone, new_name, original_name)
return
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
policy_id = MODULE_OPTIONS["policy_id"]["value"]
rule_id = MODULE_OPTIONS["rule_id"]["value"]
rule = get_policy_rule(ctx, policy_id, rule_id)
if rule:
original_name = rule["name"]
new_name = f'{rule["name"]} TEMP_STRING'
# Rename the policy rule
rename_policy_rule(ctx, policy_id, rule, original_name, new_name)
# Change the policy rule name back to its original value
rename_policy_rule(ctx, policy_id, rule, new_name, original_name)
return
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
admin_roles = ctx.obj.admin_roles
user_id = MODULE_OPTIONS["id"]["value"]
click.echo("[*] Available admin roles:")
for index, role in enumerate(admin_roles):
click.echo(f"{index + 1}. {role}")
while True:
choice = click.prompt(
"[*] Which admin role do you want to assign to the user?",
type=int)
if (choice > 0) and (choice <= len(admin_roles)):
role_type = admin_roles[choice - 1]
msg = f"Attempting to assign admin role, {role_type} to user ID, {user_id}"
LOGGER.info(msg)
index_event(ctx.obj.es,
module=__name__,
event_type="INFO",
event=msg)
click.echo(f"[*] {msg}")
assign_admin_role(ctx, user_id, role_type, target="user")
return
else:
click.secho("[!] Invalid option selected", fg="red")
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
msg = f'Attempting to generate a one-time token to reset the password for user ID {MODULE_OPTIONS["id"]["value"]}'
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.echo(f"[*] {msg}")
url = f'{ctx.obj.base_url}/users/{MODULE_OPTIONS["id"]["value"]}/lifecycle/reset_password'
headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": f"SSWS {ctx.obj.api_token}",
}
# Set sendEmail to False. The default value for sendEmail is True, which will send the one-time token to the
# target user
params = {"sendEmail": "False"}
payload = {}
try:
response = ctx.obj.session.post(url,
headers=headers,
params=params,
json=payload,
timeout=7)
except Exception as e:
LOGGER.error(e, exc_info=True)
index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=e)
click.secho(f"[!] {URL_OR_API_TOKEN_ERROR}", fg="red")
response = None
if response.ok:
msg = f'One-time password reset token generated for user {MODULE_OPTIONS["id"]["value"]}'
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.secho(f"[*] {msg}", fg="green")
click.echo(
"[*] The user will have the status of RECOVERY and will not be able to login or initiate the "
"forgot password flow until the password is reset")
response = response.json()
click.echo(f'Reset password URL: {response["resetPasswordUrl"]}')
else:
msg = (
f"Error resetting password for user\n"
f" Response Code: {response.status_code} | Response Reason: {response.reason}\n"
f' Error Code: {response.json().get("errorCode")} | Error Summary: {response.json().get("errorSummary")}'
)
LOGGER.error(msg)
index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=msg)
click.secho(f"[!] {msg}", fg="red")
click.echo(
"Check the status of the user. The user's status must be ACTIVE")
return
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
user_id = MODULE_OPTIONS["id"]["value"]
enrolled_factors, error = list_enrolled_factors(ctx, user_id)
if error:
return
if not enrolled_factors:
msg = f"No enrolled MFA factors found for user {user_id}"
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.echo(f"[*] {msg}")
return
else:
msg = f"Found {len(enrolled_factors)} enrolled MFA factors for user {user_id}"
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.secho(f"[*] {msg}", fg="green")
# Print the user's enrolled factors
factors = []
for index, factor in enumerate(enrolled_factors):
factors.append((
index + 1,
factor["id"],
factor.get("factorType", "-"),
factor.get("provider", "-"),
factor.get("vendorName", "-"),
factor.get("status", "-"),
))
headers = [
"#", "Factor ID", "Type", "Provider", "Vendor Name", "Status"
]
click.echo(tabulate(factors, headers=headers, tablefmt="pretty"))
# Prompt to delete a factor
while True:
if click.confirm(
"[*] Do you want to delete a MFA factor from the user's profile?",
default=True):
choice = click.prompt(
"[*] Enter the number (#) of the MFA factor to delete",
type=int)
if (choice > 0) and (choice <= len(factors)):
factor_id = enrolled_factors[choice - 1]["id"]
reset_factor(ctx, user_id, factor_id)
return
else:
click.secho("[!] Invalid choice", fg="red")
return
else:
return
def execute(ctx):
"""Execute this module with the configured options"""
error = check_module_options(MODULE_OPTIONS)
if error:
return
password = click.prompt(
"[*] Enter a password for the new user. The input for this value is hidden",
hide_input=True)
msg = f'Attempting to create new Okta user {MODULE_OPTIONS["login"]["value"]}'
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.echo(f"[*] {msg}")
url = f"{ctx.obj.base_url}/users"
headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": f"SSWS {ctx.obj.api_token}",
}
# Activate the new user when it's created
params = {"activate": "true"}
payload = {
"profile": {
"firstName": MODULE_OPTIONS["first_name"]["value"],
"lastName": MODULE_OPTIONS["last_name"]["value"],
"email": MODULE_OPTIONS["email"]["value"],
"login": MODULE_OPTIONS["login"]["value"],
},
"groupIds": MODULE_OPTIONS["group_ids"]["value"],
"credentials": {
"password": {
"value": password
}
},
}
try:
response = ctx.obj.session.post(url,
headers=headers,
params=params,
json=payload,
timeout=7)
except Exception as e:
LOGGER.error(e, exc_info=True)
index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=e)
click.secho(f"[!] {URL_OR_API_TOKEN_ERROR}", fg="red")
response = None
if response.ok:
msg = f'Created new Okta user {MODULE_OPTIONS["login"]["value"]}'
LOGGER.info(msg)
index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg)
click.secho(f"[*] {msg}", fg="green")
else:
msg = (
f"Error creating new Okta user\n"
f" Response Code: {response.status_code} | Response Reason: {response.reason}\n"
f' Error Code: {response.json().get("errorCode")} | Error Summary: {response.json().get("errorSummary")}'
)
LOGGER.error(msg)
index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=msg)
click.secho(f"[!] {msg}", fg="red")
click.echo(
'Did you try and add the new user to a built-in group? E.g. "Everyone"'
)
return
