def update_user_aad(user): """Updates a user in aad.""" headers = AUTH.check_token("PATCH") if headers: if "user_id" in user: user_id = user["user_id"] else: user_id = user["user_principal_name"] url = ("%s/%s/users/%s", GRAPH_URL, GRAPH_VERSION, user_id) aad_user = outbound_user_filter(user, "azure") aad_user.pop("mail", None) requests.patch(url=url, headers=headers, json=aad_user)
def update_entry_ldap(queue_entry, ldap_conn): """ Routes the given queue entry to the proper handler to update the AD (user | group) in Active Directory. """ data_type = queue_entry["data_type"] distinguished_name = get_distinguished_name(queue_entry) LOGGER.info("Updating information for %s", distinguished_name) if data_type == "user": sawtooth_entry_filtered = outbound_user_filter(queue_entry["data"], "ldap") elif data_type == "group": sawtooth_entry_filtered = outbound_group_filter(queue_entry["data"], "ldap") validated_entry = validate_update_entry(sawtooth_entry_filtered, data_type) modify_ad_attributes(distinguished_name, validated_entry, ldap_conn)
def create_user_ldap(distinguished_name, sawtooth_entry, ldap_conn): """Create new AD user using attributes from sawtooth_entry.""" LOGGER.info("Creating new AD user: %s", distinguished_name) sawtooth_entry_filtered = outbound_user_filter(sawtooth_entry["data"], "ldap") validated_entry = validate_create_entry( sawtooth_entry_filtered, sawtooth_entry["data_type"] ) ldap_conn.add( dn=distinguished_name, object_class={"person", "organizationalPerson", "user"}, attributes={ "cn": validated_entry["cn"], "userPrincipalName": validated_entry["userPrincipalName"], }, ) modify_ad_attributes(distinguished_name, validated_entry, ldap_conn)
def create_user_ldap(distinguished_name, sawtooth_entry, ldap_conn): """Create new AD user using attributes from sawtooth_entry.""" LOGGER.info("Creating new AD user: %s", distinguished_name) sawtooth_entry_filtered = outbound_user_filter(sawtooth_entry, "ldap") if all(attribute in sawtooth_entry_filtered for attribute in USER_REQUIRED_ATTR): ldap_conn.add( dn=distinguished_name, object_class={"person", "organizationalPerson", "user"}, attributes={ "cn": sawtooth_entry_filtered["cn"], "userPrincipalName": sawtooth_entry_filtered["userPrincipalName"], }, ) modify_ad_attributes(distinguished_name, sawtooth_entry_filtered, ldap_conn) else: LOGGER.info( "Cannot create a new user because required attributes were missing." )
def test_outbound_user_filter_bad_provider(): """ Test outbound user filter with bad provider throws error""" with pytest.raises(TypeError): outbound_user_filter({"remote_id": 1234}, "test_run")
def test_outbound_user_filter(): """ Test outbound user filter with valid user """ result = outbound_user_filter({"remote_id": 1234}, "azure") assert isinstance(result, dict) is True assert result["id"] == 1234 assert "job_title" not in result
def update_user_ldap(distinguished_name, sawtooth_entry, ldap_conn): """Update existing AD user with any updated attributes from sawtooth_entry.""" sawtooth_entry_filtered = outbound_user_filter( sawtooth_user=sawtooth_entry, provider="ldap") modify_ad_attributes(distinguished_name, sawtooth_entry_filtered, ldap_conn)