def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return msg = f'Attempting to reset MFA factors for user ID {MODULE_OPTIONS["id"]["value"]}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") url = f'{ctx.obj.base_url}/users/{MODULE_OPTIONS["id"]["value"]}/lifecycle/reset_factors' headers = { "Accept": "application/json", "Content-Type": "application/json", "Authorization": f"SSWS {ctx.obj.api_token}", } params = {} payload = {} try: response = ctx.obj.session.post(url, headers=headers, params=params, json=payload, timeout=7) except Exception as e: LOGGER.error(e, exc_info=True) index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=e) click.secho(f"[!] {URL_OR_API_TOKEN_ERROR}", fg="red") response = None if response.ok: msg = f'MFA factors reset for user {MODULE_OPTIONS["id"]["value"]}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.secho(f"[*] {msg}", fg="green") get_user_object(ctx, MODULE_OPTIONS["id"]["value"]) else: msg = ( f"Error resetting MFA factors for Okta user\n" f" Response Code: {response.status_code} | Response Reason: {response.reason}\n" f' Error Code: {response.json().get("errorCode")} | Error Summary: {response.json().get("errorSummary")}' ) LOGGER.error(msg) index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=msg) click.secho(f"[!] {msg}", fg="red") click.echo( "Check that the user's status is ACTIVE and that they have at least one factor enrolled" ) return
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return policy_id = MODULE_OPTIONS["policy_id"]["value"] rule_id = MODULE_OPTIONS["rule_id"]["value"] rule = get_policy_rule(ctx, policy_id, rule_id) if rule: if rule["status"] == "ACTIVE": click.echo("[*] Rule is ACTIVE") if click.confirm( f'[*] Do you want to deactivate rule {rule_id} ({rule["name"]})?', default=True): msg = f'Attempting to deactivate rule {rule_id} ({rule["name"]}) in policy {policy_id}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") set_policy_rule_state(ctx, policy_id, rule_id, operation="DEACTIVATE") elif rule["status"] == "INACTIVE": click.echo("[*] Rule is INACTIVE") if click.confirm( f'[*] Do you want to activate rule {rule_id} ({rule["name"]})?', default=True): msg = f'Attempting to activate rule {rule_id} ({rule["name"]}) in policy {policy_id}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") set_policy_rule_state(ctx, policy_id, rule_id, operation="ACTIVATE") else: click.echo(f'[*] Rule status is {rule["status"]}')
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return msg = f'Attempting to get profile and group memberships for user ID {MODULE_OPTIONS["id"]["value"]}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") get_user_object(ctx, MODULE_OPTIONS["id"]["value"]) get_user_groups(ctx, MODULE_OPTIONS["id"]["value"])
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return zone_id = MODULE_OPTIONS["id"]["value"] zone = get_zone_object(ctx, zone_id) if zone: if zone["status"] == "ACTIVE": click.echo("[*] Zone is ACTIVE") if click.confirm( f'[*] Do you want to deactivate zone {zone_id} ({zone["name"]})?', default=True): msg = f'Attempting to deactivate zone {zone_id} ({zone["name"]})' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") set_zone_state(ctx, zone["id"], operation="DEACTIVATE") elif zone["status"] == "INACTIVE": click.echo("[*] Zone is INACTIVE") if click.confirm( f'[*] Do you want to activate zone {zone_id} ({zone["name"]})?', default=True): msg = f'Attempting to activate zone {zone_id} ({zone["name"]})' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") set_zone_state(ctx, zone["id"], operation="ACTIVATE") else: click.echo(f'[*] Policy status is {zone["status"]}')
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return user_id = MODULE_OPTIONS["id"]["value"] click.echo("""[*] Attempting to retrieve user's current state""") error = get_user_object(ctx, user_id) if error: return click.echo("[*] Available lifecycle operations:") for index, operation in enumerate(LIFECYCLE_OPERATIONS): click.echo( f'{index + 1}. {operation["operation"]} - {operation["description"]}' ) while True: choice = click.prompt( "[*] Which state do you want to transition the user to?", type=int) if (choice > 0) and (choice <= len(LIFECYCLE_OPERATIONS)): lifecycle_operation = LIFECYCLE_OPERATIONS[choice - 1]["operation"] msg = f"Attempting to {lifecycle_operation} user ID {user_id}" LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") execute_lifecycle_operation(ctx, user_id, lifecycle_operation) return else: click.secho("[!] Invalid option selected", fg="red")
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return policy_id = MODULE_OPTIONS["id"]["value"] policy = get_policy_object(ctx, policy_id) if policy: original_name = policy["name"] new_name = f'{policy["name"]} TEMP_STRING' # Rename the policy rename_policy(ctx, policy_id, policy["type"], original_name, new_name) # Change the policy name back to its original value rename_policy(ctx, policy_id, policy["type"], new_name, original_name) return
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return msg = f'Attempting to get policy object for policy ID {MODULE_OPTIONS["id"]["value"]}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") policy = get_policy_object(ctx, MODULE_OPTIONS["id"]["value"], rules=True) if policy: print_policy_object(policy) if click.confirm( f"[*] Do you want to save policy {policy['id']} ({policy['name']}) to a file?", default=True): file_path = f'{ctx.obj.data_dir}/{ctx.obj.profile_id}_policy_{policy["id"]}' write_json_file(file_path, policy)
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return zone_id = MODULE_OPTIONS["id"]["value"] zone = get_zone_object(ctx, zone_id) if zone: original_name = zone["name"] new_name = f'{zone["name"]} TEMP_STRING' # Rename the zone rename_zone(ctx, zone, original_name, new_name) # Change the policy name back to its original value rename_zone(ctx, zone, new_name, original_name) return
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return policy_id = MODULE_OPTIONS["policy_id"]["value"] rule_id = MODULE_OPTIONS["rule_id"]["value"] rule = get_policy_rule(ctx, policy_id, rule_id) if rule: original_name = rule["name"] new_name = f'{rule["name"]} TEMP_STRING' # Rename the policy rule rename_policy_rule(ctx, policy_id, rule, original_name, new_name) # Change the policy rule name back to its original value rename_policy_rule(ctx, policy_id, rule, new_name, original_name) return
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return admin_roles = ctx.obj.admin_roles user_id = MODULE_OPTIONS["id"]["value"] click.echo("[*] Available admin roles:") for index, role in enumerate(admin_roles): click.echo(f"{index + 1}. {role}") while True: choice = click.prompt( "[*] Which admin role do you want to assign to the user?", type=int) if (choice > 0) and (choice <= len(admin_roles)): role_type = admin_roles[choice - 1] msg = f"Attempting to assign admin role, {role_type} to user ID, {user_id}" LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") assign_admin_role(ctx, user_id, role_type, target="user") return else: click.secho("[!] Invalid option selected", fg="red")
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return msg = f'Attempting to generate a one-time token to reset the password for user ID {MODULE_OPTIONS["id"]["value"]}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") url = f'{ctx.obj.base_url}/users/{MODULE_OPTIONS["id"]["value"]}/lifecycle/reset_password' headers = { "Accept": "application/json", "Content-Type": "application/json", "Authorization": f"SSWS {ctx.obj.api_token}", } # Set sendEmail to False. The default value for sendEmail is True, which will send the one-time token to the # target user params = {"sendEmail": "False"} payload = {} try: response = ctx.obj.session.post(url, headers=headers, params=params, json=payload, timeout=7) except Exception as e: LOGGER.error(e, exc_info=True) index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=e) click.secho(f"[!] {URL_OR_API_TOKEN_ERROR}", fg="red") response = None if response.ok: msg = f'One-time password reset token generated for user {MODULE_OPTIONS["id"]["value"]}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.secho(f"[*] {msg}", fg="green") click.echo( "[*] The user will have the status of RECOVERY and will not be able to login or initiate the " "forgot password flow until the password is reset") response = response.json() click.echo(f'Reset password URL: {response["resetPasswordUrl"]}') else: msg = ( f"Error resetting password for user\n" f" Response Code: {response.status_code} | Response Reason: {response.reason}\n" f' Error Code: {response.json().get("errorCode")} | Error Summary: {response.json().get("errorSummary")}' ) LOGGER.error(msg) index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=msg) click.secho(f"[!] {msg}", fg="red") click.echo( "Check the status of the user. The user's status must be ACTIVE") return
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return user_id = MODULE_OPTIONS["id"]["value"] enrolled_factors, error = list_enrolled_factors(ctx, user_id) if error: return if not enrolled_factors: msg = f"No enrolled MFA factors found for user {user_id}" LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") return else: msg = f"Found {len(enrolled_factors)} enrolled MFA factors for user {user_id}" LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.secho(f"[*] {msg}", fg="green") # Print the user's enrolled factors factors = [] for index, factor in enumerate(enrolled_factors): factors.append(( index + 1, factor["id"], factor.get("factorType", "-"), factor.get("provider", "-"), factor.get("vendorName", "-"), factor.get("status", "-"), )) headers = [ "#", "Factor ID", "Type", "Provider", "Vendor Name", "Status" ] click.echo(tabulate(factors, headers=headers, tablefmt="pretty")) # Prompt to delete a factor while True: if click.confirm( "[*] Do you want to delete a MFA factor from the user's profile?", default=True): choice = click.prompt( "[*] Enter the number (#) of the MFA factor to delete", type=int) if (choice > 0) and (choice <= len(factors)): factor_id = enrolled_factors[choice - 1]["id"] reset_factor(ctx, user_id, factor_id) return else: click.secho("[!] Invalid choice", fg="red") return else: return
def execute(ctx): """Execute this module with the configured options""" error = check_module_options(MODULE_OPTIONS) if error: return password = click.prompt( "[*] Enter a password for the new user. The input for this value is hidden", hide_input=True) msg = f'Attempting to create new Okta user {MODULE_OPTIONS["login"]["value"]}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.echo(f"[*] {msg}") url = f"{ctx.obj.base_url}/users" headers = { "Accept": "application/json", "Content-Type": "application/json", "Authorization": f"SSWS {ctx.obj.api_token}", } # Activate the new user when it's created params = {"activate": "true"} payload = { "profile": { "firstName": MODULE_OPTIONS["first_name"]["value"], "lastName": MODULE_OPTIONS["last_name"]["value"], "email": MODULE_OPTIONS["email"]["value"], "login": MODULE_OPTIONS["login"]["value"], }, "groupIds": MODULE_OPTIONS["group_ids"]["value"], "credentials": { "password": { "value": password } }, } try: response = ctx.obj.session.post(url, headers=headers, params=params, json=payload, timeout=7) except Exception as e: LOGGER.error(e, exc_info=True) index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=e) click.secho(f"[!] {URL_OR_API_TOKEN_ERROR}", fg="red") response = None if response.ok: msg = f'Created new Okta user {MODULE_OPTIONS["login"]["value"]}' LOGGER.info(msg) index_event(ctx.obj.es, module=__name__, event_type="INFO", event=msg) click.secho(f"[*] {msg}", fg="green") else: msg = ( f"Error creating new Okta user\n" f" Response Code: {response.status_code} | Response Reason: {response.reason}\n" f' Error Code: {response.json().get("errorCode")} | Error Summary: {response.json().get("errorSummary")}' ) LOGGER.error(msg) index_event(ctx.obj.es, module=__name__, event_type="ERROR", event=msg) click.secho(f"[!] {msg}", fg="red") click.echo( 'Did you try and add the new user to a built-in group? E.g. "Everyone"' ) return