def _account_ins(self): cnt_need_update = self.dev_update_queue.qsize() if (cnt_need_update == 0): return cnt_need_update cnt_result = 0 while (self.dev_update_queue.qsize() > 0): # make sure the queue is not empty dev = self.dev_update_queue.get(True) # get by block try: owner = dev['attributes'].get('deviceOwner', [''])[0] udid = dev['attributes'].get('UDID', [''])[0] if len(owner) > 0: aidobj = HostedAccount() account = aidobj.get_account_id(**{'objectClass':'hostedUser', 'mail' : owner}) #only hosted user for MDMi if account: devobj = HostedDevice(udid) data = devobj.format_update_data(None, 'replace', account=account[0]) result = devobj.do_update(attributes=data) del devobj if result.code >= 200 and result.code < 300: cnt_result = cnt_result + 1 del aidobj except Exception, e: logger.error('Insert account error:%s' % repr(e)) pass
def _get_config(self, account_id): # TODO the default value should not specific credential = { 'Host': '', 'Port': 443, 'aw-tenant-code': '', 'Authorization': '', 'Content-Type': 'application/json', } account = HostedAccount(account_id) # get mdmUrl, mdmUsername, mdmPassword, mdmToken from hosteddb c = account.get_airwatch_credential() try: credential['Host'] = self._strip_hostname(c['mdmUrl']) username = self._strip_value(c['mdmUsername']) # the airwatch password in hosted was encrypted. password = decrypt(self._strip_value(c['mdmPassword'], False)) credential['Authorization'] = " ".join(['Basic', base64.b64encode(':'.join([username, password]))]) credential['aw-tenant-code'] = self._strip_value(c['mdmToken']) except Exception as e: logger.warning('Error when getting airwatch credential: %s', e) raise Exception(e) return credential
def main(): #estimate localhost is master result = os.path.exists('/etc/sysconfig/mes.primary') if result: logger.info('Start adding periodic usergroup sync tasks.') hosted_account = HostedAccount(ACCOUNT_BLACK_SPIDER) #acct_nums = hosted_account.get_airwatch_account_ids() acct_nums = hosted_account.get_airwatch_hosted_account_ids() success = 0 failure = 0 if acct_nums: for n in acct_nums: try: task_num = HostedTaskQueue().do_get_task_total(tqname=TASK_QUEUE_USERGROUP_PERIODIC, account=int(n)) if int(task_num): logger.info('Another machine has added periodic sync tasks. Abort adding.') break logger.info('To add periodic usergroup sync task for account %s.', n) HostedTaskQueue().do_add(tqname=TASK_QUEUE_USERGROUP_PERIODIC, account=int(n)) success += 1 logger.info('Added periodic usergroup sync task for account %s.', n) except Exception as e: failure += 1 logger.error('Add periodic usergroup sync task for account %s failed. %s', n, e) logger.error(e) logger.info('END adding periodic usergroup sync tasks. %d success, %d failure.', success, failure) else: logger.info('localhost is not master')
def _account_ins(self): cnt_need_update = self.dev_update_queue.qsize() if (cnt_need_update == 0): return cnt_need_update cnt_result = 0 while (self.dev_update_queue.qsize() > 0): # make sure the queue is not empty dev = self.dev_update_queue.get(True) # get by block try: owner = dev['attributes'].get('deviceOwner', [''])[0] udid = dev['attributes'].get('UDID', [''])[0] if len(owner) > 0: aidobj = HostedAccount() account = aidobj.get_account_id(**{ 'objectClass': 'hostedUser', 'mail': owner }) #only hosted user for MDMi if account: devobj = HostedDevice(udid) data = devobj.format_update_data(None, 'replace', account=account[0]) result = devobj.do_update(attributes=data) del devobj if result.code >= 200 and result.code < 300: cnt_result = cnt_result + 1 del aidobj except Exception, e: logger.error('Insert account error:%s' % repr(e)) pass
def _get_accounts(self): logger.info("get all accounts start") accounts = [] try: hosted_acc = HostedAccount() accounts = hosted_acc.get_airwatch_account_ids() except Exception, e: logger.error("get account from RS error %s " % repr(e))
def _get_modify_admin(self, account): mails = [] logger.info("get modify permission admins from account %d start" % account) try: hosted_user = HostedAccount(account) admins = hosted_user.get_admins() if isinstance(admins, list): if len(admins) > 0: for admin in admins: mail = self._check_permission(admin) if mail: mails.append(mail) else: logger.error("no admin for the account %d" % account) else: mails.append(self._check_permission(admins)) except Exception, e: logger.error("get modify permission admin error %s" % repr(e))
def process(self): account = os.environ.get('hosted_account') #estimate the device version if self.dict["type"] == 'install': data_info = json.loads(self.request.data) logger.debug('Notification REST Service - Device :%s', data_info['Device']) version = data_info['Device']['OperatingSystem'] version_1 = int(version.split('.')[0]) logger.debug('Notification REST Service - Device version: %s %s', data_info['Device']['Platform'], version) if data_info['Device']['Platform'] == 'Apple' and version_1 < 7: raise ValueError( 'Notification REST Service - IOS Device Vsersion: %s Not Support' % version) elif data_info['Device']['Platform'] == 'Android' and version_1 < 4: raise ValueError( 'Notification REST Service - Android Device Vsersion: %s Not Support' % version) #distinguish hosted or hybird account account_info = HostedAccount(account).get_airwatch_credential() if account_info['enabledServices'].find('wdCategories') >= 0: data = json.loads(self.request.data) data['User'].update({'enabledServices': 'wdCategories'}) self.request.data = json.dumps(data) logger.debug("account:%s is Hosted account", account) else: data = json.loads(self.request.data) data['User'].update({'enabledServices': 'hyPE'}) self.request.data = json.dumps(data) logger.debug("account:%s is Hybrid account", account) logger.debug('data info:%s', self.request.data) self.request.account_id = int(account) del os.environ['hosted_account']
def update_certs_by_accounts(accounts=None): if accounts == "all": account_array = HostedAccount().get_airwatch_account_ids() else: account_array = accounts.split(',') if verbose > 0: print "MDMi enabled accounts: %s" % account_array thread_list = [] device_total = [] for account_id in account_array: hosted_device = HostedDevice() idx = 0 max = 100 total = 0 try: while idx >= 0: result = hosted_device.do_get_many(idx, max, 'account', account=account_id, deviceEnrollmentStatus='1') if result.code >= 200 and result.code < 300: device_list = json.loads(result.content) for device in device_list: #udid = device['attributes']['UDID'][0] device_total.append(device) if len(device_list) == max: idx = idx + 1 else: idx = -1 except Exception, e: print "Failed to update the certificate for the account: %s, error message: %s\n" % ( account_id, str(e)) finally:
def _get_aw_accounts(self): # temp return HostedAccount().get_airwatch_account_ids() pass
def get_activesync_whitelists(account, user_type): #get whitelist settings from RS first, and insert internal ip range, notice: should know user type (hosted, hybrid) first whitelist = [] hosted_account = HostedAccount(account) hosted_networks = hosted_account.get_hosted_networks() logger.debug('hosted_networks are: %s'% hosted_networks) ''' #for test hosted_networks = [ { "href" : "https://localhost:8085/rs/v-1/account-130/cn-connection1%20%2828%29", "attributes" : { "cn" : [ "connection1 (28)" ], "policy" : [ "71" ], "objectClass" : [ "hostedNetwork" ], "ipaddress" : [ "10.255.40.1" ], "description" : [ "connection1" ], "scope" : [ "external" ] }, "dn" : "cn=connection1 (28),account=130,dc=blackspider,dc=com" } ] ''' if not isinstance(hosted_networks, list): hosted_networks = [hosted_networks] for item in hosted_networks: addr_from = '' addr_to = '' ip = '' item = item['attributes'] #ipaddress if item.has_key('ipaddress'): condition = isinstance(item['ipaddress'], list) ip = item['ipaddress'][0] if condition else item['ipaddress'] whitelist.append(ip) #iprange elif item.has_key('iprange'): #condition = isinstance(item['addrFrom'], list) (addr_from, addr_to) = item['iprange'].split('-') whitelist.append({'addrFrom':addr_from, 'addrTo':addr_to}) #subnet elif item.has_key('subnet'): (subnet, cidr) = item['subnet'].split('/') whitelist.append({'subnet':subnet, 'cidr':cidr}) else: logger.error('unrecgnized hosted network:%s' % item) pass #return internal ip range as default return whitelist;
def get_activesync_whitelists(account, user_type): #get whitelist settings from RS first, and insert internal ip range, notice: should know user type (hosted, hybrid) first whitelist = [] hosted_account = HostedAccount(account) hosted_networks = hosted_account.get_hosted_networks() logger.debug('hosted_networks are: %s' % hosted_networks) ''' #for test hosted_networks = [ { "href" : "https://localhost:8085/rs/v-1/account-130/cn-connection1%20%2828%29", "attributes" : { "cn" : [ "connection1 (28)" ], "policy" : [ "71" ], "objectClass" : [ "hostedNetwork" ], "ipaddress" : [ "10.255.40.1" ], "description" : [ "connection1" ], "scope" : [ "external" ] }, "dn" : "cn=connection1 (28),account=130,dc=blackspider,dc=com" } ] ''' if not isinstance(hosted_networks, list): hosted_networks = [hosted_networks] for item in hosted_networks: addr_from = '' addr_to = '' ip = '' item = item['attributes'] #ipaddress if item.has_key('ipaddress'): condition = isinstance(item['ipaddress'], list) ip = item['ipaddress'][0] if condition else item['ipaddress'] whitelist.append(ip) #iprange elif item.has_key('iprange'): #condition = isinstance(item['addrFrom'], list) (addr_from, addr_to) = item['iprange'].split('-') whitelist.append({'addrFrom': addr_from, 'addrTo': addr_to}) #subnet elif item.has_key('subnet'): (subnet, cidr) = item['subnet'].split('/') whitelist.append({'subnet': subnet, 'cidr': cidr}) else: logger.error('unrecgnized hosted network:%s' % item) pass #return internal ip range as default return whitelist