def outbound_sync_listener():
"""Initialize a delta outbound sync with Azure Active Directory."""
LOGGER.info("Starting outbound sync listener...")
while True:
try:
queue_entry = peek_at_queue("outbound_queue", TENANT_ID)
LOGGER.info("Received queue entry %s from outbound queue...",
queue_entry["id"])
data_type = queue_entry["data_type"]
LOGGER.info("Putting %s into aad...", data_type)
if is_entry_in_aad(queue_entry):
update_entry_aad(queue_entry)
else:
create_entry_aad(queue_entry)
LOGGER.info("Putting queue entry into changelog...")
put_entry_changelog(queue_entry, "outbound")
LOGGER.info("Deleting queue entry from outbound queue...")
entry_id = queue_entry["id"]
delete_entry_queue(entry_id, "outbound_queue")
except ExpectedError as err:
LOGGER.debug((
"%s Repolling after %s seconds...",
err.__str__,
LISTENER_POLLING_DELAY,
))
time.sleep(LISTENER_POLLING_DELAY)
except Exception as err:
LOGGER.exception(err)
raise err
def create_user_aad(queue_entry):
"""Creates a given user in AAD."""
headers = AUTH.check_token("POST")
if headers:
url = ("%s/%s/users", GRAPH_URL, GRAPH_VERSION)
try:
aad_user = outbound_user_creation_filter(queue_entry["data"],
"azure")
except ValueError:
LOGGER.warning(
"Unable to create user in AAD, displayName and email required: %s",
queue_entry,
)
raise ExpectedError(
"Unable to create user without display name and email.")
aad_user["passwordProfile"] = {
"password": str(uuid4())[:16],
"forceChangePasswordNextSignIn": True,
}
response = requests.post(url=url, headers=headers, json=aad_user)
if response.status_code == 201:
delete_entry_queue(queue_entry["id"], "outbound_queue")
else:
LOGGER.warning("Unable to create user in AAD: %s", queue_entry)
raise ExpectedError("Unable to create user.")
def inbound_sync_listener():
"""Initialize a delta inbound sync between the inbound queue and sawtooth."""
LOGGER.info("Starting inbound sync listener...")
LOGGER.info("Connecting to RethinkDB...")
connect_to_db()
LOGGER.info("Successfully connected to RethinkDB!")
while True:
try:
queue_entry = peek_at_queue(INBOUND_QUEUE)
LOGGER.info("Received queue entry %s from outbound queue...",
queue_entry["id"])
data_type = queue_entry["data_type"]
LOGGER.info("Putting %s into Sawtooth...", data_type)
# TODO: Validate queue_entry.
# TODO: Transform or reject invalid entries.
# TODO: Get queue_entry object from NEXT state table.
# TODO: Update object or create if it doesn't exist.
LOGGER.debug(queue_entry)
LOGGER.info("Putting queue entry into changelog...")
put_entry_changelog(queue_entry, DIRECTION)
LOGGER.info("Deleting queue entry from outbound queue...")
entry_id = queue_entry["id"]
delete_entry_queue(entry_id, INBOUND_QUEUE)
except ExpectedError as err:
time.sleep(DELAY)
except Exception as err:
LOGGER.exception(err)
raise err
def ldap_outbound_listener():
"""Initialize LDAP delta outbound sync with Active Directory."""
LOGGER.info("Starting LDAP outbound sync listener...")
while True:
try:
queue_entry = peek_at_queue("outbound_queue", LDAP_DC)
while queue_entry is None:
queue_entry = peek_at_queue("outbound_queue", LDAP_DC)
time.sleep(LISTENER_POLLING_DELAY)
LOGGER.info(
"Received queue entry %s from outbound queue...", queue_entry["id"]
)
data_type = queue_entry["data_type"]
LOGGER.debug("Putting %s into ad...", data_type)
try:
LOGGER.debug(
"Processing LDAP outbound_queue entry: %s", str(queue_entry)
)
ldap_connection = ldap_connector.await_connection(
LDAP_SERVER, LDAP_USER, LDAP_PASS
)
successful_ldap_write = process_outbound_entry(
queue_entry, ldap_connection
)
ldap_connection.unbind()
if successful_ldap_write:
update_outbound_entry_status(queue_entry["id"])
LOGGER.debug("Putting queue entry into changelog...")
put_entry_changelog(queue_entry, "outbound")
else:
LOGGER.error(
"No changes were made in AD - deleting entry from outbound queue..."
)
delete_entry_queue(queue_entry["id"], "outbound_queue")
except ValidationException as err:
LOGGER.warning(
"Outbound payload failed validation, deleting entry from outbound queue..."
)
LOGGER.warning(err)
delete_entry_queue(queue_entry["id"], "outbound_queue")
except LDAPSessionTerminatedByServerError:
LOGGER.warning(
"Ldap connection was terminated by the server. Attempting to reconnect..."
)
ldap_connection = ldap_connector.await_connection(
LDAP_SERVER, LDAP_USER, LDAP_PASS
)
def ldap_outbound_listener():
"""Initialize LDAP delta outbound sync with Active Directory."""
LOGGER.info("Starting outbound sync listener...")
LOGGER.info("Connecting to RethinkDb...")
connect_to_db()
LOGGER.info("..connected to RethinkDb")
ldap_connection = ldap_connector.await_connection(LDAP_SERVER, LDAP_USER, LDAP_PASS)
while True:
try:
queue_entry = peek_at_queue("outbound_queue", LDAP_DC)
while queue_entry is None:
queue_entry = peek_at_queue("outbound_queue", LDAP_DC)
time.sleep(LISTENER_POLLING_DELAY)
LOGGER.info(
"Received queue entry %s from outbound queue...", queue_entry["id"]
)
LOGGER.debug("Putting queue entry into changelog...")
put_entry_changelog(queue_entry, "outbound")
data_type = queue_entry["data_type"]
LOGGER.debug("Putting %s into ad...", data_type)
try:
if is_entry_in_ad(queue_entry, ldap_connection):
update_entry_ldap(queue_entry, ldap_connection)
else:
create_entry_ldap(queue_entry, ldap_connection)
except ValidationException as err:
LOGGER.warning("Outbound payload failed validation")
LOGGER.warning(err)
LOGGER.debug("Deleting queue entry from outbound queue...")
delete_entry_queue(queue_entry["id"], "outbound_queue")
except LDAPSessionTerminatedByServerError:
LOGGER.warning(
"Ldap connection was terminated by the server. Attempting to reconnect..."
)
ldap_connection = ldap_connector.await_connection(
LDAP_SERVER, LDAP_USER, LDAP_PASS
)
def ldap_outbound_listener():
"""Initialize LDAP delta outbound sync with Active Directory."""
LOGGER.info("Starting outbound sync listener...")
LOGGER.info("Connecting to RethinkDB...")
connect_to_db()
LOGGER.info("Successfully connected to RethinkDB!")
LOGGER.info("Connecting to LDAP...")
ldap_conn = connect_to_ldap()
LOGGER.info("Successfully connected to LDAP!")
while True:
try:
queue_entry = peek_at_queue("outbound_queue", LDAP_DC)
LOGGER.info("Received queue entry %s from outbound queue...",
queue_entry["id"])
data_type = queue_entry["data_type"]
LOGGER.info("Putting %s into ad...", data_type)
if is_entry_in_ad(queue_entry, ldap_conn):
update_entry_ldap(queue_entry, ldap_conn)
else:
create_entry_ldap(queue_entry, ldap_conn)
LOGGER.info("Putting queue entry into changelog...")
put_entry_changelog(queue_entry, "outbound")
LOGGER.info("Deleting queue entry from outbound queue...")
entry_id = queue_entry["id"]
delete_entry_queue(entry_id, "outbound_queue")
except ValidationException as err:
LOGGER.info(err)
LOGGER.info("No oubound payload possible. Deleting entry %s",
queue_entry)
delete_entry_queue(queue_entry["id"], "outbound_queue")
except ExpectedError as err:
LOGGER.debug((
"%s Repolling after %s seconds...",
err.__str__,
"LISTENER_POLLING_DELAY",
))
time.sleep(LISTENER_POLLING_DELAY)
except Exception as err:
LOGGER.exception(err)
raise err
def create_group_aad(queue_entry):
"""Creates a given group in aad."""
headers = AUTH.check_token("POST")
if headers:
url = ("%s/%s/groups", GRAPH_URL, GRAPH_VERSION)
try:
aad_group = outbound_group_creation_filter(queue_entry["data"],
"azure")
except ValueError:
LOGGER.warning("Unable to create group in AAD, mailNickname: %s",
queue_entry)
raise ExpectedError(
"Unable to create group without display name and email.")
response = requests.post(url=url, headers=headers, json=aad_group)
if response.status_code == 201:
delete_entry_queue(queue_entry["id"], "outbound_queue")
else:
LOGGER.warning("Unable to create group in AAD: %s", queue_entry)
raise ExpectedError("Unable to create group.")
