def config(): with open(config_file_name, "r") as f: conf_dict = yaml.load(f) creds = conf_dict["test_org"] conn = umapi_client.Connection( ims_host='ims-na1-stg1.adobelogin.com', user_management_endpoint= 'https://usermanagement-stage.adobe.io/v2/usermanagement', org_id=creds["org_id"], auth_dict=creds) return conn, conf_dict
def connect_umapi(config, test_mode): server_config = config["server"] auth_config = config["enterprise"] if server_config and all(k in server_config for k in ("host", "endpoint", "ims_host")): conn = umapi_client.Connection(org_id=auth_config["org_id"], auth_dict=auth_config, ims_host=server_config["ims_host"], user_management_endpoint="https://" + server_config["host"] + server_config["endpoint"], test_mode=test_mode) else: conn = umapi_client.Connection(org_id=auth_config["org_id"], auth_dict=auth_config, test_mode=test_mode) logger.log( logging.INFO, "Connected to %s , TEST-MODE: %s" % (auth_config["org_id"], str(test_mode))) return conn
def test_conn_and_status(config): # first create conn using key file, as usual conn1, params = config _, status = conn1.status(remote=True) logging.info("Server connection from key file, status is %s", status) assert status["state"] == "LIVE" # next create conn using key data creds = params["test_org"] key_file = creds.pop("private_key_file") with open(key_file) as f: creds["private_key_data"] = f.read() conn2 = umapi_client.Connection(org_id=creds["org_id"], auth_dict=creds) _, status = conn2.status(remote=True) logging.info("Server connection from key data, status is %s", status) assert status["state"] == "LIVE"
def __init__(self, name, caller_options): """ :type name: str :type caller_options: dict """ self.name = 'umapi' + name caller_config = user_sync.config.DictConfig( self.name + ' configuration', caller_options) builder = user_sync.config.OptionsBuilder(caller_config) builder.set_string_value('logger_name', self.name) builder.set_bool_value('test_mode', False) options = builder.get_options() server_config = caller_config.get_dict_config('server', True) server_builder = user_sync.config.OptionsBuilder(server_config) server_builder.set_string_value('host', 'usermanagement.adobe.io') server_builder.set_string_value('endpoint', '/v2/usermanagement') server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com') server_builder.set_string_value('ims_endpoint_jwt', '/ims/exchange/jwt') server_builder.set_int_value('timeout', 120) server_builder.set_int_value('retries', 3) options['server'] = server_options = server_builder.get_options() enterprise_config = caller_config.get_dict_config('enterprise') enterprise_builder = user_sync.config.OptionsBuilder(enterprise_config) enterprise_builder.require_string_value('org_id') enterprise_builder.require_string_value('tech_acct') options[ 'enterprise'] = enterprise_options = enterprise_builder.get_options( ) self.options = options self.logger = logger = user_sync.connector.helper.create_logger( options) if server_config: server_config.report_unused_values(logger) logger.debug('UMAPI initialized with options: %s', options) ims_host = server_options['ims_host'] self.org_id = org_id = enterprise_options['org_id'] auth_dict = { 'org_id': org_id, 'tech_acct_id': enterprise_options['tech_acct'], 'api_key': enterprise_config.get_credential('api_key', org_id), 'client_secret': enterprise_config.get_credential('client_secret', org_id), } # get the private key key_path = enterprise_config.get_string('priv_key_path', True) if key_path: data_setting = enterprise_config.has_credential('priv_key_data') if data_setting: raise AssertionException( '%s: cannot specify both "priv_key_path" and "%s"' % (enterprise_config.get_full_scope(), data_setting)) logger.debug('%s: reading private key data from file %s', self.name, key_path) try: with open(key_path, 'r') as f: key_data = f.read() except IOError as e: raise AssertionException( '%s: cannot read file "%s": %s' % (enterprise_config.get_full_scope(), key_path, e)) else: key_data = enterprise_config.get_credential( 'priv_key_data', org_id) # decrypt the private key, if needed passphrase = enterprise_config.get_credential('priv_key_pass', org_id, True) if passphrase: try: key_data = str( RSA.importKey( key_data, passphrase=passphrase).exportKey().decode('ascii')) except (ValueError, IndexError, TypeError) as e: raise AssertionException( '%s: Error decrypting private key, either the password is wrong or: %s' % (enterprise_config.get_full_scope(), e)) auth_dict['private_key_data'] = key_data # this check must come after we fetch all the settings enterprise_config.report_unused_values(logger) # open the connection um_endpoint = "https://" + server_options['host'] + server_options[ 'endpoint'] logger.debug('%s: creating connection for org %s at endpoint %s', self.name, org_id, um_endpoint) try: self.connection = connection = umapi_client.Connection( org_id=org_id, auth_dict=auth_dict, ims_host=ims_host, ims_endpoint_jwt=server_options['ims_endpoint_jwt'], user_management_endpoint=um_endpoint, test_mode=options['test_mode'], user_agent="user-sync/" + app_version, logger=self.logger, timeout_seconds=float(server_options['timeout']), retry_max_attempts=server_options['retries'] + 1, ) except Exception as e: raise AssertionException( "Connection to org %s at endpoint %s failed: %s" % (org_id, um_endpoint, e)) logger.debug('%s: connection established', self.name) # wrap the connection in an action manager self.action_manager = ActionManager(connection, org_id, logger)
def __init__(self, name, caller_options): ''' :type name: str :type caller_options: dict ''' caller_config = user_sync.config.DictConfig( '"%s umapi options"' % name, caller_options) builder = user_sync.config.OptionsBuilder(caller_config) builder.set_string_value('logger_name', 'umapi' + name) builder.set_bool_value('test_mode', False) options = builder.get_options() server_config = caller_config.get_dict_config('server', True) server_builder = user_sync.config.OptionsBuilder(server_config) server_builder.set_string_value('host', 'usermanagement.adobe.io') server_builder.set_string_value('endpoint', '/v2/usermanagement') server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com') server_builder.set_string_value('ims_endpoint_jwt', '/ims/exchange/jwt') options['server'] = server_options = server_builder.get_options() enterprise_config = caller_config.get_dict_config('enterprise') enterprise_builder = user_sync.config.OptionsBuilder(enterprise_config) enterprise_builder.require_string_value('org_id') enterprise_builder.require_string_value('api_key') enterprise_builder.require_string_value('client_secret') enterprise_builder.require_string_value('tech_acct') enterprise_builder.require_string_value('priv_key_path') options[ 'enterprise'] = enterprise_options = enterprise_builder.get_options( ) self.options = options self.logger = logger = helper.create_logger(options) caller_config.report_unused_values(logger) ims_host = server_options['ims_host'] self.org_id = org_id = enterprise_options['org_id'] api_key = enterprise_options['api_key'] private_key_file_path = enterprise_options['priv_key_path'] um_endpoint = "https://" + server_options['host'] + server_options[ 'endpoint'] logger.debug( 'Creating connection for org id: "%s" using private key file: "%s"', org_id, private_key_file_path) auth_dict = { "org_id": org_id, "tech_acct_id": enterprise_options['tech_acct'], "api_key": api_key, "client_secret": enterprise_options['client_secret'], "private_key_file": private_key_file_path } try: self.connection = connection = umapi_client.Connection( org_id=org_id, auth_dict=auth_dict, ims_host=ims_host, ims_endpoint_jwt=server_options['ims_endpoint_jwt'], user_management_endpoint=um_endpoint, test_mode=options['test_mode'], user_agent="user-sync/" + APP_VERSION, logger=self.logger, ) except Exception as e: raise AssertionException( "UMAPI connection to org id '%s' failed: %s" % (org_id, e)) logger.debug('API initialized on: %s', um_endpoint) self.action_manager = ActionManager(connection, org_id, logger)
def __init__(self, name, caller_options): ''' :type name: str :type caller_options: dict ''' self.name = 'umapi' + name caller_config = user_sync.config.DictConfig( self.name + ' configuration', caller_options) builder = user_sync.config.OptionsBuilder(caller_config) builder.set_string_value('logger_name', self.name) builder.set_bool_value('test_mode', False) options = builder.get_options() server_config = caller_config.get_dict_config('server', True) server_builder = user_sync.config.OptionsBuilder(server_config) server_builder.set_string_value('host', 'usermanagement.adobe.io') server_builder.set_string_value('endpoint', '/v2/usermanagement') server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com') server_builder.set_string_value('ims_endpoint_jwt', '/ims/exchange/jwt') options['server'] = server_options = server_builder.get_options() enterprise_config = caller_config.get_dict_config('enterprise') enterprise_builder = user_sync.config.OptionsBuilder(enterprise_config) enterprise_builder.require_string_value('org_id') enterprise_builder.require_string_value('tech_acct') options[ 'enterprise'] = enterprise_options = enterprise_builder.get_options( ) self.options = options self.logger = logger = helper.create_logger(options) if server_config: server_config.report_unused_values(logger) logger.debug('UMAPI initialized with options: %s', options) # set up the auth dict for umapi-client ims_host = server_options['ims_host'] self.org_id = org_id = enterprise_options['org_id'] auth_dict = { 'org_id': org_id, 'tech_acct_id': enterprise_options['tech_acct'], 'api_key': enterprise_config.get_credential('api_key', org_id), 'client_secret': enterprise_config.get_credential('client_secret', org_id), } # get the private key key_path = enterprise_config.get_string('priv_key_path', True) if key_path: data_setting = enterprise_config.has_credential('priv_key_data') if data_setting: raise AssertionException( '%s: cannot specify both "priv_key_path" and "%s"' % (enterprise_config.get_full_scope(), data_setting)) logger.debug('%s: reading private key data from file %s', self.name, key_path) auth_dict['private_key_file'] = key_path else: auth_dict['private_key_data'] = enterprise_config.get_credential( 'priv_key_data', org_id) # this check must come after we fetch all the settings enterprise_config.report_unused_values(logger) # open the connection um_endpoint = "https://" + server_options['host'] + server_options[ 'endpoint'] logger.debug('%s: creating connection for org %s at endpoint %s', self.name, org_id, um_endpoint) try: self.connection = connection = umapi_client.Connection( org_id=org_id, auth_dict=auth_dict, ims_host=ims_host, ims_endpoint_jwt=server_options['ims_endpoint_jwt'], user_management_endpoint=um_endpoint, test_mode=options['test_mode'], user_agent="user-sync/" + APP_VERSION, logger=self.logger, ) except Exception as e: raise AssertionException( "Connection to org %s at endpoint %s failed: %s" % (org_id, um_endpoint, e)) logger.debug('%s: connection established', self.name) # wrap the connection in an action manager self.action_manager = ActionManager(connection, org_id, logger)
def __init__(self, caller_options): caller_config = user_sync.config.DictConfig('<%s configuration>' % self.name, caller_options) builder = user_sync.config.OptionsBuilder(caller_config) # Let just ignore this builder.set_string_value('user_identity_type', None) builder.set_string_value('identity_type_filter', 'all') options = builder.get_options() if not options['identity_type_filter'] == 'all': try: options['identity_type_filter'] = parse_identity_type(options['identity_type_filter']) except Exception as e: raise AssertionException("Error parsing identity_type_filter option: %s" % e) self.filter_by_identity_type = options['identity_type_filter'] server_config = caller_config.get_dict_config('server', True) server_builder = user_sync.config.OptionsBuilder(server_config) server_builder.set_string_value('host', 'usermanagement.adobe.io') server_builder.set_string_value('endpoint', '/v2/usermanagement') server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com') server_builder.set_string_value('ims_endpoint_jwt', '/ims/exchange/jwt') server_builder.set_int_value('timeout', 120) server_builder.set_int_value('retries', 3) options['server'] = server_options = server_builder.get_options() enterprise_config = caller_config.get_dict_config('integration') integration_builder = user_sync.config.OptionsBuilder(enterprise_config) integration_builder.require_string_value('org_id') integration_builder.require_string_value('tech_acct') options['integration'] = integration_options = integration_builder.get_options() self.logger = logger = user_sync.connector.helper.create_logger(options) logger.debug('%s initialized with options: %s', self.name, options) self.options = options ims_host = server_options['ims_host'] self.org_id = org_id = integration_options['org_id'] auth_dict = make_auth_dict(self.name, enterprise_config, org_id, integration_options['tech_acct'], logger) # this check must come after we fetch all the settings caller_config.report_unused_values(logger) # open the connection um_endpoint = "https://" + server_options['host'] + server_options['endpoint'] logger.debug('%s: creating connection for org %s at endpoint %s', self.name, org_id, um_endpoint) try: self.connection = umapi_client.Connection( org_id=org_id, auth_dict=auth_dict, ims_host=ims_host, ims_endpoint_jwt=server_options['ims_endpoint_jwt'], user_management_endpoint=um_endpoint, test_mode=False, user_agent="user-sync/" + app_version, logger=self.logger, timeout_seconds=float(server_options['timeout']), retry_max_attempts=server_options['retries'] + 1, ) except Exception as e: raise AssertionException("Connection to org %s at endpoint %s failed: %s" % (org_id, um_endpoint, e)) logger.debug('%s: connection established', self.name) self.umapi_users = [] self.user_by_usr_key = {}
def __init__(self, name, caller_options): """ :type name: str :type caller_options: dict """ self.name = 'umapi' + name caller_config = user_sync.config.DictConfig( self.name + ' configuration', caller_options) self.trusted = caller_config.get_bool('trusted', True) if self.trusted is None: self.trusted = False builder = user_sync.config.OptionsBuilder(caller_config) builder.set_string_value('logger_name', self.name) builder.set_bool_value('test_mode', False) options = builder.get_options() server_config = caller_config.get_dict_config('server', True) server_builder = user_sync.config.OptionsBuilder(server_config) server_builder.set_string_value('host', 'usermanagement.adobe.io') server_builder.set_string_value('endpoint', '/v2/usermanagement') server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com') server_builder.set_string_value('ims_endpoint_jwt', '/ims/exchange/jwt') server_builder.set_int_value('timeout', 120) server_builder.set_int_value('retries', 3) server_builder.set_bool_value('ssl_verify', True) options['server'] = server_options = server_builder.get_options() enterprise_config = caller_config.get_dict_config('enterprise') enterprise_builder = user_sync.config.OptionsBuilder(enterprise_config) enterprise_builder.require_string_value('org_id') enterprise_builder.require_string_value('tech_acct') options[ 'enterprise'] = enterprise_options = enterprise_builder.get_options( ) self.options = options self.logger = logger = user_sync.connector.helper.create_logger( options) if server_config: server_config.report_unused_values(logger) logger.debug('UMAPI initialized with options: %s', options) ims_host = server_options['ims_host'] self.org_id = org_id = enterprise_options['org_id'] auth_dict = make_auth_dict(self.name, enterprise_config, org_id, enterprise_options['tech_acct'], logger) # this check must come after we fetch all the settings enterprise_config.report_unused_values(logger) # open the connection um_endpoint = "https://" + server_options['host'] + server_options[ 'endpoint'] logger.debug('%s: creating connection for org %s at endpoint %s', self.name, org_id, um_endpoint) try: self.connection = connection = umapi_client.Connection( org_id=org_id, auth_dict=auth_dict, ims_host=ims_host, ims_endpoint_jwt=server_options['ims_endpoint_jwt'], user_management_endpoint=um_endpoint, test_mode=options['test_mode'], user_agent="user-sync/" + app_version, logger=self.logger, timeout_seconds=float(server_options['timeout']), retry_max_attempts=server_options['retries'] + 1, ssl_verify=server_options['ssl_verify']) except Exception as e: raise AssertionException( "Connection to org %s at endpoint %s failed: %s" % (org_id, um_endpoint, e)) logger.debug('%s: connection established', self.name) # wrap the connection in an action manager self.action_manager = ActionManager(connection, org_id, logger)
def config(): with open(config_file_name, "r") as f: conf_dict = yaml.load(f) creds = conf_dict["test_org"] conn = umapi_client.Connection(org_id=creds["org_id"], auth_dict=creds) return conn, conf_dict
'-r', '--reverse', help= 'reverse conversion (go from username to email, rather than email to username)', dest='from_email', action='store_false', default=True) args = parser.parse_args() with open(args.config_filename, "r") as f: config = yaml.load(f) conn = umapi_client.Connection( org_id=config["org_id"], auth_dict=config, test_mode=args.test_mode, # ims_host='ims-na1-stg1.adobelogin.com', ims_endpoint_jwt='/ims/exchange/jwt', # user_management_endpoint='https://usermanagement-stage.adobe.io/v2/usermanagement', logger=logger) cols = ['Username', 'Email', 'New Email', 'New Username'] actions = {} for user_rec in CSVAdapter.read_csv_rows(args.users_filename, recognized_column_names=cols): username, email, new_email, new_username, domain = \ user_rec.get('Username'), user_rec.get('Email'), user_rec.get('New Email'),user_rec.get('New Username'), user_rec.get('Domain') if not username or not email: logger.warning( "Skipping input record with missing Username and/or Email: %s" % user_rec)
def scan_umapi(log: logging.Logger, options: Any, output_folder: Path) -> None: """ Call Adobe umapi and serialize results to compressed xml document :param log: :param options: :param output_folder: :return: """ scanned_groups = 0 scanned_users = 0 org_id = config['org_id'] # noinspection SpellCheckingInspection ext = ".scaa" output_file = output_folder.joinpath(options.uuid + ext) start_time = time.time() doc = Document() xml = doc.createElement('octoscan') xml.setAttribute("uuid", options.uuid) xml.setAttribute("timestamp", datetime.utcnow().replace(microsecond=0).isoformat()) xml.setAttribute("build", octoscan_build) doc.appendChild(xml) octoscan_config = doc.createElement('octoscan_config') if len(options.tag) > 0: append_info_element(doc, octoscan_config, 'tag', 'S', options.tag) append_info_element(doc, octoscan_config, 'OutputFolder', 'S', str(output_folder)) xml.appendChild(octoscan_config) meta = doc.createElement('meta') append_info_element(doc, meta, 'org_id', 'S', org_id) append_info_element(doc, meta, 'tech_acct_id', 'S', config['tech_acct_id']) xml.appendChild(meta) conn = None try: conn = umapi_client.Connection(org_id=org_id, auth_dict=config) except Exception as e: log.exception(e) if not conn: log.error("Failed to connect to Adobe cloud") groups = doc.createElement('groups') umapi_groups = umapi_client.GroupsQuery(conn) for umapi_group in umapi_groups: g = doc.createElement('group') g.setAttribute('name', umapi_group['groupName']) append_dict(doc, g, umapi_group) scanned_groups += 1 groups.appendChild(g) xml.appendChild(groups) users = doc.createElement('users') umapi_users = umapi_client.UsersQuery(conn) for umapi_user in umapi_users: u = doc.createElement('user') u.setAttribute('name', umapi_user['username']) append_dict(doc, u, umapi_user) scanned_users += 1 users.appendChild(u) xml.appendChild(users) end_time = time.time() performance = doc.createElement('octoscan_performance') append_info_element(doc, performance, 'seconds', 'I', str(int(end_time - start_time))) xml.appendChild(performance) with gzip.open(output_file, 'w') as f_out: f_out.write(doc.toprettyxml(indent="\t").encode('utf-8')) print(output_file) log.info( f"Adobe umapi {scanned_users} users {scanned_groups} groups scanned output to {output_file}" )