def inviteUser(email, configMap, allPermissions, plugin_tag, name):
#Get Authorization token
data = {'grant_type': 'client_credentials'}
credential = requests.post(
"https://bitbucket.org/site/oauth2/access_token",
auth=(getKey(configMap), getSecret(configMap)),
data=data)
my_json = credential.content.decode('utf8')
data = json.loads(my_json)
access_token = data.get('access_token')
cli_groups = []
for permission in allPermissions:
thisPermissions = ast.literal_eval(permission)
if thisPermissions['plugin'] == plugin_tag:
del thisPermissions['plugin']
cli_groups = list(thisPermissions.values())
break
if len(cli_groups) == 0:
cli_groups = getGroups(configMap, plugin_tag)
for group in cli_groups:
invGroup = requests.put("https://api.bitbucket.org/1.0/users/" +
configMap['global']['organization'] +
"/invitations/" + email + "/" +
configMap['global']['organization'] + "/" +
group + "?access_token=" + access_token)
log = 'BitBucket: Email invite sent from Bitbucket.\n'
instruction = inviteMessage(configMap, plugin_tag)
return getJsonResponse('Bitbucket', email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag):
log = plugin_tag + ': ' + email[:-13] + removalMessage(
configMap, plugin_tag) + '\n'
instruction = email[:-13] + removalMessage(configMap, plugin_tag)
for plugin in configMap['plugins']:
if plugin['plugin'] + ':' + plugin['tag'] == plugin_tag:
azureConfig = plugin
credentialsToken = UserPassCredentials(
azureConfig['email'],
azureConfig["password"],
resource="https://graph.windows.net")
graphrbac_client = GraphRbacManagementClient(credentialsToken,
azureConfig["directory"])
users = graphrbac_client.users.list()
for user in users:
if user.user_principal_name[:-29] == email[:-13]:
userID = user.object_id
break
try:
graphrbac_client.users.delete(userID)
except:
log = plugin_tag + ': ' + email[:-13] + ' does not exist in Azure AD\n'
instruction = email[:-13] + ' does not exist in Azure AD'
return getJsonResponse("Azure Active Directory", email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag):
#Get Authorization token
key = getKey(configMap)
data = {'grant_type': 'client_credentials'}
credential = requests.post(
"https://bitbucket.org/site/oauth2/access_token",
auth=(getKey(configMap), getSecret(configMap)),
data=data)
my_json = credential.content.decode('utf8')
data = json.loads(my_json)
access_token = data.get('access_token')
#get all groups
groups = requests.get("https://api.bitbucket.org/1.0/groups/" +
configMap['global']['organization'] +
"?access_token=" + access_token)
my_json = groups.content.decode('utf8')
data = json.loads(my_json)
# Remove from groups
for group in data:
delMem = requests.delete("https://api.bitbucket.org/1.0/groups/" +
configMap['global']['organization'] + "/" +
group.get('name').lower() + "/members/" +
email + "?access_token=" + access_token)
log = 'BitBucket: ' + email + ' removed from team.\n'
instruction = email[:-13] + removalMessage(configMap, plugin_tag)
return getJsonResponse('Bitbucket', email, log, instruction)
def inviteUser(email,configMap,allPermissions, plugin_tag, name):
for plugin in configMap['plugins']:
if plugin['plugin'] + ':' + plugin['tag'] == plugin_tag:
password= plugin['password']
user=plugin['admin']
url=plugin['url']
data = {
"name": email[:-13], #username
"password": "******",
"emailAddress": email,
"displayName": name,
"applicationKeys": [
"jira-server"
]
}
data=json.dumps(data)
headers = {'Accept':'application/json',
'Content-Type': 'application/json'
}
create=requests.post(url+'/rest/api/2/user', headers=headers,auth=(user, password), data=data)
data={'name': email[:-13]}
data = json.dumps(data)
groups = getCLIgroups(configMap, plugin_tag, allPermissions)
for group in groups:
add=requests.post(url+'/rest/api/2/group/user?groupname='+group, auth=(user, password),headers=headers, data=data )
log = 'Jira: ' + email[:-13] + ' added to ' + plugin_tag + '\n'
instruction = inviteMessage(configMap, plugin_tag)
return getJsonResponse("Jira Server",email, log, instruction)
def removeUser(email, configMap,allPermissions, plugin_tag):
for plugin in configMap['plugins']:
if plugin['plugin'] + ':' + plugin['tag'] == plugin_tag:
password = plugin['password']
user = plugin['admin']
url=plugin['url']
headers = {'Accept': 'application/json',
'Content-Type': 'application/json'
}
#listing user groups returns empty array. Getting all org groups instead.
# https://docs.atlassian.com/software/jira/docs/api/REST/7.6.1/#api/2/user-getUser
#get = requests.get(url+"/rest/api/2/user?username="******"/rest/api/2/groups/picker?username="******"<username>",email[:-13])
return getJsonResponse("Jira Server", email, log, instruction)
def inviteUser(email, configMap, allPermissions, plugin_tag, name):
rights = {}
for permission in allPermissions:
thisPermissions = ast.literal_eval(permission)
if thisPermissions['plugin'] == plugin_tag:
del thisPermissions['plugin']
rights = thisPermissions
break
if len(rights) == 0:
rights = getPermissions(configMap, plugin_tag)
rights['user[email]'] = email
users = requests.post(
getUrl(configMap, plugin_tag) + "/invite.json",
headers={'X-Papertrail-Token': getApiToken(configMap, plugin_tag)},
data=rights)
log = plugin_tag + ': Email invite sent from Papertrail.\n'
instruction = inviteMessage(configMap, plugin_tag)
if users.status_code != 200:
log = plugin_tag + ' error: ' + str(users.status_code) + str(
users.content) + ' Make sure if email doesn\'t exist already.\n'
instruction = log
return getJsonResponse('Papertrail ' + plugin_tag[11:], email, log,
instruction)
def removeUser(email, configMap, allPermissions, plugin_tag):
#get team id
team = requests.get("https://slack.com/api/team.info?token=" +
getApiToken(configMap, plugin_tag))
my_json = team.content.decode('utf8')
data = json.loads(my_json)
teamId = data['team']['id']
log = "Slack: " + email[:-13] + " was removed from Slack.\n"
instruction = email[:-13] + removalMessage(configMap, plugin_tag)
try:
#get user id
userId = requests.get("https://slack.com/api/auth.findUser?token=" +
getApiToken(configMap, plugin_tag) + "&email=" +
email + "&team=" + teamId)
my_json = userId.content.decode('utf8')
data = json.loads(my_json)
slackUserID = data['user_id']
#disable user
user = requests.post("https://slack.com/api/users.admin.setInactive" +
"?token=" + getApiToken(configMap, plugin_tag) +
"&user=" + slackUserID)
except Exception as error:
log = 'Slack: Remove from slack error: ' + email + ' does not exist or is already inactive\n error: ' + str(
error) + '\n'
instruction = email + ' was not found or is already inactive.'
return getJsonResponse('Slack', email, log, instruction)
def inviteUser(email, configMap, allPermissions, plugin_tag, name):
groups = getCLIgroups(configMap, plugin_tag, allPermissions)
for plugin in configMap['plugins']:
if plugin['plugin'] + ':' + plugin['tag'] == plugin_tag:
azureConfig = plugin
log = 'Azure: ' + email[:-13] + ' added to ' + azureConfig[
"directory"] + '.\n'
instruction = inviteMessage(configMap, plugin_tag).replace(
"<username>", email[:-13] + "@{}".format(azureConfig["directory"]))
pw = 'Ab1' + ''.join(
random.choices(
string.ascii_uppercase + string.ascii_lowercase + string.digits,
k=13))
credentialsToken = UserPassCredentials(
azureConfig['email'], # new user
azureConfig["password"],
resource="https://graph.windows.net")
graphrbac_client = GraphRbacManagementClient(credentialsToken,
azureConfig["directory"])
try:
user = graphrbac_client.users.create(
UserCreateParameters(user_principal_name=email[:-13] +
"@{}".format(azureConfig["directory"]),
account_enabled=True,
display_name=name,
mail_nickname=email[:-13],
password_profile=PasswordProfile(
password=pw,
force_change_password_next_login=True)))
url = azureConfig['url'] + user.object_id
groupIDs = []
azureGroups = graphrbac_client.groups.list()
for group in groups:
for azureGroup in azureGroups:
if group == azureGroup.display_name:
groupIDs.append(azureGroup.object_id)
for groupId in groupIDs:
addGroup = graphrbac_client.groups.add_member(groupId, url)
except:
log = 'Azure: failed to add, ' + email + ', user already exists .\n'
instruction = email + ' already exists.'
return getJsonResponse("Azure Active Directory", email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag):
#Deletes the specified IAM user. The user must not belong to any groups or have any access keys, signing certificates, or attached policies.
for key in configMap['plugins']:
if key['plugin'] + ':' + key['tag'] == plugin_tag:
ID = key['ID']
Secret = key['Secret']
username = email[:-13]
client = boto3.client('iam',
aws_access_key_id=ID,
aws_secret_access_key=Secret)
log = plugin_tag + ': ' + username + ' removed from organization.\n'
instruction = email[:-13] + removalMessage(configMap, plugin_tag)
try:
# remove from groups
response = client.list_groups_for_user(UserName=username)
groups = response.get('Groups')
for group in groups:
response = client.remove_user_from_group(
GroupName=group.get('GroupName'), UserName=username)
# remove access keys
response = client.list_access_keys(UserName=username)
keys = response.get('AccessKeyMetadata')
for key in keys:
response = client.delete_access_key(
UserName=username, AccessKeyId=key.get('AccessKeyId'))
# delete login profile
try:
response = client.delete_login_profile(UserName=username)
except:
pass
response = client.delete_user(UserName=username)
except (botocore.exceptions.ClientError,
botocore.exceptions.ClientError) as e:
if e.response['Error']['Code'] == 'NoSuchEntity':
log = plugin_tag + ': Failed to remove ' + username + '. ' + str(e)
instruction = plugin_tag + ': Failed to remove ' + username + '. ' + str(
e)
else:
raise e
return getJsonResponse('AWS ' + plugin_tag[4:], email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag):
users = requests.get(
getUrl(configMap, plugin_tag) + ".json",
headers={'X-Papertrail-Token': getApiToken(configMap, plugin_tag)})
my_json = users.content.decode('utf8')
data = json.loads(my_json)
for element in data:
if element['email'] == email:
id = element['id']
log = plugin_tag + ': ' + email + ' removed from papertrail.\n'
instruction = email[:-13] + removalMessage(configMap, plugin_tag)
try:
users = requests.delete(
getUrl(configMap, plugin_tag) + "/" + str(id) + ".json",
headers={'X-Papertrail-Token': getApiToken(configMap, plugin_tag)})
except (UnboundLocalError):
log = plugin_tag + ' ' + email + ' does not exist, delete failed.\n'
return getJsonResponse('Papertrail ' + plugin_tag[11:], email, log,
instruction)
def inviteUser(email, configMap, allPermissions, plugin_tag, name):
username = email[:-13]
cli_groups = []
log = 'AWS: ' + username + ' added to ' + plugin_tag + '\n'
instruction = inviteMessage(configMap,
plugin_tag).replace("<username>", username)
for permission in allPermissions:
thisPermissions = ast.literal_eval(permission)
if thisPermissions['plugin'] == plugin_tag:
del thisPermissions['plugin']
cli_groups = list(thisPermissions.values())
break
if len(cli_groups) == 0:
cli_groups = getGroups(configMap, plugin_tag)
for key in configMap['plugins']:
if key['plugin'] + ':' + key['tag'] == plugin_tag:
ID = key['ID']
Secret = key['Secret']
client = boto3.client('iam',
aws_access_key_id=ID,
aws_secret_access_key=Secret)
try:
response = client.create_user(UserName=username)
except:
log = plugin_tag + ' user ' + username + ' already exists' + '\n'
instruction = plugin_tag + ' user ' + username + ' already exists'
for group in cli_groups:
response = client.add_user_to_group(GroupName=group, UserName=username)
return getJsonResponse('AWS ' + plugin_tag[4:], email, log, instruction)
def removeUser(email, configMap, allPermissions, plugin_tag):
log = 'artifactory: ' + email + ' removed alongside AD account \n'
instruction = email[:-13] + removalMessage(configMap, plugin_tag)
return getJsonResponse('Artifactory', email, log, instruction)
def inviteUser(email, configMap, allPermissions, plugin_tag, name):
log = 'Artifactory: Instruction sent in email.\n'
instruction = inviteMessage(configMap, plugin_tag)
return getJsonResponse('Artifactory', email, log, instruction)