def update_user_aad(user):
"""Updates a user in aad."""
headers = AUTH.check_token("PATCH")
if headers:
if "user_id" in user:
user_id = user["user_id"]
else:
user_id = user["user_principal_name"]
url = ("%s/%s/users/%s", GRAPH_URL, GRAPH_VERSION, user_id)
aad_user = outbound_user_filter(user, "azure")
aad_user.pop("mail", None)
requests.patch(url=url, headers=headers, json=aad_user)
def update_entry_ldap(queue_entry, ldap_conn):
"""
Routes the given queue entry to the proper handler to update the
AD (user | group) in Active Directory.
"""
data_type = queue_entry["data_type"]
distinguished_name = get_distinguished_name(queue_entry)
LOGGER.info("Updating information for %s", distinguished_name)
if data_type == "user":
sawtooth_entry_filtered = outbound_user_filter(queue_entry["data"], "ldap")
elif data_type == "group":
sawtooth_entry_filtered = outbound_group_filter(queue_entry["data"], "ldap")
validated_entry = validate_update_entry(sawtooth_entry_filtered, data_type)
modify_ad_attributes(distinguished_name, validated_entry, ldap_conn)
def create_user_ldap(distinguished_name, sawtooth_entry, ldap_conn):
"""Create new AD user using attributes from sawtooth_entry."""
LOGGER.info("Creating new AD user: %s", distinguished_name)
sawtooth_entry_filtered = outbound_user_filter(sawtooth_entry["data"], "ldap")
validated_entry = validate_create_entry(
sawtooth_entry_filtered, sawtooth_entry["data_type"]
)
ldap_conn.add(
dn=distinguished_name,
object_class={"person", "organizationalPerson", "user"},
attributes={
"cn": validated_entry["cn"],
"userPrincipalName": validated_entry["userPrincipalName"],
},
)
modify_ad_attributes(distinguished_name, validated_entry, ldap_conn)
def create_user_ldap(distinguished_name, sawtooth_entry, ldap_conn):
"""Create new AD user using attributes from sawtooth_entry."""
LOGGER.info("Creating new AD user: %s", distinguished_name)
sawtooth_entry_filtered = outbound_user_filter(sawtooth_entry, "ldap")
if all(attribute in sawtooth_entry_filtered for attribute in USER_REQUIRED_ATTR):
ldap_conn.add(
dn=distinguished_name,
object_class={"person", "organizationalPerson", "user"},
attributes={
"cn": sawtooth_entry_filtered["cn"],
"userPrincipalName": sawtooth_entry_filtered["userPrincipalName"],
},
)
modify_ad_attributes(distinguished_name, sawtooth_entry_filtered, ldap_conn)
else:
LOGGER.info(
"Cannot create a new user because required attributes were missing."
)
def test_outbound_user_filter_bad_provider():
""" Test outbound user filter with bad provider throws error"""
with pytest.raises(TypeError):
outbound_user_filter({"remote_id": 1234}, "test_run")
def test_outbound_user_filter():
""" Test outbound user filter with valid user """
result = outbound_user_filter({"remote_id": 1234}, "azure")
assert isinstance(result, dict) is True
assert result["id"] == 1234
assert "job_title" not in result
def update_user_ldap(distinguished_name, sawtooth_entry, ldap_conn):
"""Update existing AD user with any updated attributes from sawtooth_entry."""
sawtooth_entry_filtered = outbound_user_filter(
sawtooth_user=sawtooth_entry, provider="ldap")
modify_ad_attributes(distinguished_name, sawtooth_entry_filtered,
ldap_conn)
