amp4e_ldap_tool 0.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e64128d5ab79fad912da68f5e31967613d469498
+  data.tar.gz: 827d8801707fc45dbf5b2d2a9b27eec7a10cfe5f
+SHA512:
+  metadata.gz: 8c09590f6d6da7b58648168abc5450d0fb2e8a0845e957a2acfd66483035530c91ec263504f9c09019671a162701dab79ac1ddcc02e049a381e8d6b0c5cb8e1a
+  data.tar.gz: 4c151efff958954308be12402473c4df0cacdf4a9ad768964a91b60d4975bbbc1bd30e9373ebfb44a112aed2e3c9d0500f72fc44463297da7395bd9a334aeffc

data/.gitignore

@@ -0,0 +1,52 @@
+*.gem
+*.rbc
+*.swp
+*.swo
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.2.4
+before_install: gem install bundler -v 1.12.3

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in amp4e_ldap_tool.gemspec
+gemspec

data/README.md

@@ -0,0 +1,95 @@
+# amp4e\_ldap\_tool
+Ruby command line script to reconcile computers and groups on Cisco's AMP for Endpoints web portal with local LDAP servers.
+
+`gem install amp4e_ldap_tool`
+
+## Commands
+### AMP
+`amp4e_ldap_tool amp`
+
+It makes an HTTP request to the AMP for Endpoints web portal. We must provide flags to tell amp what we want to receive:
+
+- `-c` gets a list of Computers in the AMP system.
+- `-g` gets a list of Groups as AMP sees them
+- `-p` gets a list of policies
+- `-t` provides any of the above options with formatted output.
+
+### LDAP
+`amp4e_ldap_tool`
+
+It retrieves information from the LDAP server, using credentials provided in your config file. It also requires flags to tell it what to get from the server:
+
+- `-c` gets computer names
+- `-g` gets computer group names
+- `-d` gets the fully distinguished name (LDAP)
+- `-t` provides any of the above options with formatted output.
+
+
+### Make\_changes
+The command `make_changes` is the workhorse. Calling it on its own:
+
+```
+amp4e_ldap_tool make_changes
+```
+
+Displays the _dry run_, a list of changes that will be changed shown in aggregate. These changes will be formatted in easy-to-read tables as shown below:
+
+```
++---------------------------------+--------------+
+|                 Group Creates                  |
++---------------------------------+--------------+
+| Group Name                      | Parent Group |
++---------------------------------+--------------+
+| Computers.2k8sso.local          | nil          |
+| local                           | nil          |
+| 2k8sso.local                    | nil          |
+| Domain Controllers.2k8sso.local | nil          |
++---------------------------------+--------------+
++---------------------------------+------------+--------------+
+|                         Group Moves                         |
++---------------------------------+------------+--------------+
+| Group                           | Old Parent | New Parent   |
++---------------------------------+------------+--------------+
+| Computers.2k8sso.local          |            | 2k8sso.local |
+| 2k8sso.local                    |            | local        |
+| Domain Controllers.2k8sso.local |            | 2k8sso.local |
++---------------------------------+------------+--------------+
++----------------+------------+------------------------+
+|                    Computer Moves                    |
++----------------+------------+------------------------+
+| # of computers | from group | to group               |
++----------------+------------+------------------------+
+| 2              | Protect    | Computers.2k8sso.local |
+| 2              | Audit      | Computers.2k8sso.local |
++----------------+------------+------------------------+
+``` 
+
+Applying the -a option will tell the command to apply the changes, it will prompt the user to continue with a y/n after showing the _dry run_.
+
+
+
+
+
+
+## Config File
+
+The config file holds our user/password information for the API/LDAP servers. It follows a specific format and a template is provided below:
+
+
+```
+#config.yml
+:ldap:
+  :host: 		# LDAP hostname
+  :domain: 		# domain of LDAP tree
+  :credentials:
+    :un:		# server username
+    :pw:		# server password
+  :schema:
+    :filter: "computer"	# default as computer
+:amp:
+  :host:		# api url for AMP
+  :api:
+    :third_party:	# third party code
+    :key:		# api key
+    :version: "v1"	# default version is v1
+```

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/amp4e_ldap_tool.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'amp4e_ldap_tool/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "amp4e_ldap_tool"
+  spec.version       = Amp4eLdapTool::VERSION
+  spec.authors       = ["vbakala"]
+  spec.email         = ["vbakala@cisco.com"]
+
+  spec.summary       = %q{Write a short summary, because Rubygems requires one.}
+  spec.description   = %q{Write a longer description or delete this line.}
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.12"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_dependency "thor", "~> 0.19.4"
+  spec.add_dependency "net-ldap", "~> 0.15.0" 
+  spec.add_dependency "terminal-table", "~> 1.7", ">= 1.7.3"
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "amp4e_ldap_tool"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/amp4e_ldap_tool

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require "amp4e_ldap_tool/cli"
+
+Amp4eLdapTool::CLI.start

data/lib/amp4e_ldap_tool.rb

@@ -0,0 +1,86 @@
+require "amp4e_ldap_tool/version"
+require "amp4e_ldap_tool/errors"
+require "amp4e_ldap_tool/cisco_amp"
+require "amp4e_ldap_tool/ldap_scrape"
+require "terminal-table"
+
+module Amp4eLdapTool
+
+  def self.dry_run(amp, ldap)
+    #TODO validate input
+    data = {created_groups: [], group_moves: [], pc_moves: []}
+    adj = amp.make_list(amp.get(:computers), amp.get(:groups))
+    ldap.groups.each do |group|
+      if adj[group].nil?
+        data[:created_groups] << [group, "nil"]
+        adj[group] = { object: nil, parent: nil }
+      end
+      unless adj[group][:parent] == ldap.parent(group)
+        data[:group_moves] << [group, adj[group][:parent], ldap.parent(group)]
+        adj[group][:parent] = ldap.parent(group) 
+      end
+    end
+    counter = {}
+    ldap.entries.each do |entry|
+      computername = entry.dnshostname.first.downcase
+      unless adj[computername].nil?
+        if adj[computername][:parent] != ldap.parent(entry.dn)
+          old_name = adj[computername][:parent]
+          new_name = ldap.parent(entry.dn)
+          if counter[old_name].nil?
+            counter[old_name] = {new_name => 1}
+          else
+            counter[old_name][new_name].nil? ? counter[old_name][new_name] = 1 
+                                             : counter[old_name][new_name] += 1
+          end
+        end
+      end
+    end
+    counter.keys.each do |old_name|
+      counter[old_name].keys.each do |new_name|
+        data[:pc_moves] << [counter[old_name][new_name], old_name, new_name]
+      end
+    end
+    generate_table(data)
+  end
+
+  def self.push_changes(amp, ldap)
+    #TODO validate input
+    adj = amp.make_list(amp.get(:computers), amp.get(:groups))
+    ldap.groups.each do |group|
+      if adj[group].nil?
+        puts "creating group..."
+        g = amp.create_group(group)
+        adj[group] = { object: g, parent: g.parent[:name]  }
+      end
+      unless adj[group][:parent] == ldap.parent(group)
+        puts "updating group parent..."
+        amp.update_group(adj[group][:object].guid, adj[ldap.parent(group)][:object].guid)
+        adj[group][:parent] = ldap.parent(group) 
+      end
+    end
+    ldap.entries.each do |entry|
+      computername = entry.dnshostname.first.downcase
+      parent_name = ldap.parent(entry.dn)
+      unless adj[computername].nil?
+        if adj[computername][:parent] != parent_name
+          puts "moving computer..."
+          amp.update_computer(adj[computername][:object].guid, adj[parent_name][:object].guid)
+        end
+      end
+    end
+  end
+
+  private
+
+  def self.generate_table(table_data)
+    #TODO validate input
+    puts Terminal::Table.new(title: "Group Creates", rows: table_data[:created_groups], 
+                             headings: ["Group Name", "Parent Group"])
+    puts Terminal::Table.new(title: "Group Moves", rows: table_data[:group_moves],
+                             headings: ["Group", "Old Parent", "New Parent"])
+    puts Terminal::Table.new(title: "Computer Moves", rows: table_data[:pc_moves],
+                             headings: ["# of computers", "from group", "to group" ])
+  end
+
+end

data/lib/amp4e_ldap_tool/cisco_amp.rb

@@ -0,0 +1,151 @@
+require 'net/http'
+require 'yaml'
+require 'amp4e_ldap_tool/errors'
+require 'amp4e_ldap_tool/endpoints'
+require 'json'
+
+module Amp4eLdapTool
+  GUID = /\A\h{8}-\h{4}-\h{4}-\h{4}-\h{12}\z/
+  X_RATELIMIT_REMAINING = 'x-ratelimit-remaining'
+  X_RATELIMIT_RESET = 'x-ratelimit-reset'
+
+  class CiscoAMP
+    
+    attr_reader :base_url, :version, :email, :third_party, :api_key
+
+    def initialize(config_file = "config.yml")
+      config = YAML.load_file(config_file)
+      confirm_config(config)
+      @base_url = config[:amp][:host]
+      @version = config[:amp][:api][:version]
+      @email = config[:amp][:email]
+      @third_party = config[:amp][:api][:third_party]
+      @api_key = config[:amp][:api][:key]
+    end
+
+    def get(endpoint)
+      url = URI(@base_url + "/#{@version}/#{endpoint}")
+      get = Net::HTTP::Get.new(url)
+      response = send(get, url)
+      parse_response(response, endpoint.to_sym)
+    end
+
+    def update_computer(computer_guid, new_guid)
+      validate_guid([computer_guid, new_guid])
+      url = URI(@base_url + "/#{@version}/computers/#{computer_guid}")
+      patch = Net::HTTP::Patch.new(url)
+      body = { group_guid: new_guid }
+      send(patch, url, body)
+    end
+
+    def update_group(group_guid, parent = nil)
+      validate_guid([group_guid])
+      url = URI(@base_url + "/#{@version}/groups/#{group_guid}/parent")
+      patch = Net::HTTP::Patch.new(url)
+      body = { parent_group_guid: parent }
+      response = send(patch, url, body)
+    end
+
+    def create_group(group_name, desc = "Imported from LDAP")
+      url = URI(@base_url + "/#{@version}/groups/")
+      post = Net::HTTP::Post.new(url)
+      body = { name: group_name, email: @email,
+               description: desc }
+      send(post, url, body)
+    end
+
+    def make_list(computers, groups)
+      adj = {}
+      groups.each do |group|
+        adj[group.name] = { object: group, parent: group.parent[:name] }
+      end
+      computers.each do |pc|
+        group = groups.find{ |g| g.guid == pc.group_guid }
+        adj[pc.name.downcase] = { object: pc, parent: group.name }
+      end
+      adj
+    end
+
+    private
+    
+    def send(http_request, url, body = {})
+      http_request.basic_auth(@third_party, @api_key)
+      http_request.set_form_data(body) unless body.empty?
+      check_response do
+        Net::HTTP.start(url.hostname, url.port) do |http|
+          http.request(http_request)
+        end
+      end
+    end
+
+    def check_response
+      begin
+        response = yield
+        response_head = response.to_hash
+        response_body = JSON.parse(response.body) 
+        
+        case response.msg.downcase.tr(" ","_").to_sym
+        when :ok
+          response_notification = response.body
+        when :created
+          response_notification = Amp4eLdapTool::AMP::Group.new(response_body["data"])
+        when :accepted
+          response_notification = response.msg
+        when :too_many_requests
+          raise AMPTooManyRequestsError
+        when :bad_request
+          raise AMPBadRequestError.new(msg: response_body["errors"])
+        when :unauthorized
+          raise AMPUnauthorizedError.new(msg: response_body["errors"])
+        else
+          raise AMPResponseError.new(msg: "code: " + response.msg + " body: " + response.body)
+        end
+      rescue AMPTooManyRequestsError
+        sleep_seconds = response_head[Amp4eLdapTool::X_RATELIMIT_RESET].to_i
+        puts "Ratelimit Reached, sleeping for #{sleep_seconds} second(s)"
+        sleep(sleep_seconds)
+        retry
+      end
+      response_notification
+    end
+
+    def parse_response(message, endpoint)
+      endpoints = []
+      parse = JSON.parse(message)
+      parse["data"].each do |item|
+        case endpoint
+        when :computers
+          endpoints << Amp4eLdapTool::AMP::Computer.new(item)
+        when :groups
+          endpoints << Amp4eLdapTool::AMP::Group.new(item)
+        when :policies
+          endpoints << Amp4eLdapTool::AMP::Policy.new(item)
+        else
+          raise AMPResponseError.new(msg: "Parsing GET error for #{endpoint}")
+        end
+      end
+      endpoints
+    end
+
+    def validate_guid(guids)
+      guids.each do |guid|
+        if Amp4eLdapTool::GUID.match(guid).nil?
+          raise AMPInvalidFormatError
+        end
+      end
+    end
+
+    def confirm_config(config)
+      raise AMPConfigError if config[:amp][:api][:third_party].nil?
+      raise AMPConfigError if config[:amp][:api][:key].nil?
+      raise AMPConfigError if config[:amp][:api][:version].nil?
+      begin
+        Net::HTTP::Get.new(URI(config[:amp][:host]))
+      rescue TypeError
+        raise AMPBadURIError
+      rescue ArgumentError
+        raise AMPConfigError
+      end
+    end
+  end
+end

data/lib/amp4e_ldap_tool/cli.rb

@@ -0,0 +1,159 @@
+require 'thor'
+require 'amp4e_ldap_tool/cisco_amp'
+require 'amp4e_ldap_tool/ldap_scrape'
+require 'amp4e_ldap_tool'
+require 'terminal-table'
+
+module Amp4eLdapTool
+  class CLI < Thor
+    
+    desc "amp --[groups|computers|policies]", "Gets groups, computer, and/or policies from AMP"
+    long_desc <<-LONGDESC
+    groupsync amp will get a list of groups, policies, and computers from AMP,
+    with the specified options above.
+
+    For example the following command will fetch the list of computers from amp:
+
+    > $ groupsync amp -c
+    LONGDESC
+    method_option :computers, aliases: "-c"
+    method_option :groups, aliases: "-g"
+    method_option :policies, aliases: "-p"
+    method_option :table, aliases: "-t"
+    def amp
+      display_resources(Amp4eLdapTool::CiscoAMP.new, options)
+    end
+
+    desc "ldap --[groups|computers|distinguished]", "Gets groups, computer, and/or distinguished names from LDAP"
+    long_desc <<-LONGDESC
+    groupsync ldap will get a list of groups, distinguished names, and computers from AMP,
+    with the specified options above.
+
+    For example the following command will fetch the list of computers from ldap:
+
+    > $ groupsync ldap -c
+    LONGDESC
+    method_option :computers, aliases: "-c"
+    method_option :groups, aliases: "-g"
+    method_option :distinguished, aliases: "-d"
+    method_option :table, aliases: "-t"
+    def ldap
+      ldap = Amp4eLdapTool::LDAPScrape.new 
+
+      if options[:table]
+        options.keys.each do |name|
+          rows = []
+          unless name == 'table'
+            if name == 'computers'
+              ldap.entries.each {|entry| rows << [entry.dnshostname]}
+            elsif name == 'distinguished'
+              ldap.entries.each {|entry| rows << [entry.dn]}
+            elsif name == 'groups'
+              ldap.groups.each {|entry| rows << [entry]}
+            end
+            puts Terminal::Table.new(:headings => [name], :rows => rows)
+          end
+        end
+      else
+        puts ldap.groups unless options[:groups].nil?
+        ldap.entries.each {|entry| puts entry.dnshostname} unless options[:computers].nil?
+        ldap.entries.each {|entry| puts entry.dn} unless options[:distinguished].nil?
+      end
+    end
+ 
+    long_desc <<-LONGDESC
+    Moves a computer to a specified group, requires the new group GUID.
+
+    For example the following command will move a specific computer(00000000-0000-0000-0000-000000000000)
+    to group(11111111-1111-1111-1111-111111111111).
+    
+    > $ groupsync move 00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111
+    LONGDESC
+    desc "move PC GUID", "Moves a PC to a specified group, requires the new groups GUID"
+    def move(computer, new_guid)
+      amp = Amp4eLdapTool::CiscoAMP.new
+      puts amp.move_computer(computer, new_guid)
+    end
+
+    long_desc <<-LONGDESC
+    Creates a group with the specified name.
+
+    For example the following command will create a group with the name ExampleGroup:
+
+    > $ groupsync create ExampleGroup
+    LONGDESC
+    desc "create NAME", "Creates a group with the name of NAME"
+    method_option :desc, aliases: "-d"
+    def create(name)
+      amp = Amp4eLdapTool::CiscoAMP.new
+      puts amp.create_group(name).name unless options[:desc]
+      puts amp.create_group(name, options[:desc]).name if options[:desc]
+    end
+
+    long_desc <<-LONGDESC
+    Moves a specified group under a new parent.
+
+    For example the following command will move the group(00000000-0000-0000-0000-000000000000)
+    under parent(11111111-1111-1111-1111-111111111111):
+
+    > $ groupsync move_group 00000000-0000-0000-0000-000000000000 11111111-1111-1111-1111-111111111111
+    LONGDESC
+    desc "move_group GUID PARENT", "Moves a group under a new parent"
+    def move_group(guid, parent_guid)
+      amp = Amp4eLdapTool::CiscoAMP.new
+      puts amp.update_group(guid, parent_guid)
+    end
+
+    
+    desc "make_changes", "Shows a dry run of changes, and prompts to execute"
+    long_desc <<-LONGDESC
+    Shows a dry run of changes in tabular form:
+
+    Executing 'make_changes' on its own produces a dry run, while the '-a' option 
+    prompts the user to apply the changes. The '-f' option is used for
+    scripting and executes the changes without a prompt or dry-run report.
+
+    >$ amp4e_ldap_tool make_changes -a \x5
+    ... \x5
+    Do you want to continue? [y, n]\x5
+    
+    LONGDESC
+    method_option :apply, aliases: "-a"
+    method_option :force, aliases: "-f"
+    def make_changes
+      answer = "n"
+      amp   = Amp4eLdapTool::CiscoAMP.new
+      ldap  = Amp4eLdapTool::LDAPScrape.new
+
+      if (options.empty?)
+        Amp4eLdapTool.dry_run(amp, ldap)
+      elsif (options[:apply])
+        Amp4eLdapTool.dry_run(amp, ldap)
+        answer = ask("Do you want to continue?", limited_to: ["y","n"]) if options[:apply]
+        Amp4eLdapTool.push_changes(amp, ldap) if (answer == "y")
+      elsif (options[:force])
+        Amp4eLdapTool.push_changes(amp, ldap)
+      end
+    end
+
+    private
+
+    def display_resources(amp, options)
+      if options[:table]
+        options.keys.each do |name|
+          rows = []
+          unless name == 'table'
+            amp.get(name).each {|endpoint| rows << [endpoint.name]}
+            puts Terminal::Table.new(:headings => [name], :rows => rows)
+          end
+        end
+      else
+        options.keys.each do |endpoints|
+          amp.get(endpoints).each do |endpoint|
+            puts endpoint.name
+          end
+        end
+      end
+    end
+  end
+end

data/lib/amp4e_ldap_tool/endpoints.rb

@@ -0,0 +1,49 @@
+module Amp4eLdapTool
+  module AMP
+    class Computer
+      attr_accessor :name, :guid, :link, :active,
+                    :group_guid, :policy, :os
+
+      def initialize(json)
+        @name       = json["hostname"]
+        @guid       = json["connector_guid"]
+        @active     = json["active"]
+        @group_guid = json["group_guid"]
+        @os         = json["operating_system"]
+        @link       = { computer: json["links"]["computer"],
+                        trajectory: json["links"]["trajectory"],
+                        group: json["links"]["group"]}
+        @policy     = { name: json["policy"]["name"],
+                        guid: json["policy"]["guid"] }
+      end
+    end
+    
+    class Group
+      attr_accessor :name, :description, :guid, :parent, :link
+
+      def initialize(json)
+        @name         = json["name"]
+        @guid         = json["guid"]
+        @description  = json["description"]
+        @parent       = (json["ancestry"].nil?) ? {} :
+                        {name: json["ancestry"].first["name"],
+                         guid: json["ancestry"].first["guid"]}
+      end
+    end
+
+    class Policy
+      attr_accessor :name, :description, :guid, :product, :default,
+                    :serial_number, :link
+
+      def initialize(json)
+        @name          = json["name"]
+        @guid          = json["guid"]
+        @description   = json["description"]
+        @product       = json["product"]
+        @default       = json["default"]
+        @serial_number = json["serial_number"]
+        @link          = json["links"]["policy"]
+      end
+    end
+  end
+end

data/lib/amp4e_ldap_tool/errors.rb

@@ -0,0 +1,49 @@
+module Amp4eLdapTool
+  class AMPConfigError < StandardError
+    def initialize(msg: "The AMP section of the configuration file is not formatted properly" )
+      super
+    end
+  end
+
+  class LDAPConfigError < StandardError
+    def initialize(msg: "The LDAP Section of the configuration file is not formatted properly")
+      super
+    end
+  end
+
+  class AMPTooManyRequestsError < StandardError
+    def initialize(msg: "The ratelimit has been excedded")
+      super
+    end
+  end
+
+  class AMPBadURIError < StandardError
+    def initialize(msg: "The amp:host in your config file contains an invalid hostname")
+      super
+    end
+  end
+
+  class AMPInvalidFormatError < ArgumentError
+    def initialize(msg: "The GUID provided does not follow the correct format")
+      super
+    end
+  end
+
+  class AMPResponseError < StandardError
+    def initialize(msg: "The AMP Server returned a non-OK response")
+      super
+    end
+  end
+
+  class AMPUnauthorizedError < AMPResponseError
+    def initialize(msg: "Third_party/API credentials appear to be invalid")
+      super
+    end
+  end
+
+  class AMPBadRequestError < AMPResponseError
+    def initialize(msg: "A Bad request was made to the server")
+      super
+    end
+  end
+end

data/lib/amp4e_ldap_tool/ldap_scrape.rb

@@ -0,0 +1,69 @@
+require 'net/ldap'
+require 'yaml'
+require 'json'
+
+module Amp4eLdapTool
+  class LDAPScrape
+    
+    attr_reader :entries
+    
+    def initialize(filename = 'config.yml')
+      cfg = YAML.load_file(filename)
+
+      attributes = ["cn", "dnshostname"]
+      base = make_dn(cfg[:ldap][:domain])
+      filter = Net::LDAP::Filter.eq('objectClass', cfg[:ldap][:schema][:filter])
+      server = Net::LDAP.new(
+        host: cfg[:ldap][:host],
+        auth: {
+          method: :simple,
+          username: "#{cfg[:ldap][:credentials][:un]}@#{cfg[:ldap][:domain]}",
+          password: cfg[:ldap][:credentials][:pw]}
+      )
+      @entries = server.search(base: base, filter: filter, attributes: attributes) do |entry| 
+        entry 
+      end
+    end
+    
+    def groups
+      dn_paths = []
+      @entries.each do |entry|
+        names = split_dn(entry.dn); names.shift; names.reverse!
+        temp_names = names.clone
+        names.each do
+          name = temp_names.inject{|glob, name| "#{name}.#{glob}"}
+          dn_paths << name
+          temp_names.pop
+        end
+      end
+      dn_paths.uniq.reverse
+    end
+
+    def parent(entry_name)
+      names = split_dn(entry_name)  if entry_name.include?("=")
+      names = entry_name.split(".") if not entry_name.include?("=")
+      names.shift
+      unless names.empty?
+        parent_string = names.join(".")
+      end
+    end
+    
+    private
+
+    def make_dn(domain_name)
+      output = ''
+      domain_name.split('.').each do |name|
+        output << "dc=#{name},"
+      end
+      output.chomp(',')
+    end
+    
+    def split_dn(dn)
+      names = []
+      dn.split(",").each do |attribute|
+        names << attribute.split("=").last
+      end
+      names
+    end
+  end
+end

data/lib/amp4e_ldap_tool/version.rb

@@ -0,0 +1,3 @@
+module Amp4eLdapTool
+  VERSION = "0.0.3"
+end

metadata

@@ -0,0 +1,151 @@
+--- !ruby/object:Gem::Specification
+name: amp4e_ldap_tool
+version: !ruby/object:Gem::Version
+  version: 0.0.3
+platform: ruby
+authors:
+- vbakala
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-05-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.4
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.15.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.15.0
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.7.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.7.3
+description: Write a longer description or delete this line.
+email:
+- vbakala@cisco.com
+executables:
+- amp4e_ldap_tool
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- amp4e_ldap_tool.gemspec
+- bin/console
+- bin/setup
+- exe/amp4e_ldap_tool
+- lib/amp4e_ldap_tool.rb
+- lib/amp4e_ldap_tool/cisco_amp.rb
+- lib/amp4e_ldap_tool/cli.rb
+- lib/amp4e_ldap_tool/endpoints.rb
+- lib/amp4e_ldap_tool/errors.rb
+- lib/amp4e_ldap_tool/ldap_scrape.rb
+- lib/amp4e_ldap_tool/version.rb
+homepage: 
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Write a short summary, because Rubygems requires one.
+test_files: []