enfcli 4.0.0 → 5.0.0.pre.alpha

data/lib/enfcli/commands/user.rb

@@ -1,5 +1,5 @@
 #
-# Copyright 2018 Xaptum,Inc
+# Copyright 2018-2020 Xaptum,Inc
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,252 +13,300 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-require 'enfthor'
-require 'enfapi'
+require "enfthor"
+require "enfapi/user"
 
 module EnfCli
-
   module Cmd
-
+    ##
+    # This class handles the commands that maniupulate users and roles
     class User < EnfThor
       no_commands {
-        def display_invites invites
-          headings = ['Id', 'User Name', 'Full Name', 'Invited By', 'Invite Code']
-          rows = invites.map{ |hash|
-            [ hash[:id], hash[:email], hash[:name], hash[:invited_by], hash[:invite_token] ]
+        def display_invites(invites)
+          headings = ["Id", "User Name", "Full Name", "Invited By", "Invite Code"]
+          rows = invites.map { |hash|
+            [hash[:id], hash[:email], hash[:name], hash[:created_by], hash[:invite_token]]
           }
 
           render_table(headings, rows)
         end
 
-        def display_users users
-          headings = ['Id', 'User Name', 'Full Name', 'Last Login', 'Type', 'Reset Code', 'Reset Time', 'Status']
-          rows = users.map{ |hash|
-            [ hash[:user_id], hash[:username], hash[:full_name], hash[:last_login], hash[:type], hash[:reset_code],
-              format_date(hash[:reset_time]), hash[:status] ]
-          }
+        def display_users(users)
+          headings = ["Id", "Name", "Username", "Domain", "Last Login", "Status"]
+          rows = []
+          users.each do |hash|
+            hash[:roles].each do |role|
+              rows.push [hash[:id],
+                         hash[:full_name],
+                         hash[:username],
+                         hash[:domain],
+                         hash[:last_login],
+                         hash[:status]]
+            end
+          end
           render_table(headings, rows)
         end
 
-        def send_invite options, user_type
-          # Get options
-          domain_network = options.domain
-
-          # get params
-          name = options[:'name'].join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1')
-          email = options[:'email']
-
-          # call api
-          hash = { :email => email, :full_name => name, :welcome_text => "", :user_type => user_type }
-          data = EnfApi::API.instance.invite domain_network, hash
-          invite = data[:data]
-          display_invites invite
-        end
-      }
+        # Display the roles as a table
+        def display_roles(roles)
+          headings = ["Cidr", "Role"]
 
-      desc "invite-read-only-user", "Invite a domain user"
-      method_option :domain, :default => nil, :type => :string, :aliases => "-d"
-      method_option :'name', :type => :array, :required => true, :banner => "NAME"
-      method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
-      def invite_read_only_user
-        try_with_rescue_in_session do
-          # use the domain network of the user
-          domain_network = EnfCli::CTX.instance.session[:domain_network]
-          raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network
-
-          # Get user role
-          user_role = EnfCli::CTX.instance.session[:type]
-
-          # check user roles
-          if user_role == "XAPTUM_ADMIN"
-            raise "--domain is required" unless options[:domain]
-          else
-            say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow if options[:domain]
-            options[:domain] = domain_network
+          rows = roles.map do |role|
+            [role[:cidr], role[:role]]
           end
 
-          send_invite options, "DOMAIN_USER"
+          render_table(headings, rows)
         end
-      end
 
-      desc "invite-domain-admin-user", "Invite a domain administrator"
-      method_option :domain, :default => nil, :type => :string, :aliases => "-d"
-      method_option :'name', :type => :array, :required => true, :banner => "NAME"
-      method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
-      def invite_domain_admin_user
-        try_with_rescue_in_session do
-          # use the domain network of the user
-          domain_network = EnfCli::CTX.instance.session[:domain_network]
-          raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network
-
-          # Get user role
-          user_role = EnfCli::CTX.instance.session[:type]
-
-          # check user roles
-          if user_role == "XAPTUM_ADMIN"
-            raise "--domain is required" unless options[:domain]
-          else
-            say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow if options[:domain]
-            options[:domain] = domain_network
-          end
-
-          send_invite options, "DOMAIN_ADMIN"
+        def display_user_details(user)
+          display_users([user])
+          display_roles(user[:roles])
         end
-      end
+      }
 
-      desc "invite-enf-admin-user", "Invite an ENF administrator"
-      method_option :'name', :type => :array, :required => true, :banner => "NAME"
-      method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
-      def invite_enf_admin_user
+      desc "send-invite",
+           "Send an invite to a new user or one with a modified role."
+      method_option :email, type: :string, required: true, banner: "EMAIL",
+                            desc: "Full email address of user to invite."
+      method_option :name, type: :array, required: true, banner: "NAME",
+                           desc: "Full name of user to invite."
+      method_option :domain, type: :string, default: nil, banner: "DOMAIN",
+                             aliases: "-d"
+      method_option :network, type: :string, default: nil, banner: "NETWORK",
+                              aliases: "-n"
+      method_option :role, type: :string, default: nil, banner: "ROLE",
+                           aliases: "-r"
+
+      def send_invite
         try_with_rescue_in_session do
-          # Get user role
-          user_role = EnfCli::CTX.instance.session[:type]
+          # get params
+          name = options[:name].join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1')
+          email = options[:email]
 
-          raise EnfCli::ERROR, "Only ENF Administrators can invite ENF Administrator" unless user_role == "XAPTUM_ADMIN"
+          # get correct domain
+          domain = EnfCli::CTX.instance.session[:domain]
+          raise EnfCli::ERROR, "User not in a valid domain!" unless domain
 
-          options[:domain] = EnfCli::CTX.instance.session[:domain_network]
-          send_invite options, "XAPTUM_ADMIN"
-        end
-      end
+          # check if admin
+          if EnfCli::CTX.instance.xaptum_admin?
+            raise EnfCli::ERROR, "--domain is required" unless options[:domain]
 
-      desc "invite-iam-admin-user", "Invite an IAM administrator"
-      method_option :'name', :type => :array, :required => true, :banner => "NAME"
-      method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
-      def invite_iam_admin_user
-        try_with_rescue_in_session do
-          # Get user role
-          user_role = EnfCli::CTX.instance.session[:type]
+            domain = options[:domain]
+          elsif options[:domain]
+            say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow
+          end
 
-          raise EnfCli::ERROR, "Only ENF Administrators can invite IAM Administrator" unless user_role == "XAPTUM_ADMIN"
+          invite_hash = { email: email,
+                          full_name: name,
+                          domain: domain }
 
-          options[:domain] = EnfCli::CTX.instance.session[:domain_network]
-          send_invite options, "IAM_ADMIN"
-        end
-      end
+          role = options[:role]
+          role = role.upcase if role
+          network = options[:network]
 
-      desc "invite-captive-admin-user", "Invite a captive administrator"
-      method_option :'captive-domain', :type => :string, :required => true, :banner => "CAPTIVE CONTROL DOMAIN"
-      method_option :'name', :type => :array, :required => true, :banner => "NAME"
-      method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
-      def invite_captive_admin_user
-        try_with_rescue_in_session do
-          # Get user role
-          user_role = EnfCli::CTX.instance.session[:type]
+          roles_hash = nil
 
-          raise EnfCli::ERROR, "Only ENF Administrators can invite CAPTIVE Administrator" unless user_role == "XAPTUM_ADMIN"
+          case role
+          when "XAPTUM_ADMIN", "IAM_ADMIN"
+            roles_hash = [{ cidr: "::/0", role: role }]
+          when "DOMAIN_ADMIN", "DOMAIN_USER", "CAPTIVE_ADMIN"
+            roles_hash = [{ cidr: domain, role: role }]
+          when "NETWORK_ADMIN", "NETWORK_USER"
+            roles_hash = [{ cidr: network, role: role }]
+          end
 
-          options[:domain] = options[:'captive-domain']
-          send_invite options, "CAPTIVE_ADMIN"
+          if roles_hash
+            invite_hash[:roles] = roles_hash
+          end
+
+          resp_data = EnfApi::UserManager.instance.invite invite_hash
+          invite = resp_data[:data]
+          display_invites invite
         end
       end
 
+      desc "delete-invite", "Delete an invite"
+      method_option :id, type: :string, required: true
 
-      desc "cancel-user-invite", "Cancel an invite"
-      method_option :email, :type => :string, :required => true
-      def cancel_user_invite
+      def delete_invite
         try_with_rescue_in_session do
+          id = options[:id]
           # call api
-          EnfApi::API.instance.cancel_invite options.email
-
-          # print success
-          say "Invite Canceled!", :green
+          EnfApi::UserManager.instance.delete_invite id
+          say "Invite: #{id} successfully deleted", :green
         end
       end
 
-      desc "resend-user-invite", "Resend an invite"
-      method_option :email, :type => :string, :required => true
-      def resend_user_invite
+      desc "resend-invite", "Resend an invite"
+      method_option :id, type: :string, required: true
+
+      def resend_invite
         try_with_rescue_in_session do
+          id = options[:id]
           # call api
-          EnfApi::API.instance.resend_invite options.email
-
-          # print success
-          say "Resent invite email!", :green
+          EnfApi::UserManager.instance.resend_invite id
+          say "Resent invite: #{id}!", :green
         end
       end
 
       desc "list-invites", "List user invites"
       method_option :domain, :default => nil, :type => :string, :aliases => "-d"
+
       def list_invites
         try_with_rescue_in_session do
           # use the domain network of the user
-          domain_network = EnfCli::CTX.instance.session[:domain_network]
-          raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network
+          domain = nil
 
-          # Get user role
-          user_role = EnfCli::CTX.instance.session[:type]
-
-          # check user roles
-          if user_role == "XAPTUM_ADMIN"
-            domain_network = options[:domain] if options[:domain]
-          else
-            say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow if options[:domain]
+          # only XAPTUM_ADMIN can specify --domain (but doesn't have to)
+          if EnfCli::CTX.instance.xaptum_admin?
+            domain = options[:domain] if options[:domain]
+          elsif options[:domain]
+            say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow
           end
 
           # call the api
-          data = EnfApi::API.instance.list_domain_invites domain_network
+          data = EnfApi::UserManager.instance.list_invites domain
           invites = data[:data]
 
           display_invites invites
         end
       end
 
-      desc "list-users", "List users"
-      method_option :domain, :default => nil, :type => :string, :aliases => "-d"
-      def list_users
+      desc "get-user-details", "Get User Details"
+      method_option :email, required: true, type: :string, banner: "EMAIL",
+                            aliases: "-e"
+
+      def get_user_details
         try_with_rescue_in_session do
-          # use the domain network of the user
-          domain_network = EnfCli::CTX.instance.session[:domain_network]
-          raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network
+          # call the api
+          data = EnfApi::UserManager.instance.get_user options[:email]
+          user = data[:data][0]
+
+          display_user_details user
+        end
+      end
 
-          # Get user role
-          user_role = EnfCli::CTX.instance.session[:type]
+      desc "list-users", "List users"
+      method_option :domain, default: nil, type: :string, banner: "DOMAIN",
+                             aliases: "-d"
+      method_option :network, default: nil, type: :string, banner: "NETWORK",
+                              aliases: "-n"
 
-          # check user roles
-          if user_role == "XAPTUM_ADMIN"
-            domain_network = options[:domain] if options[:domain]
-          else
-            say "Warning: Ignoring command option -d #{options[:domain]}", :yellow if options[:domain]
+      def list_users
+        try_with_rescue_in_session do
+          domain = options[:domain]
+          network = options[:network]
+
+          ## initalize query param
+          query_param = ""
+          if domain
+            query_param = "?domain=#{domain}"
+          elsif network
+            query_param = "?network=#{network}"
           end
 
           # call the api
-          data = EnfApi::API.instance.list_domain_users domain_network
+          data = EnfApi::UserManager.instance.list_users query_param
           users = data[:data]
 
           display_users users
         end
       end
 
+      desc "list-user-roles", "List user roles"
+      method_option :email, type: :string, required: true, banner: "EMAIL"
+      method_option :network, default: nil, type: :string, banner: "NETWORK",
+                              aliases: "-n"
+
+      def list_user_roles
+        try_with_rescue_in_session do
+          # call api
+          data = EnfApi::UserManager.instance.list_user_roles options[:email], options[:network]
+          roles = data[:data]
+
+          # print roles
+          display_roles roles
+        end
+      end
+
+      desc "delete-user-roles", "Remove a user's roles"
+      method_option :email, type: :string, required: true, banner: "EMAIL"
+      method_option :network, default: nil, type: :string, banner: "NETWORK",
+                              aliases: "-n",
+                              desc: 'Can be a /64 cidr or "ALL"'
+      method_option :roles, type: :string, required: true, banner: "ROLES",
+                            aliases: "-r",
+                            desc: "Can be a valid DOMAIN or NETWORK role. " \
+                                  "Can take '*' wildcards."
+
+      def delete_user_roles
+        try_with_rescue_in_session do
+          user_id = options[:email]
+          roles = options[:roles]
+          roles = roles.upcase if roles
+          network = options[:network]
+
+          if roles[0..6] == "NETWORK" && !network
+            raise EnfCli::ERROR, "--network option must be included for --roles=#{roles}"
+          end
+
+          EnfApi::UserManager.instance.delete_user_roles user_id, roles, network
+          say "Role: #{roles} successfully removed from user: #{user_id}", :green
+        end
+      end
+
       desc "deactivate-user", "Deactivate User"
-      method_option :user_id, :required => true, :type => :numeric
+      method_option :email, required: true, type: :string, banner: "EMAIL"
+
       def deactivate_user
         try_with_rescue_in_session do
-
           ## call the api
-          status = { :status => "INACTIVE" }
-          EnfApi::API.instance.update_user_status options[:user_id], status
+          status = { status: "INACTIVE" }
+          EnfApi::UserManager.instance.update_user_status options[:email], status
 
           say "Deactivated user!", :green
+        end
+      end
 
+      desc "add-user-role", "Add a new role to the specified rule."
+      method_option :email, type: :string, required: true, banner: "EMAIL"
+      method_option :cidr, type: :string, required: true, banner: "CIDR",
+                           desc: "Can be a /64 cidr for NETWORK user or " \
+                           "/48 cidr for DOMAIN user."
+      method_option :role, type: :string, required: true, banner: "ROLE",
+                           aliases: "-r",
+                           desc: "Can be a valid DOMAIN or NETWORK role. ",
+                           enum: ["XAPTUM_ADMIN", "DOMAIN_ADMIN", "DOMAIN_USER", "NETWORK_ADMIN", "NETWORK_USER", "CAPTIVE_ADMIN", "IAM_ADMIN"]
+
+      def add_user_role
+        try_with_rescue_in_session do
+          ## get options
+          email = options[:email]
+          role = options[:role]
+          role = role.upcase if role
+          cidr = EnfCli::IPV6Cidr.new(options[:cidr]).to_s
+
+          ## call api
+          role_hash = [{ cidr: cidr, role: role }]
+          resp = EnfApi::UserManager.instance.add_user_role email, role_hash
+          resp_roles = resp[:data]
+
+          ## display response
+          display_roles resp_roles
         end
       end
 
       desc "activate-user", "Activate User"
-      method_option :user_id, :required => true, :type => :numeric
+      method_option :email, required: true, type: :string, banner: "EMAIL"
+
       def activate_user
         try_with_rescue_in_session do
-
           ## call the api
-          status = { :status => "ACTIVE" }
-          EnfApi::API.instance.update_user_status options[:user_id], status
-
+          status = { status: "ACTIVE" }
+          EnfApi::UserManager.instance.update_user_status options[:email], status
           say "Activated user!", :green
-
         end
       end
-
     end
-
   end
-
 end