enfcli 4.2.2.pre.alpha → 5.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +3 -3
- data/lib/enfapi.rb +36 -168
- data/lib/enfapi/dns.rb +95 -0
- data/lib/enfapi/firewall.rb +44 -0
- data/lib/enfapi/user.rb +75 -0
- data/lib/enfcli.rb +51 -24
- data/lib/enfcli/commands/user.rb +198 -153
- data/lib/enfcli/commands/xcr.rb +67 -48
- data/lib/enfcli/commands/xdns.rb +17 -10
- data/lib/enfcli/commands/xfw.rb +8 -5
- data/lib/enfcli/version.rb +1 -1
- metadata +7 -4
@@ -0,0 +1,44 @@
|
|
1
|
+
#
|
2
|
+
# Copyright 2020 Xaptum,Inc
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
#
|
16
|
+
|
17
|
+
require "singleton"
|
18
|
+
|
19
|
+
module EnfApi
|
20
|
+
class Firewall
|
21
|
+
include Singleton
|
22
|
+
|
23
|
+
def list_firewall_rules(network)
|
24
|
+
EnfApi::API.instance.get "/api/xfw/v2/#{network}/rule"
|
25
|
+
end
|
26
|
+
|
27
|
+
def add_firewall_rule(network, rule)
|
28
|
+
rule_json = EnfApi::to_json(rule)
|
29
|
+
|
30
|
+
if network
|
31
|
+
url = "/api/xfw/v2/#{network}/rule"
|
32
|
+
else
|
33
|
+
url = "/api/xfw/v2/rule"
|
34
|
+
end
|
35
|
+
|
36
|
+
EnfApi::API.instance.post url, rule_json
|
37
|
+
end
|
38
|
+
|
39
|
+
def delete_firewall_rules(network, id = nil)
|
40
|
+
# Same method to call to delete all firewall rules in a network. if id is nil
|
41
|
+
EnfApi::API.instance.delete "/api/xfw/v2/#{network}/rule/#{id}"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
data/lib/enfapi/user.rb
ADDED
@@ -0,0 +1,75 @@
|
|
1
|
+
#
|
2
|
+
# Copyright 2020 Xaptum,Inc
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
#
|
16
|
+
module EnfApi
|
17
|
+
class UserManager
|
18
|
+
include Singleton
|
19
|
+
|
20
|
+
def initialize
|
21
|
+
@version = "v3"
|
22
|
+
@xcr_base_url = "/api/xcr/#{@version}"
|
23
|
+
end
|
24
|
+
|
25
|
+
def list_users(query)
|
26
|
+
EnfApi::API.instance.get "#{@xcr_base_url}/users#{query}"
|
27
|
+
end
|
28
|
+
|
29
|
+
def get_user(email)
|
30
|
+
EnfApi::API.instance.get "#{@xcr_base_url}/users/#{email}"
|
31
|
+
end
|
32
|
+
|
33
|
+
def list_user_roles(user, network)
|
34
|
+
url = "#{@xcr_base_url}/users/#{user}/roles"
|
35
|
+
url += "?network=#{network}" if network
|
36
|
+
EnfApi::API.instance.get url
|
37
|
+
end
|
38
|
+
|
39
|
+
def delete_user_roles(user_id, roles, network)
|
40
|
+
url = "#{@xcr_base_url}/users/#{user_id}/roles?roles=#{roles}"
|
41
|
+
url += "&network=#{network}" if network
|
42
|
+
EnfApi::API.instance.delete url
|
43
|
+
end
|
44
|
+
|
45
|
+
def add_user_role(user_id, role_hash)
|
46
|
+
json = EnfApi::to_json(role_hash)
|
47
|
+
url = "#{@xcr_base_url}/users/#{user_id}/roles"
|
48
|
+
EnfApi::API.instance.post url, json
|
49
|
+
end
|
50
|
+
|
51
|
+
def list_invites(domain)
|
52
|
+
url = "#{@xcr_base_url}/invites"
|
53
|
+
url += "?domain=#{domain}" if domain
|
54
|
+
EnfApi::API.instance.get url
|
55
|
+
end
|
56
|
+
|
57
|
+
def invite(hash)
|
58
|
+
json = EnfApi::to_json(hash)
|
59
|
+
EnfApi::API.instance.post "#{@xcr_base_url}/invites", json
|
60
|
+
end
|
61
|
+
|
62
|
+
def delete_invite(invite_id)
|
63
|
+
EnfApi::API.instance.delete "#{@xcr_base_url}/invites/#{invite_id}"
|
64
|
+
end
|
65
|
+
|
66
|
+
def resend_invite(invite_id)
|
67
|
+
EnfApi::API.instance.put "#{@xcr_base_url}/invites/#{invite_id}", "{}"
|
68
|
+
end
|
69
|
+
|
70
|
+
def update_user_status(user_id, status)
|
71
|
+
json = EnfApi::to_json(status)
|
72
|
+
EnfApi::API.instance.put "#{@xcr_base_url}/users/#{user_id}/status", json
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
data/lib/enfcli.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
#
|
2
|
-
# Copyright 2018 Xaptum,Inc
|
2
|
+
# Copyright 2018-2020 Xaptum,Inc
|
3
3
|
#
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
5
|
# you may not use this file except in compliance with the License.
|
@@ -112,7 +112,7 @@ module EnfCli
|
|
112
112
|
|
113
113
|
def self.ask_password(prompt = nil)
|
114
114
|
begin
|
115
|
-
prompt
|
115
|
+
prompt ||= "Enter Password:"
|
116
116
|
print prompt
|
117
117
|
# We hide the entered characters before to ask for the password
|
118
118
|
system "stty -echo"
|
@@ -134,7 +134,7 @@ module EnfCli
|
|
134
134
|
|
135
135
|
# Generate cert
|
136
136
|
cert = OpenSSL::X509::Certificate.new
|
137
|
-
cert.subject = cert.issuer = OpenSSL::X509::Name.new([["CN",
|
137
|
+
cert.subject = cert.issuer = OpenSSL::X509::Name.new([["CN", ipv6.to_s]])
|
138
138
|
cert.not_before = Time.now
|
139
139
|
cert.not_after = Time.now + 365 * 24 * 60 * 60
|
140
140
|
cert.public_key = key
|
@@ -190,15 +190,41 @@ module EnfCli
|
|
190
190
|
end
|
191
191
|
|
192
192
|
def xaptum_admin?
|
193
|
-
|
193
|
+
has_role? "XAPTUM_ADMIN"
|
194
194
|
end
|
195
195
|
|
196
|
-
def
|
197
|
-
|
196
|
+
def domain_admin?
|
197
|
+
has_role? "DOMAIN_ADMIN"
|
198
|
+
end
|
199
|
+
|
200
|
+
def domain_user?
|
201
|
+
has_role? "DOMAIN_USER"
|
202
|
+
end
|
203
|
+
|
204
|
+
def network_admin?
|
205
|
+
has_role? "NETWORK_ADMIN"
|
206
|
+
end
|
207
|
+
|
208
|
+
def network_user?
|
209
|
+
has_role? "NETWORK_USER"
|
210
|
+
end
|
211
|
+
|
212
|
+
def edit_domain_role?
|
213
|
+
xaptum_admin? || domain_admin?
|
214
|
+
end
|
215
|
+
|
216
|
+
def has_role?(role)
|
217
|
+
all_roles = @session[:roles]
|
218
|
+
all_roles.each do |cur_role|
|
219
|
+
if cur_role[:role] == role
|
220
|
+
return true
|
221
|
+
end
|
222
|
+
end
|
223
|
+
false
|
198
224
|
end
|
199
225
|
|
200
226
|
def host
|
201
|
-
|
227
|
+
@host.to_s
|
202
228
|
end
|
203
229
|
|
204
230
|
def auth_token
|
@@ -229,8 +255,8 @@ module EnfCli
|
|
229
255
|
}
|
230
256
|
|
231
257
|
desc "connect", "Connect to ENF Controller"
|
232
|
-
method_option :host, :
|
233
|
-
method_option :user, :
|
258
|
+
method_option :host, type: :string
|
259
|
+
method_option :user, type: :string
|
234
260
|
|
235
261
|
def connect(*names)
|
236
262
|
host = ""
|
@@ -278,7 +304,7 @@ module EnfCli
|
|
278
304
|
puts EnfCli::VERSION
|
279
305
|
end
|
280
306
|
|
281
|
-
desc "update", "", :
|
307
|
+
desc "update", "", hide: true
|
282
308
|
|
283
309
|
def update
|
284
310
|
cmd = Gem::Commands::UpdateCommand.new
|
@@ -286,7 +312,7 @@ module EnfCli
|
|
286
312
|
execute_gem_cmd cmd
|
287
313
|
end
|
288
314
|
|
289
|
-
desc "search", "", :
|
315
|
+
desc "search", "", hide: true
|
290
316
|
|
291
317
|
def search
|
292
318
|
cmd = Gem::Commands::SearchCommand.new
|
@@ -295,14 +321,14 @@ module EnfCli
|
|
295
321
|
end
|
296
322
|
|
297
323
|
desc "create-config-file", "Create a Xaptum configuration file in your home directory"
|
298
|
-
method_option :host, :
|
299
|
-
method_option :user, :
|
324
|
+
method_option :host, type: :string, required: true
|
325
|
+
method_option :user, type: :string, required: true
|
300
326
|
|
301
327
|
def create_config_file
|
302
328
|
host = options[:host]
|
303
329
|
user = options[:user]
|
304
330
|
config_file = File.new(CONFIG_FILE, "w+")
|
305
|
-
config_file.puts({ :
|
331
|
+
config_file.puts({ host: host, user: user }.to_json)
|
306
332
|
config_file.close
|
307
333
|
say "Config file created successfully at #{CONFIG_FILE}!", :green
|
308
334
|
end
|
@@ -349,7 +375,7 @@ module EnfCli
|
|
349
375
|
trap("INT") { system("stty", stty_save); exit }
|
350
376
|
|
351
377
|
while input = Readline.readline(EnfCli::CTX.instance.prompt, true)
|
352
|
-
break if input == "exit" or input ==
|
378
|
+
break if input == "exit" or input == '\q' or input == "quit"
|
353
379
|
|
354
380
|
# Remove blank lines from history
|
355
381
|
Readline::HISTORY.pop if input == ""
|
@@ -362,12 +388,12 @@ module EnfCli
|
|
362
388
|
|
363
389
|
# Shell CLI class
|
364
390
|
class CLI < EnfCli::EnfThor
|
365
|
-
desc "ls [<dir>]", "List files in a directory", :
|
366
|
-
method_option :dir, :
|
391
|
+
desc "ls [<dir>]", "List files in a directory", hide: true
|
392
|
+
method_option :dir, type: :string, required: false
|
367
393
|
|
368
394
|
def ls(dir = nil)
|
369
395
|
try_with_rescue do
|
370
|
-
dir
|
396
|
+
dir ||= "."
|
371
397
|
dir = EnfCli::expand_path(dir)
|
372
398
|
|
373
399
|
Dir.entries(dir).each { |f|
|
@@ -376,7 +402,7 @@ module EnfCli
|
|
376
402
|
end
|
377
403
|
end
|
378
404
|
|
379
|
-
desc "cat <file>", "Display contents of a file", :
|
405
|
+
desc "cat <file>", "Display contents of a file", hide: true
|
380
406
|
|
381
407
|
def cat(file)
|
382
408
|
try_with_rescue do
|
@@ -390,7 +416,7 @@ module EnfCli
|
|
390
416
|
end
|
391
417
|
end
|
392
418
|
|
393
|
-
desc "pwd", "Current Working Directory", :
|
419
|
+
desc "pwd", "Current Working Directory", hide: true
|
394
420
|
|
395
421
|
def pwd
|
396
422
|
try_with_rescue do
|
@@ -398,17 +424,18 @@ module EnfCli
|
|
398
424
|
end
|
399
425
|
end
|
400
426
|
|
401
|
-
desc "cd [<dir>]", "Change working directory", :
|
427
|
+
desc "cd [<dir>]", "Change working directory", hide: true
|
402
428
|
|
403
429
|
def cd(dir = "~")
|
404
430
|
try_with_rescue do
|
405
431
|
dir = EnfCli::expand_path(dir)
|
406
432
|
raise EnfCli::ERROR, "No such directory #{dir}" unless Dir.exist?(dir)
|
433
|
+
|
407
434
|
Dir.chdir(dir)
|
408
435
|
end
|
409
436
|
end
|
410
437
|
|
411
|
-
desc "host", "Display ENF Controller host", :
|
438
|
+
desc "host", "Display ENF Controller host", hide: true
|
412
439
|
|
413
440
|
def host
|
414
441
|
try_with_rescue do
|
@@ -416,7 +443,7 @@ module EnfCli
|
|
416
443
|
end
|
417
444
|
end
|
418
445
|
|
419
|
-
desc "clear", "Clear Terminal Screen", :
|
446
|
+
desc "clear", "Clear Terminal Screen", hide: true
|
420
447
|
|
421
448
|
def clear
|
422
449
|
try_with_rescue do
|
@@ -429,7 +456,7 @@ module EnfCli
|
|
429
456
|
|
430
457
|
def display_session_token
|
431
458
|
try_with_rescue_in_session do
|
432
|
-
say
|
459
|
+
say EnfCli::CTX.instance.auth_token.to_s
|
433
460
|
end
|
434
461
|
end
|
435
462
|
|
data/lib/enfcli/commands/user.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
#
|
2
|
-
# Copyright 2018 Xaptum,Inc
|
2
|
+
# Copyright 2018-2020 Xaptum,Inc
|
3
3
|
#
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
5
|
# you may not use this file except in compliance with the License.
|
@@ -14,170 +14,138 @@
|
|
14
14
|
# limitations under the License.
|
15
15
|
#
|
16
16
|
require "enfthor"
|
17
|
-
require "enfapi"
|
17
|
+
require "enfapi/user"
|
18
18
|
|
19
19
|
module EnfCli
|
20
20
|
module Cmd
|
21
|
+
##
|
22
|
+
# This class handles the commands that maniupulate users and roles
|
21
23
|
class User < EnfThor
|
22
24
|
no_commands {
|
23
25
|
def display_invites(invites)
|
24
26
|
headings = ["Id", "User Name", "Full Name", "Invited By", "Invite Code"]
|
25
27
|
rows = invites.map { |hash|
|
26
|
-
[hash[:id], hash[:email], hash[:name], hash[:
|
28
|
+
[hash[:id], hash[:email], hash[:name], hash[:created_by], hash[:invite_token]]
|
27
29
|
}
|
28
30
|
|
29
31
|
render_table(headings, rows)
|
30
32
|
end
|
31
33
|
|
32
34
|
def display_users(users)
|
33
|
-
headings = ["Id", "
|
34
|
-
rows =
|
35
|
-
|
36
|
-
|
37
|
-
|
35
|
+
headings = ["Id", "Name", "Username", "Domain", "Last Login", "Status"]
|
36
|
+
rows = []
|
37
|
+
users.each do |hash|
|
38
|
+
hash[:roles].each do |role|
|
39
|
+
rows.push [hash[:id],
|
40
|
+
hash[:full_name],
|
41
|
+
hash[:username],
|
42
|
+
hash[:domain],
|
43
|
+
hash[:last_login],
|
44
|
+
hash[:status]]
|
45
|
+
end
|
46
|
+
end
|
38
47
|
render_table(headings, rows)
|
39
48
|
end
|
40
49
|
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
# get params
|
46
|
-
name = options[:'name'].join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1')
|
47
|
-
email = options[:'email']
|
48
|
-
|
49
|
-
# call api
|
50
|
-
hash = { :email => email, :full_name => name, :welcome_text => "", :user_type => user_type }
|
51
|
-
data = EnfApi::API.instance.invite domain_network, hash
|
52
|
-
invite = data[:data]
|
53
|
-
display_invites invite
|
54
|
-
end
|
55
|
-
}
|
56
|
-
|
57
|
-
desc "invite-read-only-user", "Invite a domain user"
|
58
|
-
method_option :domain, :default => nil, :type => :string, :aliases => "-d"
|
59
|
-
method_option :'name', :type => :array, :required => true, :banner => "NAME"
|
60
|
-
method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
|
50
|
+
# Display the roles as a table
|
51
|
+
def display_roles(roles)
|
52
|
+
headings = ["Cidr", "Role"]
|
61
53
|
|
62
|
-
|
63
|
-
|
64
|
-
# use the domain network of the user
|
65
|
-
domain_network = EnfCli::CTX.instance.session[:domain_network]
|
66
|
-
raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network
|
67
|
-
|
68
|
-
# Get user role
|
69
|
-
user_role = EnfCli::CTX.instance.session[:type]
|
70
|
-
|
71
|
-
# check user roles
|
72
|
-
if user_role == "XAPTUM_ADMIN"
|
73
|
-
raise "--domain is required" unless options[:domain]
|
74
|
-
else
|
75
|
-
say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow if options[:domain]
|
76
|
-
options[:domain] = domain_network
|
54
|
+
rows = roles.map do |role|
|
55
|
+
[role[:cidr], role[:role]]
|
77
56
|
end
|
78
57
|
|
79
|
-
|
58
|
+
render_table(headings, rows)
|
80
59
|
end
|
81
|
-
end
|
82
|
-
|
83
|
-
desc "invite-domain-admin-user", "Invite a domain administrator"
|
84
|
-
method_option :domain, :default => nil, :type => :string, :aliases => "-d"
|
85
|
-
method_option :'name', :type => :array, :required => true, :banner => "NAME"
|
86
|
-
method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
|
87
|
-
|
88
|
-
def invite_domain_admin_user
|
89
|
-
try_with_rescue_in_session do
|
90
|
-
# use the domain network of the user
|
91
|
-
domain_network = EnfCli::CTX.instance.session[:domain_network]
|
92
|
-
raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network
|
93
|
-
|
94
|
-
# Get user role
|
95
|
-
user_role = EnfCli::CTX.instance.session[:type]
|
96
|
-
|
97
|
-
# check user roles
|
98
|
-
if user_role == "XAPTUM_ADMIN"
|
99
|
-
raise "--domain is required" unless options[:domain]
|
100
|
-
else
|
101
|
-
say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow if options[:domain]
|
102
|
-
options[:domain] = domain_network
|
103
|
-
end
|
104
60
|
|
105
|
-
|
61
|
+
def display_user_details(user)
|
62
|
+
display_users([user])
|
63
|
+
display_roles(user[:roles])
|
106
64
|
end
|
107
|
-
|
108
|
-
|
109
|
-
desc "invite-enf-admin-user", "Invite an ENF administrator"
|
110
|
-
method_option :'name', :type => :array, :required => true, :banner => "NAME"
|
111
|
-
method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
|
65
|
+
}
|
112
66
|
|
113
|
-
|
67
|
+
desc "send-invite",
|
68
|
+
"Send an invite to a new user or one with a modified role."
|
69
|
+
method_option :email, type: :string, required: true, banner: "EMAIL",
|
70
|
+
desc: "Full email address of user to invite."
|
71
|
+
method_option :name, type: :array, required: true, banner: "NAME",
|
72
|
+
desc: "Full name of user to invite."
|
73
|
+
method_option :domain, type: :string, default: nil, banner: "DOMAIN",
|
74
|
+
aliases: "-d"
|
75
|
+
method_option :network, type: :string, default: nil, banner: "NETWORK",
|
76
|
+
aliases: "-n"
|
77
|
+
method_option :role, type: :string, default: nil, banner: "ROLE",
|
78
|
+
aliases: "-r"
|
79
|
+
|
80
|
+
def send_invite
|
114
81
|
try_with_rescue_in_session do
|
115
|
-
#
|
116
|
-
|
117
|
-
|
118
|
-
raise EnfCli::ERROR, "Only ENF Administrators can invite ENF Administrator" unless user_role == "XAPTUM_ADMIN"
|
82
|
+
# get params
|
83
|
+
name = options[:name].join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1')
|
84
|
+
email = options[:email]
|
119
85
|
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
end
|
86
|
+
# get correct domain
|
87
|
+
domain = EnfCli::CTX.instance.session[:domain]
|
88
|
+
raise EnfCli::ERROR, "User not in a valid domain!" unless domain
|
124
89
|
|
125
|
-
|
126
|
-
|
127
|
-
|
90
|
+
# check if admin
|
91
|
+
if EnfCli::CTX.instance.xaptum_admin?
|
92
|
+
raise EnfCli::ERROR, "--domain is required" unless options[:domain]
|
128
93
|
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
94
|
+
domain = options[:domain]
|
95
|
+
elsif options[:domain]
|
96
|
+
say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow
|
97
|
+
end
|
133
98
|
|
134
|
-
|
99
|
+
invite_hash = { email: email,
|
100
|
+
full_name: name,
|
101
|
+
domain: domain }
|
135
102
|
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
end
|
103
|
+
role = options[:role]
|
104
|
+
role = role.upcase if role
|
105
|
+
network = options[:network]
|
140
106
|
|
141
|
-
|
142
|
-
method_option :'captive-domain', :type => :string, :required => true, :banner => "CAPTIVE CONTROL DOMAIN"
|
143
|
-
method_option :'name', :type => :array, :required => true, :banner => "NAME"
|
144
|
-
method_option :'email', :type => :string, :required => true, :banner => "EMAIL"
|
107
|
+
roles_hash = nil
|
145
108
|
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
109
|
+
case role
|
110
|
+
when "XAPTUM_ADMIN", "IAM_ADMIN"
|
111
|
+
roles_hash = [{ cidr: "::/0", role: role }]
|
112
|
+
when "DOMAIN_ADMIN", "DOMAIN_USER", "CAPTIVE_ADMIN"
|
113
|
+
roles_hash = [{ cidr: domain, role: role }]
|
114
|
+
when "NETWORK_ADMIN", "NETWORK_USER"
|
115
|
+
roles_hash = [{ cidr: network, role: role }]
|
116
|
+
end
|
150
117
|
|
151
|
-
|
118
|
+
if roles_hash
|
119
|
+
invite_hash[:roles] = roles_hash
|
120
|
+
end
|
152
121
|
|
153
|
-
|
154
|
-
|
122
|
+
resp_data = EnfApi::UserManager.instance.invite invite_hash
|
123
|
+
invite = resp_data[:data]
|
124
|
+
display_invites invite
|
155
125
|
end
|
156
126
|
end
|
157
127
|
|
158
|
-
desc "
|
159
|
-
method_option :
|
128
|
+
desc "delete-invite", "Delete an invite"
|
129
|
+
method_option :id, type: :string, required: true
|
160
130
|
|
161
|
-
def
|
131
|
+
def delete_invite
|
162
132
|
try_with_rescue_in_session do
|
133
|
+
id = options[:id]
|
163
134
|
# call api
|
164
|
-
EnfApi::
|
165
|
-
|
166
|
-
# print success
|
167
|
-
say "Invite Canceled!", :green
|
135
|
+
EnfApi::UserManager.instance.delete_invite id
|
136
|
+
say "Invite: #{id} successfully deleted", :green
|
168
137
|
end
|
169
138
|
end
|
170
139
|
|
171
|
-
desc "resend-
|
172
|
-
method_option :
|
140
|
+
desc "resend-invite", "Resend an invite"
|
141
|
+
method_option :id, type: :string, required: true
|
173
142
|
|
174
|
-
def
|
143
|
+
def resend_invite
|
175
144
|
try_with_rescue_in_session do
|
145
|
+
id = options[:id]
|
176
146
|
# call api
|
177
|
-
EnfApi::
|
178
|
-
|
179
|
-
# print success
|
180
|
-
say "Resent invite email!", :green
|
147
|
+
EnfApi::UserManager.instance.resend_invite id
|
148
|
+
say "Resent invite: #{id}!", :green
|
181
149
|
end
|
182
150
|
end
|
183
151
|
|
@@ -187,78 +155,155 @@ module EnfCli
|
|
187
155
|
def list_invites
|
188
156
|
try_with_rescue_in_session do
|
189
157
|
# use the domain network of the user
|
190
|
-
|
191
|
-
raise EnfCli::ERROR, "User not in a valid domain!" unless domain_network
|
192
|
-
|
193
|
-
# Get user role
|
194
|
-
user_role = EnfCli::CTX.instance.session[:type]
|
158
|
+
domain = nil
|
195
159
|
|
196
|
-
#
|
197
|
-
if
|
198
|
-
|
199
|
-
|
200
|
-
say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow
|
160
|
+
# only XAPTUM_ADMIN can specify --domain (but doesn't have to)
|
161
|
+
if EnfCli::CTX.instance.xaptum_admin?
|
162
|
+
domain = options[:domain] if options[:domain]
|
163
|
+
elsif options[:domain]
|
164
|
+
say "Warning: Ignoring command option --domain #{options[:domain]}", :yellow
|
201
165
|
end
|
202
166
|
|
203
167
|
# call the api
|
204
|
-
data = EnfApi::
|
168
|
+
data = EnfApi::UserManager.instance.list_invites domain
|
205
169
|
invites = data[:data]
|
206
170
|
|
207
171
|
display_invites invites
|
208
172
|
end
|
209
173
|
end
|
210
174
|
|
211
|
-
desc "
|
212
|
-
method_option :
|
175
|
+
desc "get-user-details", "Get User Details"
|
176
|
+
method_option :email, required: true, type: :string, banner: "EMAIL",
|
177
|
+
aliases: "-e"
|
213
178
|
|
214
|
-
def
|
179
|
+
def get_user_details
|
215
180
|
try_with_rescue_in_session do
|
216
|
-
#
|
217
|
-
|
218
|
-
|
181
|
+
# call the api
|
182
|
+
data = EnfApi::UserManager.instance.get_user options[:email]
|
183
|
+
user = data[:data][0]
|
184
|
+
|
185
|
+
display_user_details user
|
186
|
+
end
|
187
|
+
end
|
219
188
|
|
220
|
-
|
221
|
-
|
189
|
+
desc "list-users", "List users"
|
190
|
+
method_option :domain, default: nil, type: :string, banner: "DOMAIN",
|
191
|
+
aliases: "-d"
|
192
|
+
method_option :network, default: nil, type: :string, banner: "NETWORK",
|
193
|
+
aliases: "-n"
|
222
194
|
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
195
|
+
def list_users
|
196
|
+
try_with_rescue_in_session do
|
197
|
+
domain = options[:domain]
|
198
|
+
network = options[:network]
|
199
|
+
|
200
|
+
## initalize query param
|
201
|
+
query_param = ""
|
202
|
+
if domain
|
203
|
+
query_param = "?domain=#{domain}"
|
204
|
+
elsif network
|
205
|
+
query_param = "?network=#{network}"
|
228
206
|
end
|
229
207
|
|
230
208
|
# call the api
|
231
|
-
data = EnfApi::
|
209
|
+
data = EnfApi::UserManager.instance.list_users query_param
|
232
210
|
users = data[:data]
|
233
211
|
|
234
212
|
display_users users
|
235
213
|
end
|
236
214
|
end
|
237
215
|
|
216
|
+
desc "list-user-roles", "List user roles"
|
217
|
+
method_option :email, type: :string, required: true, banner: "EMAIL"
|
218
|
+
method_option :network, default: nil, type: :string, banner: "NETWORK",
|
219
|
+
aliases: "-n"
|
220
|
+
|
221
|
+
def list_user_roles
|
222
|
+
try_with_rescue_in_session do
|
223
|
+
# call api
|
224
|
+
data = EnfApi::UserManager.instance.list_user_roles options[:email], options[:network]
|
225
|
+
roles = data[:data]
|
226
|
+
|
227
|
+
# print roles
|
228
|
+
display_roles roles
|
229
|
+
end
|
230
|
+
end
|
231
|
+
|
232
|
+
desc "delete-user-roles", "Remove a user's roles"
|
233
|
+
method_option :email, type: :string, required: true, banner: "EMAIL"
|
234
|
+
method_option :network, default: nil, type: :string, banner: "NETWORK",
|
235
|
+
aliases: "-n",
|
236
|
+
desc: 'Can be a /64 cidr or "ALL"'
|
237
|
+
method_option :roles, type: :string, required: true, banner: "ROLES",
|
238
|
+
aliases: "-r",
|
239
|
+
desc: "Can be a valid DOMAIN or NETWORK role. " \
|
240
|
+
"Can take '*' wildcards."
|
241
|
+
|
242
|
+
def delete_user_roles
|
243
|
+
try_with_rescue_in_session do
|
244
|
+
user_id = options[:email]
|
245
|
+
roles = options[:roles]
|
246
|
+
roles = roles.upcase if roles
|
247
|
+
network = options[:network]
|
248
|
+
|
249
|
+
if roles[0..6] == "NETWORK" && !network
|
250
|
+
raise EnfCli::ERROR, "--network option must be included for --roles=#{roles}"
|
251
|
+
end
|
252
|
+
|
253
|
+
EnfApi::UserManager.instance.delete_user_roles user_id, roles, network
|
254
|
+
say "Role: #{roles} successfully removed from user: #{user_id}", :green
|
255
|
+
end
|
256
|
+
end
|
257
|
+
|
238
258
|
desc "deactivate-user", "Deactivate User"
|
239
|
-
method_option :
|
259
|
+
method_option :email, required: true, type: :string, banner: "EMAIL"
|
240
260
|
|
241
261
|
def deactivate_user
|
242
262
|
try_with_rescue_in_session do
|
243
|
-
|
244
263
|
## call the api
|
245
|
-
status = { :
|
246
|
-
EnfApi::
|
264
|
+
status = { status: "INACTIVE" }
|
265
|
+
EnfApi::UserManager.instance.update_user_status options[:email], status
|
247
266
|
|
248
267
|
say "Deactivated user!", :green
|
249
268
|
end
|
250
269
|
end
|
251
270
|
|
271
|
+
desc "add-user-role", "Add a new role to the specified rule."
|
272
|
+
method_option :email, type: :string, required: true, banner: "EMAIL"
|
273
|
+
method_option :cidr, type: :string, required: true, banner: "CIDR",
|
274
|
+
desc: "Can be a /64 cidr for NETWORK user or " \
|
275
|
+
"/48 cidr for DOMAIN user."
|
276
|
+
method_option :role, type: :string, required: true, banner: "ROLE",
|
277
|
+
aliases: "-r",
|
278
|
+
desc: "Can be a valid DOMAIN or NETWORK role. ",
|
279
|
+
enum: ["XAPTUM_ADMIN", "DOMAIN_ADMIN", "DOMAIN_USER", "NETWORK_ADMIN", "NETWORK_USER", "CAPTIVE_ADMIN", "IAM_ADMIN"]
|
280
|
+
|
281
|
+
def add_user_role
|
282
|
+
try_with_rescue_in_session do
|
283
|
+
## get options
|
284
|
+
email = options[:email]
|
285
|
+
role = options[:role]
|
286
|
+
role = role.upcase if role
|
287
|
+
cidr = EnfCli::IPV6Cidr.new(options[:cidr]).to_s
|
288
|
+
|
289
|
+
## call api
|
290
|
+
role_hash = [{ cidr: cidr, role: role }]
|
291
|
+
resp = EnfApi::UserManager.instance.add_user_role email, role_hash
|
292
|
+
resp_roles = resp[:data]
|
293
|
+
|
294
|
+
## display response
|
295
|
+
display_roles resp_roles
|
296
|
+
end
|
297
|
+
end
|
298
|
+
|
252
299
|
desc "activate-user", "Activate User"
|
253
|
-
method_option :
|
300
|
+
method_option :email, required: true, type: :string, banner: "EMAIL"
|
254
301
|
|
255
302
|
def activate_user
|
256
303
|
try_with_rescue_in_session do
|
257
|
-
|
258
304
|
## call the api
|
259
|
-
status = { :
|
260
|
-
EnfApi::
|
261
|
-
|
305
|
+
status = { status: "ACTIVE" }
|
306
|
+
EnfApi::UserManager.instance.update_user_status options[:email], status
|
262
307
|
say "Activated user!", :green
|
263
308
|
end
|
264
309
|
end
|