idnio 2.3.2b

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a338413e2b8be16c9974354d15d8bc953e54a3378601a62c07e9609d29c63bb9
+  data.tar.gz: e5c86b39c1e50cf90d652c77957065bc4caeaa28531d0527991fdec6d5344680
+SHA512:
+  metadata.gz: e3b13ab5922d07ba762603c50ff6d783eaa88f485dc925ddfe34fa3551d15411505085ed2adbb90de81d4080d4bf1b2e95b8b4264f9ebe1d0198f7879935ec1e
+  data.tar.gz: 2ef7893e6c0fe821d1b198cca854ace82ad5b8c656ad129e026e705cad6d06dd88d6ea094aca05ff3188c156410ab0dcb84c1f97a87160086690c39b8ce7adae

data/lib/idnio.rb

@@ -0,0 +1,295 @@
+require 'fileutils'
+require 'logger'
+require "date"
+require "idnio/version"
+require "idnio/program"
+require "idnio/markdown"
+require "objects/transforms"
+require "objects/system-settings"
+require "objects/sources"
+require "objects/account-schemas"
+require "objects/account-profiles"
+require "objects/access-profiles"
+require "objects/applications"
+require "objects/attribute-sync-config"
+require "objects/branding"
+require "objects/campaign-filters"
+require "objects/connectors"
+require "objects/email-templates"
+require "objects/identity-attributes"
+require "objects/identity-profiles"
+require "objects/integrations"
+require "objects/lifecycle-states"
+require "objects/password-policies"
+require "objects/password-sync-groups"
+require "objects/public-identities-config"
+require "objects/access-request-config"
+require "objects/reference-resolver"
+require "objects/roles"
+require "objects/rules"
+
+module IDNIO
+
+  $config = nil
+
+  $log = Logger.new(STDOUT)
+  $log.level = Logger::WARN
+  $log.datetime_format = '%Y-%m-%d %H:%M:%S'
+  $log.formatter = proc do |severity, datetime, progname, msg|
+    "#{msg}\n"
+  end
+
+  def self.setConfig(config)
+    $config = config
+
+    unless $config["log-level"].nil?
+      $log.level = $config["log-level"]
+    end
+
+  end
+
+  def self.docs()
+
+    #
+    # Program Start / Version
+    #
+    Program.start( "IdentityNow I/O Documenter", "Neil McGlennon, Dustin Yeager", Idnio::VERSION, Idnio::UPDATE_DATE )
+
+    #
+    # Constants
+    #
+    $output = File.join( $config['output-directory'], $tenant, "README.md")
+
+    #
+    # Initialize Markdown
+    #
+    Markdown.open( $output )
+    Markdown.text( "![SailPoint](https://files.accessiq.sailpoint.com/modules/builds/static-assets/perpetual/sailpoint/logo/1.0/sailpoint_logo_color_228x50.png)\n\n\n" )
+    Markdown.h1( "IdentityNow Configuration" )
+    Markdown.ul( [
+      "Generated on **#{Date.today.iso8601}**",
+      "Generated for **#{$tenant}**"
+    ] )
+    Markdown.toc
+    Markdown.write
+
+    #
+    # Main Process
+    #
+    $config['process'].each do |key, value|
+      if value
+        Program.output( "Documenting #{key}..." )
+        case key
+        when "access-profiles"
+          AccessProfiles.doc
+        when "account-profiles"
+          AccountProfiles.doc
+        when "account-schemas"
+          AccountSchemas.doc
+        when "applications"
+          Applications.doc
+        when "attribute-sync-config"
+          AttributeSyncConfig.doc
+        when "branding"
+          Branding.doc
+        when "campaign-filters"
+          CampaignFilters.doc
+        when "connectors"
+          Connectors.doc
+        when "email-templates"
+          EmailTemplates.doc
+        when "identity-attributes"
+          IdentityAttributes.doc
+        when "identity-profiles"
+          IdentityProfiles.doc
+        when "integrations"
+          Integrations.doc
+        when "lifecycle-states"
+          LifecycleStates.doc
+        when "password-policies"
+          PasswordPolicies.doc
+        when "password-sync-groups"
+          PasswordSyncGroups.doc
+        when "roles"
+          Roles.doc
+        when "rules"
+          Rules.doc
+        when "sources"
+          Sources.doc
+        when "system-settings"
+          SystemSettings.doc
+        when "public-identities-config"
+          PublicIdentitiesConfig.doc
+        when "access-request-config"
+          AccessRequestConfig.doc
+        when "transforms"
+          Transforms.doc
+        else
+          $log.warn "#{key} is not a valid doc type! Skipping."
+        end
+      else
+        Program.output( "Skipping #{key}, since it is disabled." )
+      end
+    end
+
+    #
+    # Completion!
+    #
+    Program.end
+  end
+
+  def self.import()
+
+    #
+    # Program Start / Version
+    #
+    Program.start( "IdentityNow I/O Importer", "Neil McGlennon, Dustin Yeager", Idnio::VERSION, Idnio::UPDATE_DATE )
+
+    #
+    # Constants
+    #
+    $input = File.join( $config['input-directory'], $tenant )
+
+    #
+    # Main Process
+    #
+    $config['process'].each do |key, value|
+      if value
+        Program.output( "Importing #{key}..." )
+        case key
+        when "access-profiles"
+          AccessProfiles.import( $input )
+        when "account-profiles"
+          AccountProfiles.import( $input )
+        when "account-schemas"
+          AccountSchemas.import( $input )
+        when "applications"
+          Applications.import( $input )
+        when "attribute-sync-config"
+          AttributeSyncConfig.import( $input )
+        when "branding"
+          Branding.import( $input )
+        when "campaign-filters"
+          CampaignFilters.import( $input )
+        when "connectors"
+          Connectors.import( $input )
+        when "email-templates"
+          EmailTemplates.import( $input )
+        when "identity-attributes"
+          IdentityAttributes.import( $input )
+        when "identity-profiles"
+          IdentityProfiles.import( $input )
+        when "integrations"
+          Integrations.import( $input )
+        when "lifecycle-states"
+          LifecycleStates.import( $input )
+        when "password-policies"
+          PasswordPolicies.import( $input )
+        when "password-sync-groups"
+          PasswordSyncGroups.import( $input )
+        when "roles"
+          Roles.import( $input )
+        when "rules"
+          Rules.import( $input )
+        when "sources"
+          Sources.import( $input )
+        when "system-settings"
+          SystemSettings.import( $input )
+        when "public-identities-config"
+          PublicIdentitiesConfig.import( $input )
+        when "access-request-config"
+          AccessRequestConfig.import( $input )
+        when "transforms"
+          Transforms.import( $input )
+        else
+          $log.warn "#{key} is not a valid export type! Skipping."
+        end
+      else
+        Program.output( "Skipping #{key}, since it is disabled." )
+      end
+    end
+
+    #
+    # Completion!
+    #
+    Program.end
+  end
+
+  def self.export()
+
+    #
+    # Program Start / Version
+    #
+    Program.start( "IdentityNow I/O Exporter", "Neil McGlennon, Dustin Yeager", Idnio::VERSION, Idnio::UPDATE_DATE )
+
+    #
+    # Constants
+    #
+    $output = File.join( $config['output-directory'], $tenant )
+
+    #
+    # Main Process
+    #
+    $config['process'].each do |key, value|
+      if value
+        Program.output( "Exporting #{key}..." )
+        case key
+        when "access-profiles"
+          AccessProfiles.export( $output )
+        when "account-profiles"
+          AccountProfiles.export( $output )
+        when "account-schemas"
+          AccountSchemas.export( $output )
+        when "applications"
+          Applications.export( $output )
+        when "attribute-sync-config"
+          AttributeSyncConfig.export( $output )
+        when "branding"
+          Branding.export( $output )
+        when "campaign-filters"
+          CampaignFilters.export( $output)
+        when "connectors"
+          Connectors.export( $output )
+        when "email-templates"
+          EmailTemplates.export( $output )
+        when "identity-attributes"
+          IdentityAttributes.export( $output )
+        when "identity-profiles"
+          IdentityProfiles.export( $output )
+        when "integrations"
+          Integrations.export( $output )
+        when "lifecycle-states"
+          LifecycleStates.export( $output )
+        when "password-policies"
+          PasswordPolicies.export( $output )
+        when "password-sync-groups"
+          PasswordSyncGroups.export( $output )
+        when "roles"
+          Roles.export( $output )
+        when "rules"
+          Rules.export( $output )
+        when "sources"
+          Sources.export( $output )
+        when "system-settings"
+          SystemSettings.export( $output )
+        when "public-identities-config"
+          PublicIdentitiesConfig.export( $output )
+        when "access-request-config"
+          AccessRequestConfig.export( $output )
+        when "transforms"
+          Transforms.export( $output )
+        else
+          $log.warn "#{key} is not a valid export type! Skipping."
+        end
+      else
+        Program.output( "Skipping #{key}, since it is disabled." )
+      end
+    end
+
+    #
+    # Completion!
+    #
+    Program.end
+  end
+
+end

data/lib/idnio/crypto.rb

@@ -0,0 +1,34 @@
+require 'openssl'
+require 'base64'
+
+#
+# Auxillary Cryptography classes for hashing and RSA encryption.
+#
+module Crypto
+
+  #
+  # Hashes a password given a password and a salt.
+  #
+  def self.hash_password( password, salt )
+    if ( password.nil? || salt.nil? )
+      return nil
+    end
+
+    return Digest::SHA256.hexdigest( password + Digest::SHA256.hexdigest( salt.downcase ) )
+  end
+
+  #
+  # Encrypts the password using RSA encryption.  Used for password reset utilities.
+  # public_key_string must be in the format:
+  #    "-----BEGIN PUBLIC KEY-----\nMIIBI...+QwIDAQAB\n-----END PUBLIC KEY-----"
+  #
+  def self.encrypt_password( public_key_string, password )
+    if ( public_key_string.nil? || password.nil? )
+      return nil
+    end
+
+    public_key = OpenSSL::PKey::RSA.new( public_key_string )
+    return Base64.encode64( public_key.public_encrypt( password ) )
+  end
+
+end

data/lib/idnio/idnapi.rb

@@ -0,0 +1,158 @@
+require 'fileutils'
+require "net/http"
+require "uri"
+require "json"
+
+#
+# IDN API Utility
+#
+module IDNAPI
+
+  #
+  # Utility method to call the API (for GET calls only).
+  #
+  def self.get( url, token )
+
+    $log.debug "Calling GET #{url}"
+
+    url = URI.parse( url )
+    http = Net::HTTP.new( url.host, url.port )
+    http.use_ssl = true
+    header = {
+      "Authorization": "Bearer #{token}"
+    }
+    request = Net::HTTP::Get.new( url, header )
+    response = http.request( request )
+
+    return analyze_response( request, response )
+
+  end
+
+  #
+  # Utility method to call the API for Unauthenticated POST calls only
+  #
+  def self.post_unauth( url )
+
+    $log.debug "Calling (unathenticated) POST #{url} with no data."
+
+    url = URI( url )
+    http = Net::HTTP.new( url.host, url.port )
+    http.use_ssl = true
+    header = {}
+    request = Net::HTTP::Post.new( url, header )
+    response = http.request( request )
+
+    return analyze_response( request, response )
+
+  end
+
+  #
+  # Utility method to call the API (for JSON POST calls only).
+  #
+  def self.post_json( url, token, json_object )
+
+    $log.debug "Calling POST #{url} with data: #{json_object}"
+
+    url = URI( url )
+    http = Net::HTTP.new( url.host, url.port )
+    http.use_ssl = true
+    header = {
+      "Authorization": "Bearer #{token}",
+      "Content-Type":"application/json",
+      "cache-control": "no-cache"
+    }
+    request = Net::HTTP::Post.new( url, header )
+    unless json_object.nil?
+      request.body = json_object.to_json
+    end
+    response = http.request( request )
+
+    return analyze_response( request, response )
+
+  end
+
+  #
+  # Utility method to call the API (for JSON POST calls only).
+  #
+  def self.put_json( url, token, json_object )
+
+    $log.debug "Calling PUT #{url} with data: #{json_object}"
+
+    url = URI( url )
+    http = Net::HTTP.new( url.host, url.port )
+    http.use_ssl = true
+    header = {
+      "Authorization": "Bearer #{token}",
+      "Content-Type":"application/json",
+      "cache-control": "no-cache"
+    }
+    request = Net::HTTP::Put.new( url, header )
+    request.body = json_object.to_json
+    response = http.request( request )
+
+    return analyze_response( request, response )
+
+  end
+
+  #
+  # Utility method to call the API (for form POST calls only)
+  #
+  def self.post_form( url, token, form_data )
+
+    $log.debug "Calling POST #{url} with data: #{form_data}"
+
+    url = URI( url )
+    http = Net::HTTP.new( url.host, url.port )
+    http.use_ssl = true
+    header = {
+      "Authorization": "Bearer #{token}",
+      "Content-Type":"application/x-www-form-urlencoded",
+      "cache-control": "no-cache"
+    }
+
+    request = Net::HTTP::Post.new( url, header )
+    request.body = URI.encode_www_form( form_data )
+    response = http.request( request )
+
+    return analyze_response( request, response )
+
+  end
+
+  #
+  # Utility method to analyze the responses
+  #
+  def self.analyze_response( request, response )
+
+    $log.debug( "Received response: #{response.code} #{response.message} #{response.body}")
+
+    case response
+    when Net::HTTPSuccess
+      $log.debug "Successful response recieved."
+      return response
+    when Net::HTTPForbidden
+      $log.fatal "Error: Forbidden. Try logging in as an admin, or stepping up auth."
+      abort
+    when Net::HTTPUnauthorized
+      $log.fatal "Error: The token has expired. Update your session token and try again."
+      abort
+    when Net::OpenTimeout
+      $log.fatal "Error: API has been unresponsive.  Please retry the operation."
+      abort
+    when Net::HTTPBadRequest
+      $log.debug "\tError: Bad Request."
+    when Net::HTTPNotFound
+      $log.debug "\tWarning: Not Found."
+    when Net::HTTPServerError
+      $log.debug "\tError: Server Error."
+    else
+      unless response.body.nil?
+        $log.debug "\tError: #{ response.body }"
+      else
+        $log.debug "\tError: Unknown."
+      end
+    end
+
+    return response
+  end
+
+end