idnio 2.3.2b

data/lib/objects/email-templates.rb

@@ -0,0 +1,226 @@
+#!/usr/bin/env ruby
+require "json"
+require "idnio/idnapi"
+require "idnio/program"
+require "idnio/markdown"
+
+module EmailTemplates
+
+  @@email_template_cache = nil
+
+  @@exclude_email_templates = [
+    "Account Group Challenge Creation Notification",
+    "Account Selection Notification",
+    "Batch Approval",
+    "Certification Decision Challenged Notification",
+    "Certification Reminder",
+    "Certification Sign Off Approval",
+    "Challenge Accepted",
+    "Challenge Creation Notification",
+    "Challenge Decision Expiration",
+    "Challenge Expiration",
+    "Challenge Period End",
+    "Challenge Period Start",
+    "Challenge Rejected",
+    "Continuous Certification Escalation",
+    "Continuous Certification Reminder",
+    "Default Report Template",
+    "Delegation Finished",
+    "Delegation Revocation",
+    "Delegation",
+    "LCM Identity Update Approval",
+    "LCM Manager Notification",
+    "LCM Password Change Notification",
+    "LCM Registration Approval",
+    "LCM Registration Manager Notification",
+    "LCM Registration Security Officer Notification",
+    "LCM Registration User Notification",
+    "LCM Requester Notification",
+    "LCM User Notification",
+    "Mitigation Expiration",
+    "Native Account Change Manager Notification",
+    "Open Certifications",
+    "Pending Manual Changes",
+    "Policy Violation Delegation",
+    "Policy Violation",
+    "Provisioning Form Notification",
+    "Remediation Item Assignment Removal",
+    "Remediation Item Assignment",
+    "Remediation Notification",
+    "Remediation Work Item",
+    "Report Completion",
+    "Role Modeler - Approval",
+    "Role Modeler - Impact Analysis Review",
+    "Task Result Signoff",
+    "Task Status",
+    "Work Item Assignment Removal",
+    "Work Item Assignment",
+    "Work Item Comment",
+    "Work Item Escalation",
+    "Work Item Forward",
+    "Work Item Reminder"
+  ]
+
+  #
+  # Gets Email Template configuration by name.
+  #
+  def self.get_by_name( name )
+
+    if (@@email_template_cache == nil)
+      response = IDNAPI.get( "#{$url}/cc/api/emailTemplate/list", $token )
+      @@email_template_cache = JSON.parse( response.body )
+    end # if (@@email_template_cache == nil)
+
+    unless @@email_template_cache.nil?
+      @@email_template_cache['items'].each do |email_template|
+        if( email_template["name"] == name )
+          return email_template
+        end # if( email_template["name"] == name )
+      end # @@email_template_cache['items'].each do |email_template|
+    end # unless @@email_template_cache.nil?
+
+    return nil
+  end
+
+  #
+  # Exports Email Template configurations.
+  #
+  def self.export( directory )
+
+    response = IDNAPI.get( "#{$url}/cc/api/emailTemplate/list", $token )
+
+    case response
+    when Net::HTTPSuccess
+
+      email_templates = JSON.parse( response.body )
+
+      $log.info "\tDetected #{email_templates['count']} email templates."
+
+      email_templates['items'].each do |email_template|
+
+        if (!@@exclude_email_templates.include? email_template["name"])
+
+          $log.info "\tEmail Template: #{email_template["name"]}"
+          Program.write_file( "#{directory}/email-templates/", "Email Template - #{email_template["name"]}.json", JSON.pretty_generate( email_template ) )
+
+        else
+
+          $log.debug "\tSkipping Email Template: #{email_template["name"]}"
+
+        end # if (!@@default_email_templates.include? email_template["name"])...
+
+      end # email_templates['items'].each do |email_template|
+
+    else
+      $log.error "\tError: Unable to fetch email templates."
+    end # case response
+
+  end
+
+  #
+  # Imports Email Template configurations.
+  #
+  def self.import( directory )
+
+    # Read from the file system to determine how many identity profile configurations we have.
+    email_templates = Program.read_directory("#{directory}/email-templates")
+
+    $log.info "\tDetected #{email_templates.length} email templates."
+
+    # Iterate through each email template.
+    email_templates.each do |raw_email_template|
+
+      # Get the email template JSON.
+      email_template = JSON.parse( raw_email_template )
+
+      $log.info "\tEmail Template: #{email_template["name"]}"
+
+      # Get the existing email template.
+      existing_email_template = EmailTemplates.get_by_name( email_template["name"] )
+
+      # Make sure the email template referenced, actually exists.
+      unless existing_email_template.nil?
+
+        if (!@@exclude_email_templates.include? email_template["name"])
+
+          update_params = {
+            "id": existing_email_template["id"],
+            "name": email_template["name"],
+            "description": email_template["description"],
+            "subject": email_template["subject"],
+            "body": email_template["body"],
+            "state": email_template["state"],
+            "cc": email_template["cc"]
+          }
+
+          $log.debug "\t\tUpdating email template..."
+          response = IDNAPI.post_form( "#{$url}/cc/api/emailTemplate/update", $token, update_params )
+          $log.debug "\t\tEmail template updated."
+
+        else
+          $log.debug "\tSkipping Email Template: #{email_template["name"]}"
+        end # if (!@@default_transforms.include? transform["id"]...
+
+      else
+        $log.warn "\t\tSkipping unknown email template. \n"
+      end # unless existing_email_template.nil?
+
+    end # email_templates.each do |raw_email_template|
+
+  end
+
+  #
+  # Documents Email Template configurations.
+  #
+  def self.doc
+
+    response = IDNAPI.get( "#{$url}/cc/api/emailTemplate/list", $token )
+
+    case response
+    when Net::HTTPSuccess
+
+      email_templates = JSON.parse( response.body )
+
+      $log.info "\tDetected #{email_templates['count']} email templates."
+
+      # Give up if we don't have any email templates to doc
+      # if email_templates.nil? || email_templates.empty? || email_templates['count'] == 0 )
+      #   break
+      # end
+
+      Markdown.h2( "Email Templates" )
+
+      email_templates['items'].each do |email_template|
+
+        if (!@@exclude_email_templates.include? email_template["name"])
+
+          $log.info "\tEmail Template: #{email_template["name"]}"
+
+          Markdown.h3( email_template["name"] )
+
+          unless email_template["subject"].nil?
+            Markdown.text( "Subject:\n")
+            Markdown.xml( email_template["subject"] )
+          end
+
+          unless email_template["body"].nil?
+            Markdown.text( "Body:\n")
+            Markdown.xml( email_template["body"] )
+          end
+
+        else
+
+          $log.debug "\tSkipping Email Template: #{email_template["name"]}"
+
+        end # if (!@@default_email_templates.include? email_template["name"])...
+
+      end # email_templates['items'].each do |email_template|
+
+    else
+      $log.error "\tError: Unable to fetch email templates."
+    end # case response
+
+    Markdown.write
+  end
+
+end

data/lib/objects/identity-attributes.rb

@@ -0,0 +1,136 @@
+#!/usr/bin/env ruby
+require "json"
+require "idnio/idnapi"
+require "idnio/program"
+require "idnio/markdown"
+
+module IdentityAttributes
+
+  @@disallowed_identity_attributes = [
+    "country",
+    "displayName",
+    "email",
+    "endDate",
+    "firstname",
+    "identificationNumber",
+    "lastname",
+    "licenseStatus",
+    "manager",
+    "personalEmail",
+    "phone",
+    "startDate",
+    "uid",
+    "workPhone",
+    "cloudLifecycleState",
+    "department",
+    "title"
+  ]
+
+  #
+  # Gets an identity attribute by name
+  #
+  def self.get_by_name( name )
+    response = IDNAPI.get( URI.escape("#{$url}/cc/api/identityAttribute/get?name=#{name}"), $token )
+    case response
+    when Net::HTTPSuccess
+      return JSON.parse( response.body )
+    else
+      return nil
+    end
+  end
+
+  #
+  # Creates an identity attribute
+  #
+  def self.create( identity_attribute )
+    create_json = {
+      'displayName' => identity_attribute['displayName'],
+      'name' => identity_attribute['name'],
+      'multiValued' => identity_attribute['multiValued'],
+      'namedColumn' => identity_attribute['namedColumn'],
+      'searchable' => identity_attribute['searchable'],
+      'standard' => identity_attribute['standard'],
+      'system' => identity_attribute['system'],
+      'type' => identity_attribute['type']
+    }
+    response = IDNAPI.post_json( "#{$url}/cc/api/identityAttribute/create", $token, create_json )
+  end
+
+  #
+  # Updates an identity attribute
+  #
+  def self.update( identity_attribute )
+    update_json = {
+      'displayName' => identity_attribute['displayName'],
+      'name' => identity_attribute['name'],
+      'multiValued' => identity_attribute['multiValued'],
+      'namedColumn' => identity_attribute['namedColumn'],
+      'searchable' => identity_attribute['searchable'],
+      'standard' => identity_attribute['standard'],
+      'system' => identity_attribute['system'],
+      'type' => identity_attribute['type']
+    }
+    response = IDNAPI.post_json( "#{$url}/cc/api/identityAttribute/update?name=#{identity_attribute['name']}", $token, update_json )
+  end
+
+  #
+  # Exports Identity Attribute configurations.
+  #
+  def self.export( directory )
+
+    response = IDNAPI.get( "#{$url}/cc/api/identityAttribute/list", $token )
+
+    case response
+    when Net::HTTPSuccess
+
+      identity_attributes = JSON.parse( response.body )
+
+      $log.info "\tRetreived identity attributes."
+
+      Program.write_file( File.join( directory, "identity-attributes"), "identity-attributes.json", JSON.pretty_generate( identity_attributes ) )
+
+    else
+      $log.error "\tError: Unable to fetch identity attributes."
+    end # case response
+
+  end
+
+  #
+  # Import Identity Attribute configurations.
+  #
+  def self.import( directory )
+
+    # Read configurations from the file system.
+    identity_attributes = Program.read_file( File.join( directory, "identity-attributes", "identity-attributes.json") )
+    $log.info "\tRetreived identity attributes."
+
+    unless identity_attributes.nil?
+
+      JSON.parse( identity_attributes ).each do |identity_attribute|
+
+        unless ( @@disallowed_identity_attributes.include? identity_attribute["name"] )
+
+          existing_identity_attribute = IdentityAttributes.get_by_name( identity_attribute["name"] )
+
+          if existing_identity_attribute.nil?
+            response = IdentityAttributes.create( identity_attribute )
+          else
+            response = IdentityAttributes.update( identity_attribute )
+          end
+
+        else
+          $log.warn "\t\tSkipping default identity attribute: #{identity_attribute["name"]}."
+        end
+      end
+
+    end
+  end
+
+  #
+  # Documents Identity Attribute configurations.
+  #
+  def self.doc
+    $log.warn "\tDocumentation for object type identity-attributes is not supported at this time."
+  end
+
+end

data/lib/objects/identity-profiles.rb

@@ -0,0 +1,206 @@
+#!/usr/bin/env ruby
+require "json"
+require "idnio/idnapi"
+require "idnio/program"
+require "idnio/markdown"
+
+module IdentityProfiles
+
+  #
+  # These are a list of attributes which are used to update.
+  #
+  @@update_attributes = [
+    "attributeConfig",
+    "authErrorText",
+    "autoInvitationOption",
+    "autoInvite",
+    "autoInviteLifeCycleState",
+    "blockOffNetwork",
+    "blockUntrustedGeographies",
+    "description",
+    "priority",
+    "pwdResetDuo",
+    "pwdResetKba",
+    "pwdResetMfaType",
+    "pwdResetPersonalEmailCode",
+    "pwdResetPersonalPhone",
+    "pwdResetRsa",
+    "pwdResetSafenet",
+    "pwdResetSymantecVip",
+    "pwdResetWorkEmailCode",
+    "pwdResetWorkPhone",
+    "strongAuthDuo",
+    "strongAuthKba",
+    "strongAuthLogin",
+    "strongAuthLoginOffNetwork",
+    "strongAuthLoginUntrustedGeographies",
+    "strongAuthPassword",
+    "strongAuthPersonalEmail",
+    "strongAuthPersonalPhone",
+    "strongAuthRsa",
+    "strongAuthSafenet",
+    "strongAuthSymantecVip",
+    "strongAuthWorkEmail",
+    "strongAuthWorkPhone"
+  ]
+
+  #
+  # Query an Identity Profile configuration.
+  #
+  def self.get_by_name( name )
+
+    response = IDNAPI.get( "#{$url}/cc/api/profile/list", $token )
+
+    case response
+    when Net::HTTPSuccess
+
+      identity_profiles = JSON.parse( response.body )
+
+      identity_profiles.each do |identity_profile|
+
+        if( identity_profile["name"] == name )
+          return identity_profile
+        end
+
+      end
+    end # case response
+
+    return nil
+  end
+
+  #
+  # Exports Identity Profile configurations.
+  #
+  def self.export( directory )
+
+    response = IDNAPI.get( "#{$url}/cc/api/profile/list", $token )
+
+    unless response.nil?
+
+      identityProfiles = JSON.parse( response.body )
+
+      $log.info "\tDetected #{identityProfiles.count} identity profiles."
+
+      identityProfiles.each do |identityProfile|
+
+        response = IDNAPI.get( "#{$url}/cc/api/profile/get/#{identityProfile["id"]}", $token )
+
+        identityProfileObject = JSON.parse( response.body )
+
+        $log.info "\tIdentity Profile: #{identityProfileObject["name"]}"
+
+        Program.write_file( "#{directory}/identity-profiles/", "Identity Profile - #{identityProfileObject["name"]}.json", JSON.pretty_generate( identityProfileObject ) )
+
+      end
+    end
+  end
+
+  #
+  # Imports Identity Profile configurations.
+  #
+  def self.import( directory )
+
+    # Read from the file system to determine how many identity profile configurations we have.
+    identity_profiles = Program.read_directory("#{directory}/identity-profiles")
+    $log.info "\tDetected #{identity_profiles.length} identity profiles."
+
+    #
+    # Iterate through each identity profile.
+    #
+    identity_profiles.each do |identity_profile|
+
+      # Get the identity profile JSON.
+      template_idp = JSON.parse( identity_profile )
+
+      $log.info "\tIdentity Profile: #{template_idp["name"]}"
+
+      # Get the existing identity profile.
+      existing_idp = IdentityProfiles.get_by_name( template_idp["name"] )
+
+      # If we don't have an existing IDP, lets create one.
+      if existing_idp.nil?
+
+        # Lets get our existing source.
+        existing_source_id = Sources.get_cc_id( template_idp['source']['name'] )
+
+        # We can't create an identity profile without an existing source, so make sure we have one.
+        unless existing_source_id.nil?
+
+          $log.debug "\t\tCreating identity profile..."
+
+          create_params = {
+            "name" => template_idp['name'],
+            "sourceId" => existing_source_id
+          }
+          response = IDNAPI.post_form( "#{$url}/cc/api/profile/create", $token, create_params )
+
+          unless response.nil?
+            existing_idp = IdentityProfiles.get_by_name( template_idp['name'] )
+            $log.debug "done.\n"
+          end
+        else
+          $log.warn "\t\tSkipping identity profile creation. Source [#{template_idp['source']['name']}] does not exist.\n"
+        end
+
+      end
+
+      # Now that we have an IDP, lets update it.
+      unless existing_idp.nil?
+
+        #
+        # Do some clean-up on attribute references... sigh.
+        #
+        template_idp["attributeConfig"]["attributeTransforms"].each do |attributeTransform|
+          unless attributeTransform.nil? || ["attributes"].nil?
+            attributeTransform["attributes"].delete( "applicationId" )
+            attributeTransform["attributes"].delete( "applicationName" )
+
+            unless attributeTransform["attributes"]["input"].nil?
+              attributeTransform["attributes"]["input"]["attributes"].delete( "applicationId" )
+              attributeTransform["attributes"]["input"]["attributes"].delete( "applicationName" )
+            end
+          end
+        end
+
+        #
+        # Copy over certain settings from the template.
+        #
+        @@update_attributes.each do |update_attribute|
+          existing_idp[update_attribute] = template_idp[update_attribute]
+        end
+
+        $log.debug "\t\tUpdating identity profile..."
+        IDNAPI.post_json( "#{$url}/cc/api/profile/update/#{existing_idp["id"]}", $token, existing_idp )
+        $log.debug "done.\n"
+
+      end
+
+    end
+  end
+
+  #
+  # Documents Identity Profile configurations.
+  #
+  def self.doc
+    Markdown.h2( "Identity Profiles" )
+
+    response = IDNAPI.get( "#{$url}/cc/api/profile/list", $token )
+    unless response.nil?
+      identityProfiles = JSON.parse( response.body )
+
+      $log.info "\tDetected #{identityProfiles.count} identity profiles."
+
+      identityProfiles.each do |identityProfile|
+
+        response = IDNAPI.get( "#{$url}/cc/api/profile/get/#{identityProfile["id"]}", $token )
+
+        identityProfile_object = JSON.parse( response.body )
+
+        $log.info "\tIdentity Profile: #{identityProfile_object["name"]}"
+
+      end
+    end
+
+    Markdown.write
+  end
+end