idnio 2.3.3b → 2.3.4b

data/lib/objects/roles.rb

@@ -7,6 +7,29 @@ require "idnio/markdown"
 
 module Roles
 
+  #
+  # Gets Role Name from ID
+  #
+  def self.get_name_from_id( id )
+    result = ReferenceResolver.search_for_single_object( "roles", "id:#{id}" )
+    unless result.nil?
+      return result['name']
+    end
+    return nil
+  end
+
+  #
+  # Gets Role ID from Name
+  #
+  def self.get_id_from_name( name )
+    result = ReferenceResolver.search_for_single_object( "roles", "name:#{name}" )
+    unless result.nil?
+      return result['id']
+    end
+    return nil
+  end
+
+
   def self.querysearch( query )
 
     response = IDNAPI.get( "#{$url}/v2/search/roles?offset=0&limit=10&query=#{query}", $token )
@@ -33,40 +56,47 @@ module Roles
 
     response = IDNAPI.get( "#{$url}/cc/api/role/list", $token )
 
-    unless response.nil?
+    case response
+    when Net::HTTPSuccess
 
       roles = JSON.parse( response.body )
 
-      $log.info "\tDetected #{roles['count']} roles."
+      $log.info "\tRetrieved #{roles['count']} roles."
 
       roles['items'].each do |role|
 
-        apNames = ""
-
         $log.info "\tRole: #{role["displayName"]}"
 
-        role_response = IDNAPI.get( "#{$url}/cc/api/role/get/?id=#{role["id"]}", $token )
+        response = IDNAPI.get( "#{$url}/cc/api/role/get/?id=#{role["id"]}", $token )
 
-        full_role = JSON.parse( role_response.body )
+        case response
+        when Net::HTTPSuccess
 
-        full_role['accessProfileIds'].each do |ap|
+          role = JSON.parse( response.body )
 
-          response = IDNAPI.get( "#{$url}/v2/search/accessprofiles?query='id=#{ap}''", $token )
+          access_profile_names = []
 
-          unless response.nil?
-            result = JSON.parse( response.body )
-            result.each do |r|
-
-              apNames << r['name']
-              apNames << ";"
+          role['accessProfileIds'].each do |access_profile_id|
+            access_profile_name = AccessProfiles.get_name_from_id( access_profile_id )
+            unless access_profile_name.nil?
+              access_profile_names.push( access_profile_name )
             end
           end
-        end
-        full_role['accessProfileNames'] = apNames
 
-        Program.write_file( "#{directory}/roles/", "Role - #{full_role["displayName"]}.json", JSON.pretty_generate(full_role) )
-      end
-    end
+          role['accessProfileNames'] = access_profile_names
+
+          Program.write_file( "#{directory}/roles/", "Role - #{role["displayName"]}.json", JSON.pretty_generate( role ) )
+
+        else
+          $log.error "\tError: Unable to retrieve role details."
+        end # case response
+
+      end # roles['items'].each do |role|
+
+    else
+      $log.error "\tError: Unable to retrieve roles."
+    end # case response
+
   end
 
   #
@@ -80,36 +110,64 @@ module Roles
   # Documents Role configurations.
   #
   def self.doc
-    Markdown.h2( "Roles" )
-
-    Markdown.text( "| Name | Description | Selector | Access Profiles |\n")
-    Markdown.text( "|------|-------------|----------|-----------------|\n")
 
     response = IDNAPI.get( "#{$url}/cc/api/role/list", $token )
-    unless response.nil?
-        roles = JSON.parse( response.body )
-
-        $log.info "\tDetected #{roles['count']} roles."
-
-        roles['items'].each do |role|
-          $log.info "\tRole: #{role["displayName"]}"
-          role_response = IDNAPI.get( "#{$url}/cc/api/role/get/?id=#{role["id"]}", $token )
-          full_role = JSON.parse( role_response.body )
-          search_role = Roles.querysearch( "name:\"#{role["displayName"]}\"" )
-          accessProfileNames = ""
-
-            unless search_role["accessProfiles"].nil?
-              search_role["accessProfiles"].each do |ap|
-                if accessProfileNames != ""
-                  accessProfileNames += ","
-                end
-                accessProfileNames += ap["name"]
-              end
+
+    case response
+    when Net::HTTPSuccess
+
+      roles = JSON.parse( response.body )
+
+      $log.info "\tRetrieved #{roles['count']} roles."
+
+      Markdown.h2 "Roles"
+      Markdown.text "| Name | Description | Disabled? | Requestable? | Assignment | Access Profiles |\n"
+      Markdown.text "|------|-------------|-----------|--------------|------------|-----------------|\n"
+
+      roles['items'].each do |role|
+
+        $log.info "\tRole: #{role["displayName"]}"
+
+        response = IDNAPI.get( "#{$url}/cc/api/role/get/?id=#{role["id"]}", $token )
+
+        case response
+        when Net::HTTPSuccess
+
+          access_profile_names = []
+
+          role = JSON.parse( response.body )
+
+          role['accessProfileIds'].each do |access_profile_id|
+            access_profile_name = AccessProfiles.get_name_from_id( access_profile_id )
+            unless access_profile_name.nil?
+              access_profile_names.push( access_profile_name )
             end
-          #end
-          Markdown.text( "|#{full_role["displayName"]}|#{full_role["description"]}|#{full_role["selector"]}|#{accessProfileNames}|\n")
-        end
-    end
+          end
+
+          case role["selector"]["type"]
+          when "COMPLEX_CRITERIA"
+            assignment = "Standard"
+          when "IDENTITY_LIST"
+            assignment = "Identity List"
+          when "CUSTOM"
+            assignment = "Custom (Rule)"
+          when "UNDEFINED"
+            assignment = "None"
+          else
+            assignment = "None"
+          end
+
+          Markdown.text( "|#{role["displayName"]}|#{role["description"]}|#{Program.humanize( role["disabled"] )}|#{Program.humanize( role["requestable"] )}|#{assignment}|#{access_profile_names.join( ", " )}|\n")
+
+        else
+          $log.error "\tError: Unable to retrieve role details."
+        end # case response
+
+      end # roles['items'].each do |role|
+
+    else
+      $log.error "\tError: Unable to retrieve roles."
+    end # case response
 
     Markdown.write
   end

data/lib/objects/rules.rb

@@ -112,7 +112,7 @@ module Rules
 
       rules = JSON.parse( response.body )
 
-      $log.info "\tDetected #{rules["count"]} rules."
+      $log.info "\tRetrieved rules."
 
       rules["items"].each do |rule|
 
@@ -128,14 +128,14 @@ module Rules
 
         else
 
-          $log.info "\tSkipping Default Rule: #{rule["name"]}"
+          $log.debug "\tSkipping Default Rule: #{rule["name"]}"
 
         end # if (!@@default_transforms.include? transform["id"]...
 
       end # rules["items"].each do |rule|
 
     else
-      $log.error "\tError: Unable to fetch rules."
+      $log.error "\tError: Unable to retrieve rules."
     end # case response
 
   end
@@ -159,7 +159,7 @@ module Rules
 
       rules = JSON.parse( response.body )
 
-      $log.info "\tDetected #{rules["count"]} rules."
+      $log.info "\tRetrieved rules."
 
       Markdown.h2 "Rules"
 
@@ -183,14 +183,14 @@ module Rules
 
         else
 
-          $log.info "\tSkipping Default Rule: #{rule["name"]}"
+          $log.debug "\tSkipping Default Rule: #{rule["name"]}"
 
         end # if (!@@default_transforms.include? transform["id"]...
 
       end # rules["items"].each do |rule|
 
     else
-      $log.error "\tError: Unable to fetch rules."
+      $log.error "\tError: Unable to retrieve rules."
     end # case response
 
     Markdown.write

data/lib/objects/sources.rb

@@ -78,7 +78,7 @@ module Sources
         # Determine the total count based what the API tells us.
         if ( count < 0 && !response['X-Total-Count'].nil? )
           count = response['X-Total-Count'].to_i
-          $log.info "\tDetected #{count} sources."
+          $log.info "\tRetrieved #{count} sources."
         end
 
         # If we don't have any sources, lets give up.  There is nothing to do.
@@ -100,7 +100,8 @@ module Sources
         offset += limit
 
       else
-        $log.error "\tError: Unable to fetch sources."
+        $log.error "\tError: Unable to retrieve sources."
+        break
       end # case response
 
     end # loop do
@@ -116,7 +117,7 @@ module Sources
     # Read from the file system to determine how many source configurations we have.
     #
     sources = Program.read_directory("#{directory}/sources")
-    $log.info "\tDetected #{sources.length} sources."
+    $log.info "\tRetrieved #{sources.length} sources."
 
     #
     # Iterate through each source.
@@ -151,7 +152,7 @@ module Sources
 
         IDNAPI.post_json( "#{$url}/beta/sources/", $token, template_source )
 
-        $log.info "\t\t\tCreated source."
+        $log.debug "\t\t\tCreated source."
 
       #
       # If we don't have an existing source, lets update the one we have.
@@ -175,7 +176,7 @@ module Sources
 
         IDNAPI.put_json( "#{$url}/beta/sources/#{existing_source["id"]}", $token, template_source )
 
-        $log.info "\t\t\tUpdated source."
+        $log.debug "\t\t\tUpdated source."
 
       end # if existing_source.nil?
 
@@ -188,30 +189,60 @@ module Sources
   #
   def self.doc
 
-    Markdown.h2( "Sources" )
+    limit = 100
+    offset = 0
+    count = -1
+
+    loop do
+
+      response = IDNAPI.get( "#{$url}/beta/sources?limit=#{limit}&offset=#{offset}&count=true", $token )
+
+      case response
+      when Net::HTTPSuccess
+
+        # Determine the total count based what the API tells us.
+        if ( count < 0 && !response['X-Total-Count'].nil? )
+          count = response['X-Total-Count'].to_i
+          $log.info "\tRetrieved #{count} sources."
+        end
+
+        # If we don't have any sources, lets give up.  There is nothing to do.
+        break if count == 0
 
-    response = IDNAPI.get( "#{$url}/cc/api/source/list", $token )
-    unless response.nil?
-      sources = JSON.parse( response.body )
+        # If we're here, we have sources to process.
+        sources = JSON.parse( response.body )
 
-      $log.info "\tDetected #{sources.count} sources."
+        # Give up if our sources are null or empty.  This is also a failsafe if count doesn't come back for some reason.
+        break if sources.nil? || sources.empty?
 
-      Markdown.text( "| Name | Connector | Owner | Description | Features |\n")
-      Markdown.text( "|------|-----------|-------|-------------|----------|\n")
+        Markdown.h2 "Sources"
+        Markdown.text "| Name | Connector | Owner | Description | Authoritative | Features |\n"
+        Markdown.text "|------|-----------|-------|-------------|---------------|----------|\n"
 
-      sources.each do |source|
+        # Iterate through the sources list
+        sources.each do |source|
 
-        $log.info "\tSource: #{source["name"]}"
+          $log.info "\tSource: #{source["name"]}"
 
-        features = []
-        if source["useForAccounts"] then features.push( "Account Aggregation" ) end
-        if source["useForAuthentication"] then features.push( "Authentication" ) end
-        if source["useForProvisioning"] then features.push( "Provisioning" ) end
-        if source["useForPasswordManagement"] then features.push( "Password Management" ) end
-        Markdown.text( "|#{source["name"]}|#{source["sourceConnectorName"]}|#{source.dig("owner", "name")}|#{source["description"]}| #{features.join(", ")} |\n")
+          features = [ "Account Aggregation" ]
+          if source["features"].include? "ENABLE" then features.push( "Account Enable / Disable" ) end
+          if source["features"].include? "UNLOCK" then features.push( "Account Unlock" ) end
+          if source["features"].include? "PROVISIONING" then features.push( "Account Provisioning" ) end
+          if source["features"].include? "PASSWORD" then features.push( "Password Management" ) end
+          if source["features"].include? "AUTHENTICATE" then features.push( "Pass-through Authentication" ) end
+          Markdown.text( "|#{source["name"]} | #{source["type"]} | #{source.dig("owner", "name")} | #{source["description"]} | #{Program.humanize( source['authoritative'] )} | #{features.join(", ")} |\n")
+
+        end
+
+        # Setup our offset for the next iteration
+        offset += limit
+
+      else
+        $log.error "\tError: Unable to retrieve sources."
+      end # case response
+
+    end # loop do
 
-      end
-    end
     Markdown.write
   end
 end

data/lib/objects/transforms.rb

@@ -43,7 +43,7 @@ module Transforms
 
       transforms = JSON.parse( response.body )
 
-      $log.info "\tDetected #{transforms["count"]} transforms."
+      $log.info "\tRetrieved transforms."
 
       transforms["items"].each do |transform|
 
@@ -54,14 +54,14 @@ module Transforms
 
         else
 
-          $log.info "\tSkipping Default Transform: #{transform["id"]}"
+          $log.debug "\tSkipping Default Transform: #{transform["id"]}"
 
         end # if (!@@default_transforms.include? transform["id"]...
 
       end # transforms["items"].each do |transform|
 
     else
-      $log.error "\tError: Unable to fetch transforms."
+      $log.error "\tError: Unable to retrieve transforms."
     end # case response
 
   end
@@ -73,7 +73,7 @@ module Transforms
 
     # Read from the file system to determine how many transforms we have.
     transforms = Program.read_directory( "#{directory}/transforms" )
-    $log.info "\tDetected #{transforms.length} transforms."
+    $log.info "\tRetrieved #{transforms.length} transforms."
 
     # Iterate through each transform.
     transforms.each do |transform|
@@ -96,7 +96,7 @@ module Transforms
           IDNAPI.post_json( "#{$url}/cc/api/transform/create", $token, template_transform )
 
         else
-          $log.info "\t\tSkipping default transform."
+          $log.debug "\t\tSkipping default transform."
         end
 
       # If we don't have an existing transform, lets update the one we have.
@@ -110,7 +110,7 @@ module Transforms
           IDNAPI.post_json( "#{$url}/cc/api/transform/update", $token, template_transform )
 
         else
-          $log.info "\t\tSkipping default transform."
+          $log.debug "\t\tSkipping default transform."
         end
       end
     end
@@ -128,7 +128,7 @@ module Transforms
 
       transforms = JSON.parse( response.body )
 
-      $log.info "\tDetected #{transforms["count"]} transforms."
+      $log.info "\tRetrieved transforms."
 
       Markdown.h2( "Transforms" )
 
@@ -142,14 +142,14 @@ module Transforms
 
         else
 
-          $log.info "\tSkipping Default Transform: #{transform["id"]}"
+          $log.debug "\tSkipping Default Transform: #{transform["id"]}"
 
         end # if (!@@default_transforms.include? transform["id"]...
 
       end # transforms["items"].each do |transform|
 
     else
-      $log.error "\tError: Unable to fetch transforms."
+      $log.error "\tError: Unable to retrieve transforms."
     end # case response
 
     Markdown.write

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: idnio
 version: !ruby/object:Gem::Version
-  version: 2.3.3b
+  version: 2.3.4b
 platform: ruby
 authors:
 - neil-mcglennon-sp
@@ -61,7 +61,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
-description: Container of all IdentityNow I/O logic
+description: Handles input and output of IdentityNow configurations.
 email:
 - neil.mcglennon@sailpoint.com
 executables: []
@@ -120,5 +120,5 @@ rubyforge_project:
 rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
-summary: IdentityNow I/O Gem
+summary: IdentityNow I/O
 test_files: []