ucert 0.2.57

data/lib/ucert/cmbrun_ny_tracker.rb

@@ -0,0 +1,244 @@
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+
+require "rubyXL"
+
+# Class to handle CMBRUN NY user entitlement report
+class Ucert::CmbrunNYTracker
+	include Ucert::Utils
+	# Class constant variables
+
+	attr_accessor  :verbose, :crny_user_status_report, :file_crny_user_map
+	attr_reader     :crny_2_ad_user, :crny_user_entitlement, :crny_position
+
+  # Instance default variables
+  def initialize (params ={})
+    @verbose=params.fetch(:verbose, false)
+    # CMBRun NY user entitlement report generation:
+		# Logon to the CMBRun NY platform from the production environment, Navigating to 'User Management', select "198:New York Branch", then click
+		# on "Search(5)" button; you will see the user record in the current window; right click one of the record, select "Export All to Excel"
+		# Open the Excel workbook and "Save as" the .xlsx format
+    @crny_user_entitlement_report = File.dirname(__FILE__)+"/../../data/cmbrun_ny/CMBRUN_USER_RPT.xlsx"
+		# Follow the similiar procedure above to download the Position report from the "Position Management" menu
+		@crny_position_report = File.dirname(__FILE__)+"/../../data/cmbrun_ny/CMBNY_Position_Rpt.xlsx"
+    # CMBRun NY to AD user map file
+    @file_crny_user_map =  File.dirname(__FILE__)+"/../../data/cmbrun_ny/crny_access_user_map.txt"
+		# Load user map from the local cacsh file
+		@crny_2_ad_user=load_known_user_map_from_file(@file_crny_user_map)
+		# Load the user entitlement instance variable from the user report
+		@crny_user_entitlement=parse_crny_user_report(@crny_user_entitlement_report)
+		# Procedure to add DN foreign key to the @crny_user_entitlement, by performing the AD search
+		insert_dn
+		# Load the position instance variable from the positon report
+		@crny_position=parse_crny_position_report(@crny_position_report)
+		# Save the user map to local cache file
+		save!
+	end
+
+  # Parsing the CMBRun NY user  report in text format
+	def parse_crny_user_report (file)
+      begin
+				puts "Start parsing Excel workbook file: #{file}" if @verbose
+				crny_user_entitlement=Hash.new
+				workbook = RubyXL::Parser.parse(file)
+        worksheet = workbook[0]
+				row_cnt=0
+				user_index=0	# user record index
+				header=Array.new
+        worksheet.count.times  do |row|
+					row_cnt+=1
+					puts "Parsing workbook row: #{row_cnt}" if @verbose
+					entry=Array.new
+					# Processing Header Row
+					if row_cnt==1
+						0.upto(worksheet[row].size) do |col|
+							if worksheet[row][col].nil?
+								header.push(nil)
+							else
+								header.push(worksheet[row][col].value.to_s)
+							end
+						end
+						next
+					else
+						0.upto(worksheet[row].size) do |col|
+							if worksheet[row][col].nil?
+								entry.push(nil)
+							else
+								entry.push(worksheet[row][col].value.to_s)
+							end
+						end
+						user_index += 1
+					end
+          record = header.zip(entry).to_h.reject {|k,v| k.nil?}
+					puts "User record: #{record}" if @verbose
+					next if record["User ID"].empty?
+          crny_user_entitlement[user_index] = record unless crny_user_entitlement.key?(user_index)
+      	end
+        workbook=nil
+        return crny_user_entitlement
+      rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+	# Parsing the CMBRun NY position report in Excel workbook format
+	def parse_crny_position_report (file)
+      begin
+				puts "Start parsing Excel workbook file: #{file}" if @verbose
+				crny_position=Hash.new
+				workbook = RubyXL::Parser.parse(file)
+        worksheet = workbook[0]
+				row_cnt=0
+				pos_index=String.new	# position index
+				header=Array.new
+        worksheet.count.times  do |row|
+					row_cnt+=1
+					puts "Parsing workbook row: #{row_cnt}" if @verbose
+					entry=Array.new
+					# Processing Header Row
+					if row_cnt==1
+						0.upto(worksheet[row].size) do |col|
+							if worksheet[row][col].nil?
+								header.push(nil)
+							else
+								header.push(worksheet[row][col].value.to_s)
+							end
+						end
+						next
+					else
+						0.upto(worksheet[row].size) do |col|
+							if worksheet[row][col].nil?
+								entry.push(nil)
+							else
+								entry.push(worksheet[row][col].value.to_s)
+							end
+						end
+					end
+          record = header.zip(entry).to_h.reject {|k,v| k.nil?}
+					puts "Position record: #{record}" if @verbose
+					next if record["Position Number"].empty?
+					pos_index = record["Position Number"]
+          crny_position[pos_index] = record unless crny_position.key?(pos_index)
+      	end
+        workbook=nil
+        return crny_position
+      rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+  # Retrieve the user index from the @crny_user_entitlement data structure
+	def dn_2_index (dn)
+			begin
+        (1..@crny_user_entitlement.count).map do |index|
+          return index if @crny_user_entitlement[index]["DN"]==dn
+        end
+			rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+	# Procedures to add additonal field 'dn' into the @crny_user_entitlement data structure, by person the AD search
+	def insert_dn
+			begin
+				tracker = Ucert::AdTracker.new(:verbose=>false)
+				 @crny_user_entitlement.each do |index, record|
+					puts "\n\nPerform DN lookup for record: #{record}" if @verbose
+					key1 = record['User Name']
+					my_key = record['User ID'].upcase + ":" + record['User Name'].upcase
+					puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
+					if @crny_2_ad_user.key?(my_key)
+						dn=@crny_2_ad_user[my_key]
+						# additional logic to update the existing DN record
+						unless tracker.ad_person_records.key?(dn)
+							dn = update_dn(tracker,dn)
+						end
+						puts "Found in the local cache file: #{dn}" if @verbose
+					else
+						if dn.nil? and !key1.nil?
+							puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
+							dn = tracker.ad_search_by_text(key1, "person")
+						end
+					end
+					@crny_user_entitlement[index]['DN'] = dn
+				end
+				tracker=nil
+			rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+	# Print out the user entitlement table in plain text, to be imported into database
+	def print_user_entitlement
+		begin
+      puts "user Entitlement Report in Plain-text Format" if @verbose
+			@crny_user_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
+			puts if @verbose
+			@crny_user_entitlement.values.map do |rec|
+				rec.each {|k,v| print v,"|"}
+				puts
+      end
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+  alias_method :print_user, :print_user_entitlement
+
+	# Print out the user position table in plain text, to be imported into database
+	def print_user_position
+		begin
+      puts "user Position Report in Plain-text Format" if @verbose
+			@crny_position.first[1].each {|k,v| print k,"|"} if @verbose
+			puts if @verbose
+			@crny_position.values.map do |rec|
+				rec.each {|k,v| print v,"|"}
+				puts
+      end
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+  alias_method :print_position, :print_user_position
+
+	# Save the Prime to AD user mapping relation into the cache file
+	def save_crny_user_map!(file=@file_crny_user_map)
+		puts "Saving the known Prime to AD user mapping relationship to file: #{file} ..." if @verbose
+		begin
+			timestamp=Time.now
+			f=File.open(file, 'w')
+			f.write "# local CMBRun NY to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
+			@crny_user_entitlement.values.map do |record|
+				key = record['User ID'].upcase + ":" + record['User Name'].upcase
+				value = record['DN']
+				f.write "\n#{key}|#{value}"
+			end
+			f.close
+			puts "CMBRun NY to AD user map file is successfully saved to: #{file}" if @verbose
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}" if @verbose
+		end
+	end
+	alias_method  :save!, :save_crny_user_map!
+
+	# Search user entitlement record by AD DN
+	def crny_search_by_dn (dn)
+		begin
+      puts "Perform search on the user entitlement records by AD DN: #{dn}" if @verbose
+      @crny_user_entitlement.each do |key, val|
+          return val if @crny_user_entitlement[key]['DN'].eql? dn
+      end
+			return nil
+    rescue => ee
+      puts "Exception on method #{__method__}: #{ee}"
+    end
+	end
+	alias_method  :search_by_dn, :crny_search_by_dn
+
+	private :insert_dn, :parse_crny_user_report, :parse_crny_position_report, :save_crny_user_map!, :print_user_entitlement
+
+end

data/lib/ucert/cvm_tracker.rb

@@ -0,0 +1,230 @@
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+require "rubyXL"
+# CVM use YST for SSO. So that his trakcer class is also depending on the 'Ucert::YstTracker' class
+
+# Class to handle CVM user account IDs
+class Ucert::CvmTracker
+	include Ucert::Utils
+	# Class constant variables
+
+	attr_accessor  :verbose, :cvm_user_report, :cvm_role_report, :cvm_role_report, :file_user_map
+	attr_reader    :cvm_user_entitlement, :cvm_2_ad_user
+
+  # Instance default variables
+  def initialize (params ={})
+
+    @verbose=params.fetch(:verbose, false)
+    # CVM user entitlement report in XLSX format, generated by CVM export function
+    @cvm_user_report = File.dirname(__FILE__)+"/../../data/cvm/cvm_user_list.xlsx"
+		# CVM user role, which is mapped to YST data structure
+    @cvm_role_report = File.dirname(__FILE__)+"/../../data/cvm/cvm_user_role.xlsx"
+		# CVM user details entitlement report
+    @cvm_func_report = File.dirname(__FILE__)+"/../../data/cvm/cvm_user_func.xlsx"
+		# CVM to AD user map file
+		@file_user_map =  File.dirname(__FILE__)+"/../../data/cvm/cvm_user_map.txt"
+		# Load the user map file to an instance variable (for performance gain)
+		@cvm_2_ad_user=load_known_user_map_from_file(@file_user_map)
+		# Load the user entitlement instance variable from the native CVM user entitlement reports
+		@cvm_user_entitlement=parse_cvm_user_report(@cvm_user_report)
+		parse_cvm_role_report(@cvm_role_report)
+		parse_cvm_func_report(@cvm_func_report)
+		# Insert DN field into the user entitlement data structure
+		insert_dn
+		save!
+	end
+
+  # Parsing the Cvm user entitlement report in CSV format
+	def parse_cvm_user_report (file)
+		#begin
+			puts "Start parsing Excel workbook file: #{file}" if @verbose
+			cvm_user_entitlement=Hash.new
+			workbook = RubyXL::Parser.parse(file)
+			worksheet=workbook.worksheets.first
+			row_cnt=0
+			header=Array.new
+			user_index=0
+			worksheet.count.times  do |row|
+				row_cnt+=1
+				puts "Parsing workbook row: #{row_cnt}" if @verbose
+				entry=Array.new
+				# Processing Header Row
+				if row_cnt==1
+					0.upto(worksheet[row].size) do |col|
+						if worksheet[row][col].nil?
+							header.push(nil)
+						else
+							header.push(worksheet[row][col].value.to_s)
+						end
+					end
+					next
+				else
+					0.upto(worksheet[row].size) do |col|
+						if worksheet[row][col].nil?
+							entry.push(nil)
+						else
+							entry.push(worksheet[row][col].value.to_s.strip)
+						end
+					end
+					user_index += 1
+				end
+				record = header.zip(entry).to_h.reject {|k,v| k.nil?}
+				puts "User record: #{record}" if @verbose
+				next if record["用户编号"].empty?
+				cvm_user_entitlement[user_index] = record unless cvm_user_entitlement.key?(user_index)
+			end
+			workbook=nil
+			return cvm_user_entitlement
+		#rescue => ee
+			#puts "Exception on method #{__method__}: #{ee}"
+		#end
+	end
+
+	# add DN to the cvm_user_entitlement record
+	def insert_dn
+		puts "Insert DN into the record ..." if @verbose
+		tracker = Ucert::YstTracker.new(:verbose => @verbose)
+		@cvm_user_entitlement.each do |index, record|
+			puts "Processing user record #{index}: #{record}" if @verbose
+			key1=record['用户编号']
+			if @cvm_2_ad_user.key?(key1) && !@cvm_2_ad_user[key1].nil?
+				@cvm_user_entitlement[index]['DN'] = @cvm_2_ad_user[record['用户编号']]
+			else
+				@cvm_user_entitlement[index]['DN'] = tracker.yst_id_2_dn(record['用户编号'])
+			end
+		end
+		tracker=nil
+	end
+
+	def cvm_id_2_index (id)
+		@cvm_user_entitlement.each do |key,val|
+			return key if val['用户编号'] == id.strip
+		end
+		return nil
+	end
+
+  # Parsing the CVM role entitlement report in xlsx format
+	def parse_cvm_role_report (file)
+			#begin
+				workbook = RubyXL::Parser.parse(file)
+				worksheet=workbook.worksheets.first
+        role_entitlement=Hash.new
+				worksheet.count.times  do |row|
+					puts "Parsing workbook row: #{row}" if @verbose
+          # skip the 1st line of the file (header line)
+          next if row == 0
+  				role_entitlement = Hash.new
+					role_entitlement['用户一事通ID'] = worksheet[row][0].value.to_s.strip unless worksheet[row].nil?
+					role_entitlement['角色ID'] = worksheet[row][3].value.to_s.strip unless worksheet[row].nil?
+          role_entitlement['角色名称'] = worksheet[row][4].value.to_s.strip unless worksheet[row].nil?
+					role_entitlement['有效性'] = worksheet[row][5].value.to_s.strip unless worksheet[row].nil?
+					role_entitlement['有效期开始时间'] = worksheet[row][6].value.to_s.strip unless worksheet[row].nil?
+					role_entitlement['有效期结束时间'] = worksheet[row][7].value.to_s.strip unless worksheet[row].nil?
+					role_entitlement['角色机构全称'] = worksheet[row][8].value.to_s.strip unless worksheet[row].nil?
+					role_entitlement['是否展开'] = worksheet[row][9].value.to_s.strip unless worksheet[row].nil?
+					puts "Role: #{role_entitlement.inspect}" if @verbose
+					unless role_entitlement['用户一事通ID'].nil? or role_entitlement['角色ID'].nil?
+						user_index = cvm_id_2_index(role_entitlement['用户一事通ID'])
+						puts "Insert roles information into record: #{user_index}" if @verbose
+						@cvm_user_entitlement[user_index]['roles']=Array.new unless @cvm_user_entitlement[user_index]['roles']
+						@cvm_user_entitlement[user_index]['roles'].push(role_entitlement)
+					end
+			  end
+        return role_entitlement
+			#rescue => ee
+				#puts "Exception on method #{__method__}: #{ee}"
+			#end
+	end
+
+	# Parsing the CVM user function report in xlsx format
+	def parse_cvm_func_report (file)
+			#begin
+				workbook = RubyXL::Parser.parse(file)
+				worksheet=workbook.worksheets.first
+        func_entitlement=Hash.new
+				worksheet.count.times  do |row|
+					puts "Parsing workbook row: #{row}" if @verbose
+          # skip the 1st line of the file (header line)
+          next if row == 0
+  				func_entitlement = Hash.new
+					func_entitlement['用户一事通ID'] = worksheet[row][0].value.to_s.strip unless worksheet[row].nil?
+					func_entitlement['功能ID'] = worksheet[row][3].value.to_s.strip unless worksheet[row].nil?
+          func_entitlement['功能名称'] = worksheet[row][4].value.to_s.strip unless worksheet[row].nil?
+					func_entitlement['权限'] = worksheet[row][5].value.to_s.strip unless worksheet[row].nil?
+					func_entitlement['增减方向'] = worksheet[row][6].value.to_s.strip unless worksheet[row].nil?
+					func_entitlement['有效性'] = worksheet[row][7].value.to_s.strip unless worksheet[row].nil?
+					func_entitlement['有效期开始时间'] = worksheet[row][8].value.to_s.strip unless worksheet[row].nil?
+					func_entitlement['有效期结束时间'] = worksheet[row][9].value.to_s.strip unless worksheet[row].nil?
+					func_entitlement['功能机构全称'] = worksheet[row][10].value.to_s.strip unless worksheet[row].nil?
+					puts "Function: #{func_entitlement.inspect}" if @verbose
+					unless func_entitlement['用户一事通ID'].nil? or func_entitlement['功能ID'].nil?
+						user_index = cvm_id_2_index(func_entitlement['用户一事通ID'])
+						puts "Insert function information into record: #{user_index}" if @verbose
+						@cvm_user_entitlement[user_index]['funcs']=Array.new unless @cvm_user_entitlement[user_index]['funcs']
+						@cvm_user_entitlement[user_index]['funcs'].push(func_entitlement)
+					end
+			  end
+        return func_entitlement
+			#rescue => ee
+				#puts "Exception on method #{__method__}: #{ee}"
+			#end
+	end
+
+	# Print out the user entitlement table in plain text, to be imported into database
+	def print_user_entitlement
+		#begin
+      puts "user Entitlement Report in Plain-text Format" if @verbose
+			@cvm_user_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
+			puts if @verbose
+			@cvm_user_entitlement.values.map do |rec|
+				rec.each {|k,v| print v,"|"}
+				puts
+      end
+		#rescue => ee
+			#puts "Exception on method #{__method__}: #{ee}"
+		#end
+	end
+  alias_method :print_user, :print_user_entitlement
+
+	# Save the CVM to AD user mapping relation into the cache file
+	def save_cvm_user_map!(file=@file_user_map)
+		puts "Saving the known Cvm to AD user mapping relationship to file: #{file} ..." if @verbose
+		begin
+			timestamp=Time.now
+			f=File.open(file, 'w')
+			f.write "# local Cvm to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
+			@cvm_user_entitlement.values.map do |record|
+				key = record['用户编号']
+				value = record['DN']
+				f.write "\n#{key}|#{value}"
+			end
+			f.close
+			puts "CVM to AD user map file is successfully saved to: #{file}" if @verbose
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}" if @verbose
+		end
+	end
+	alias_method  :save!, :save_cvm_user_map!
+
+	# Search user entitlement record by AD DN
+	def cvm_search_by_dn (dn)
+		begin
+      puts "Perform search on the user entitlement record by AD DN: #{dn}" if @verbose
+      @cvm_user_entitlement.each do |key, val|
+          return val if @cvm_user_entitlement[key]['DN'].eql? dn
+      end
+			return nil
+    rescue => ee
+      puts "Exception on method #{__method__}: #{ee}"
+    end
+	end
+	alias_method  :search_by_dn, :cvm_search_by_dn
+
+	private	:parse_cvm_user_report, :parse_cvm_role_report, :insert_dn
+
+end