ucert 0.2.57
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +134 -0
- data/LICENSE.txt +22 -0
- data/README.rdoc +61 -0
- data/Rakefile +8 -0
- data/TODO +5 -0
- data/bin/ad_dump +74 -0
- data/bin/ad_update +48 -0
- data/bin/adgrep +149 -0
- data/bin/adp_dump +70 -0
- data/bin/aix_dump +69 -0
- data/bin/audiolog_dump +69 -0
- data/bin/bloomberg_dump +69 -0
- data/bin/check21_dump +69 -0
- data/bin/citidirect_be_dump +69 -0
- data/bin/citidirect_sec_dump +69 -0
- data/bin/citrixsf_dump +70 -0
- data/bin/clear_par_dump +70 -0
- data/bin/cmbrun_ny_dump +76 -0
- data/bin/cvm_dump +70 -0
- data/bin/db_direct_dump +69 -0
- data/bin/egifts_dump +68 -0
- data/bin/equinix_dump +69 -0
- data/bin/frb_dump +69 -0
- data/bin/go_contact_dump +16 -0
- data/bin/jpm_dump +69 -0
- data/bin/madison535_dump +70 -0
- data/bin/mantis_dump +79 -0
- data/bin/prime_dump +79 -0
- data/bin/sage100_dump +69 -0
- data/bin/sharefile_dump +69 -0
- data/bin/som_dump +74 -0
- data/bin/stb_dump +69 -0
- data/bin/swift_dump +79 -0
- data/bin/swift_online_dump +69 -0
- data/bin/t24_dump +79 -0
- data/bin/vpn_dump +69 -0
- data/bin/wms_dump +79 -0
- data/bin/yst_dump +79 -0
- data/data/ad/ad_delta.txt +94 -0
- data/data/ad/hosts +421 -0
- data/data/ad/hosts.old +597 -0
- data/data/ad/hosts_old +597 -0
- data/data/ad/ldap_computer.txt +19028 -0
- data/data/ad/ldap_person.txt +41241 -0
- data/data/adp/Active Employee Report.xlsx +0 -0
- data/data/adp/adp_user_map.txt +141 -0
- data/data/aix/EGIFTS1.txt +239 -0
- data/data/aix/NYSWIFT1.txt +222 -0
- data/data/aix/T24_APP1.txt +300 -0
- data/data/aix/T24_DBP.txt +252 -0
- data/data/aix/aix_user_map.txt +46 -0
- data/data/alliance_swift/Swift_Operator_Details.xlsx +0 -0
- data/data/alliance_swift/Swift_Operator_Profiles_Details.xlsx +0 -0
- data/data/alliance_swift/swift_operator_map.txt +22 -0
- data/data/audiolog/Capture_audiolog.PNG +0 -0
- data/data/bloomberg/AccountData.csv +2 -0
- data/data/bloomberg/Capture_SID_download.PNG +0 -0
- data/data/bloomberg/current_subscriptions.csv +11 -0
- data/data/check21/Capture_check21_users.PNG +0 -0
- data/data/citidirect_be/Capture.PNG +0 -0
- data/data/citidirect_be/Capture_new.PNG +0 -0
- data/data/citidirect_be/Capture_new_new.PNG +0 -0
- data/data/citidirect_be/UserProfileEntitlementReport.pdf +0 -0
- data/data/citidirect_be/UserProfileEntitlementsReport.old.xlsx +0 -0
- data/data/citidirect_be/UserProfileEntitlementsReport.xlsx +0 -0
- data/data/citidirect_be/be_user_map.txt +11 -0
- data/data/citidirect_securities/Capture.PNG +0 -0
- data/data/citidirect_securities/User_Entitlements_Report___CLNT.dat +19 -0
- data/data/citidirect_securities/User_Entitlements_Report___CLNT.xml +75 -0
- data/data/citidirect_securities/citidirect_securities_user_map.txt +10 -0
- data/data/citrix_sharefile/ShareFile_Access_Report.xlsx +0 -0
- data/data/citrix_sharefile/sharefile_user_map.txt +33 -0
- data/data/clear_par/ClearPar User Report.xlsx +0 -0
- data/data/clear_par/clear_par_user_map.txt +25 -0
- data/data/cmbrun_ny/CMBNY_Position_Rpt.xlsx +0 -0
- data/data/cmbrun_ny/CMBRUN_USER_RPT.xlsx +0 -0
- data/data/cmbrun_ny/Capture_cmbrun.PNG +0 -0
- data/data/cmbrun_ny/Capture_cmbrun_position.PNG +0 -0
- data/data/cmbrun_ny/crny_access_user_map.txt +55 -0
- data/data/cvm/cvm_user_func.xlsx +0 -0
- data/data/cvm/cvm_user_list.xlsx +0 -0
- data/data/cvm/cvm_user_map.txt +56 -0
- data/data/cvm/cvm_user_role.xlsx +0 -0
- data/data/db_direct/Capture_main.PNG +0 -0
- data/data/db_direct/Capture_rpt.PNG +0 -0
- data/data/db_direct/accountpermission.xlsx +0 -0
- data/data/db_direct/db_direct_user_map.txt +8 -0
- data/data/db_direct/di_direct_user_map.txt +0 -0
- data/data/db_direct/userfulldetail_2016010813232300644912.pdf +0 -0
- data/data/equinix/Secured Access List_CHINA MERCHANTS BANK.xlsx +0 -0
- data/data/equinix/equinix_user_map.txt +29 -0
- data/data/fis_egifts/CHINA_MERCHANTS_BANK_-_USER_ACCOUNT_FUNCTION_REPORT.xlsx +0 -0
- data/data/fis_egifts/egifts_user_map.txt +113 -0
- data/data/fis_prime/Prime_Operator_Rights_Report.xml +41958 -0
- data/data/fis_prime/Prime_Operator_Status_Report.xml +1827 -0
- data/data/fis_prime/Prime_Operators_and_Roles_Report.xml +1505 -0
- data/data/fis_prime/Prime_Rights_by_Role_Report.xml +22726 -0
- data/data/fis_prime/prime_user_map.txt +77 -0
- data/data/frb/FRB_Subscriber_Roles_Report.xlsx +0 -0
- data/data/frb/frb_user_map.txt +22 -0
- data/data/go_contact/go_contact.xlsx +0 -0
- data/data/go_contact/go_user_map.txt +134 -0
- data/data/go_contact/title_level_map.txt +141 -0
- data/data/jpm_access/Capture.PNG +0 -0
- data/data/jpm_access/jpm_access_user_map.txt +13 -0
- data/data/jpm_access/jpm_user_entitlements_details.txt +194 -0
- data/data/jpm_access/jpm_user_groupentitlements_details.txt +2 -0
- data/data/madison535/535madison_bldg_pass.xlsx +0 -0
- data/data/madison535/535madison_bldg_pass_2.xlsx +0 -0
- data/data/madison535/madison535_user_map.txt +191 -0
- data/data/mantis/Mantis_AccessLevels.xlsx +0 -0
- data/data/mantis/Mantis_ActiveUsers_Rpt.xlsx +0 -0
- data/data/mantis/mantis_access_user_map.txt +128 -0
- data/data/sage100/Capture_Sage100_Rpt.PNG +0 -0
- data/data/sage100/Capture_Sage100_Rpt_2.PNG +0 -0
- data/data/sage100/SY_UserReport_RolePreferencesDetails.xlsx +0 -0
- data/data/sage100/SY_UserReport_RoleTaskPermissionsDetails.xlsx +0 -0
- data/data/sage100/sy_user_map.txt +14 -0
- data/data/som/som_user_map.txt +40 -0
- data/data/som/som_user_report.csv +329 -0
- data/data/stb/STB_USERS.csv +177 -0
- data/data/stb/STB_USERS.pdf +0 -0
- data/data/stb/stb_user_map.txt +33 -0
- data/data/swift_online/UserReport.xlsx +0 -0
- data/data/swift_online/swo_access_user_map.txt +18 -0
- data/data/t24/T24_Grp_Rpt.csv +484 -0
- data/data/t24/T24_User_Rpt.csv +567 -0
- data/data/t24/t24_grp.xml +2904 -0
- data/data/t24/t24_user_map.txt +197 -0
- data/data/t24/t24_usr.xml +9628 -0
- data/data/vpn/Capture_VPN.PNG +0 -0
- data/data/wms/role_rpt.txt +451 -0
- data/data/wms/user_rpt.txt +55 -0
- data/data/wms/wms_user_map.txt +55 -0
- data/data/yst/YiShiTong_Org.csv +21 -0
- data/data/yst/YiShiTong_User.csv +163 -0
- data/data/yst/yst_user_map.txt +163 -0
- data/demos/filter_email.rb +19 -0
- data/demos/idm_ad_reload.rb +164 -0
- data/lib/ucert.rb +82 -0
- data/lib/ucert/ad_tracker.rb +694 -0
- data/lib/ucert/adp_payroll_tracker.rb +189 -0
- data/lib/ucert/aix_tracker.rb +175 -0
- data/lib/ucert/alliance_swift_tracker.rb +300 -0
- data/lib/ucert/audiolog_tracker.rb +67 -0
- data/lib/ucert/bloomberg_tracker.rb +96 -0
- data/lib/ucert/check21_tracker.rb +95 -0
- data/lib/ucert/citidirect_be_tracker.rb +418 -0
- data/lib/ucert/citidirect_securities_tracker.rb +230 -0
- data/lib/ucert/citrix_sharefile_tracker.rb +196 -0
- data/lib/ucert/clear_par_tracker.rb +187 -0
- data/lib/ucert/cmbrun_ny_tracker.rb +244 -0
- data/lib/ucert/cvm_tracker.rb +230 -0
- data/lib/ucert/db_direct_tracker.rb +205 -0
- data/lib/ucert/equinix_tracker.rb +202 -0
- data/lib/ucert/fis_egifts_tracker.rb +249 -0
- data/lib/ucert/fis_prime_tracker.rb +391 -0
- data/lib/ucert/frb_tracker.rb +232 -0
- data/lib/ucert/go_contact_tracker.rb +778 -0
- data/lib/ucert/jpm_access_tracker.rb +205 -0
- data/lib/ucert/madison535_tracker.rb +273 -0
- data/lib/ucert/mantis_tracker.rb +249 -0
- data/lib/ucert/sage100_tracker.rb +355 -0
- data/lib/ucert/som_tracker.rb +223 -0
- data/lib/ucert/stb_tracker.rb +199 -0
- data/lib/ucert/swift_online_tracker.rb +197 -0
- data/lib/ucert/t24_tracker.rb +342 -0
- data/lib/ucert/utils/utils.rb +200 -0
- data/lib/ucert/vpn_tracker.rb +94 -0
- data/lib/ucert/wms_tracker.rb +240 -0
- data/lib/ucert/yst_tracker.rb +264 -0
- data/test/ad_testfiles/ldap_computer_test.txt +21 -0
- data/test/ad_testfiles/ldap_person_test.txt +21 -0
- data/test/aix_testfiles/application1.txt +7 -0
- data/test/aix_testfiles/application2.txt +15 -0
- data/test/alliance_swift_testfiles/Swift_Operator_Details_Test.xlsx +0 -0
- data/test/alliance_swift_testfiles/Swift_Operator_Profiles_Details_Test.xlsx +0 -0
- data/test/alliance_swift_testfiles/swift_operator_map_test.txt +55 -0
- data/test/alliance_swift_testfiles/swift_operator_map_test_2.txt +55 -0
- data/test/alliance_swift_testfiles/swift_operator_map_test_format_fixed.txt +55 -0
- data/test/citidirect_be_testfiles/UserProfileEntitlementsReport_Test.xlsx +0 -0
- data/test/citidirect_securities_testfiles/User_Entitlements_Report___CLNT_Test.xml +48 -0
- data/test/citrix_sharefile_testfiles/ShareFile_Access_Report_Test.xlsx +0 -0
- data/test/cmbrun_ny_testfiles/CMBNY_Position_Rpt_02242016_test.xlsx +0 -0
- data/test/cmbrun_ny_testfiles/CMBRUN_USER_RPT_Test.xlsx +0 -0
- data/test/db_direct_testfiles/accountpermission_Test.xlsx +0 -0
- data/test/equinix_testfiles/Secured Access List_CHINA MERCHANTS BANK_TEST.xlsx +0 -0
- data/test/fis_egifts_testfiles/CHINA_MERCHANTS_BANK_-_USER_ACCOUNT_FUNCTION_REPORT_TEST.xlsx +0 -0
- data/test/fis_prime_testfiles/Prime_Operator_Rights_Report_Test.xml +158 -0
- data/test/fis_prime_testfiles/Prime_Operator_Status_Report_Copy.xml +1659 -0
- data/test/fis_prime_testfiles/Prime_Operator_Status_Report_Test.xml +51 -0
- data/test/fis_prime_testfiles/Prime_Operators_and_Roles_Report_Copy.xml +1360 -0
- data/test/fis_prime_testfiles/Prime_Operators_and_Roles_Report_Test.xml +45 -0
- data/test/fis_prime_testfiles/Prime_Rights_by_Role_Report_Test.xml +65 -0
- data/test/fis_prime_testfiles/prime_user_map.txt +3 -0
- data/test/frb_testfiles/FRB_Subscriber_Roles_Report_Test.xlsx +0 -0
- data/test/go_contact_testfiles/go_contact_test.xlsx +0 -0
- data/test/jpm_access_testfiles/Capture.PNG +0 -0
- data/test/jpm_access_testfiles/jpm_user_entitlements_details_original.txt +208 -0
- data/test/jpm_access_testfiles/jpm_user_entitlements_details_test.txt +7 -0
- data/test/madison535_testfiles/535madison_bldg_pass_2_Test.xlsx +0 -0
- data/test/madison535_testfiles/535madison_bldg_pass_Test.xlsx +0 -0
- data/test/mantis_testfiles/Mantis_AccessLevels_Test.xlsx +0 -0
- data/test/mantis_testfiles/Mantis_ActiveUsers_Rpt_Test.xlsx +0 -0
- data/test/sage100_testfiles/SY_UserReport_RolePreferencesDetails_Test.xlsx +0 -0
- data/test/sage100_testfiles/SY_UserReport_RoleTaskPermissionsDetails_Test.xlsx +0 -0
- data/test/som_testfiles/som_user_map_test.txt +7 -0
- data/test/som_testfiles/som_user_report_test.csv +25 -0
- data/test/stb_testfiles/STB_USERS_test.csv +24 -0
- data/test/stb_testfiles/STB_USERS_test_constant.csv +24 -0
- data/test/swift_online_testfiles/UserReport.xls +0 -0
- data/test/swift_online_testfiles/UserReport_Test.xlsx +0 -0
- data/test/swift_online_testfiles/test_outline_level.rb +7 -0
- data/test/t24_testfiles/T24_Grp_Rpt_Test.csv +7 -0
- data/test/t24_testfiles/T24_User_Rpt_Test.csv +7 -0
- data/test/test_ad_tracker.rb +148 -0
- data/test/test_aix_tracker.rb +71 -0
- data/test/test_alliance_swift_tracker.rb +131 -0
- data/test/test_audiolog_tracker.rb +23 -0
- data/test/test_check21_tracker.rb +30 -0
- data/test/test_citidirect_be_tracker.rb +110 -0
- data/test/test_citidirect_securities_tracker.rb +89 -0
- data/test/test_citrix_sharefile_tracker.rb +105 -0
- data/test/test_cmbrun_ny_tracker.rb +112 -0
- data/test/test_db_direct_tracker.rb +125 -0
- data/test/test_equinix_tracker.rb +119 -0
- data/test/test_fis_egifts_tracker.rb +105 -0
- data/test/test_fis_prime_tracker.rb +288 -0
- data/test/test_frb_tracker.rb +104 -0
- data/test/test_go_contact.rb +276 -0
- data/test/test_jpm_access_tracker.rb +122 -0
- data/test/test_madison535_tracker.rb +125 -0
- data/test/test_mantis_tracker.rb +133 -0
- data/test/test_sage100_tracker.rb +120 -0
- data/test/test_som_tracker.rb +71 -0
- data/test/test_stb_tracker.rb +120 -0
- data/test/test_swift_online_tracker.rb +116 -0
- data/test/test_t24_tracker.rb +151 -0
- data/test/test_utils.rb +46 -0
- data/test/test_vpn_tracker.rb +56 -0
- data/test/test_wms_tracker.rb +109 -0
- data/test/test_yst_tracker.rb +133 -0
- data/test/utils_testfiles/file2list_test.txt +13 -0
- data/test/utils_testfiles/load_know_user_map_testfile.txt +4 -0
- data/test/wms_testfiles/role_rpt_test.txt +6 -0
- data/test/wms_testfiles/user_rpt_test.txt +6 -0
- data/test/yst_testfiles/YiShiTong_Org_Test.csv +18 -0
- data/test/yst_testfiles/YiShiTong_User_Test.csv +5 -0
- data/ucert.gemspec +52 -0
- data/version.txt +12 -0
- metadata +410 -0
@@ -0,0 +1,244 @@
|
|
1
|
+
#--
|
2
|
+
# ucert
|
3
|
+
#
|
4
|
+
# A Ruby library for enterprise user account certification / recertification / audit project
|
5
|
+
#
|
6
|
+
# Copyright (c) CMBNY Risk Department
|
7
|
+
#++
|
8
|
+
|
9
|
+
require "rubyXL"
|
10
|
+
|
11
|
+
# Class to handle CMBRUN NY user entitlement report
|
12
|
+
class Ucert::CmbrunNYTracker
|
13
|
+
include Ucert::Utils
|
14
|
+
# Class constant variables
|
15
|
+
|
16
|
+
attr_accessor :verbose, :crny_user_status_report, :file_crny_user_map
|
17
|
+
attr_reader :crny_2_ad_user, :crny_user_entitlement, :crny_position
|
18
|
+
|
19
|
+
# Instance default variables
|
20
|
+
def initialize (params ={})
|
21
|
+
@verbose=params.fetch(:verbose, false)
|
22
|
+
# CMBRun NY user entitlement report generation:
|
23
|
+
# Logon to the CMBRun NY platform from the production environment, Navigating to 'User Management', select "198:New York Branch", then click
|
24
|
+
# on "Search(5)" button; you will see the user record in the current window; right click one of the record, select "Export All to Excel"
|
25
|
+
# Open the Excel workbook and "Save as" the .xlsx format
|
26
|
+
@crny_user_entitlement_report = File.dirname(__FILE__)+"/../../data/cmbrun_ny/CMBRUN_USER_RPT.xlsx"
|
27
|
+
# Follow the similiar procedure above to download the Position report from the "Position Management" menu
|
28
|
+
@crny_position_report = File.dirname(__FILE__)+"/../../data/cmbrun_ny/CMBNY_Position_Rpt.xlsx"
|
29
|
+
# CMBRun NY to AD user map file
|
30
|
+
@file_crny_user_map = File.dirname(__FILE__)+"/../../data/cmbrun_ny/crny_access_user_map.txt"
|
31
|
+
# Load user map from the local cacsh file
|
32
|
+
@crny_2_ad_user=load_known_user_map_from_file(@file_crny_user_map)
|
33
|
+
# Load the user entitlement instance variable from the user report
|
34
|
+
@crny_user_entitlement=parse_crny_user_report(@crny_user_entitlement_report)
|
35
|
+
# Procedure to add DN foreign key to the @crny_user_entitlement, by performing the AD search
|
36
|
+
insert_dn
|
37
|
+
# Load the position instance variable from the positon report
|
38
|
+
@crny_position=parse_crny_position_report(@crny_position_report)
|
39
|
+
# Save the user map to local cache file
|
40
|
+
save!
|
41
|
+
end
|
42
|
+
|
43
|
+
# Parsing the CMBRun NY user report in text format
|
44
|
+
def parse_crny_user_report (file)
|
45
|
+
begin
|
46
|
+
puts "Start parsing Excel workbook file: #{file}" if @verbose
|
47
|
+
crny_user_entitlement=Hash.new
|
48
|
+
workbook = RubyXL::Parser.parse(file)
|
49
|
+
worksheet = workbook[0]
|
50
|
+
row_cnt=0
|
51
|
+
user_index=0 # user record index
|
52
|
+
header=Array.new
|
53
|
+
worksheet.count.times do |row|
|
54
|
+
row_cnt+=1
|
55
|
+
puts "Parsing workbook row: #{row_cnt}" if @verbose
|
56
|
+
entry=Array.new
|
57
|
+
# Processing Header Row
|
58
|
+
if row_cnt==1
|
59
|
+
0.upto(worksheet[row].size) do |col|
|
60
|
+
if worksheet[row][col].nil?
|
61
|
+
header.push(nil)
|
62
|
+
else
|
63
|
+
header.push(worksheet[row][col].value.to_s)
|
64
|
+
end
|
65
|
+
end
|
66
|
+
next
|
67
|
+
else
|
68
|
+
0.upto(worksheet[row].size) do |col|
|
69
|
+
if worksheet[row][col].nil?
|
70
|
+
entry.push(nil)
|
71
|
+
else
|
72
|
+
entry.push(worksheet[row][col].value.to_s)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
user_index += 1
|
76
|
+
end
|
77
|
+
record = header.zip(entry).to_h.reject {|k,v| k.nil?}
|
78
|
+
puts "User record: #{record}" if @verbose
|
79
|
+
next if record["User ID"].empty?
|
80
|
+
crny_user_entitlement[user_index] = record unless crny_user_entitlement.key?(user_index)
|
81
|
+
end
|
82
|
+
workbook=nil
|
83
|
+
return crny_user_entitlement
|
84
|
+
rescue => ee
|
85
|
+
puts "Exception on method #{__method__}: #{ee}"
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
# Parsing the CMBRun NY position report in Excel workbook format
|
90
|
+
def parse_crny_position_report (file)
|
91
|
+
begin
|
92
|
+
puts "Start parsing Excel workbook file: #{file}" if @verbose
|
93
|
+
crny_position=Hash.new
|
94
|
+
workbook = RubyXL::Parser.parse(file)
|
95
|
+
worksheet = workbook[0]
|
96
|
+
row_cnt=0
|
97
|
+
pos_index=String.new # position index
|
98
|
+
header=Array.new
|
99
|
+
worksheet.count.times do |row|
|
100
|
+
row_cnt+=1
|
101
|
+
puts "Parsing workbook row: #{row_cnt}" if @verbose
|
102
|
+
entry=Array.new
|
103
|
+
# Processing Header Row
|
104
|
+
if row_cnt==1
|
105
|
+
0.upto(worksheet[row].size) do |col|
|
106
|
+
if worksheet[row][col].nil?
|
107
|
+
header.push(nil)
|
108
|
+
else
|
109
|
+
header.push(worksheet[row][col].value.to_s)
|
110
|
+
end
|
111
|
+
end
|
112
|
+
next
|
113
|
+
else
|
114
|
+
0.upto(worksheet[row].size) do |col|
|
115
|
+
if worksheet[row][col].nil?
|
116
|
+
entry.push(nil)
|
117
|
+
else
|
118
|
+
entry.push(worksheet[row][col].value.to_s)
|
119
|
+
end
|
120
|
+
end
|
121
|
+
end
|
122
|
+
record = header.zip(entry).to_h.reject {|k,v| k.nil?}
|
123
|
+
puts "Position record: #{record}" if @verbose
|
124
|
+
next if record["Position Number"].empty?
|
125
|
+
pos_index = record["Position Number"]
|
126
|
+
crny_position[pos_index] = record unless crny_position.key?(pos_index)
|
127
|
+
end
|
128
|
+
workbook=nil
|
129
|
+
return crny_position
|
130
|
+
rescue => ee
|
131
|
+
puts "Exception on method #{__method__}: #{ee}"
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
# Retrieve the user index from the @crny_user_entitlement data structure
|
136
|
+
def dn_2_index (dn)
|
137
|
+
begin
|
138
|
+
(1..@crny_user_entitlement.count).map do |index|
|
139
|
+
return index if @crny_user_entitlement[index]["DN"]==dn
|
140
|
+
end
|
141
|
+
rescue => ee
|
142
|
+
puts "Exception on method #{__method__}: #{ee}"
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
# Procedures to add additonal field 'dn' into the @crny_user_entitlement data structure, by person the AD search
|
147
|
+
def insert_dn
|
148
|
+
begin
|
149
|
+
tracker = Ucert::AdTracker.new(:verbose=>false)
|
150
|
+
@crny_user_entitlement.each do |index, record|
|
151
|
+
puts "\n\nPerform DN lookup for record: #{record}" if @verbose
|
152
|
+
key1 = record['User Name']
|
153
|
+
my_key = record['User ID'].upcase + ":" + record['User Name'].upcase
|
154
|
+
puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
|
155
|
+
if @crny_2_ad_user.key?(my_key)
|
156
|
+
dn=@crny_2_ad_user[my_key]
|
157
|
+
# additional logic to update the existing DN record
|
158
|
+
unless tracker.ad_person_records.key?(dn)
|
159
|
+
dn = update_dn(tracker,dn)
|
160
|
+
end
|
161
|
+
puts "Found in the local cache file: #{dn}" if @verbose
|
162
|
+
else
|
163
|
+
if dn.nil? and !key1.nil?
|
164
|
+
puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
|
165
|
+
dn = tracker.ad_search_by_text(key1, "person")
|
166
|
+
end
|
167
|
+
end
|
168
|
+
@crny_user_entitlement[index]['DN'] = dn
|
169
|
+
end
|
170
|
+
tracker=nil
|
171
|
+
rescue => ee
|
172
|
+
puts "Exception on method #{__method__}: #{ee}"
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
176
|
+
# Print out the user entitlement table in plain text, to be imported into database
|
177
|
+
def print_user_entitlement
|
178
|
+
begin
|
179
|
+
puts "user Entitlement Report in Plain-text Format" if @verbose
|
180
|
+
@crny_user_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
|
181
|
+
puts if @verbose
|
182
|
+
@crny_user_entitlement.values.map do |rec|
|
183
|
+
rec.each {|k,v| print v,"|"}
|
184
|
+
puts
|
185
|
+
end
|
186
|
+
rescue => ee
|
187
|
+
puts "Exception on method #{__method__}: #{ee}"
|
188
|
+
end
|
189
|
+
end
|
190
|
+
alias_method :print_user, :print_user_entitlement
|
191
|
+
|
192
|
+
# Print out the user position table in plain text, to be imported into database
|
193
|
+
def print_user_position
|
194
|
+
begin
|
195
|
+
puts "user Position Report in Plain-text Format" if @verbose
|
196
|
+
@crny_position.first[1].each {|k,v| print k,"|"} if @verbose
|
197
|
+
puts if @verbose
|
198
|
+
@crny_position.values.map do |rec|
|
199
|
+
rec.each {|k,v| print v,"|"}
|
200
|
+
puts
|
201
|
+
end
|
202
|
+
rescue => ee
|
203
|
+
puts "Exception on method #{__method__}: #{ee}"
|
204
|
+
end
|
205
|
+
end
|
206
|
+
alias_method :print_position, :print_user_position
|
207
|
+
|
208
|
+
# Save the Prime to AD user mapping relation into the cache file
|
209
|
+
def save_crny_user_map!(file=@file_crny_user_map)
|
210
|
+
puts "Saving the known Prime to AD user mapping relationship to file: #{file} ..." if @verbose
|
211
|
+
begin
|
212
|
+
timestamp=Time.now
|
213
|
+
f=File.open(file, 'w')
|
214
|
+
f.write "# local CMBRun NY to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
|
215
|
+
@crny_user_entitlement.values.map do |record|
|
216
|
+
key = record['User ID'].upcase + ":" + record['User Name'].upcase
|
217
|
+
value = record['DN']
|
218
|
+
f.write "\n#{key}|#{value}"
|
219
|
+
end
|
220
|
+
f.close
|
221
|
+
puts "CMBRun NY to AD user map file is successfully saved to: #{file}" if @verbose
|
222
|
+
rescue => ee
|
223
|
+
puts "Exception on method #{__method__}: #{ee}" if @verbose
|
224
|
+
end
|
225
|
+
end
|
226
|
+
alias_method :save!, :save_crny_user_map!
|
227
|
+
|
228
|
+
# Search user entitlement record by AD DN
|
229
|
+
def crny_search_by_dn (dn)
|
230
|
+
begin
|
231
|
+
puts "Perform search on the user entitlement records by AD DN: #{dn}" if @verbose
|
232
|
+
@crny_user_entitlement.each do |key, val|
|
233
|
+
return val if @crny_user_entitlement[key]['DN'].eql? dn
|
234
|
+
end
|
235
|
+
return nil
|
236
|
+
rescue => ee
|
237
|
+
puts "Exception on method #{__method__}: #{ee}"
|
238
|
+
end
|
239
|
+
end
|
240
|
+
alias_method :search_by_dn, :crny_search_by_dn
|
241
|
+
|
242
|
+
private :insert_dn, :parse_crny_user_report, :parse_crny_position_report, :save_crny_user_map!, :print_user_entitlement
|
243
|
+
|
244
|
+
end
|
@@ -0,0 +1,230 @@
|
|
1
|
+
#--
|
2
|
+
# ucert
|
3
|
+
#
|
4
|
+
# A Ruby library for enterprise user account certification / recertification / audit project
|
5
|
+
#
|
6
|
+
# Copyright (c) CMBNY Risk Department
|
7
|
+
#++
|
8
|
+
require "rubyXL"
|
9
|
+
# CVM use YST for SSO. So that his trakcer class is also depending on the 'Ucert::YstTracker' class
|
10
|
+
|
11
|
+
# Class to handle CVM user account IDs
|
12
|
+
class Ucert::CvmTracker
|
13
|
+
include Ucert::Utils
|
14
|
+
# Class constant variables
|
15
|
+
|
16
|
+
attr_accessor :verbose, :cvm_user_report, :cvm_role_report, :cvm_role_report, :file_user_map
|
17
|
+
attr_reader :cvm_user_entitlement, :cvm_2_ad_user
|
18
|
+
|
19
|
+
# Instance default variables
|
20
|
+
def initialize (params ={})
|
21
|
+
|
22
|
+
@verbose=params.fetch(:verbose, false)
|
23
|
+
# CVM user entitlement report in XLSX format, generated by CVM export function
|
24
|
+
@cvm_user_report = File.dirname(__FILE__)+"/../../data/cvm/cvm_user_list.xlsx"
|
25
|
+
# CVM user role, which is mapped to YST data structure
|
26
|
+
@cvm_role_report = File.dirname(__FILE__)+"/../../data/cvm/cvm_user_role.xlsx"
|
27
|
+
# CVM user details entitlement report
|
28
|
+
@cvm_func_report = File.dirname(__FILE__)+"/../../data/cvm/cvm_user_func.xlsx"
|
29
|
+
# CVM to AD user map file
|
30
|
+
@file_user_map = File.dirname(__FILE__)+"/../../data/cvm/cvm_user_map.txt"
|
31
|
+
# Load the user map file to an instance variable (for performance gain)
|
32
|
+
@cvm_2_ad_user=load_known_user_map_from_file(@file_user_map)
|
33
|
+
# Load the user entitlement instance variable from the native CVM user entitlement reports
|
34
|
+
@cvm_user_entitlement=parse_cvm_user_report(@cvm_user_report)
|
35
|
+
parse_cvm_role_report(@cvm_role_report)
|
36
|
+
parse_cvm_func_report(@cvm_func_report)
|
37
|
+
# Insert DN field into the user entitlement data structure
|
38
|
+
insert_dn
|
39
|
+
save!
|
40
|
+
end
|
41
|
+
|
42
|
+
# Parsing the Cvm user entitlement report in CSV format
|
43
|
+
def parse_cvm_user_report (file)
|
44
|
+
#begin
|
45
|
+
puts "Start parsing Excel workbook file: #{file}" if @verbose
|
46
|
+
cvm_user_entitlement=Hash.new
|
47
|
+
workbook = RubyXL::Parser.parse(file)
|
48
|
+
worksheet=workbook.worksheets.first
|
49
|
+
row_cnt=0
|
50
|
+
header=Array.new
|
51
|
+
user_index=0
|
52
|
+
worksheet.count.times do |row|
|
53
|
+
row_cnt+=1
|
54
|
+
puts "Parsing workbook row: #{row_cnt}" if @verbose
|
55
|
+
entry=Array.new
|
56
|
+
# Processing Header Row
|
57
|
+
if row_cnt==1
|
58
|
+
0.upto(worksheet[row].size) do |col|
|
59
|
+
if worksheet[row][col].nil?
|
60
|
+
header.push(nil)
|
61
|
+
else
|
62
|
+
header.push(worksheet[row][col].value.to_s)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
next
|
66
|
+
else
|
67
|
+
0.upto(worksheet[row].size) do |col|
|
68
|
+
if worksheet[row][col].nil?
|
69
|
+
entry.push(nil)
|
70
|
+
else
|
71
|
+
entry.push(worksheet[row][col].value.to_s.strip)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
user_index += 1
|
75
|
+
end
|
76
|
+
record = header.zip(entry).to_h.reject {|k,v| k.nil?}
|
77
|
+
puts "User record: #{record}" if @verbose
|
78
|
+
next if record["用户编号"].empty?
|
79
|
+
cvm_user_entitlement[user_index] = record unless cvm_user_entitlement.key?(user_index)
|
80
|
+
end
|
81
|
+
workbook=nil
|
82
|
+
return cvm_user_entitlement
|
83
|
+
#rescue => ee
|
84
|
+
#puts "Exception on method #{__method__}: #{ee}"
|
85
|
+
#end
|
86
|
+
end
|
87
|
+
|
88
|
+
# add DN to the cvm_user_entitlement record
|
89
|
+
def insert_dn
|
90
|
+
puts "Insert DN into the record ..." if @verbose
|
91
|
+
tracker = Ucert::YstTracker.new(:verbose => @verbose)
|
92
|
+
@cvm_user_entitlement.each do |index, record|
|
93
|
+
puts "Processing user record #{index}: #{record}" if @verbose
|
94
|
+
key1=record['用户编号']
|
95
|
+
if @cvm_2_ad_user.key?(key1) && !@cvm_2_ad_user[key1].nil?
|
96
|
+
@cvm_user_entitlement[index]['DN'] = @cvm_2_ad_user[record['用户编号']]
|
97
|
+
else
|
98
|
+
@cvm_user_entitlement[index]['DN'] = tracker.yst_id_2_dn(record['用户编号'])
|
99
|
+
end
|
100
|
+
end
|
101
|
+
tracker=nil
|
102
|
+
end
|
103
|
+
|
104
|
+
def cvm_id_2_index (id)
|
105
|
+
@cvm_user_entitlement.each do |key,val|
|
106
|
+
return key if val['用户编号'] == id.strip
|
107
|
+
end
|
108
|
+
return nil
|
109
|
+
end
|
110
|
+
|
111
|
+
# Parsing the CVM role entitlement report in xlsx format
|
112
|
+
def parse_cvm_role_report (file)
|
113
|
+
#begin
|
114
|
+
workbook = RubyXL::Parser.parse(file)
|
115
|
+
worksheet=workbook.worksheets.first
|
116
|
+
role_entitlement=Hash.new
|
117
|
+
worksheet.count.times do |row|
|
118
|
+
puts "Parsing workbook row: #{row}" if @verbose
|
119
|
+
# skip the 1st line of the file (header line)
|
120
|
+
next if row == 0
|
121
|
+
role_entitlement = Hash.new
|
122
|
+
role_entitlement['用户一事通ID'] = worksheet[row][0].value.to_s.strip unless worksheet[row].nil?
|
123
|
+
role_entitlement['角色ID'] = worksheet[row][3].value.to_s.strip unless worksheet[row].nil?
|
124
|
+
role_entitlement['角色名称'] = worksheet[row][4].value.to_s.strip unless worksheet[row].nil?
|
125
|
+
role_entitlement['有效性'] = worksheet[row][5].value.to_s.strip unless worksheet[row].nil?
|
126
|
+
role_entitlement['有效期开始时间'] = worksheet[row][6].value.to_s.strip unless worksheet[row].nil?
|
127
|
+
role_entitlement['有效期结束时间'] = worksheet[row][7].value.to_s.strip unless worksheet[row].nil?
|
128
|
+
role_entitlement['角色机构全称'] = worksheet[row][8].value.to_s.strip unless worksheet[row].nil?
|
129
|
+
role_entitlement['是否展开'] = worksheet[row][9].value.to_s.strip unless worksheet[row].nil?
|
130
|
+
puts "Role: #{role_entitlement.inspect}" if @verbose
|
131
|
+
unless role_entitlement['用户一事通ID'].nil? or role_entitlement['角色ID'].nil?
|
132
|
+
user_index = cvm_id_2_index(role_entitlement['用户一事通ID'])
|
133
|
+
puts "Insert roles information into record: #{user_index}" if @verbose
|
134
|
+
@cvm_user_entitlement[user_index]['roles']=Array.new unless @cvm_user_entitlement[user_index]['roles']
|
135
|
+
@cvm_user_entitlement[user_index]['roles'].push(role_entitlement)
|
136
|
+
end
|
137
|
+
end
|
138
|
+
return role_entitlement
|
139
|
+
#rescue => ee
|
140
|
+
#puts "Exception on method #{__method__}: #{ee}"
|
141
|
+
#end
|
142
|
+
end
|
143
|
+
|
144
|
+
# Parsing the CVM user function report in xlsx format
|
145
|
+
def parse_cvm_func_report (file)
|
146
|
+
#begin
|
147
|
+
workbook = RubyXL::Parser.parse(file)
|
148
|
+
worksheet=workbook.worksheets.first
|
149
|
+
func_entitlement=Hash.new
|
150
|
+
worksheet.count.times do |row|
|
151
|
+
puts "Parsing workbook row: #{row}" if @verbose
|
152
|
+
# skip the 1st line of the file (header line)
|
153
|
+
next if row == 0
|
154
|
+
func_entitlement = Hash.new
|
155
|
+
func_entitlement['用户一事通ID'] = worksheet[row][0].value.to_s.strip unless worksheet[row].nil?
|
156
|
+
func_entitlement['功能ID'] = worksheet[row][3].value.to_s.strip unless worksheet[row].nil?
|
157
|
+
func_entitlement['功能名称'] = worksheet[row][4].value.to_s.strip unless worksheet[row].nil?
|
158
|
+
func_entitlement['权限'] = worksheet[row][5].value.to_s.strip unless worksheet[row].nil?
|
159
|
+
func_entitlement['增减方向'] = worksheet[row][6].value.to_s.strip unless worksheet[row].nil?
|
160
|
+
func_entitlement['有效性'] = worksheet[row][7].value.to_s.strip unless worksheet[row].nil?
|
161
|
+
func_entitlement['有效期开始时间'] = worksheet[row][8].value.to_s.strip unless worksheet[row].nil?
|
162
|
+
func_entitlement['有效期结束时间'] = worksheet[row][9].value.to_s.strip unless worksheet[row].nil?
|
163
|
+
func_entitlement['功能机构全称'] = worksheet[row][10].value.to_s.strip unless worksheet[row].nil?
|
164
|
+
puts "Function: #{func_entitlement.inspect}" if @verbose
|
165
|
+
unless func_entitlement['用户一事通ID'].nil? or func_entitlement['功能ID'].nil?
|
166
|
+
user_index = cvm_id_2_index(func_entitlement['用户一事通ID'])
|
167
|
+
puts "Insert function information into record: #{user_index}" if @verbose
|
168
|
+
@cvm_user_entitlement[user_index]['funcs']=Array.new unless @cvm_user_entitlement[user_index]['funcs']
|
169
|
+
@cvm_user_entitlement[user_index]['funcs'].push(func_entitlement)
|
170
|
+
end
|
171
|
+
end
|
172
|
+
return func_entitlement
|
173
|
+
#rescue => ee
|
174
|
+
#puts "Exception on method #{__method__}: #{ee}"
|
175
|
+
#end
|
176
|
+
end
|
177
|
+
|
178
|
+
# Print out the user entitlement table in plain text, to be imported into database
|
179
|
+
def print_user_entitlement
|
180
|
+
#begin
|
181
|
+
puts "user Entitlement Report in Plain-text Format" if @verbose
|
182
|
+
@cvm_user_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
|
183
|
+
puts if @verbose
|
184
|
+
@cvm_user_entitlement.values.map do |rec|
|
185
|
+
rec.each {|k,v| print v,"|"}
|
186
|
+
puts
|
187
|
+
end
|
188
|
+
#rescue => ee
|
189
|
+
#puts "Exception on method #{__method__}: #{ee}"
|
190
|
+
#end
|
191
|
+
end
|
192
|
+
alias_method :print_user, :print_user_entitlement
|
193
|
+
|
194
|
+
# Save the CVM to AD user mapping relation into the cache file
|
195
|
+
def save_cvm_user_map!(file=@file_user_map)
|
196
|
+
puts "Saving the known Cvm to AD user mapping relationship to file: #{file} ..." if @verbose
|
197
|
+
begin
|
198
|
+
timestamp=Time.now
|
199
|
+
f=File.open(file, 'w')
|
200
|
+
f.write "# local Cvm to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
|
201
|
+
@cvm_user_entitlement.values.map do |record|
|
202
|
+
key = record['用户编号']
|
203
|
+
value = record['DN']
|
204
|
+
f.write "\n#{key}|#{value}"
|
205
|
+
end
|
206
|
+
f.close
|
207
|
+
puts "CVM to AD user map file is successfully saved to: #{file}" if @verbose
|
208
|
+
rescue => ee
|
209
|
+
puts "Exception on method #{__method__}: #{ee}" if @verbose
|
210
|
+
end
|
211
|
+
end
|
212
|
+
alias_method :save!, :save_cvm_user_map!
|
213
|
+
|
214
|
+
# Search user entitlement record by AD DN
|
215
|
+
def cvm_search_by_dn (dn)
|
216
|
+
begin
|
217
|
+
puts "Perform search on the user entitlement record by AD DN: #{dn}" if @verbose
|
218
|
+
@cvm_user_entitlement.each do |key, val|
|
219
|
+
return val if @cvm_user_entitlement[key]['DN'].eql? dn
|
220
|
+
end
|
221
|
+
return nil
|
222
|
+
rescue => ee
|
223
|
+
puts "Exception on method #{__method__}: #{ee}"
|
224
|
+
end
|
225
|
+
end
|
226
|
+
alias_method :search_by_dn, :cvm_search_by_dn
|
227
|
+
|
228
|
+
private :parse_cvm_user_report, :parse_cvm_role_report, :insert_dn
|
229
|
+
|
230
|
+
end
|