ucert 0.2.57
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +134 -0
- data/LICENSE.txt +22 -0
- data/README.rdoc +61 -0
- data/Rakefile +8 -0
- data/TODO +5 -0
- data/bin/ad_dump +74 -0
- data/bin/ad_update +48 -0
- data/bin/adgrep +149 -0
- data/bin/adp_dump +70 -0
- data/bin/aix_dump +69 -0
- data/bin/audiolog_dump +69 -0
- data/bin/bloomberg_dump +69 -0
- data/bin/check21_dump +69 -0
- data/bin/citidirect_be_dump +69 -0
- data/bin/citidirect_sec_dump +69 -0
- data/bin/citrixsf_dump +70 -0
- data/bin/clear_par_dump +70 -0
- data/bin/cmbrun_ny_dump +76 -0
- data/bin/cvm_dump +70 -0
- data/bin/db_direct_dump +69 -0
- data/bin/egifts_dump +68 -0
- data/bin/equinix_dump +69 -0
- data/bin/frb_dump +69 -0
- data/bin/go_contact_dump +16 -0
- data/bin/jpm_dump +69 -0
- data/bin/madison535_dump +70 -0
- data/bin/mantis_dump +79 -0
- data/bin/prime_dump +79 -0
- data/bin/sage100_dump +69 -0
- data/bin/sharefile_dump +69 -0
- data/bin/som_dump +74 -0
- data/bin/stb_dump +69 -0
- data/bin/swift_dump +79 -0
- data/bin/swift_online_dump +69 -0
- data/bin/t24_dump +79 -0
- data/bin/vpn_dump +69 -0
- data/bin/wms_dump +79 -0
- data/bin/yst_dump +79 -0
- data/data/ad/ad_delta.txt +94 -0
- data/data/ad/hosts +421 -0
- data/data/ad/hosts.old +597 -0
- data/data/ad/hosts_old +597 -0
- data/data/ad/ldap_computer.txt +19028 -0
- data/data/ad/ldap_person.txt +41241 -0
- data/data/adp/Active Employee Report.xlsx +0 -0
- data/data/adp/adp_user_map.txt +141 -0
- data/data/aix/EGIFTS1.txt +239 -0
- data/data/aix/NYSWIFT1.txt +222 -0
- data/data/aix/T24_APP1.txt +300 -0
- data/data/aix/T24_DBP.txt +252 -0
- data/data/aix/aix_user_map.txt +46 -0
- data/data/alliance_swift/Swift_Operator_Details.xlsx +0 -0
- data/data/alliance_swift/Swift_Operator_Profiles_Details.xlsx +0 -0
- data/data/alliance_swift/swift_operator_map.txt +22 -0
- data/data/audiolog/Capture_audiolog.PNG +0 -0
- data/data/bloomberg/AccountData.csv +2 -0
- data/data/bloomberg/Capture_SID_download.PNG +0 -0
- data/data/bloomberg/current_subscriptions.csv +11 -0
- data/data/check21/Capture_check21_users.PNG +0 -0
- data/data/citidirect_be/Capture.PNG +0 -0
- data/data/citidirect_be/Capture_new.PNG +0 -0
- data/data/citidirect_be/Capture_new_new.PNG +0 -0
- data/data/citidirect_be/UserProfileEntitlementReport.pdf +0 -0
- data/data/citidirect_be/UserProfileEntitlementsReport.old.xlsx +0 -0
- data/data/citidirect_be/UserProfileEntitlementsReport.xlsx +0 -0
- data/data/citidirect_be/be_user_map.txt +11 -0
- data/data/citidirect_securities/Capture.PNG +0 -0
- data/data/citidirect_securities/User_Entitlements_Report___CLNT.dat +19 -0
- data/data/citidirect_securities/User_Entitlements_Report___CLNT.xml +75 -0
- data/data/citidirect_securities/citidirect_securities_user_map.txt +10 -0
- data/data/citrix_sharefile/ShareFile_Access_Report.xlsx +0 -0
- data/data/citrix_sharefile/sharefile_user_map.txt +33 -0
- data/data/clear_par/ClearPar User Report.xlsx +0 -0
- data/data/clear_par/clear_par_user_map.txt +25 -0
- data/data/cmbrun_ny/CMBNY_Position_Rpt.xlsx +0 -0
- data/data/cmbrun_ny/CMBRUN_USER_RPT.xlsx +0 -0
- data/data/cmbrun_ny/Capture_cmbrun.PNG +0 -0
- data/data/cmbrun_ny/Capture_cmbrun_position.PNG +0 -0
- data/data/cmbrun_ny/crny_access_user_map.txt +55 -0
- data/data/cvm/cvm_user_func.xlsx +0 -0
- data/data/cvm/cvm_user_list.xlsx +0 -0
- data/data/cvm/cvm_user_map.txt +56 -0
- data/data/cvm/cvm_user_role.xlsx +0 -0
- data/data/db_direct/Capture_main.PNG +0 -0
- data/data/db_direct/Capture_rpt.PNG +0 -0
- data/data/db_direct/accountpermission.xlsx +0 -0
- data/data/db_direct/db_direct_user_map.txt +8 -0
- data/data/db_direct/di_direct_user_map.txt +0 -0
- data/data/db_direct/userfulldetail_2016010813232300644912.pdf +0 -0
- data/data/equinix/Secured Access List_CHINA MERCHANTS BANK.xlsx +0 -0
- data/data/equinix/equinix_user_map.txt +29 -0
- data/data/fis_egifts/CHINA_MERCHANTS_BANK_-_USER_ACCOUNT_FUNCTION_REPORT.xlsx +0 -0
- data/data/fis_egifts/egifts_user_map.txt +113 -0
- data/data/fis_prime/Prime_Operator_Rights_Report.xml +41958 -0
- data/data/fis_prime/Prime_Operator_Status_Report.xml +1827 -0
- data/data/fis_prime/Prime_Operators_and_Roles_Report.xml +1505 -0
- data/data/fis_prime/Prime_Rights_by_Role_Report.xml +22726 -0
- data/data/fis_prime/prime_user_map.txt +77 -0
- data/data/frb/FRB_Subscriber_Roles_Report.xlsx +0 -0
- data/data/frb/frb_user_map.txt +22 -0
- data/data/go_contact/go_contact.xlsx +0 -0
- data/data/go_contact/go_user_map.txt +134 -0
- data/data/go_contact/title_level_map.txt +141 -0
- data/data/jpm_access/Capture.PNG +0 -0
- data/data/jpm_access/jpm_access_user_map.txt +13 -0
- data/data/jpm_access/jpm_user_entitlements_details.txt +194 -0
- data/data/jpm_access/jpm_user_groupentitlements_details.txt +2 -0
- data/data/madison535/535madison_bldg_pass.xlsx +0 -0
- data/data/madison535/535madison_bldg_pass_2.xlsx +0 -0
- data/data/madison535/madison535_user_map.txt +191 -0
- data/data/mantis/Mantis_AccessLevels.xlsx +0 -0
- data/data/mantis/Mantis_ActiveUsers_Rpt.xlsx +0 -0
- data/data/mantis/mantis_access_user_map.txt +128 -0
- data/data/sage100/Capture_Sage100_Rpt.PNG +0 -0
- data/data/sage100/Capture_Sage100_Rpt_2.PNG +0 -0
- data/data/sage100/SY_UserReport_RolePreferencesDetails.xlsx +0 -0
- data/data/sage100/SY_UserReport_RoleTaskPermissionsDetails.xlsx +0 -0
- data/data/sage100/sy_user_map.txt +14 -0
- data/data/som/som_user_map.txt +40 -0
- data/data/som/som_user_report.csv +329 -0
- data/data/stb/STB_USERS.csv +177 -0
- data/data/stb/STB_USERS.pdf +0 -0
- data/data/stb/stb_user_map.txt +33 -0
- data/data/swift_online/UserReport.xlsx +0 -0
- data/data/swift_online/swo_access_user_map.txt +18 -0
- data/data/t24/T24_Grp_Rpt.csv +484 -0
- data/data/t24/T24_User_Rpt.csv +567 -0
- data/data/t24/t24_grp.xml +2904 -0
- data/data/t24/t24_user_map.txt +197 -0
- data/data/t24/t24_usr.xml +9628 -0
- data/data/vpn/Capture_VPN.PNG +0 -0
- data/data/wms/role_rpt.txt +451 -0
- data/data/wms/user_rpt.txt +55 -0
- data/data/wms/wms_user_map.txt +55 -0
- data/data/yst/YiShiTong_Org.csv +21 -0
- data/data/yst/YiShiTong_User.csv +163 -0
- data/data/yst/yst_user_map.txt +163 -0
- data/demos/filter_email.rb +19 -0
- data/demos/idm_ad_reload.rb +164 -0
- data/lib/ucert.rb +82 -0
- data/lib/ucert/ad_tracker.rb +694 -0
- data/lib/ucert/adp_payroll_tracker.rb +189 -0
- data/lib/ucert/aix_tracker.rb +175 -0
- data/lib/ucert/alliance_swift_tracker.rb +300 -0
- data/lib/ucert/audiolog_tracker.rb +67 -0
- data/lib/ucert/bloomberg_tracker.rb +96 -0
- data/lib/ucert/check21_tracker.rb +95 -0
- data/lib/ucert/citidirect_be_tracker.rb +418 -0
- data/lib/ucert/citidirect_securities_tracker.rb +230 -0
- data/lib/ucert/citrix_sharefile_tracker.rb +196 -0
- data/lib/ucert/clear_par_tracker.rb +187 -0
- data/lib/ucert/cmbrun_ny_tracker.rb +244 -0
- data/lib/ucert/cvm_tracker.rb +230 -0
- data/lib/ucert/db_direct_tracker.rb +205 -0
- data/lib/ucert/equinix_tracker.rb +202 -0
- data/lib/ucert/fis_egifts_tracker.rb +249 -0
- data/lib/ucert/fis_prime_tracker.rb +391 -0
- data/lib/ucert/frb_tracker.rb +232 -0
- data/lib/ucert/go_contact_tracker.rb +778 -0
- data/lib/ucert/jpm_access_tracker.rb +205 -0
- data/lib/ucert/madison535_tracker.rb +273 -0
- data/lib/ucert/mantis_tracker.rb +249 -0
- data/lib/ucert/sage100_tracker.rb +355 -0
- data/lib/ucert/som_tracker.rb +223 -0
- data/lib/ucert/stb_tracker.rb +199 -0
- data/lib/ucert/swift_online_tracker.rb +197 -0
- data/lib/ucert/t24_tracker.rb +342 -0
- data/lib/ucert/utils/utils.rb +200 -0
- data/lib/ucert/vpn_tracker.rb +94 -0
- data/lib/ucert/wms_tracker.rb +240 -0
- data/lib/ucert/yst_tracker.rb +264 -0
- data/test/ad_testfiles/ldap_computer_test.txt +21 -0
- data/test/ad_testfiles/ldap_person_test.txt +21 -0
- data/test/aix_testfiles/application1.txt +7 -0
- data/test/aix_testfiles/application2.txt +15 -0
- data/test/alliance_swift_testfiles/Swift_Operator_Details_Test.xlsx +0 -0
- data/test/alliance_swift_testfiles/Swift_Operator_Profiles_Details_Test.xlsx +0 -0
- data/test/alliance_swift_testfiles/swift_operator_map_test.txt +55 -0
- data/test/alliance_swift_testfiles/swift_operator_map_test_2.txt +55 -0
- data/test/alliance_swift_testfiles/swift_operator_map_test_format_fixed.txt +55 -0
- data/test/citidirect_be_testfiles/UserProfileEntitlementsReport_Test.xlsx +0 -0
- data/test/citidirect_securities_testfiles/User_Entitlements_Report___CLNT_Test.xml +48 -0
- data/test/citrix_sharefile_testfiles/ShareFile_Access_Report_Test.xlsx +0 -0
- data/test/cmbrun_ny_testfiles/CMBNY_Position_Rpt_02242016_test.xlsx +0 -0
- data/test/cmbrun_ny_testfiles/CMBRUN_USER_RPT_Test.xlsx +0 -0
- data/test/db_direct_testfiles/accountpermission_Test.xlsx +0 -0
- data/test/equinix_testfiles/Secured Access List_CHINA MERCHANTS BANK_TEST.xlsx +0 -0
- data/test/fis_egifts_testfiles/CHINA_MERCHANTS_BANK_-_USER_ACCOUNT_FUNCTION_REPORT_TEST.xlsx +0 -0
- data/test/fis_prime_testfiles/Prime_Operator_Rights_Report_Test.xml +158 -0
- data/test/fis_prime_testfiles/Prime_Operator_Status_Report_Copy.xml +1659 -0
- data/test/fis_prime_testfiles/Prime_Operator_Status_Report_Test.xml +51 -0
- data/test/fis_prime_testfiles/Prime_Operators_and_Roles_Report_Copy.xml +1360 -0
- data/test/fis_prime_testfiles/Prime_Operators_and_Roles_Report_Test.xml +45 -0
- data/test/fis_prime_testfiles/Prime_Rights_by_Role_Report_Test.xml +65 -0
- data/test/fis_prime_testfiles/prime_user_map.txt +3 -0
- data/test/frb_testfiles/FRB_Subscriber_Roles_Report_Test.xlsx +0 -0
- data/test/go_contact_testfiles/go_contact_test.xlsx +0 -0
- data/test/jpm_access_testfiles/Capture.PNG +0 -0
- data/test/jpm_access_testfiles/jpm_user_entitlements_details_original.txt +208 -0
- data/test/jpm_access_testfiles/jpm_user_entitlements_details_test.txt +7 -0
- data/test/madison535_testfiles/535madison_bldg_pass_2_Test.xlsx +0 -0
- data/test/madison535_testfiles/535madison_bldg_pass_Test.xlsx +0 -0
- data/test/mantis_testfiles/Mantis_AccessLevels_Test.xlsx +0 -0
- data/test/mantis_testfiles/Mantis_ActiveUsers_Rpt_Test.xlsx +0 -0
- data/test/sage100_testfiles/SY_UserReport_RolePreferencesDetails_Test.xlsx +0 -0
- data/test/sage100_testfiles/SY_UserReport_RoleTaskPermissionsDetails_Test.xlsx +0 -0
- data/test/som_testfiles/som_user_map_test.txt +7 -0
- data/test/som_testfiles/som_user_report_test.csv +25 -0
- data/test/stb_testfiles/STB_USERS_test.csv +24 -0
- data/test/stb_testfiles/STB_USERS_test_constant.csv +24 -0
- data/test/swift_online_testfiles/UserReport.xls +0 -0
- data/test/swift_online_testfiles/UserReport_Test.xlsx +0 -0
- data/test/swift_online_testfiles/test_outline_level.rb +7 -0
- data/test/t24_testfiles/T24_Grp_Rpt_Test.csv +7 -0
- data/test/t24_testfiles/T24_User_Rpt_Test.csv +7 -0
- data/test/test_ad_tracker.rb +148 -0
- data/test/test_aix_tracker.rb +71 -0
- data/test/test_alliance_swift_tracker.rb +131 -0
- data/test/test_audiolog_tracker.rb +23 -0
- data/test/test_check21_tracker.rb +30 -0
- data/test/test_citidirect_be_tracker.rb +110 -0
- data/test/test_citidirect_securities_tracker.rb +89 -0
- data/test/test_citrix_sharefile_tracker.rb +105 -0
- data/test/test_cmbrun_ny_tracker.rb +112 -0
- data/test/test_db_direct_tracker.rb +125 -0
- data/test/test_equinix_tracker.rb +119 -0
- data/test/test_fis_egifts_tracker.rb +105 -0
- data/test/test_fis_prime_tracker.rb +288 -0
- data/test/test_frb_tracker.rb +104 -0
- data/test/test_go_contact.rb +276 -0
- data/test/test_jpm_access_tracker.rb +122 -0
- data/test/test_madison535_tracker.rb +125 -0
- data/test/test_mantis_tracker.rb +133 -0
- data/test/test_sage100_tracker.rb +120 -0
- data/test/test_som_tracker.rb +71 -0
- data/test/test_stb_tracker.rb +120 -0
- data/test/test_swift_online_tracker.rb +116 -0
- data/test/test_t24_tracker.rb +151 -0
- data/test/test_utils.rb +46 -0
- data/test/test_vpn_tracker.rb +56 -0
- data/test/test_wms_tracker.rb +109 -0
- data/test/test_yst_tracker.rb +133 -0
- data/test/utils_testfiles/file2list_test.txt +13 -0
- data/test/utils_testfiles/load_know_user_map_testfile.txt +4 -0
- data/test/wms_testfiles/role_rpt_test.txt +6 -0
- data/test/wms_testfiles/user_rpt_test.txt +6 -0
- data/test/yst_testfiles/YiShiTong_Org_Test.csv +18 -0
- data/test/yst_testfiles/YiShiTong_User_Test.csv +5 -0
- data/ucert.gemspec +52 -0
- data/version.txt +12 -0
- metadata +410 -0
@@ -0,0 +1,205 @@
|
|
1
|
+
#--
|
2
|
+
# ucert
|
3
|
+
#
|
4
|
+
# A Ruby library for enterprise user account certification / recertification / audit project
|
5
|
+
#
|
6
|
+
# Copyright (c) CMBNY Risk Department
|
7
|
+
#++
|
8
|
+
|
9
|
+
|
10
|
+
# Class to handle Jpm for BE user account IDs
|
11
|
+
class Ucert::JpmAccessTracker
|
12
|
+
include Ucert::Utils
|
13
|
+
# Class constant variables
|
14
|
+
|
15
|
+
attr_accessor :verbose, :jpm_user_status_report, :jpm_user_group_entitlement_report, :file_jpm_user_map
|
16
|
+
attr_reader :jpm_2_ad_user, :jpm_user_entitlement, :jpm_user_group_entitlement
|
17
|
+
|
18
|
+
# Instance default variables
|
19
|
+
def initialize (params ={})
|
20
|
+
@verbose=params.fetch(:verbose, false)
|
21
|
+
# JPM Access user entitlement report generation: Logon to Jpm for BE sites www.jpmorganaccess.com
|
22
|
+
# Once logon, click "Administration" -> "Reports", select "Entitlements Report" -> "Custom"
|
23
|
+
# In the Customization window, select "Summary + Details" for "Report Layout" field, "Pipe Delimited" for "Output" field
|
24
|
+
# under "Report Criteria" sub-menu, choose "All Users" for the "Select Users/Groups" field
|
25
|
+
# under "Additional Criteria" sub-menu, check both "Active" and "Inactive" for "User Status"; select "All Products" for "Products" field, "All Functions" for "Functions" field , "All Accounts" for "Accounts / Account Groups" field
|
26
|
+
# Press "Run" button to generate the report
|
27
|
+
@jpm_user_entitlement_report = File.dirname(__FILE__)+"/../../data/jpm_access/jpm_user_entitlements_details.txt"
|
28
|
+
# Select "User Group" instead of "User"; following the rest instrctions above to generate User Group entitlement report.
|
29
|
+
# Note: As of 01/05/2015 the Group function is not utilized in the CMBNY account. So we have a stud here for furture implementation only.
|
30
|
+
@jpm_user_group_entitlement_report = File.dirname(__FILE__)+"/../../data/jpm_access/jpm_user_entitlements_details.txt"
|
31
|
+
# JPM Access to AD user map file
|
32
|
+
@file_jpm_user_map = File.dirname(__FILE__)+"/../../data/jpm_access/jpm_access_user_map.txt"
|
33
|
+
# Load user map from the local cacsh file
|
34
|
+
@jpm_2_ad_user=load_known_user_map_from_file(@file_jpm_user_map)
|
35
|
+
# Load the user entitlement instance variable from the user report
|
36
|
+
@jpm_user_entitlement=parse_jpm_user_entitlement_report(@jpm_user_entitlement_report)
|
37
|
+
# Load the user group entitlement instance variable from the user group report
|
38
|
+
@jpm_user_group_entitlement=parse_jpm_user_group_entitlement_report(@jpm_user_group_entitlement_report)
|
39
|
+
# Procedure to add DN foreign key to the @jpm_user_entitlement, by performing the AD search
|
40
|
+
insert_dn
|
41
|
+
# Save the user map to local cache file
|
42
|
+
save!
|
43
|
+
end
|
44
|
+
|
45
|
+
# Parsing the Jpm Access user entitlement report in text format
|
46
|
+
def parse_jpm_user_entitlement_report (file)
|
47
|
+
begin
|
48
|
+
puts "Parse the user entitlement detail report: #{file}" if @verbose
|
49
|
+
jpm_user_entitlement=Hash.new
|
50
|
+
user_index=1
|
51
|
+
line_cnt=0
|
52
|
+
doc = File.open(file,'r')
|
53
|
+
header=Array.new
|
54
|
+
doc.each_line do |line|
|
55
|
+
line_cnt+=1
|
56
|
+
if line_cnt==1
|
57
|
+
header=line.chomp.split('|')
|
58
|
+
puts "JPM Access User Entitlement Header:\n #{header}" if @verbose
|
59
|
+
next # skip the header line
|
60
|
+
end
|
61
|
+
record=line.chomp.split('|')
|
62
|
+
#puts "Processing record:\n #{header}\n\n#{record}" if @verbose
|
63
|
+
#user_index+=1
|
64
|
+
record_h=Hash[header.zip(record)[0..26]]
|
65
|
+
right_h=Hash[header.zip(record)[27..80]]
|
66
|
+
puts "Adding JPM Entitlement Record: #{record_h}" if @verbose
|
67
|
+
if jpm_user_entitlement.key?(user_index)
|
68
|
+
puts "Checking record User_ID field match: #{jpm_user_entitlement[user_index]['User ID']}, #{record_h['User ID']}" if @verbose
|
69
|
+
if jpm_user_entitlement[user_index]["User ID"] == record_h["User ID"]
|
70
|
+
jpm_user_entitlement[user_index]["Rights"].push(right_h)
|
71
|
+
else
|
72
|
+
user_index+=1
|
73
|
+
jpm_user_entitlement[user_index]=record_h
|
74
|
+
jpm_user_entitlement[user_index]["Rights"]=[right_h]
|
75
|
+
puts "Processing user record number: #{user_index}" if @verbose
|
76
|
+
end
|
77
|
+
else
|
78
|
+
jpm_user_entitlement[user_index]=Hash.new
|
79
|
+
jpm_user_entitlement[user_index]=record_h
|
80
|
+
jpm_user_entitlement[user_index]["Rights"]=[right_h]
|
81
|
+
end
|
82
|
+
end
|
83
|
+
doc=nil
|
84
|
+
return jpm_user_entitlement
|
85
|
+
rescue => ee
|
86
|
+
puts "Exception on method #{__method__}: #{ee}"
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
# Parsing the Jpm Access user group entitlement report in text format - TBD as currently this feature is not in use
|
91
|
+
def parse_jpm_user_group_entitlement_report (file)
|
92
|
+
begin
|
93
|
+
|
94
|
+
rescue => ee
|
95
|
+
puts "Exception on method #{__method__}: #{ee}"
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
# Retrieve the user index from the @jpm_user_entitlement data structure
|
100
|
+
def dn_2_index (dn)
|
101
|
+
begin
|
102
|
+
(1..@jpm_user_entitlement.count).map do |index|
|
103
|
+
return index if @jpm_user_entitlement[index]["DN"]==dn
|
104
|
+
end
|
105
|
+
rescue => ee
|
106
|
+
puts "Exception on method #{__method__}: #{ee}"
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
# Procedures to add additonal field 'dn' into the @jpm_user_entitlement data structure, by person the AD search
|
111
|
+
def insert_dn
|
112
|
+
begin
|
113
|
+
tracker = Ucert::AdTracker.new(:verbose=>false)
|
114
|
+
@jpm_user_entitlement.each do |index, record|
|
115
|
+
puts "\n\nPerform DN lookup for record: #{record}" if @verbose
|
116
|
+
key1 = record['Email'] if record['Email']
|
117
|
+
key2 = record['User ID'] if record['User ID']
|
118
|
+
key3 = record['User First Name'] + record['User Last Name'] if record['User First Name'] and record['User Last Name']
|
119
|
+
key4 = record['Employee ID'] if record['Employee ID']
|
120
|
+
my_key = record['User ID'].upcase
|
121
|
+
puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
|
122
|
+
if @jpm_2_ad_user.key?(my_key)
|
123
|
+
dn=@jpm_2_ad_user[my_key]
|
124
|
+
# additional logic to update the existing DN record
|
125
|
+
unless tracker.ad_person_records.key?(dn)
|
126
|
+
dn = update_dn(tracker,dn)
|
127
|
+
end
|
128
|
+
puts "Found in the local cache file: #{dn}" if @verbose
|
129
|
+
else
|
130
|
+
if dn.nil? and !key1.nil?
|
131
|
+
puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
|
132
|
+
dn = tracker.ad_search_by_text(key1, "person")
|
133
|
+
end
|
134
|
+
if dn.nil? and !key2.nil?
|
135
|
+
puts "Perform 3rd order search only if the last fail, by using: #{key2}" if @verbose
|
136
|
+
dn = tracker.ad_search_by_text(key2, "person")
|
137
|
+
end
|
138
|
+
if dn.nil? and !key3.nil?
|
139
|
+
puts "Perform 4th order search only if the last fail, by using: #{key3}" if @verbose
|
140
|
+
dn = tracker.ad_search_by_text(key3, "person")
|
141
|
+
end
|
142
|
+
if dn.nil? and !key4.nil?
|
143
|
+
puts "Perform 5th order search only if the last fail, by using: #{key4}" if @verbose
|
144
|
+
dn = tracker.ad_search_by_text(key4, "person")
|
145
|
+
end
|
146
|
+
end
|
147
|
+
@jpm_user_entitlement[index]['DN'] = dn
|
148
|
+
end
|
149
|
+
tracker=nil
|
150
|
+
rescue => ee
|
151
|
+
puts "Exception on method #{__method__}: #{ee}"
|
152
|
+
end
|
153
|
+
end
|
154
|
+
|
155
|
+
# Print out the user entitlement table in plain text, to be imported into database
|
156
|
+
def print_user_entitlement
|
157
|
+
begin
|
158
|
+
puts "user Entitlement Report in Plain-text Format" if @verbose
|
159
|
+
puts "User First Name|User Middle Initial|User Last Name|Job Title|User ID|Logon Type|Employee ID|User Status|Email|Address Line 1|Address Line 2|City|State/Province/Region|Zip/Postal Code|Country|Phone 1|Phone 1 Extension|Phone 1 Type|Phone 2|Phone 2 Extension|Phone 2 Type|Phone 3|Phone 3 Extension|Phone 3 Type|Last Logon Date|Last Modified Date|Last Modified By|Rights|DN" if @verbose
|
160
|
+
@jpm_user_entitlement.values.map do |rec|
|
161
|
+
puts "#{rec['User First Name']}|#{rec['User Middle Initial']}|#{rec['User Last Name']}|#{rec['Job Title']}|#{rec['User ID']}|#{rec['Logon Type']}|#{rec['Employee ID']}|#{rec['User Status']}|#{rec['Email']}|#{rec['Address Line 1']}|#{rec['Address Line 2']}|#{rec['City']}|#{rec['State/Province/Region']}|#{rec['Zip/Postal Code']}|#{rec['Country']}|#{rec['Phone 1']}|#{rec['Phone 1 Extension']}|#{rec['Phone 1 Type']}|#{rec['Phone 2']}|#{rec['Phone 2 Extension']}|#{rec['Phone 2 Type']}|#{rec['Phone 3']}|#{rec['Phone 3 Extension']}|#{rec['Phone 3 Type']}|#{rec['Last Logon Date']}|#{rec['Last Modified Date']}|#{rec['Last Modified By']}|#{rec['Rights']}|#{rec['DN']}"
|
162
|
+
end
|
163
|
+
rescue => ee
|
164
|
+
puts "Exception on method #{__method__}: #{ee}"
|
165
|
+
end
|
166
|
+
end
|
167
|
+
alias_method :print_user, :print_user_entitlement
|
168
|
+
|
169
|
+
# Save the Prime to AD user mapping relation into the cache file
|
170
|
+
def save_jpm_user_map!(file=@file_jpm_user_map)
|
171
|
+
puts "Saving the known Prime to AD user mapping relationship to file: #{file} ..." if @verbose
|
172
|
+
begin
|
173
|
+
timestamp=Time.now
|
174
|
+
f=File.open(file, 'w')
|
175
|
+
f.write "# local Jpm for Securitites to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
|
176
|
+
@jpm_user_entitlement.values.map do |record|
|
177
|
+
key = record['User ID'].upcase
|
178
|
+
value = record['DN']
|
179
|
+
f.write "\n#{key}|#{value}"
|
180
|
+
end
|
181
|
+
f.close
|
182
|
+
puts "Jpm Securitites to AD user map file is successfully saved to: #{file}" if @verbose
|
183
|
+
rescue => ee
|
184
|
+
puts "Exception on method #{__method__}: #{ee}" if @verbose
|
185
|
+
end
|
186
|
+
end
|
187
|
+
alias_method :save!, :save_jpm_user_map!
|
188
|
+
|
189
|
+
# Search user entitlement record by AD DN
|
190
|
+
def jpm_search_by_dn (dn)
|
191
|
+
begin
|
192
|
+
puts "Perform search on the user entitlement records by AD DN: #{dn}" if @verbose
|
193
|
+
@jpm_user_entitlement.each do |key, val|
|
194
|
+
return val if @jpm_user_entitlement[key]['DN'].eql? dn
|
195
|
+
end
|
196
|
+
return nil
|
197
|
+
rescue => ee
|
198
|
+
puts "Exception on method #{__method__}: #{ee}"
|
199
|
+
end
|
200
|
+
end
|
201
|
+
alias_method :search_by_dn, :jpm_search_by_dn
|
202
|
+
|
203
|
+
private :insert_dn, :parse_jpm_user_entitlement_report, :parse_jpm_user_group_entitlement_report, :save_jpm_user_map!, :print_user_entitlement
|
204
|
+
|
205
|
+
end
|
@@ -0,0 +1,273 @@
|
|
1
|
+
#--
|
2
|
+
# ucert
|
3
|
+
#
|
4
|
+
# A Ruby library for enterprise user account certification / recertification / audit project
|
5
|
+
#
|
6
|
+
# Copyright (c) CMBNY Risk Department
|
7
|
+
#++
|
8
|
+
|
9
|
+
require "rubyXL"
|
10
|
+
|
11
|
+
# Class to handle Madison 535 building pass user report
|
12
|
+
class Ucert::Madison535Tracker
|
13
|
+
include Ucert::Utils
|
14
|
+
# Class constant variables
|
15
|
+
|
16
|
+
attr_accessor :verbose, :madison535_user_access_report, :madison535_user_access_report_2, \
|
17
|
+
:file_madison535_user_map
|
18
|
+
attr_reader :madison535_2_ad_user, :madison535_user_access
|
19
|
+
|
20
|
+
# Instance default variables
|
21
|
+
def initialize (params ={})
|
22
|
+
@verbose=params.fetch(:verbose, false)
|
23
|
+
# Madison535 user entitlement report generation:
|
24
|
+
# Contact IT/GO for the Secured Access List report. Note you'll need to export the PDF report into Excel Workbook,
|
25
|
+
# then scrubbing the data further, into the exact format we need here
|
26
|
+
@madison535_user_access_report = File.dirname(__FILE__)+"/../../data/madison535/535madison_bldg_pass.xlsx"
|
27
|
+
# This one is from GO directly
|
28
|
+
@madison535_user_access_report_2 = File.dirname(__FILE__)+"/../../data/madison535/535madison_bldg_pass_2.xlsx"
|
29
|
+
# Madison535 to AD user map file
|
30
|
+
@file_madison535_user_map = File.dirname(__FILE__)+"/../../data/madison535/madison535_user_map.txt"
|
31
|
+
@madison535_user_access = Hash.new
|
32
|
+
# Load user map from the local cacsh file
|
33
|
+
@madison535_2_ad_user=load_known_user_map_from_file(@file_madison535_user_map)
|
34
|
+
# Read the building security report
|
35
|
+
@madison535_user_access=parse_madison535_user_access_report(@madison535_user_access_report)
|
36
|
+
# Procedure to add DN foreign key to the @madison535_user_access, by performing the AD search
|
37
|
+
insert_dn
|
38
|
+
# Read the floor security report from GO
|
39
|
+
parse_madison535_user_access_report_2(@madison535_user_access_report_2)
|
40
|
+
insert_dn
|
41
|
+
# Save the user map to local cache file
|
42
|
+
save!
|
43
|
+
end
|
44
|
+
|
45
|
+
# Parsing the Madison535 user entitlement report from building security
|
46
|
+
def parse_madison535_user_access_report (file)
|
47
|
+
begin
|
48
|
+
puts "Start parsing Excel workbook file: #{file}" if @verbose
|
49
|
+
madison535_user_access=Hash.new
|
50
|
+
workbook = RubyXL::Parser.parse(file)
|
51
|
+
worksheet=workbook.worksheets.first
|
52
|
+
row_cnt=0
|
53
|
+
header=Array.new
|
54
|
+
user_index=0
|
55
|
+
worksheet.count.times do |row|
|
56
|
+
row_cnt+=1
|
57
|
+
puts "Parsing workbook row: #{row_cnt}" if @verbose
|
58
|
+
entry=Array.new
|
59
|
+
# Processing Header Row
|
60
|
+
if row_cnt==1
|
61
|
+
0.upto(worksheet[row].size) do |col|
|
62
|
+
if worksheet[row][col].nil?
|
63
|
+
header.push(nil)
|
64
|
+
else
|
65
|
+
header.push(worksheet[row][col].value.to_s)
|
66
|
+
end
|
67
|
+
end
|
68
|
+
next
|
69
|
+
else
|
70
|
+
0.upto(worksheet[row].size) do |col|
|
71
|
+
if worksheet[row][col].nil?
|
72
|
+
entry.push(nil)
|
73
|
+
else
|
74
|
+
entry.push(worksheet[row][col].value.to_s.strip)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
user_index += 1
|
78
|
+
end
|
79
|
+
record = header.zip(entry).to_h.reject {|k,v| k.nil?}
|
80
|
+
puts "User record: #{record}" if @verbose
|
81
|
+
next if record["Card #"].empty?
|
82
|
+
madison535_user_access[user_index] = record unless madison535_user_access.key?(user_index)
|
83
|
+
end
|
84
|
+
workbook=nil
|
85
|
+
return madison535_user_access
|
86
|
+
rescue => ee
|
87
|
+
puts "Exception on method #{__method__}: #{ee}"
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
# Parsing the Madison535 user entitlement report from GO
|
92
|
+
def parse_madison535_user_access_report_2 (file=@madison535_user_access_report_2)
|
93
|
+
#begin
|
94
|
+
puts "Start parsing Excel workbook file: #{file}" if @verbose
|
95
|
+
madison535_user_access=Hash.new
|
96
|
+
workbook = RubyXL::Parser.parse(file)
|
97
|
+
worksheet=workbook.worksheets.first
|
98
|
+
row_cnt=0
|
99
|
+
header=Array.new
|
100
|
+
user_index=@madison535_user_access.count
|
101
|
+
worksheet.count.times do |row|
|
102
|
+
record = Hash.new
|
103
|
+
row_cnt+=1
|
104
|
+
puts "Parsing workbook row: #{row_cnt}" if @verbose
|
105
|
+
entry=Array.new
|
106
|
+
# Processing Header Row
|
107
|
+
if row_cnt==1
|
108
|
+
1.upto(worksheet[row].size) do |col|
|
109
|
+
if worksheet[row][col].nil?
|
110
|
+
header.push(nil)
|
111
|
+
else
|
112
|
+
header.push(worksheet[row][col].value.to_s)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
next
|
116
|
+
else
|
117
|
+
# Processing the record
|
118
|
+
1.upto(worksheet[row].size) do |col|
|
119
|
+
if worksheet[row][col].nil?
|
120
|
+
entry.push(nil)
|
121
|
+
else
|
122
|
+
entry.push(worksheet[row][col].value.to_s.strip)
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
record = header.zip(entry).to_h.reject {|k,v| k.nil?}
|
127
|
+
card_num = record["Card #"].strip
|
128
|
+
my_index = card_num_2_index(card_num)
|
129
|
+
puts "User record: #{record}" if @verbose
|
130
|
+
puts "Card num: #{card_num}" if @verbose
|
131
|
+
puts "User index: #{my_index}" if @verbose
|
132
|
+
if my_index.nil?
|
133
|
+
# 'new' user not found in the building security report
|
134
|
+
user_index += 1
|
135
|
+
record["Company"]="CMBNY"
|
136
|
+
record["DN"]=nil
|
137
|
+
@madison535_user_access[user_index]=Hash.new unless @madison535_user_access.key(user_index)
|
138
|
+
@madison535_user_access[user_index]=record
|
139
|
+
else
|
140
|
+
puts "User Index: #{user_index}" if @verbose
|
141
|
+
#record["First Name"] = @madison535_user_access[my_index]["First Name"]
|
142
|
+
#record["Last Name"] = @madison535_user_access[my_index]["Last Name"]
|
143
|
+
record["Company"] = @madison535_user_access[my_index]["Company"]
|
144
|
+
record["DN"] = @madison535_user_access[my_index]["DN"]
|
145
|
+
#record["Company"] = @madison535_user_access[user_index]["Company"]
|
146
|
+
@madison535_user_access[my_index] = Hash.new unless @madison535_user_access.key?(my_index)
|
147
|
+
@madison535_user_access[my_index] = record
|
148
|
+
end
|
149
|
+
end
|
150
|
+
workbook=nil
|
151
|
+
#rescue => ee
|
152
|
+
#puts "Exception on method #{__method__}: #{ee}"
|
153
|
+
#end
|
154
|
+
end
|
155
|
+
|
156
|
+
# Retrieve the user index from the @madison535_user_access data structure
|
157
|
+
def dn_2_index (dn)
|
158
|
+
begin
|
159
|
+
(1..@madison535_user_access.count).map do |index|
|
160
|
+
return index if @madison535_user_access[index]["DN"]==dn
|
161
|
+
end
|
162
|
+
rescue => ee
|
163
|
+
puts "Exception on method #{__method__}: #{ee}"
|
164
|
+
end
|
165
|
+
end
|
166
|
+
|
167
|
+
# Retrieve the user index based on card number
|
168
|
+
def card_num_2_index (id)
|
169
|
+
begin
|
170
|
+
(1..@madison535_user_access.count).map do |index|
|
171
|
+
return index if @madison535_user_access[index]["Card #"]==id.strip
|
172
|
+
end
|
173
|
+
return nil
|
174
|
+
rescue => ee
|
175
|
+
puts "Exception on method #{__method__}: #{ee}"
|
176
|
+
end
|
177
|
+
end
|
178
|
+
|
179
|
+
# Procedures to add additonal field 'dn' into the @madison535_user_access data structure, by person the AD search
|
180
|
+
def insert_dn
|
181
|
+
#begin
|
182
|
+
tracker = Ucert::AdTracker.new(:verbose=>false)
|
183
|
+
@madison535_user_access.each do |index, record|
|
184
|
+
puts "\n\nPerform DN lookup for record: #{record}" if @verbose
|
185
|
+
key1 = record['First Name'].split(/\s/)[0] + " " + record['Last Name'] if record['First Name'] and record['Last Name']
|
186
|
+
key2 = record['First Name'].split(/\s+/)[1] + " " + record['Last Name'] if record['First Name'].split(/\s+/)[1] and record['Last Name']
|
187
|
+
key3 = record['First Name'].gsub(/\s+/,"").split(/\(|\)/)[1] + " " + record['Last Name'] if record['First Name'].gsub(/\s+/,"").split(/\(|\)/)[1] and record['Last Name']
|
188
|
+
my_key = record['Card #'].strip
|
189
|
+
puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
|
190
|
+
if @madison535_2_ad_user.key?(my_key)
|
191
|
+
dn=@madison535_2_ad_user[my_key]
|
192
|
+
# additional logic to update the existing DN record
|
193
|
+
unless tracker.ad_person_records.key?(dn)
|
194
|
+
dn = update_dn(tracker,dn)
|
195
|
+
end
|
196
|
+
puts "Found in the local cache file: #{dn}" if @verbose
|
197
|
+
else
|
198
|
+
if dn.nil? and !key1.nil?
|
199
|
+
puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
|
200
|
+
dn = tracker.ad_search_by_text(key1, "person")
|
201
|
+
end
|
202
|
+
#=begin
|
203
|
+
if dn.nil? and !key2.nil?
|
204
|
+
puts "Perform 3rd order search only if the last fail, by using: #{key2}" if @verbose
|
205
|
+
dn = tracker.ad_search_by_text(key2, "person")
|
206
|
+
end
|
207
|
+
if dn.nil? and !key3.nil?
|
208
|
+
puts "Perform 4th order search only if the last fail, by using: #{key3}" if @verbose
|
209
|
+
dn = tracker.ad_search_by_text(key3, "person")
|
210
|
+
end
|
211
|
+
#=end
|
212
|
+
end
|
213
|
+
@madison535_user_access[index]['DN'] = dn
|
214
|
+
end
|
215
|
+
tracker=nil
|
216
|
+
#rescue => ee
|
217
|
+
# puts "Exception on method #{__method__}: #{ee}"
|
218
|
+
#end
|
219
|
+
end
|
220
|
+
|
221
|
+
# Print out the user entitlement table in plain text, to be imported into database
|
222
|
+
def print_user_access
|
223
|
+
begin
|
224
|
+
puts "User Entitlement Report in Plain-text Format" if @verbose
|
225
|
+
@madison535_user_access[1].each {|k,v| print k,"|"} if @verbose
|
226
|
+
puts if @verbose
|
227
|
+
@madison535_user_access.values.map do |rec|
|
228
|
+
rec.each {|k,v| print v,"|"}
|
229
|
+
puts
|
230
|
+
end
|
231
|
+
rescue => ee
|
232
|
+
puts "Exception on method #{__method__}: #{ee}"
|
233
|
+
end
|
234
|
+
end
|
235
|
+
alias_method :print_user, :print_user_access
|
236
|
+
|
237
|
+
# Save the Madison535 to AD user mapping relation into the cache file
|
238
|
+
def save_madison535_user_map!(file=@file_madison535_user_map)
|
239
|
+
puts "Saving the known Madison535 to AD user mapping relationship to file: #{file} ..." if @verbose
|
240
|
+
begin
|
241
|
+
timestamp=Time.now
|
242
|
+
f=File.open(file, 'w')
|
243
|
+
f.write "# Madison535 to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
|
244
|
+
@madison535_user_access.values.map do |record|
|
245
|
+
key = record['Card #'].strip
|
246
|
+
value = record['DN']
|
247
|
+
f.write "\n#{key}|#{value}"
|
248
|
+
end
|
249
|
+
f.close
|
250
|
+
puts "Madison535 to AD user map file is successfully saved to: #{file}" if @verbose
|
251
|
+
rescue => ee
|
252
|
+
puts "Exception on method #{__method__}: #{ee}" if @verbose
|
253
|
+
end
|
254
|
+
end
|
255
|
+
alias_method :save!, :save_madison535_user_map!
|
256
|
+
|
257
|
+
# Search user entitlement record by AD DN
|
258
|
+
def madison535_search_by_dn (dn)
|
259
|
+
begin
|
260
|
+
puts "Perform search on the user entitlement records by AD DN: #{dn}" if @verbose
|
261
|
+
@madison535_user_access.each do |key, val|
|
262
|
+
return val if @madison535_user_access[key]['DN'].eql? dn
|
263
|
+
end
|
264
|
+
return nil
|
265
|
+
rescue => ee
|
266
|
+
puts "Exception on method #{__method__}: #{ee}"
|
267
|
+
end
|
268
|
+
end
|
269
|
+
alias_method :search_by_dn, :madison535_search_by_dn
|
270
|
+
|
271
|
+
private :insert_dn, :parse_madison535_user_access_report, :save_madison535_user_map!, :print_user_access
|
272
|
+
|
273
|
+
end
|