ucert 0.2.57

data/lib/ucert/jpm_access_tracker.rb

@@ -0,0 +1,205 @@
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+
+
+# Class to handle Jpm for BE user account IDs
+class Ucert::JpmAccessTracker
+	include Ucert::Utils
+	# Class constant variables
+
+	attr_accessor  :verbose, :jpm_user_status_report, :jpm_user_group_entitlement_report, :file_jpm_user_map
+	attr_reader     :jpm_2_ad_user, :jpm_user_entitlement, :jpm_user_group_entitlement
+
+  # Instance default variables
+  def initialize (params ={})
+    @verbose=params.fetch(:verbose, false)
+    # JPM Access user entitlement report generation: Logon to Jpm for BE sites www.jpmorganaccess.com
+    # Once logon, click "Administration" -> "Reports", select "Entitlements Report" -> "Custom"
+    # In the Customization window,  select "Summary + Details" for "Report Layout" field, "Pipe Delimited" for "Output" field
+    # under "Report Criteria" sub-menu, choose "All Users" for the "Select Users/Groups" field
+    # under "Additional Criteria" sub-menu, check both "Active" and "Inactive" for "User Status"; select "All Products" for "Products" field, "All Functions" for "Functions" field , "All Accounts" for "Accounts / Account Groups" field
+    # Press "Run" button to generate the report
+    @jpm_user_entitlement_report = File.dirname(__FILE__)+"/../../data/jpm_access/jpm_user_entitlements_details.txt"
+		# Select "User Group" instead of "User"; following the rest instrctions above to generate User Group entitlement report.
+		# Note: As of 01/05/2015 the Group function is not utilized in the CMBNY account. So we have a stud here for furture implementation only.
+		@jpm_user_group_entitlement_report = File.dirname(__FILE__)+"/../../data/jpm_access/jpm_user_entitlements_details.txt"
+    # JPM Access to AD user map file
+    @file_jpm_user_map =  File.dirname(__FILE__)+"/../../data/jpm_access/jpm_access_user_map.txt"
+		# Load user map from the local cacsh file
+		@jpm_2_ad_user=load_known_user_map_from_file(@file_jpm_user_map)
+		# Load the user entitlement instance variable from the user report
+		@jpm_user_entitlement=parse_jpm_user_entitlement_report(@jpm_user_entitlement_report)
+		# Load the user group entitlement instance variable from the user group report
+		@jpm_user_group_entitlement=parse_jpm_user_group_entitlement_report(@jpm_user_group_entitlement_report)
+		# Procedure to add DN foreign key to the @jpm_user_entitlement, by performing the AD search
+		insert_dn
+		# Save the user map to local cache file
+		save!
+	end
+
+  # Parsing the Jpm Access user entitlement report in text format
+	def parse_jpm_user_entitlement_report (file)
+      begin
+				puts "Parse the user entitlement detail report: #{file}" if @verbose
+      	jpm_user_entitlement=Hash.new
+      	user_index=1
+				line_cnt=0
+        doc = File.open(file,'r')
+				header=Array.new
+        doc.each_line do |line|
+					line_cnt+=1
+					if line_cnt==1
+						header=line.chomp.split('|')
+						puts "JPM Access User Entitlement Header:\n #{header}" if @verbose
+						next						# skip the header line
+					end
+					record=line.chomp.split('|')
+					#puts "Processing record:\n #{header}\n\n#{record}" if @verbose
+          #user_index+=1
+          record_h=Hash[header.zip(record)[0..26]]
+					right_h=Hash[header.zip(record)[27..80]]
+					puts "Adding JPM Entitlement Record: #{record_h}" if @verbose
+          if jpm_user_entitlement.key?(user_index)
+						puts "Checking record User_ID field match: #{jpm_user_entitlement[user_index]['User ID']}, #{record_h['User ID']}" if @verbose
+						if jpm_user_entitlement[user_index]["User ID"] == record_h["User ID"]
+							jpm_user_entitlement[user_index]["Rights"].push(right_h)
+						else
+							user_index+=1
+							jpm_user_entitlement[user_index]=record_h
+							jpm_user_entitlement[user_index]["Rights"]=[right_h]
+							puts "Processing user record number: #{user_index}" if @verbose
+						end
+					else
+						jpm_user_entitlement[user_index]=Hash.new
+						jpm_user_entitlement[user_index]=record_h
+						jpm_user_entitlement[user_index]["Rights"]=[right_h]
+					end
+        end
+        doc=nil
+        return jpm_user_entitlement
+      rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+	# Parsing the Jpm Access user group entitlement report in text format - TBD as currently this feature is not in use
+	def parse_jpm_user_group_entitlement_report (file)
+      begin
+
+      rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+  # Retrieve the user index from the @jpm_user_entitlement data structure
+	def dn_2_index (dn)
+			begin
+        (1..@jpm_user_entitlement.count).map do |index|
+          return index if @jpm_user_entitlement[index]["DN"]==dn
+        end
+			rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+	# Procedures to add additonal field 'dn' into the @jpm_user_entitlement data structure, by person the AD search
+	def insert_dn
+			begin
+				tracker = Ucert::AdTracker.new(:verbose=>false)
+				 @jpm_user_entitlement.each do |index, record|
+					puts "\n\nPerform DN lookup for record: #{record}" if @verbose
+					key1 = record['Email'] if record['Email']
+					key2 = record['User ID'] if record['User ID']
+					key3 = record['User First Name'] + record['User Last Name'] if record['User First Name'] and record['User Last Name']
+					key4 = record['Employee ID'] if record['Employee ID']
+					my_key = record['User ID'].upcase
+					puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
+					if @jpm_2_ad_user.key?(my_key)
+						dn=@jpm_2_ad_user[my_key]
+						# additional logic to update the existing DN record
+						unless tracker.ad_person_records.key?(dn)
+							dn = update_dn(tracker,dn)
+						end
+						puts "Found in the local cache file: #{dn}" if @verbose
+					else
+						if dn.nil? and !key1.nil?
+							puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
+							dn = tracker.ad_search_by_text(key1, "person")
+						end
+						if dn.nil? and !key2.nil?
+							puts "Perform 3rd order search only if the last fail, by using: #{key2}" if @verbose
+							dn = tracker.ad_search_by_text(key2, "person")
+						end
+						if dn.nil? and !key3.nil?
+							puts "Perform 4th order search only if the last fail, by using: #{key3}" if @verbose
+							dn = tracker.ad_search_by_text(key3, "person")
+						end
+						if dn.nil? and !key4.nil?
+							puts "Perform 5th order search only if the last fail, by using: #{key4}" if @verbose
+							dn = tracker.ad_search_by_text(key4, "person")
+						end
+					end
+					@jpm_user_entitlement[index]['DN'] = dn
+				end
+				tracker=nil
+			rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+	# Print out the user entitlement table in plain text, to be imported into database
+	def print_user_entitlement
+		begin
+      puts "user Entitlement Report in Plain-text Format" if @verbose
+      puts "User First Name|User Middle Initial|User Last Name|Job Title|User ID|Logon Type|Employee ID|User Status|Email|Address Line 1|Address Line 2|City|State/Province/Region|Zip/Postal Code|Country|Phone 1|Phone 1 Extension|Phone 1 Type|Phone 2|Phone 2 Extension|Phone 2 Type|Phone 3|Phone 3 Extension|Phone 3 Type|Last Logon Date|Last Modified Date|Last Modified By|Rights|DN" if @verbose
+			@jpm_user_entitlement.values.map do |rec|
+          puts "#{rec['User First Name']}|#{rec['User Middle Initial']}|#{rec['User Last Name']}|#{rec['Job Title']}|#{rec['User ID']}|#{rec['Logon Type']}|#{rec['Employee ID']}|#{rec['User Status']}|#{rec['Email']}|#{rec['Address Line 1']}|#{rec['Address Line 2']}|#{rec['City']}|#{rec['State/Province/Region']}|#{rec['Zip/Postal Code']}|#{rec['Country']}|#{rec['Phone 1']}|#{rec['Phone 1 Extension']}|#{rec['Phone 1 Type']}|#{rec['Phone 2']}|#{rec['Phone 2 Extension']}|#{rec['Phone 2 Type']}|#{rec['Phone 3']}|#{rec['Phone 3 Extension']}|#{rec['Phone 3 Type']}|#{rec['Last Logon Date']}|#{rec['Last Modified Date']}|#{rec['Last Modified By']}|#{rec['Rights']}|#{rec['DN']}"
+      end
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+  alias_method :print_user, :print_user_entitlement
+
+	# Save the Prime to AD user mapping relation into the cache file
+	def save_jpm_user_map!(file=@file_jpm_user_map)
+		puts "Saving the known Prime to AD user mapping relationship to file: #{file} ..." if @verbose
+		begin
+			timestamp=Time.now
+			f=File.open(file, 'w')
+			f.write "# local Jpm for Securitites to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
+			@jpm_user_entitlement.values.map do |record|
+				key = record['User ID'].upcase
+				value = record['DN']
+				f.write "\n#{key}|#{value}"
+			end
+			f.close
+			puts "Jpm Securitites to AD user map file is successfully saved to: #{file}" if @verbose
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}" if @verbose
+		end
+	end
+	alias_method  :save!, :save_jpm_user_map!
+
+	# Search user entitlement record by AD DN
+	def jpm_search_by_dn (dn)
+		begin
+      puts "Perform search on the user entitlement records by AD DN: #{dn}" if @verbose
+      @jpm_user_entitlement.each do |key, val|
+          return val if @jpm_user_entitlement[key]['DN'].eql? dn
+      end
+			return nil
+    rescue => ee
+      puts "Exception on method #{__method__}: #{ee}"
+    end
+	end
+	alias_method  :search_by_dn, :jpm_search_by_dn
+
+	private :insert_dn, :parse_jpm_user_entitlement_report, :parse_jpm_user_group_entitlement_report, :save_jpm_user_map!, :print_user_entitlement
+
+end

data/lib/ucert/madison535_tracker.rb

@@ -0,0 +1,273 @@
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+
+require "rubyXL"
+
+# Class to handle Madison 535 building pass user report
+class Ucert::Madison535Tracker
+	include Ucert::Utils
+	# Class constant variables
+
+	attr_accessor  :verbose, :madison535_user_access_report, :madison535_user_access_report_2, \
+												:file_madison535_user_map
+	attr_reader     :madison535_2_ad_user, :madison535_user_access
+
+  # Instance default variables
+  def initialize (params ={})
+    @verbose=params.fetch(:verbose, false)
+    # Madison535 user entitlement report generation:
+		# Contact IT/GO for the Secured Access List report. Note you'll need to export the PDF report into Excel Workbook,
+		# then scrubbing the data further, into the exact format we need here
+    @madison535_user_access_report = File.dirname(__FILE__)+"/../../data/madison535/535madison_bldg_pass.xlsx"
+		# This one is from GO directly
+		@madison535_user_access_report_2 = File.dirname(__FILE__)+"/../../data/madison535/535madison_bldg_pass_2.xlsx"
+    # Madison535 to AD user map file
+    @file_madison535_user_map =  File.dirname(__FILE__)+"/../../data/madison535/madison535_user_map.txt"
+		@madison535_user_access = Hash.new
+		# Load user map from the local cacsh file
+		@madison535_2_ad_user=load_known_user_map_from_file(@file_madison535_user_map)
+		# Read the building security report
+		@madison535_user_access=parse_madison535_user_access_report(@madison535_user_access_report)
+		# Procedure to add DN foreign key to the @madison535_user_access, by performing the AD search
+		insert_dn
+		# Read the floor security report from GO
+		parse_madison535_user_access_report_2(@madison535_user_access_report_2)
+		insert_dn
+		# Save the user map to local cache file
+		save!
+	end
+
+  # Parsing the Madison535 user entitlement report from building security
+	def parse_madison535_user_access_report (file)
+		begin
+			puts "Start parsing Excel workbook file: #{file}" if @verbose
+			madison535_user_access=Hash.new
+			workbook = RubyXL::Parser.parse(file)
+			worksheet=workbook.worksheets.first
+			row_cnt=0
+			header=Array.new
+			user_index=0
+			worksheet.count.times  do |row|
+				row_cnt+=1
+				puts "Parsing workbook row: #{row_cnt}" if @verbose
+				entry=Array.new
+				# Processing Header Row
+				if row_cnt==1
+					0.upto(worksheet[row].size) do |col|
+						if worksheet[row][col].nil?
+							header.push(nil)
+						else
+							header.push(worksheet[row][col].value.to_s)
+						end
+					end
+					next
+				else
+					0.upto(worksheet[row].size) do |col|
+						if worksheet[row][col].nil?
+							entry.push(nil)
+						else
+							entry.push(worksheet[row][col].value.to_s.strip)
+						end
+					end
+					user_index += 1
+				end
+				record = header.zip(entry).to_h.reject {|k,v| k.nil?}
+				puts "User record: #{record}" if @verbose
+				next if record["Card #"].empty?
+				madison535_user_access[user_index] = record unless madison535_user_access.key?(user_index)
+			end
+			workbook=nil
+			return madison535_user_access
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+
+	# Parsing the Madison535 user entitlement report from GO
+	def parse_madison535_user_access_report_2 (file=@madison535_user_access_report_2)
+		#begin
+			puts "Start parsing Excel workbook file: #{file}" if @verbose
+			madison535_user_access=Hash.new
+			workbook = RubyXL::Parser.parse(file)
+			worksheet=workbook.worksheets.first
+			row_cnt=0
+			header=Array.new
+			user_index=@madison535_user_access.count
+			worksheet.count.times  do |row|
+				record = Hash.new
+				row_cnt+=1
+				puts "Parsing workbook row: #{row_cnt}" if @verbose
+				entry=Array.new
+				# Processing Header Row
+				if row_cnt==1
+					1.upto(worksheet[row].size) do |col|
+						if worksheet[row][col].nil?
+							header.push(nil)
+						else
+							header.push(worksheet[row][col].value.to_s)
+						end
+					end
+					next
+				else
+				# Processing the record
+					1.upto(worksheet[row].size) do |col|
+						if worksheet[row][col].nil?
+							entry.push(nil)
+						else
+							entry.push(worksheet[row][col].value.to_s.strip)
+						end
+					end
+				end
+				record = header.zip(entry).to_h.reject {|k,v| k.nil?}
+				card_num = record["Card #"].strip
+				my_index = card_num_2_index(card_num)
+				puts "User record: #{record}" if @verbose
+				puts "Card num: #{card_num}" if @verbose
+				puts "User index: #{my_index}" if @verbose
+				if my_index.nil?
+					# 'new' user not found in the building security report
+					user_index += 1
+					record["Company"]="CMBNY"
+					record["DN"]=nil
+					@madison535_user_access[user_index]=Hash.new unless @madison535_user_access.key(user_index)
+					@madison535_user_access[user_index]=record
+				else
+					puts "User Index: #{user_index}" if @verbose
+					#record["First Name"] = @madison535_user_access[my_index]["First Name"]
+					#record["Last Name"] = @madison535_user_access[my_index]["Last Name"]
+					record["Company"] = @madison535_user_access[my_index]["Company"]
+					record["DN"] = @madison535_user_access[my_index]["DN"]
+					#record["Company"] = @madison535_user_access[user_index]["Company"]
+					@madison535_user_access[my_index] = Hash.new unless @madison535_user_access.key?(my_index)
+					@madison535_user_access[my_index] = record
+				end
+			end
+			workbook=nil
+		#rescue => ee
+			#puts "Exception on method #{__method__}: #{ee}"
+		 #end
+	end
+
+  # Retrieve the user index from the @madison535_user_access data structure
+	def dn_2_index (dn)
+			begin
+        (1..@madison535_user_access.count).map do |index|
+          return index if @madison535_user_access[index]["DN"]==dn
+        end
+			rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+	# Retrieve the user index based on card number
+	def card_num_2_index (id)
+			begin
+        (1..@madison535_user_access.count).map do |index|
+          return index if @madison535_user_access[index]["Card #"]==id.strip
+        end
+				return nil
+			rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+
+	# Procedures to add additonal field 'dn' into the @madison535_user_access data structure, by person the AD search
+	def insert_dn
+			#begin
+				 tracker = Ucert::AdTracker.new(:verbose=>false)
+				 @madison535_user_access.each do |index, record|
+					puts "\n\nPerform DN lookup for record: #{record}" if @verbose
+					key1 = record['First Name'].split(/\s/)[0] + " " + record['Last Name'] if record['First Name'] and record['Last Name']
+					key2 = record['First Name'].split(/\s+/)[1] + " " + record['Last Name'] if record['First Name'].split(/\s+/)[1] and record['Last Name']
+					key3 = record['First Name'].gsub(/\s+/,"").split(/\(|\)/)[1] + " " + record['Last Name'] if record['First Name'].gsub(/\s+/,"").split(/\(|\)/)[1] and record['Last Name']
+					my_key = record['Card #'].strip
+					puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
+					if @madison535_2_ad_user.key?(my_key)
+						dn=@madison535_2_ad_user[my_key]
+						# additional logic to update the existing DN record
+						unless tracker.ad_person_records.key?(dn)
+							dn = update_dn(tracker,dn)
+						end
+						puts "Found in the local cache file: #{dn}" if @verbose
+					else
+						if dn.nil? and !key1.nil?
+							puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
+							dn = tracker.ad_search_by_text(key1, "person")
+						end
+#=begin
+						if dn.nil? and !key2.nil?
+							puts "Perform 3rd order search only if the last fail, by using: #{key2}" if @verbose
+							dn = tracker.ad_search_by_text(key2, "person")
+						end
+						if dn.nil? and !key3.nil?
+							puts "Perform 4th order search only if the last fail, by using: #{key3}" if @verbose
+							dn = tracker.ad_search_by_text(key3, "person")
+						end
+#=end
+					end
+					@madison535_user_access[index]['DN'] = dn
+				end
+				tracker=nil
+			#rescue => ee
+			#	puts "Exception on method #{__method__}: #{ee}"
+			#end
+	end
+
+	# Print out the user entitlement table in plain text, to be imported into database
+	def print_user_access
+		begin
+      puts "User Entitlement Report in Plain-text Format" if @verbose
+			@madison535_user_access[1].each {|k,v| print k,"|"} if @verbose
+			puts if @verbose
+			@madison535_user_access.values.map do |rec|
+				rec.each {|k,v| print v,"|"}
+				puts
+      end
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+  alias_method :print_user, :print_user_access
+
+	# Save the Madison535 to AD user mapping relation into the cache file
+	def save_madison535_user_map!(file=@file_madison535_user_map)
+		puts "Saving the known Madison535 to AD user mapping relationship to file: #{file} ..." if @verbose
+		begin
+			timestamp=Time.now
+			f=File.open(file, 'w')
+			f.write "# Madison535 to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
+			@madison535_user_access.values.map do |record|
+				key = record['Card #'].strip
+				value = record['DN']
+				f.write "\n#{key}|#{value}"
+			end
+			f.close
+			puts "Madison535 to AD user map file is successfully saved to: #{file}" if @verbose
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}" if @verbose
+		end
+	end
+	alias_method  :save!, :save_madison535_user_map!
+
+	# Search user entitlement record by AD DN
+	def madison535_search_by_dn (dn)
+		begin
+      puts "Perform search on the user entitlement records by AD DN: #{dn}" if @verbose
+      @madison535_user_access.each do |key, val|
+          return val if @madison535_user_access[key]['DN'].eql? dn
+      end
+			return nil
+    rescue => ee
+      puts "Exception on method #{__method__}: #{ee}"
+    end
+	end
+	alias_method  :search_by_dn, :madison535_search_by_dn
+
+	private :insert_dn, :parse_madison535_user_access_report, :save_madison535_user_map!, :print_user_access
+
+end