RubyGems - ucert - Versions diffs - 0.2.57 - Mend

ucert 0.2.57

Files changed (252) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +134 -0
data/LICENSE.txt +22 -0
data/README.rdoc +61 -0
data/Rakefile +8 -0
data/TODO +5 -0
data/bin/ad_dump +74 -0
data/bin/ad_update +48 -0
data/bin/adgrep +149 -0
data/bin/adp_dump +70 -0
data/bin/aix_dump +69 -0
data/bin/audiolog_dump +69 -0
data/bin/bloomberg_dump +69 -0
data/bin/check21_dump +69 -0
data/bin/citidirect_be_dump +69 -0
data/bin/citidirect_sec_dump +69 -0
data/bin/citrixsf_dump +70 -0
data/bin/clear_par_dump +70 -0
data/bin/cmbrun_ny_dump +76 -0
data/bin/cvm_dump +70 -0
data/bin/db_direct_dump +69 -0
data/bin/egifts_dump +68 -0
data/bin/equinix_dump +69 -0
data/bin/frb_dump +69 -0
data/bin/go_contact_dump +16 -0
data/bin/jpm_dump +69 -0
data/bin/madison535_dump +70 -0
data/bin/mantis_dump +79 -0
data/bin/prime_dump +79 -0
data/bin/sage100_dump +69 -0
data/bin/sharefile_dump +69 -0
data/bin/som_dump +74 -0
data/bin/stb_dump +69 -0
data/bin/swift_dump +79 -0
data/bin/swift_online_dump +69 -0
data/bin/t24_dump +79 -0
data/bin/vpn_dump +69 -0
data/bin/wms_dump +79 -0
data/bin/yst_dump +79 -0
data/data/ad/ad_delta.txt +94 -0
data/data/ad/hosts +421 -0
data/data/ad/hosts.old +597 -0
data/data/ad/hosts_old +597 -0
data/data/ad/ldap_computer.txt +19028 -0
data/data/ad/ldap_person.txt +41241 -0
data/data/adp/Active Employee Report.xlsx +0 -0
data/data/adp/adp_user_map.txt +141 -0
data/data/aix/EGIFTS1.txt +239 -0
data/data/aix/NYSWIFT1.txt +222 -0
data/data/aix/T24_APP1.txt +300 -0
data/data/aix/T24_DBP.txt +252 -0
data/data/aix/aix_user_map.txt +46 -0
data/data/alliance_swift/Swift_Operator_Details.xlsx +0 -0
data/data/alliance_swift/Swift_Operator_Profiles_Details.xlsx +0 -0
data/data/alliance_swift/swift_operator_map.txt +22 -0
data/data/audiolog/Capture_audiolog.PNG +0 -0
data/data/bloomberg/AccountData.csv +2 -0
data/data/bloomberg/Capture_SID_download.PNG +0 -0
data/data/bloomberg/current_subscriptions.csv +11 -0
data/data/check21/Capture_check21_users.PNG +0 -0
data/data/citidirect_be/Capture.PNG +0 -0
data/data/citidirect_be/Capture_new.PNG +0 -0
data/data/citidirect_be/Capture_new_new.PNG +0 -0
data/data/citidirect_be/UserProfileEntitlementReport.pdf +0 -0
data/data/citidirect_be/UserProfileEntitlementsReport.old.xlsx +0 -0
data/data/citidirect_be/UserProfileEntitlementsReport.xlsx +0 -0
data/data/citidirect_be/be_user_map.txt +11 -0
data/data/citidirect_securities/Capture.PNG +0 -0
data/data/citidirect_securities/User_Entitlements_Report___CLNT.dat +19 -0
data/data/citidirect_securities/User_Entitlements_Report___CLNT.xml +75 -0
data/data/citidirect_securities/citidirect_securities_user_map.txt +10 -0
data/data/citrix_sharefile/ShareFile_Access_Report.xlsx +0 -0
data/data/citrix_sharefile/sharefile_user_map.txt +33 -0
data/data/clear_par/ClearPar User Report.xlsx +0 -0
data/data/clear_par/clear_par_user_map.txt +25 -0
data/data/cmbrun_ny/CMBNY_Position_Rpt.xlsx +0 -0
data/data/cmbrun_ny/CMBRUN_USER_RPT.xlsx +0 -0
data/data/cmbrun_ny/Capture_cmbrun.PNG +0 -0
data/data/cmbrun_ny/Capture_cmbrun_position.PNG +0 -0
data/data/cmbrun_ny/crny_access_user_map.txt +55 -0
data/data/cvm/cvm_user_func.xlsx +0 -0
data/data/cvm/cvm_user_list.xlsx +0 -0
data/data/cvm/cvm_user_map.txt +56 -0
data/data/cvm/cvm_user_role.xlsx +0 -0
data/data/db_direct/Capture_main.PNG +0 -0
data/data/db_direct/Capture_rpt.PNG +0 -0
data/data/db_direct/accountpermission.xlsx +0 -0
data/data/db_direct/db_direct_user_map.txt +8 -0
data/data/db_direct/di_direct_user_map.txt +0 -0
data/data/db_direct/userfulldetail_2016010813232300644912.pdf +0 -0
data/data/equinix/Secured Access List_CHINA MERCHANTS BANK.xlsx +0 -0
data/data/equinix/equinix_user_map.txt +29 -0
data/data/fis_egifts/CHINA_MERCHANTS_BANK_-_USER_ACCOUNT_FUNCTION_REPORT.xlsx +0 -0
data/data/fis_egifts/egifts_user_map.txt +113 -0
data/data/fis_prime/Prime_Operator_Rights_Report.xml +41958 -0
data/data/fis_prime/Prime_Operator_Status_Report.xml +1827 -0
data/data/fis_prime/Prime_Operators_and_Roles_Report.xml +1505 -0
data/data/fis_prime/Prime_Rights_by_Role_Report.xml +22726 -0
data/data/fis_prime/prime_user_map.txt +77 -0
data/data/frb/FRB_Subscriber_Roles_Report.xlsx +0 -0
data/data/frb/frb_user_map.txt +22 -0
data/data/go_contact/go_contact.xlsx +0 -0
data/data/go_contact/go_user_map.txt +134 -0
data/data/go_contact/title_level_map.txt +141 -0
data/data/jpm_access/Capture.PNG +0 -0
data/data/jpm_access/jpm_access_user_map.txt +13 -0
data/data/jpm_access/jpm_user_entitlements_details.txt +194 -0
data/data/jpm_access/jpm_user_groupentitlements_details.txt +2 -0
data/data/madison535/535madison_bldg_pass.xlsx +0 -0
data/data/madison535/535madison_bldg_pass_2.xlsx +0 -0
data/data/madison535/madison535_user_map.txt +191 -0
data/data/mantis/Mantis_AccessLevels.xlsx +0 -0
data/data/mantis/Mantis_ActiveUsers_Rpt.xlsx +0 -0
data/data/mantis/mantis_access_user_map.txt +128 -0
data/data/sage100/Capture_Sage100_Rpt.PNG +0 -0
data/data/sage100/Capture_Sage100_Rpt_2.PNG +0 -0
data/data/sage100/SY_UserReport_RolePreferencesDetails.xlsx +0 -0
data/data/sage100/SY_UserReport_RoleTaskPermissionsDetails.xlsx +0 -0
data/data/sage100/sy_user_map.txt +14 -0
data/data/som/som_user_map.txt +40 -0
data/data/som/som_user_report.csv +329 -0
data/data/stb/STB_USERS.csv +177 -0
data/data/stb/STB_USERS.pdf +0 -0
data/data/stb/stb_user_map.txt +33 -0
data/data/swift_online/UserReport.xlsx +0 -0
data/data/swift_online/swo_access_user_map.txt +18 -0
data/data/t24/T24_Grp_Rpt.csv +484 -0
data/data/t24/T24_User_Rpt.csv +567 -0
data/data/t24/t24_grp.xml +2904 -0
data/data/t24/t24_user_map.txt +197 -0
data/data/t24/t24_usr.xml +9628 -0
data/data/vpn/Capture_VPN.PNG +0 -0
data/data/wms/role_rpt.txt +451 -0
data/data/wms/user_rpt.txt +55 -0
data/data/wms/wms_user_map.txt +55 -0
data/data/yst/YiShiTong_Org.csv +21 -0
data/data/yst/YiShiTong_User.csv +163 -0
data/data/yst/yst_user_map.txt +163 -0
data/demos/filter_email.rb +19 -0
data/demos/idm_ad_reload.rb +164 -0
data/lib/ucert.rb +82 -0
data/lib/ucert/ad_tracker.rb +694 -0
data/lib/ucert/adp_payroll_tracker.rb +189 -0
data/lib/ucert/aix_tracker.rb +175 -0
data/lib/ucert/alliance_swift_tracker.rb +300 -0
data/lib/ucert/audiolog_tracker.rb +67 -0
data/lib/ucert/bloomberg_tracker.rb +96 -0
data/lib/ucert/check21_tracker.rb +95 -0
data/lib/ucert/citidirect_be_tracker.rb +418 -0
data/lib/ucert/citidirect_securities_tracker.rb +230 -0
data/lib/ucert/citrix_sharefile_tracker.rb +196 -0
data/lib/ucert/clear_par_tracker.rb +187 -0
data/lib/ucert/cmbrun_ny_tracker.rb +244 -0
data/lib/ucert/cvm_tracker.rb +230 -0
data/lib/ucert/db_direct_tracker.rb +205 -0
data/lib/ucert/equinix_tracker.rb +202 -0
data/lib/ucert/fis_egifts_tracker.rb +249 -0
data/lib/ucert/fis_prime_tracker.rb +391 -0
data/lib/ucert/frb_tracker.rb +232 -0
data/lib/ucert/go_contact_tracker.rb +778 -0
data/lib/ucert/jpm_access_tracker.rb +205 -0
data/lib/ucert/madison535_tracker.rb +273 -0
data/lib/ucert/mantis_tracker.rb +249 -0
data/lib/ucert/sage100_tracker.rb +355 -0
data/lib/ucert/som_tracker.rb +223 -0
data/lib/ucert/stb_tracker.rb +199 -0
data/lib/ucert/swift_online_tracker.rb +197 -0
data/lib/ucert/t24_tracker.rb +342 -0
data/lib/ucert/utils/utils.rb +200 -0
data/lib/ucert/vpn_tracker.rb +94 -0
data/lib/ucert/wms_tracker.rb +240 -0
data/lib/ucert/yst_tracker.rb +264 -0
data/test/ad_testfiles/ldap_computer_test.txt +21 -0
data/test/ad_testfiles/ldap_person_test.txt +21 -0
data/test/aix_testfiles/application1.txt +7 -0
data/test/aix_testfiles/application2.txt +15 -0
data/test/alliance_swift_testfiles/Swift_Operator_Details_Test.xlsx +0 -0
data/test/alliance_swift_testfiles/Swift_Operator_Profiles_Details_Test.xlsx +0 -0
data/test/alliance_swift_testfiles/swift_operator_map_test.txt +55 -0
data/test/alliance_swift_testfiles/swift_operator_map_test_2.txt +55 -0
data/test/alliance_swift_testfiles/swift_operator_map_test_format_fixed.txt +55 -0
data/test/citidirect_be_testfiles/UserProfileEntitlementsReport_Test.xlsx +0 -0
data/test/citidirect_securities_testfiles/User_Entitlements_Report___CLNT_Test.xml +48 -0
data/test/citrix_sharefile_testfiles/ShareFile_Access_Report_Test.xlsx +0 -0
data/test/cmbrun_ny_testfiles/CMBNY_Position_Rpt_02242016_test.xlsx +0 -0
data/test/cmbrun_ny_testfiles/CMBRUN_USER_RPT_Test.xlsx +0 -0
data/test/db_direct_testfiles/accountpermission_Test.xlsx +0 -0
data/test/equinix_testfiles/Secured Access List_CHINA MERCHANTS BANK_TEST.xlsx +0 -0
data/test/fis_egifts_testfiles/CHINA_MERCHANTS_BANK_-_USER_ACCOUNT_FUNCTION_REPORT_TEST.xlsx +0 -0
data/test/fis_prime_testfiles/Prime_Operator_Rights_Report_Test.xml +158 -0
data/test/fis_prime_testfiles/Prime_Operator_Status_Report_Copy.xml +1659 -0
data/test/fis_prime_testfiles/Prime_Operator_Status_Report_Test.xml +51 -0
data/test/fis_prime_testfiles/Prime_Operators_and_Roles_Report_Copy.xml +1360 -0
data/test/fis_prime_testfiles/Prime_Operators_and_Roles_Report_Test.xml +45 -0
data/test/fis_prime_testfiles/Prime_Rights_by_Role_Report_Test.xml +65 -0
data/test/fis_prime_testfiles/prime_user_map.txt +3 -0
data/test/frb_testfiles/FRB_Subscriber_Roles_Report_Test.xlsx +0 -0
data/test/go_contact_testfiles/go_contact_test.xlsx +0 -0
data/test/jpm_access_testfiles/Capture.PNG +0 -0
data/test/jpm_access_testfiles/jpm_user_entitlements_details_original.txt +208 -0
data/test/jpm_access_testfiles/jpm_user_entitlements_details_test.txt +7 -0
data/test/madison535_testfiles/535madison_bldg_pass_2_Test.xlsx +0 -0
data/test/madison535_testfiles/535madison_bldg_pass_Test.xlsx +0 -0
data/test/mantis_testfiles/Mantis_AccessLevels_Test.xlsx +0 -0
data/test/mantis_testfiles/Mantis_ActiveUsers_Rpt_Test.xlsx +0 -0
data/test/sage100_testfiles/SY_UserReport_RolePreferencesDetails_Test.xlsx +0 -0
data/test/sage100_testfiles/SY_UserReport_RoleTaskPermissionsDetails_Test.xlsx +0 -0
data/test/som_testfiles/som_user_map_test.txt +7 -0
data/test/som_testfiles/som_user_report_test.csv +25 -0
data/test/stb_testfiles/STB_USERS_test.csv +24 -0
data/test/stb_testfiles/STB_USERS_test_constant.csv +24 -0
data/test/swift_online_testfiles/UserReport.xls +0 -0
data/test/swift_online_testfiles/UserReport_Test.xlsx +0 -0
data/test/swift_online_testfiles/test_outline_level.rb +7 -0
data/test/t24_testfiles/T24_Grp_Rpt_Test.csv +7 -0
data/test/t24_testfiles/T24_User_Rpt_Test.csv +7 -0
data/test/test_ad_tracker.rb +148 -0
data/test/test_aix_tracker.rb +71 -0
data/test/test_alliance_swift_tracker.rb +131 -0
data/test/test_audiolog_tracker.rb +23 -0
data/test/test_check21_tracker.rb +30 -0
data/test/test_citidirect_be_tracker.rb +110 -0
data/test/test_citidirect_securities_tracker.rb +89 -0
data/test/test_citrix_sharefile_tracker.rb +105 -0
data/test/test_cmbrun_ny_tracker.rb +112 -0
data/test/test_db_direct_tracker.rb +125 -0
data/test/test_equinix_tracker.rb +119 -0
data/test/test_fis_egifts_tracker.rb +105 -0
data/test/test_fis_prime_tracker.rb +288 -0
data/test/test_frb_tracker.rb +104 -0
data/test/test_go_contact.rb +276 -0
data/test/test_jpm_access_tracker.rb +122 -0
data/test/test_madison535_tracker.rb +125 -0
data/test/test_mantis_tracker.rb +133 -0
data/test/test_sage100_tracker.rb +120 -0
data/test/test_som_tracker.rb +71 -0
data/test/test_stb_tracker.rb +120 -0
data/test/test_swift_online_tracker.rb +116 -0
data/test/test_t24_tracker.rb +151 -0
data/test/test_utils.rb +46 -0
data/test/test_vpn_tracker.rb +56 -0
data/test/test_wms_tracker.rb +109 -0
data/test/test_yst_tracker.rb +133 -0
data/test/utils_testfiles/file2list_test.txt +13 -0
data/test/utils_testfiles/load_know_user_map_testfile.txt +4 -0
data/test/wms_testfiles/role_rpt_test.txt +6 -0
data/test/wms_testfiles/user_rpt_test.txt +6 -0
data/test/yst_testfiles/YiShiTong_Org_Test.csv +18 -0
data/test/yst_testfiles/YiShiTong_User_Test.csv +5 -0
data/ucert.gemspec +52 -0
data/version.txt +12 -0
metadata +410 -0

@@ -0,0 +1,94 @@
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+# Class to handle VPN user account IDs
+class Ucert::VpnTracker
+	include Ucert::Utils
+	# Class constant variables
+	attr_accessor  :verbose
+	attr_reader    :vpn_user_entitlement
+  # Instance default variables
+  def initialize (params ={})
+    @verbose=params.fetch(:verbose, false)
+    # VPN users are defined by assigning AD user into 3 different containers in CMBNY domain controller
+    # Refer to the screenshot for further details
+		#
+		#
+		# Load the group entitlement instance variable
+    @vpn_class={"CN=Class1VPN,CN=Users,DC=ny,DC=cmbchina,DC=com"=>"class_1", "CN=Class2VPN,CN=Users,DC=ny,DC=cmbchina,DC=com"=>"class_2", "CN=Class3VPN,CN=Users,DC=ny,DC=cmbchina,DC=com"=>"class_3"}
+		# Load the user entitlement instance variable by perform the AD lookup
+		@vpn_user_entitlement=parse_vpn_user_info
+	end
+  # Parsing the VPN user entitlement report in CSV format
+	def parse_vpn_user_info
+			begin
+				puts "Parsing known AD objects in search of the current VPN users" if @verbose
+				vpn_entitlement=Hash.new
+        user_record=0
+        tracker=Ucert::AdTracker.new
+				tracker.ad_person_records.keys.map do |record|
+          puts "Processing record #{record.inspect}" if @verbose
+          memberships=tracker.get_dn_attributes("person", record, "memberOf")
+          my_class = memberships & @vpn_class.keys
+					if my_class.size >0
+						puts "VPN user found: #{record}" if @verbose
+						user_record+=1
+						vpn_entitlement[user_record]=Hash.new unless vpn_entitlement[user_record]
+						vpn_entitlement[user_record]['CN']=tracker.extract_first_cn(record)
+						vpn_entitlement[user_record]['department']=tracker.get_dn_attribute("person",record,"department")
+						vpn_entitlement[user_record]['sAMAccountName']=tracker.get_dn_attribute("person",record,"sAMAccountName")
+						vpn_entitlement[user_record]['VPN Class']=@vpn_class[my_class.first]
+						vpn_entitlement[user_record]['DN']=record
+					end
+			  end
+				tracker=nil
+        return vpn_entitlement
+      rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+	# Print out the user entitlement table in plain text, to be imported into database
+	def print_user_entitlement
+		begin
+			puts "VPN User Entitlement Report in Plain-text Format" if @verbose
+      @vpn_user_entitlement[1].keys.map {|x| print x,"|"} if @verbose
+			puts if @verbose
+			@vpn_user_entitlement.values.each do |record|
+				record.values.map {|y| print y,"|"}
+				puts
+			end
+      puts
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+  alias_method :print_user, :print_user_entitlement
+	# Search user entitlement record by AD DN
+	def vpn_search_by_dn (dn)
+		begin
+      puts "Perform search on the user entitlement record by AD DN: #{dn}" if @verbose
+      @vpn_user_entitlement.each do |key, val|
+          return val if @vpn_user_entitlement[key]['DN'].eql? dn
+      end
+			return nil
+    rescue => ee
+      puts "Exception on method #{__method__}: #{ee}"
+    end
+	end
+	alias_method  :search_by_dn, :vpn_search_by_dn
+	private	:parse_vpn_user_info
+end

data/lib/ucert/wms_tracker.rb ADDED

@@ -0,0 +1,240 @@
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+# Class to handle Wms user account IDs
+class Ucert::WmsTracker
+	include Ucert::Utils
+	# Class constant variables
+	attr_accessor  :verbose, :wms_user_report, :wms_role_report, :file_user_map
+	attr_reader    :wms_user_entitlement, :wms_role_entitlement, :wms_2_ad_user
+  # Instance default variables
+  def initialize (params ={})
+    @verbose=params.fetch(:verbose, false)
+    # Wms user entitlement report in CSV format, generated by Ryan Li's user table exportation script
+    @wms_user_report = File.dirname(__FILE__)+"/../../data/wms/user_rpt.txt"
+		# Wms user entitlement report in CSV format, generated by Ryan Li's user table exportation script
+    @wms_role_report = File.dirname(__FILE__)+"/../../data/wms/role_rpt.txt"
+		# WMS to AD user map file
+		@file_user_map =  File.dirname(__FILE__)+"/../../data/wms/wms_user_map.txt"
+		# Load the user map file to an instance variable (for performance gain)
+		@wms_2_ad_user=load_known_user_map_from_file(@file_user_map)
+		# Load the user entitlement instance variable from the native Wms user entitlement report
+		@wms_user_entitlement=parse_wms_user_report(@wms_user_report)
+		# Insert DN field into the user entitlement data structure
+		insert_dn
+		# Load the role entitlement instance variable from the native Wms role entitlement reportk=Uc
+    @wms_role_entitlement=parse_wms_role_report(@wms_role_report)
+		save!
+	end
+  # Parsing the Wms user entitlement report in CSV format
+	def parse_wms_user_report (file)
+			begin
+        user_entitlement=Hash.new
+        user_record=0
+        line_cnt=0
+				cur_user_id=String.new
+        File.open(file,'r:gb2312:UTF-8').each do |line|
+          puts "Processing line number #{line_cnt.inspect}" if @verbose
+          # skip the 1st line of the file (header line)
+          if line_cnt == 0
+            line_cnt+=1
+            next
+          end
+#          entry=line.chomp.split(/(\t|\,)/).map {|x| x.gsub("\"","")} # clean the entry data
+					entry=line.chomp.split(",").map {|x| x.gsub("\"","")} # clean the entry data
+          puts entry.inspect if @verbose
+          # Determine the start of a user_user_record
+          entry[0].strip!
+          if entry[0].nil?
+						line_cnt+=1
+            next
+        	elsif entry[0].empty?
+						line_cnt+=1
+						next
+						#app=Hash.new
+          elsif entry[0] != cur_user_id
+            user_record+=1
+						cur_user_id = entry[0]
+          end
+          user_entitlement[user_record]=Hash.new unless user_entitlement.key?(user_record)
+  				user_entitlement[user_record]['USERID']=entry[0].strip unless user_entitlement[user_record]['USERID']
+          user_entitlement[user_record]['USERNAME']=entry[1].strip unless user_entitlement[user_record]['USERNAME']
+					user_entitlement[user_record]['STATUS']=entry[2] unless user_entitlement[user_record]['STATUS']
+					user_entitlement[user_record]['ORGNAME']=entry[3] unless user_entitlement[user_record]['ORGNAME']
+          user_entitlement[user_record]['ROLEID']=Hash.new unless user_entitlement[user_record]['ROLEID']
+          unless entry[4].nil?
+            unless entry[4].empty?
+              role=Hash.new
+              role[entry[4]]=true
+              user_entitlement[user_record]['ROLEID'].merge!(role)
+            end
+          end
+          line_cnt+=1
+          #return if line_cnt==3
+			  end
+        return user_entitlement
+      rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+  # Parsing the WMS role entitlement report in CSV format
+	def parse_wms_role_report (file)
+			begin
+        role_entitlement=Hash.new
+        line_cnt=0
+				cur_role_id = String.new
+        File.open(file,'r:gb2312:UTF-8').each do |line|
+          puts "Processing line number #{line_cnt.inspect}" if @verbose
+          # skip the 1st line of the file (header line)
+          if line_cnt == 0
+            line_cnt+=1
+            next
+          end
+          entry=line.chomp.split(',').map {|x| x.gsub("\"","")} # clean the entry data
+          puts entry.inspect if @verbose
+          # Determine the start of a user_record
+          entry[0].strip!
+          if entry[0].nil?
+            #do nothing
+						line_cnt+=1
+						next
+          elsif entry[0].empty?
+            #do nothing
+						line_cnt+=1
+						next
+          elsif entry[0]!=cur_role_id
+						puts "Processing role_id: #{entry[0]}" if @verbose
+						cur_role_id = entry[0]
+          end
+  				role_entitlement[cur_role_id] = Hash.new unless role_entitlement.key?(cur_role_id)
+          role_entitlement[cur_role_id]['ROLENAME'] = entry[1] unless role_entitlement[cur_role_id]['ROLENAME']
+					role_entitlement[cur_role_id]['PRV'] = Array.new unless role_entitlement[cur_role_id]['PRV']
+          unless entry[2].nil?
+            prv=Hash.new
+            prv['PRVID']=entry[2]
+						prv['PRVNAME']=entry[3]
+            prv['URL']=entry[4]
+            role_entitlement[cur_role_id]['PRV'].push(prv)
+          end
+          line_cnt+=1
+			  end
+        return role_entitlement
+			rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+	# Procedures to add additonal field 'dn' into the @wms_user_entitlement data structure, by person the AD search
+	def insert_dn
+			begin
+				 tracker = Ucert::AdTracker.new(:verbose=>false)
+				 @wms_user_entitlement.each do |index, record|
+					puts "\n\nPerform DN lookup for record: #{record}" if @verbose
+					key1 = record['USERNAME'] if record['USERNAME']
+					key2 = record['USERID'] if record['USERID']
+					my_key = key1.upcase + ":" + key2.upcase
+					puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
+					if @wms_2_ad_user.key?(my_key)
+						dn=@wms_2_ad_user[my_key]
+						# additional logic to update the existing DN record
+						unless tracker.ad_person_records.key?(dn)
+							dn = update_dn(tracker,dn)
+						end
+						puts "Found in the local cache file: #{dn}" if @verbose
+					else
+						if dn.nil? and !key1.nil?
+							puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
+							dn = tracker.ad_search_by_text(key1, "person")
+						end
+						if dn.nil? and !key2.nil?
+							puts "Perform 3rd order search only if the last fail, by using: #{key2}" if @verbose
+							dn = tracker.ad_search_by_text(key2, "person")
+						end
+					end
+					@wms_user_entitlement[index]['DN'] = dn
+				end
+				tracker=nil
+			rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+				tracker=nil
+			end
+	end
+	# Print out the user entitlement table in plain text, to be imported into database
+	def print_user_entitlement
+		begin
+      puts "user Entitlement Report in Plain-text Format" if @verbose
+			@wms_user_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
+			puts if @verbose
+			@wms_user_entitlement.values.map do |rec|
+				rec.each {|k,v| print v,"|"}
+				puts
+      end
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+  alias_method :print_user, :print_user_entitlement
+  # Print out the role entitlement table in plain text, to be imported into database
+  def print_role_entitlement
+    begin
+      puts "Role Entitlement Report in Plain-text Format" if @verbose
+      puts "ROLEID	| ROLENAME	| PRIVILEGE" if @verbose
+      @wms_role_entitlement.each do |key, record|
+          puts "#{key}|#{record['ROLENAME']}|#{record['PRV']}"
+					# "\t#{record['VERSION']}\t#{record['FUNCTION']}"
+      end
+    rescue => ee
+      puts "Exception on method #{__method__}: #{ee}"
+    end
+  end
+  alias_method :print_role, :print_role_entitlement
+	# Save the WMS to AD user mapping relation into the cache file
+	def save_wms_user_map!(file=@file_user_map)
+		puts "Saving the known Wms to AD user mapping relationship to file: #{file} ..." if @verbose
+		begin
+			timestamp=Time.now
+			f=File.open(file, 'w')
+			f.write "# local Wms to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
+			@wms_user_entitlement.values.map do |record|
+				key = record['USERNAME'].upcase + ':' + record['USERID'].upcase
+				value = record['DN']
+				f.write "\n#{key}|#{value}"
+			end
+			f.close
+			puts "WMS to AD user map file is successfully saved to: #{file}" if @verbose
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}" if @verbose
+		end
+	end
+	alias_method  :save!, :save_wms_user_map!
+	# Search user entitlement record by AD DN
+	def wms_search_by_dn (dn)
+		begin
+      puts "Perform search on the user entitlement record by AD DN: #{dn}" if @verbose
+      @wms_user_entitlement.each do |key, val|
+          return val if @wms_user_entitlement[key]['DN'].eql? dn
+      end
+			return nil
+    rescue => ee
+      puts "Exception on method #{__method__}: #{ee}"
+    end
+	end
+	alias_method  :search_by_dn, :wms_search_by_dn
+	private	:parse_wms_user_report, :parse_wms_role_report, :insert_dn
+end

data/lib/ucert/yst_tracker.rb ADDED

@@ -0,0 +1,264 @@
+#--
+# ucert
+#
+# A  Ruby library for enterprise user account certification / recertification / audit project
+#
+# Copyright (c)  CMBNY Risk Department
+#++
+# Class to handle Yi Shi Tong (一事通) user account IDs
+class Ucert::YstTracker
+	include Ucert::Utils
+	# Class constant variables
+	attr_accessor  :verbose, :yst_user_report, :yst_org_report, :file_user_map
+	attr_reader    :yst_user_entitlement, :yst_org_entitlement, :yst_2_ad_user
+  # Instance default variables
+  def initialize (params ={})
+    @verbose=params.fetch(:verbose, false)
+    # Yst user entitlement report in CSV format, generated by Ryan Li's user table exportation script
+    @yst_user_report = File.dirname(__FILE__)+"/../../data/yst/YiShiTong_User.csv"
+		# Yst user entitlement report in CSV format, generated by Ryan Li's user table exportation script
+    @yst_org_report = File.dirname(__FILE__)+"/../../data/yst/YiShiTong_Org.csv"
+		# Yst to AD user map file
+		@file_user_map =  File.dirname(__FILE__)+"/../../data/yst/yst_user_map.txt"
+		# Load the user map file to an instance variable (for performance gain)
+		@yst_2_ad_user=load_known_user_map_from_file(@file_user_map)
+		# Load the user entitlement instance variable from the native Yst user entitlement report
+		@yst_user_entitlement=parse_yst_user_report(@yst_user_report)
+		# Insert DN field into the user entitlement data structure
+		insert_dn
+		# Load the org entitlement instance variable from the native Yst org entitlement reportk=Uc
+    @yst_org_entitlement=parse_yst_org_report(@yst_org_report)
+		save!
+	end
+  # Parsing the Yst user entitlement report in CSV format
+	def parse_yst_user_report (file)
+			begin
+        user_entitlement=Hash.new
+        user_record=0
+        line_cnt=0
+				cur_user_id=String.new
+				header=Array.new
+#        File.open(file,'r:gb18030:UTF-8').each do |line|
+				# YST report encoding format change since September 2017. Refer to Ryan Li for more info. - Yang Li
+				File.open(file,'r').each do |line|
+          puts "Processing YST user report line number #{line_cnt.inspect}" if @verbose
+					entry=line.chomp.split(",").map {|x| x.gsub(/(\s|\")/,"")}
+          # skip the 1st line of the file (header line)
+          if line_cnt == 0
+						header=entry
+            line_cnt+=1
+            next
+          end
+					 # clean the entry data
+          puts entry.inspect if @verbose
+          # Determine the start of a user_user_record
+          entry[0].strip!
+          if entry[0].nil?
+						line_cnt+=1
+            next
+        	elsif entry[0].empty?
+						line_cnt+=1
+						next
+						#app=Hash.new
+          elsif entry[0] != cur_user_id
+            user_record+=1
+						cur_user_id=entry[0]
+          end
+          record=Hash[header.zip(entry)] unless entry[0].nil?
+					puts "User record: #{record}" if @verbose
+          user_entitlement[user_record]=record unless user_entitlement.key?(user_record)
+          line_cnt+=1
+			  end
+        return user_entitlement
+      rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+			end
+	end
+  # Parsing the Yi Shi Tong org entitlement report in CSV format
+	def parse_yst_org_report (file)
+		begin
+			org_entitlement=Hash.new
+			line_cnt=0
+			cur_org_id=String.new
+			header=Array.new
+			#File.open(file,'r:gb18030:UTF-8').each do |line|
+			# YST report encoding format change since September 2017. Refer to Ryan Li for more info. - Yang Li
+			File.open(file,'r').each do |line|
+				puts "Processing YST organization report line number #{line_cnt.inspect}" if @verbose
+				entry=line.chomp.split(",").map {|x| x.gsub(/(\s|\")/,"")}
+				# skip the 1st line of the file (header line)
+				if line_cnt == 0
+					header=entry
+					line_cnt+=1
+					next
+				end
+				 # clean the entry data
+				puts entry.inspect if @verbose
+				# Determine the start of a user_user_record
+				entry[0].strip!
+				if entry[0].nil?
+					line_cnt+=1
+					next
+				elsif entry[0].empty?
+					line_cnt+=1
+					next
+					#app=Hash.new
+				elsif entry[0] != cur_org_id
+					cur_org_id=entry[0]
+				end
+				record=Hash[header.zip(entry)] unless entry[0].nil?
+				puts "User record: #{record}" if @verbose
+				org_entitlement[cur_org_id]=record unless org_entitlement.key?(cur_org_id)
+				line_cnt+=1
+			end
+			return org_entitlement
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+	# Procedures to add additonal field 'dn' into the @yst_user_entitlement data structure, by person the AD search
+	def insert_dn
+			begin
+				 puts "Insert DN into the record ..." if @verbose
+				 tracker = Ucert::AdTracker.new(:verbose=>@verbose)
+				 @yst_user_entitlement.each do |index, record|
+					puts "\n\nPerform DN lookup for record: #{record}" if @verbose
+					key1 = record['USER_NAME'] if record['USER_NAME']
+					key2 = record['EMAIL'] if record['EMAIL']
+					key3 = key2.gsub(/\d+/,"")
+					key4 = key3.split("_")[0]
+					my_key = key1.upcase + ":" + key2.upcase
+					puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
+					if @yst_2_ad_user.key?(my_key)
+						dn=@yst_2_ad_user[my_key]
+						# additional logic to update the existing DN record
+						unless tracker.ad_person_records.key?(dn)
+							dn = update_dn(tracker,dn)
+						end
+						puts "Found in the local cache file: #{dn}" if @verbose
+					else
+						if dn.nil? and !key1.nil?
+							puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
+							dn = tracker.ad_search_by_text(key1, "person")
+						end
+						if dn.nil? and !key2.nil?
+							puts "Perform 3rd order search only if the last fail, by using: #{key2}" if @verbose
+							dn = tracker.ad_search_by_text(key2, "person")
+						end
+						if dn.nil? and !key3.nil?
+							puts "Perform 4th order search only if the last fail, by using: #{key3}" if @verbose
+							dn = tracker.ad_search_by_text(key3, "person")
+						end
+						if dn.nil? and !key4.nil?
+							puts "Perform 5th order search only if the last fail, by using: #{key4}" if @verbose
+							dn = tracker.ad_search_by_text(key4, "person")
+						end
+					end
+					@yst_user_entitlement[index]['DN'] = dn
+				end
+				tracker=nil
+			rescue => ee
+				puts "Exception on method #{__method__}: #{ee}"
+				tracker=nil
+			end
+	end
+  # DN lookup via YST for systems under YST, such as CVM
+	def yst_id_2_dn (id)
+		@yst_user_entitlement.each do |key,val|
+			return val["DN"] if val["USER_ID"] == id.strip
+		end
+		return nil
+	end
+	# Print out the user entitlement table in plain text, to be imported into database
+	def print_user_entitlement
+		begin
+      puts "User Entitlement Report in Plain-text Format" if @verbose
+			@yst_user_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
+			puts if @verbose
+			@yst_user_entitlement.values.map do |rec|
+				rec.each {|k,v| print v,"|"}
+				puts
+      end
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+	end
+  alias_method :print_user, :print_user_entitlement
+  # Print out the org entitlement table in plain text, to be imported into database
+  def print_org_entitlement
+    begin
+			puts "Organization Entitlement Report in Plain-text Format" if @verbose
+			@yst_org_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
+			puts if @verbose
+			@yst_org_entitlement.values.map do |rec|
+				rec.each {|k,v| print v,"|"}
+				puts
+      end
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}"
+		end
+  end
+  alias_method :print_org, :print_org_entitlement
+	# Save the Yi Shi Tong to AD user mapping relation into the cache file
+	def save_yst_user_map!(file=@file_user_map)
+		puts "Saving the known Yst to AD user mapping relationship to file: #{file} ..." if @verbose
+		begin
+			timestamp=Time.now
+			f=File.open(file, 'w')
+			f.write "# local Yst to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
+			@yst_user_entitlement.values.map do |record|
+				key = record['USER_NAME'].upcase + ':' + record['EMAIL'].upcase
+				value = record['DN']
+				f.write "\n#{key}|#{value}"
+			end
+			f.close
+			puts "Yst to AD user map file is successfully saved to: #{file}" if @verbose
+		rescue => ee
+			puts "Exception on method #{__method__}: #{ee}" if @verbose
+		end
+	end
+	alias_method  :save!, :save_yst_user_map!
+	# Search user entitlement record by AD DN
+	def yst_search_by_dn (dn)
+		begin
+      puts "Perform search on the user entitlement record by AD DN: #{dn}" if @verbose
+      @yst_user_entitlement.each do |key, val|
+          return val if @yst_user_entitlement[key]['DN'].eql? dn
+      end
+			return nil
+    rescue => ee
+      puts "Exception on method #{__method__}: #{ee}"
+    end
+	end
+	alias_method  :search_by_dn, :yst_search_by_dn
+	# Search user entitlement record by USER_ID
+	def yst_search_by_id (id)
+		begin
+      puts "Perform search on the user entitlement record by USER_ID: #{id}" if @verbose
+      @yst_user_entitlement.each do |key, val|
+          return val if @yst_user_entitlement[key]['USER_ID'].eql? id.strip
+      end
+			return nil
+    rescue => ee
+      puts "Exception on method #{__method__}: #{ee}"
+    end
+	end
+	alias_method  :search_by_id, :yst_search_by_id
+	private	:parse_yst_user_report, :parse_yst_org_report, :insert_dn
+end