ucert 0.2.57
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +134 -0
- data/LICENSE.txt +22 -0
- data/README.rdoc +61 -0
- data/Rakefile +8 -0
- data/TODO +5 -0
- data/bin/ad_dump +74 -0
- data/bin/ad_update +48 -0
- data/bin/adgrep +149 -0
- data/bin/adp_dump +70 -0
- data/bin/aix_dump +69 -0
- data/bin/audiolog_dump +69 -0
- data/bin/bloomberg_dump +69 -0
- data/bin/check21_dump +69 -0
- data/bin/citidirect_be_dump +69 -0
- data/bin/citidirect_sec_dump +69 -0
- data/bin/citrixsf_dump +70 -0
- data/bin/clear_par_dump +70 -0
- data/bin/cmbrun_ny_dump +76 -0
- data/bin/cvm_dump +70 -0
- data/bin/db_direct_dump +69 -0
- data/bin/egifts_dump +68 -0
- data/bin/equinix_dump +69 -0
- data/bin/frb_dump +69 -0
- data/bin/go_contact_dump +16 -0
- data/bin/jpm_dump +69 -0
- data/bin/madison535_dump +70 -0
- data/bin/mantis_dump +79 -0
- data/bin/prime_dump +79 -0
- data/bin/sage100_dump +69 -0
- data/bin/sharefile_dump +69 -0
- data/bin/som_dump +74 -0
- data/bin/stb_dump +69 -0
- data/bin/swift_dump +79 -0
- data/bin/swift_online_dump +69 -0
- data/bin/t24_dump +79 -0
- data/bin/vpn_dump +69 -0
- data/bin/wms_dump +79 -0
- data/bin/yst_dump +79 -0
- data/data/ad/ad_delta.txt +94 -0
- data/data/ad/hosts +421 -0
- data/data/ad/hosts.old +597 -0
- data/data/ad/hosts_old +597 -0
- data/data/ad/ldap_computer.txt +19028 -0
- data/data/ad/ldap_person.txt +41241 -0
- data/data/adp/Active Employee Report.xlsx +0 -0
- data/data/adp/adp_user_map.txt +141 -0
- data/data/aix/EGIFTS1.txt +239 -0
- data/data/aix/NYSWIFT1.txt +222 -0
- data/data/aix/T24_APP1.txt +300 -0
- data/data/aix/T24_DBP.txt +252 -0
- data/data/aix/aix_user_map.txt +46 -0
- data/data/alliance_swift/Swift_Operator_Details.xlsx +0 -0
- data/data/alliance_swift/Swift_Operator_Profiles_Details.xlsx +0 -0
- data/data/alliance_swift/swift_operator_map.txt +22 -0
- data/data/audiolog/Capture_audiolog.PNG +0 -0
- data/data/bloomberg/AccountData.csv +2 -0
- data/data/bloomberg/Capture_SID_download.PNG +0 -0
- data/data/bloomberg/current_subscriptions.csv +11 -0
- data/data/check21/Capture_check21_users.PNG +0 -0
- data/data/citidirect_be/Capture.PNG +0 -0
- data/data/citidirect_be/Capture_new.PNG +0 -0
- data/data/citidirect_be/Capture_new_new.PNG +0 -0
- data/data/citidirect_be/UserProfileEntitlementReport.pdf +0 -0
- data/data/citidirect_be/UserProfileEntitlementsReport.old.xlsx +0 -0
- data/data/citidirect_be/UserProfileEntitlementsReport.xlsx +0 -0
- data/data/citidirect_be/be_user_map.txt +11 -0
- data/data/citidirect_securities/Capture.PNG +0 -0
- data/data/citidirect_securities/User_Entitlements_Report___CLNT.dat +19 -0
- data/data/citidirect_securities/User_Entitlements_Report___CLNT.xml +75 -0
- data/data/citidirect_securities/citidirect_securities_user_map.txt +10 -0
- data/data/citrix_sharefile/ShareFile_Access_Report.xlsx +0 -0
- data/data/citrix_sharefile/sharefile_user_map.txt +33 -0
- data/data/clear_par/ClearPar User Report.xlsx +0 -0
- data/data/clear_par/clear_par_user_map.txt +25 -0
- data/data/cmbrun_ny/CMBNY_Position_Rpt.xlsx +0 -0
- data/data/cmbrun_ny/CMBRUN_USER_RPT.xlsx +0 -0
- data/data/cmbrun_ny/Capture_cmbrun.PNG +0 -0
- data/data/cmbrun_ny/Capture_cmbrun_position.PNG +0 -0
- data/data/cmbrun_ny/crny_access_user_map.txt +55 -0
- data/data/cvm/cvm_user_func.xlsx +0 -0
- data/data/cvm/cvm_user_list.xlsx +0 -0
- data/data/cvm/cvm_user_map.txt +56 -0
- data/data/cvm/cvm_user_role.xlsx +0 -0
- data/data/db_direct/Capture_main.PNG +0 -0
- data/data/db_direct/Capture_rpt.PNG +0 -0
- data/data/db_direct/accountpermission.xlsx +0 -0
- data/data/db_direct/db_direct_user_map.txt +8 -0
- data/data/db_direct/di_direct_user_map.txt +0 -0
- data/data/db_direct/userfulldetail_2016010813232300644912.pdf +0 -0
- data/data/equinix/Secured Access List_CHINA MERCHANTS BANK.xlsx +0 -0
- data/data/equinix/equinix_user_map.txt +29 -0
- data/data/fis_egifts/CHINA_MERCHANTS_BANK_-_USER_ACCOUNT_FUNCTION_REPORT.xlsx +0 -0
- data/data/fis_egifts/egifts_user_map.txt +113 -0
- data/data/fis_prime/Prime_Operator_Rights_Report.xml +41958 -0
- data/data/fis_prime/Prime_Operator_Status_Report.xml +1827 -0
- data/data/fis_prime/Prime_Operators_and_Roles_Report.xml +1505 -0
- data/data/fis_prime/Prime_Rights_by_Role_Report.xml +22726 -0
- data/data/fis_prime/prime_user_map.txt +77 -0
- data/data/frb/FRB_Subscriber_Roles_Report.xlsx +0 -0
- data/data/frb/frb_user_map.txt +22 -0
- data/data/go_contact/go_contact.xlsx +0 -0
- data/data/go_contact/go_user_map.txt +134 -0
- data/data/go_contact/title_level_map.txt +141 -0
- data/data/jpm_access/Capture.PNG +0 -0
- data/data/jpm_access/jpm_access_user_map.txt +13 -0
- data/data/jpm_access/jpm_user_entitlements_details.txt +194 -0
- data/data/jpm_access/jpm_user_groupentitlements_details.txt +2 -0
- data/data/madison535/535madison_bldg_pass.xlsx +0 -0
- data/data/madison535/535madison_bldg_pass_2.xlsx +0 -0
- data/data/madison535/madison535_user_map.txt +191 -0
- data/data/mantis/Mantis_AccessLevels.xlsx +0 -0
- data/data/mantis/Mantis_ActiveUsers_Rpt.xlsx +0 -0
- data/data/mantis/mantis_access_user_map.txt +128 -0
- data/data/sage100/Capture_Sage100_Rpt.PNG +0 -0
- data/data/sage100/Capture_Sage100_Rpt_2.PNG +0 -0
- data/data/sage100/SY_UserReport_RolePreferencesDetails.xlsx +0 -0
- data/data/sage100/SY_UserReport_RoleTaskPermissionsDetails.xlsx +0 -0
- data/data/sage100/sy_user_map.txt +14 -0
- data/data/som/som_user_map.txt +40 -0
- data/data/som/som_user_report.csv +329 -0
- data/data/stb/STB_USERS.csv +177 -0
- data/data/stb/STB_USERS.pdf +0 -0
- data/data/stb/stb_user_map.txt +33 -0
- data/data/swift_online/UserReport.xlsx +0 -0
- data/data/swift_online/swo_access_user_map.txt +18 -0
- data/data/t24/T24_Grp_Rpt.csv +484 -0
- data/data/t24/T24_User_Rpt.csv +567 -0
- data/data/t24/t24_grp.xml +2904 -0
- data/data/t24/t24_user_map.txt +197 -0
- data/data/t24/t24_usr.xml +9628 -0
- data/data/vpn/Capture_VPN.PNG +0 -0
- data/data/wms/role_rpt.txt +451 -0
- data/data/wms/user_rpt.txt +55 -0
- data/data/wms/wms_user_map.txt +55 -0
- data/data/yst/YiShiTong_Org.csv +21 -0
- data/data/yst/YiShiTong_User.csv +163 -0
- data/data/yst/yst_user_map.txt +163 -0
- data/demos/filter_email.rb +19 -0
- data/demos/idm_ad_reload.rb +164 -0
- data/lib/ucert.rb +82 -0
- data/lib/ucert/ad_tracker.rb +694 -0
- data/lib/ucert/adp_payroll_tracker.rb +189 -0
- data/lib/ucert/aix_tracker.rb +175 -0
- data/lib/ucert/alliance_swift_tracker.rb +300 -0
- data/lib/ucert/audiolog_tracker.rb +67 -0
- data/lib/ucert/bloomberg_tracker.rb +96 -0
- data/lib/ucert/check21_tracker.rb +95 -0
- data/lib/ucert/citidirect_be_tracker.rb +418 -0
- data/lib/ucert/citidirect_securities_tracker.rb +230 -0
- data/lib/ucert/citrix_sharefile_tracker.rb +196 -0
- data/lib/ucert/clear_par_tracker.rb +187 -0
- data/lib/ucert/cmbrun_ny_tracker.rb +244 -0
- data/lib/ucert/cvm_tracker.rb +230 -0
- data/lib/ucert/db_direct_tracker.rb +205 -0
- data/lib/ucert/equinix_tracker.rb +202 -0
- data/lib/ucert/fis_egifts_tracker.rb +249 -0
- data/lib/ucert/fis_prime_tracker.rb +391 -0
- data/lib/ucert/frb_tracker.rb +232 -0
- data/lib/ucert/go_contact_tracker.rb +778 -0
- data/lib/ucert/jpm_access_tracker.rb +205 -0
- data/lib/ucert/madison535_tracker.rb +273 -0
- data/lib/ucert/mantis_tracker.rb +249 -0
- data/lib/ucert/sage100_tracker.rb +355 -0
- data/lib/ucert/som_tracker.rb +223 -0
- data/lib/ucert/stb_tracker.rb +199 -0
- data/lib/ucert/swift_online_tracker.rb +197 -0
- data/lib/ucert/t24_tracker.rb +342 -0
- data/lib/ucert/utils/utils.rb +200 -0
- data/lib/ucert/vpn_tracker.rb +94 -0
- data/lib/ucert/wms_tracker.rb +240 -0
- data/lib/ucert/yst_tracker.rb +264 -0
- data/test/ad_testfiles/ldap_computer_test.txt +21 -0
- data/test/ad_testfiles/ldap_person_test.txt +21 -0
- data/test/aix_testfiles/application1.txt +7 -0
- data/test/aix_testfiles/application2.txt +15 -0
- data/test/alliance_swift_testfiles/Swift_Operator_Details_Test.xlsx +0 -0
- data/test/alliance_swift_testfiles/Swift_Operator_Profiles_Details_Test.xlsx +0 -0
- data/test/alliance_swift_testfiles/swift_operator_map_test.txt +55 -0
- data/test/alliance_swift_testfiles/swift_operator_map_test_2.txt +55 -0
- data/test/alliance_swift_testfiles/swift_operator_map_test_format_fixed.txt +55 -0
- data/test/citidirect_be_testfiles/UserProfileEntitlementsReport_Test.xlsx +0 -0
- data/test/citidirect_securities_testfiles/User_Entitlements_Report___CLNT_Test.xml +48 -0
- data/test/citrix_sharefile_testfiles/ShareFile_Access_Report_Test.xlsx +0 -0
- data/test/cmbrun_ny_testfiles/CMBNY_Position_Rpt_02242016_test.xlsx +0 -0
- data/test/cmbrun_ny_testfiles/CMBRUN_USER_RPT_Test.xlsx +0 -0
- data/test/db_direct_testfiles/accountpermission_Test.xlsx +0 -0
- data/test/equinix_testfiles/Secured Access List_CHINA MERCHANTS BANK_TEST.xlsx +0 -0
- data/test/fis_egifts_testfiles/CHINA_MERCHANTS_BANK_-_USER_ACCOUNT_FUNCTION_REPORT_TEST.xlsx +0 -0
- data/test/fis_prime_testfiles/Prime_Operator_Rights_Report_Test.xml +158 -0
- data/test/fis_prime_testfiles/Prime_Operator_Status_Report_Copy.xml +1659 -0
- data/test/fis_prime_testfiles/Prime_Operator_Status_Report_Test.xml +51 -0
- data/test/fis_prime_testfiles/Prime_Operators_and_Roles_Report_Copy.xml +1360 -0
- data/test/fis_prime_testfiles/Prime_Operators_and_Roles_Report_Test.xml +45 -0
- data/test/fis_prime_testfiles/Prime_Rights_by_Role_Report_Test.xml +65 -0
- data/test/fis_prime_testfiles/prime_user_map.txt +3 -0
- data/test/frb_testfiles/FRB_Subscriber_Roles_Report_Test.xlsx +0 -0
- data/test/go_contact_testfiles/go_contact_test.xlsx +0 -0
- data/test/jpm_access_testfiles/Capture.PNG +0 -0
- data/test/jpm_access_testfiles/jpm_user_entitlements_details_original.txt +208 -0
- data/test/jpm_access_testfiles/jpm_user_entitlements_details_test.txt +7 -0
- data/test/madison535_testfiles/535madison_bldg_pass_2_Test.xlsx +0 -0
- data/test/madison535_testfiles/535madison_bldg_pass_Test.xlsx +0 -0
- data/test/mantis_testfiles/Mantis_AccessLevels_Test.xlsx +0 -0
- data/test/mantis_testfiles/Mantis_ActiveUsers_Rpt_Test.xlsx +0 -0
- data/test/sage100_testfiles/SY_UserReport_RolePreferencesDetails_Test.xlsx +0 -0
- data/test/sage100_testfiles/SY_UserReport_RoleTaskPermissionsDetails_Test.xlsx +0 -0
- data/test/som_testfiles/som_user_map_test.txt +7 -0
- data/test/som_testfiles/som_user_report_test.csv +25 -0
- data/test/stb_testfiles/STB_USERS_test.csv +24 -0
- data/test/stb_testfiles/STB_USERS_test_constant.csv +24 -0
- data/test/swift_online_testfiles/UserReport.xls +0 -0
- data/test/swift_online_testfiles/UserReport_Test.xlsx +0 -0
- data/test/swift_online_testfiles/test_outline_level.rb +7 -0
- data/test/t24_testfiles/T24_Grp_Rpt_Test.csv +7 -0
- data/test/t24_testfiles/T24_User_Rpt_Test.csv +7 -0
- data/test/test_ad_tracker.rb +148 -0
- data/test/test_aix_tracker.rb +71 -0
- data/test/test_alliance_swift_tracker.rb +131 -0
- data/test/test_audiolog_tracker.rb +23 -0
- data/test/test_check21_tracker.rb +30 -0
- data/test/test_citidirect_be_tracker.rb +110 -0
- data/test/test_citidirect_securities_tracker.rb +89 -0
- data/test/test_citrix_sharefile_tracker.rb +105 -0
- data/test/test_cmbrun_ny_tracker.rb +112 -0
- data/test/test_db_direct_tracker.rb +125 -0
- data/test/test_equinix_tracker.rb +119 -0
- data/test/test_fis_egifts_tracker.rb +105 -0
- data/test/test_fis_prime_tracker.rb +288 -0
- data/test/test_frb_tracker.rb +104 -0
- data/test/test_go_contact.rb +276 -0
- data/test/test_jpm_access_tracker.rb +122 -0
- data/test/test_madison535_tracker.rb +125 -0
- data/test/test_mantis_tracker.rb +133 -0
- data/test/test_sage100_tracker.rb +120 -0
- data/test/test_som_tracker.rb +71 -0
- data/test/test_stb_tracker.rb +120 -0
- data/test/test_swift_online_tracker.rb +116 -0
- data/test/test_t24_tracker.rb +151 -0
- data/test/test_utils.rb +46 -0
- data/test/test_vpn_tracker.rb +56 -0
- data/test/test_wms_tracker.rb +109 -0
- data/test/test_yst_tracker.rb +133 -0
- data/test/utils_testfiles/file2list_test.txt +13 -0
- data/test/utils_testfiles/load_know_user_map_testfile.txt +4 -0
- data/test/wms_testfiles/role_rpt_test.txt +6 -0
- data/test/wms_testfiles/user_rpt_test.txt +6 -0
- data/test/yst_testfiles/YiShiTong_Org_Test.csv +18 -0
- data/test/yst_testfiles/YiShiTong_User_Test.csv +5 -0
- data/ucert.gemspec +52 -0
- data/version.txt +12 -0
- metadata +410 -0
@@ -0,0 +1,94 @@
|
|
1
|
+
#--
|
2
|
+
# ucert
|
3
|
+
#
|
4
|
+
# A Ruby library for enterprise user account certification / recertification / audit project
|
5
|
+
#
|
6
|
+
# Copyright (c) CMBNY Risk Department
|
7
|
+
#++
|
8
|
+
|
9
|
+
# Class to handle VPN user account IDs
|
10
|
+
class Ucert::VpnTracker
|
11
|
+
include Ucert::Utils
|
12
|
+
# Class constant variables
|
13
|
+
|
14
|
+
attr_accessor :verbose
|
15
|
+
attr_reader :vpn_user_entitlement
|
16
|
+
|
17
|
+
# Instance default variables
|
18
|
+
def initialize (params ={})
|
19
|
+
|
20
|
+
@verbose=params.fetch(:verbose, false)
|
21
|
+
# VPN users are defined by assigning AD user into 3 different containers in CMBNY domain controller
|
22
|
+
# Refer to the screenshot for further details
|
23
|
+
#
|
24
|
+
#
|
25
|
+
# Load the group entitlement instance variable
|
26
|
+
@vpn_class={"CN=Class1VPN,CN=Users,DC=ny,DC=cmbchina,DC=com"=>"class_1", "CN=Class2VPN,CN=Users,DC=ny,DC=cmbchina,DC=com"=>"class_2", "CN=Class3VPN,CN=Users,DC=ny,DC=cmbchina,DC=com"=>"class_3"}
|
27
|
+
# Load the user entitlement instance variable by perform the AD lookup
|
28
|
+
@vpn_user_entitlement=parse_vpn_user_info
|
29
|
+
end
|
30
|
+
|
31
|
+
# Parsing the VPN user entitlement report in CSV format
|
32
|
+
def parse_vpn_user_info
|
33
|
+
begin
|
34
|
+
puts "Parsing known AD objects in search of the current VPN users" if @verbose
|
35
|
+
vpn_entitlement=Hash.new
|
36
|
+
user_record=0
|
37
|
+
tracker=Ucert::AdTracker.new
|
38
|
+
tracker.ad_person_records.keys.map do |record|
|
39
|
+
puts "Processing record #{record.inspect}" if @verbose
|
40
|
+
memberships=tracker.get_dn_attributes("person", record, "memberOf")
|
41
|
+
my_class = memberships & @vpn_class.keys
|
42
|
+
if my_class.size >0
|
43
|
+
puts "VPN user found: #{record}" if @verbose
|
44
|
+
user_record+=1
|
45
|
+
vpn_entitlement[user_record]=Hash.new unless vpn_entitlement[user_record]
|
46
|
+
vpn_entitlement[user_record]['CN']=tracker.extract_first_cn(record)
|
47
|
+
vpn_entitlement[user_record]['department']=tracker.get_dn_attribute("person",record,"department")
|
48
|
+
vpn_entitlement[user_record]['sAMAccountName']=tracker.get_dn_attribute("person",record,"sAMAccountName")
|
49
|
+
vpn_entitlement[user_record]['VPN Class']=@vpn_class[my_class.first]
|
50
|
+
vpn_entitlement[user_record]['DN']=record
|
51
|
+
end
|
52
|
+
end
|
53
|
+
tracker=nil
|
54
|
+
return vpn_entitlement
|
55
|
+
rescue => ee
|
56
|
+
puts "Exception on method #{__method__}: #{ee}"
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
# Print out the user entitlement table in plain text, to be imported into database
|
61
|
+
def print_user_entitlement
|
62
|
+
begin
|
63
|
+
puts "VPN User Entitlement Report in Plain-text Format" if @verbose
|
64
|
+
@vpn_user_entitlement[1].keys.map {|x| print x,"|"} if @verbose
|
65
|
+
puts if @verbose
|
66
|
+
@vpn_user_entitlement.values.each do |record|
|
67
|
+
record.values.map {|y| print y,"|"}
|
68
|
+
puts
|
69
|
+
end
|
70
|
+
puts
|
71
|
+
rescue => ee
|
72
|
+
puts "Exception on method #{__method__}: #{ee}"
|
73
|
+
end
|
74
|
+
end
|
75
|
+
alias_method :print_user, :print_user_entitlement
|
76
|
+
|
77
|
+
|
78
|
+
# Search user entitlement record by AD DN
|
79
|
+
def vpn_search_by_dn (dn)
|
80
|
+
begin
|
81
|
+
puts "Perform search on the user entitlement record by AD DN: #{dn}" if @verbose
|
82
|
+
@vpn_user_entitlement.each do |key, val|
|
83
|
+
return val if @vpn_user_entitlement[key]['DN'].eql? dn
|
84
|
+
end
|
85
|
+
return nil
|
86
|
+
rescue => ee
|
87
|
+
puts "Exception on method #{__method__}: #{ee}"
|
88
|
+
end
|
89
|
+
end
|
90
|
+
alias_method :search_by_dn, :vpn_search_by_dn
|
91
|
+
|
92
|
+
private :parse_vpn_user_info
|
93
|
+
|
94
|
+
end
|
@@ -0,0 +1,240 @@
|
|
1
|
+
#--
|
2
|
+
# ucert
|
3
|
+
#
|
4
|
+
# A Ruby library for enterprise user account certification / recertification / audit project
|
5
|
+
#
|
6
|
+
# Copyright (c) CMBNY Risk Department
|
7
|
+
#++
|
8
|
+
|
9
|
+
# Class to handle Wms user account IDs
|
10
|
+
class Ucert::WmsTracker
|
11
|
+
include Ucert::Utils
|
12
|
+
# Class constant variables
|
13
|
+
|
14
|
+
attr_accessor :verbose, :wms_user_report, :wms_role_report, :file_user_map
|
15
|
+
attr_reader :wms_user_entitlement, :wms_role_entitlement, :wms_2_ad_user
|
16
|
+
|
17
|
+
# Instance default variables
|
18
|
+
def initialize (params ={})
|
19
|
+
|
20
|
+
@verbose=params.fetch(:verbose, false)
|
21
|
+
# Wms user entitlement report in CSV format, generated by Ryan Li's user table exportation script
|
22
|
+
@wms_user_report = File.dirname(__FILE__)+"/../../data/wms/user_rpt.txt"
|
23
|
+
# Wms user entitlement report in CSV format, generated by Ryan Li's user table exportation script
|
24
|
+
@wms_role_report = File.dirname(__FILE__)+"/../../data/wms/role_rpt.txt"
|
25
|
+
# WMS to AD user map file
|
26
|
+
@file_user_map = File.dirname(__FILE__)+"/../../data/wms/wms_user_map.txt"
|
27
|
+
# Load the user map file to an instance variable (for performance gain)
|
28
|
+
@wms_2_ad_user=load_known_user_map_from_file(@file_user_map)
|
29
|
+
# Load the user entitlement instance variable from the native Wms user entitlement report
|
30
|
+
@wms_user_entitlement=parse_wms_user_report(@wms_user_report)
|
31
|
+
# Insert DN field into the user entitlement data structure
|
32
|
+
insert_dn
|
33
|
+
# Load the role entitlement instance variable from the native Wms role entitlement reportk=Uc
|
34
|
+
@wms_role_entitlement=parse_wms_role_report(@wms_role_report)
|
35
|
+
save!
|
36
|
+
end
|
37
|
+
|
38
|
+
# Parsing the Wms user entitlement report in CSV format
|
39
|
+
def parse_wms_user_report (file)
|
40
|
+
begin
|
41
|
+
user_entitlement=Hash.new
|
42
|
+
user_record=0
|
43
|
+
line_cnt=0
|
44
|
+
cur_user_id=String.new
|
45
|
+
File.open(file,'r:gb2312:UTF-8').each do |line|
|
46
|
+
puts "Processing line number #{line_cnt.inspect}" if @verbose
|
47
|
+
# skip the 1st line of the file (header line)
|
48
|
+
if line_cnt == 0
|
49
|
+
line_cnt+=1
|
50
|
+
next
|
51
|
+
end
|
52
|
+
# entry=line.chomp.split(/(\t|\,)/).map {|x| x.gsub("\"","")} # clean the entry data
|
53
|
+
entry=line.chomp.split(",").map {|x| x.gsub("\"","")} # clean the entry data
|
54
|
+
puts entry.inspect if @verbose
|
55
|
+
# Determine the start of a user_user_record
|
56
|
+
entry[0].strip!
|
57
|
+
if entry[0].nil?
|
58
|
+
line_cnt+=1
|
59
|
+
next
|
60
|
+
elsif entry[0].empty?
|
61
|
+
line_cnt+=1
|
62
|
+
next
|
63
|
+
#app=Hash.new
|
64
|
+
elsif entry[0] != cur_user_id
|
65
|
+
user_record+=1
|
66
|
+
cur_user_id = entry[0]
|
67
|
+
end
|
68
|
+
user_entitlement[user_record]=Hash.new unless user_entitlement.key?(user_record)
|
69
|
+
user_entitlement[user_record]['USERID']=entry[0].strip unless user_entitlement[user_record]['USERID']
|
70
|
+
user_entitlement[user_record]['USERNAME']=entry[1].strip unless user_entitlement[user_record]['USERNAME']
|
71
|
+
user_entitlement[user_record]['STATUS']=entry[2] unless user_entitlement[user_record]['STATUS']
|
72
|
+
user_entitlement[user_record]['ORGNAME']=entry[3] unless user_entitlement[user_record]['ORGNAME']
|
73
|
+
user_entitlement[user_record]['ROLEID']=Hash.new unless user_entitlement[user_record]['ROLEID']
|
74
|
+
unless entry[4].nil?
|
75
|
+
unless entry[4].empty?
|
76
|
+
role=Hash.new
|
77
|
+
role[entry[4]]=true
|
78
|
+
user_entitlement[user_record]['ROLEID'].merge!(role)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
line_cnt+=1
|
82
|
+
#return if line_cnt==3
|
83
|
+
end
|
84
|
+
return user_entitlement
|
85
|
+
rescue => ee
|
86
|
+
puts "Exception on method #{__method__}: #{ee}"
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
# Parsing the WMS role entitlement report in CSV format
|
91
|
+
def parse_wms_role_report (file)
|
92
|
+
begin
|
93
|
+
role_entitlement=Hash.new
|
94
|
+
line_cnt=0
|
95
|
+
cur_role_id = String.new
|
96
|
+
File.open(file,'r:gb2312:UTF-8').each do |line|
|
97
|
+
puts "Processing line number #{line_cnt.inspect}" if @verbose
|
98
|
+
# skip the 1st line of the file (header line)
|
99
|
+
if line_cnt == 0
|
100
|
+
line_cnt+=1
|
101
|
+
next
|
102
|
+
end
|
103
|
+
entry=line.chomp.split(',').map {|x| x.gsub("\"","")} # clean the entry data
|
104
|
+
puts entry.inspect if @verbose
|
105
|
+
# Determine the start of a user_record
|
106
|
+
entry[0].strip!
|
107
|
+
if entry[0].nil?
|
108
|
+
#do nothing
|
109
|
+
line_cnt+=1
|
110
|
+
next
|
111
|
+
elsif entry[0].empty?
|
112
|
+
#do nothing
|
113
|
+
line_cnt+=1
|
114
|
+
next
|
115
|
+
elsif entry[0]!=cur_role_id
|
116
|
+
puts "Processing role_id: #{entry[0]}" if @verbose
|
117
|
+
cur_role_id = entry[0]
|
118
|
+
end
|
119
|
+
role_entitlement[cur_role_id] = Hash.new unless role_entitlement.key?(cur_role_id)
|
120
|
+
role_entitlement[cur_role_id]['ROLENAME'] = entry[1] unless role_entitlement[cur_role_id]['ROLENAME']
|
121
|
+
role_entitlement[cur_role_id]['PRV'] = Array.new unless role_entitlement[cur_role_id]['PRV']
|
122
|
+
unless entry[2].nil?
|
123
|
+
prv=Hash.new
|
124
|
+
prv['PRVID']=entry[2]
|
125
|
+
prv['PRVNAME']=entry[3]
|
126
|
+
prv['URL']=entry[4]
|
127
|
+
role_entitlement[cur_role_id]['PRV'].push(prv)
|
128
|
+
end
|
129
|
+
line_cnt+=1
|
130
|
+
end
|
131
|
+
return role_entitlement
|
132
|
+
rescue => ee
|
133
|
+
puts "Exception on method #{__method__}: #{ee}"
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
# Procedures to add additonal field 'dn' into the @wms_user_entitlement data structure, by person the AD search
|
138
|
+
def insert_dn
|
139
|
+
begin
|
140
|
+
tracker = Ucert::AdTracker.new(:verbose=>false)
|
141
|
+
@wms_user_entitlement.each do |index, record|
|
142
|
+
puts "\n\nPerform DN lookup for record: #{record}" if @verbose
|
143
|
+
key1 = record['USERNAME'] if record['USERNAME']
|
144
|
+
key2 = record['USERID'] if record['USERID']
|
145
|
+
my_key = key1.upcase + ":" + key2.upcase
|
146
|
+
puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
|
147
|
+
if @wms_2_ad_user.key?(my_key)
|
148
|
+
dn=@wms_2_ad_user[my_key]
|
149
|
+
# additional logic to update the existing DN record
|
150
|
+
unless tracker.ad_person_records.key?(dn)
|
151
|
+
dn = update_dn(tracker,dn)
|
152
|
+
end
|
153
|
+
puts "Found in the local cache file: #{dn}" if @verbose
|
154
|
+
else
|
155
|
+
if dn.nil? and !key1.nil?
|
156
|
+
puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
|
157
|
+
dn = tracker.ad_search_by_text(key1, "person")
|
158
|
+
end
|
159
|
+
if dn.nil? and !key2.nil?
|
160
|
+
puts "Perform 3rd order search only if the last fail, by using: #{key2}" if @verbose
|
161
|
+
dn = tracker.ad_search_by_text(key2, "person")
|
162
|
+
end
|
163
|
+
end
|
164
|
+
@wms_user_entitlement[index]['DN'] = dn
|
165
|
+
end
|
166
|
+
tracker=nil
|
167
|
+
rescue => ee
|
168
|
+
puts "Exception on method #{__method__}: #{ee}"
|
169
|
+
tracker=nil
|
170
|
+
end
|
171
|
+
end
|
172
|
+
|
173
|
+
# Print out the user entitlement table in plain text, to be imported into database
|
174
|
+
def print_user_entitlement
|
175
|
+
begin
|
176
|
+
puts "user Entitlement Report in Plain-text Format" if @verbose
|
177
|
+
@wms_user_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
|
178
|
+
puts if @verbose
|
179
|
+
@wms_user_entitlement.values.map do |rec|
|
180
|
+
rec.each {|k,v| print v,"|"}
|
181
|
+
puts
|
182
|
+
end
|
183
|
+
rescue => ee
|
184
|
+
puts "Exception on method #{__method__}: #{ee}"
|
185
|
+
end
|
186
|
+
end
|
187
|
+
alias_method :print_user, :print_user_entitlement
|
188
|
+
|
189
|
+
# Print out the role entitlement table in plain text, to be imported into database
|
190
|
+
def print_role_entitlement
|
191
|
+
begin
|
192
|
+
puts "Role Entitlement Report in Plain-text Format" if @verbose
|
193
|
+
puts "ROLEID | ROLENAME | PRIVILEGE" if @verbose
|
194
|
+
@wms_role_entitlement.each do |key, record|
|
195
|
+
puts "#{key}|#{record['ROLENAME']}|#{record['PRV']}"
|
196
|
+
# "\t#{record['VERSION']}\t#{record['FUNCTION']}"
|
197
|
+
end
|
198
|
+
rescue => ee
|
199
|
+
puts "Exception on method #{__method__}: #{ee}"
|
200
|
+
end
|
201
|
+
end
|
202
|
+
alias_method :print_role, :print_role_entitlement
|
203
|
+
|
204
|
+
# Save the WMS to AD user mapping relation into the cache file
|
205
|
+
def save_wms_user_map!(file=@file_user_map)
|
206
|
+
puts "Saving the known Wms to AD user mapping relationship to file: #{file} ..." if @verbose
|
207
|
+
begin
|
208
|
+
timestamp=Time.now
|
209
|
+
f=File.open(file, 'w')
|
210
|
+
f.write "# local Wms to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
|
211
|
+
@wms_user_entitlement.values.map do |record|
|
212
|
+
key = record['USERNAME'].upcase + ':' + record['USERID'].upcase
|
213
|
+
value = record['DN']
|
214
|
+
f.write "\n#{key}|#{value}"
|
215
|
+
end
|
216
|
+
f.close
|
217
|
+
puts "WMS to AD user map file is successfully saved to: #{file}" if @verbose
|
218
|
+
rescue => ee
|
219
|
+
puts "Exception on method #{__method__}: #{ee}" if @verbose
|
220
|
+
end
|
221
|
+
end
|
222
|
+
alias_method :save!, :save_wms_user_map!
|
223
|
+
|
224
|
+
# Search user entitlement record by AD DN
|
225
|
+
def wms_search_by_dn (dn)
|
226
|
+
begin
|
227
|
+
puts "Perform search on the user entitlement record by AD DN: #{dn}" if @verbose
|
228
|
+
@wms_user_entitlement.each do |key, val|
|
229
|
+
return val if @wms_user_entitlement[key]['DN'].eql? dn
|
230
|
+
end
|
231
|
+
return nil
|
232
|
+
rescue => ee
|
233
|
+
puts "Exception on method #{__method__}: #{ee}"
|
234
|
+
end
|
235
|
+
end
|
236
|
+
alias_method :search_by_dn, :wms_search_by_dn
|
237
|
+
|
238
|
+
private :parse_wms_user_report, :parse_wms_role_report, :insert_dn
|
239
|
+
|
240
|
+
end
|
@@ -0,0 +1,264 @@
|
|
1
|
+
#--
|
2
|
+
# ucert
|
3
|
+
#
|
4
|
+
# A Ruby library for enterprise user account certification / recertification / audit project
|
5
|
+
#
|
6
|
+
# Copyright (c) CMBNY Risk Department
|
7
|
+
#++
|
8
|
+
|
9
|
+
# Class to handle Yi Shi Tong (一事通) user account IDs
|
10
|
+
class Ucert::YstTracker
|
11
|
+
include Ucert::Utils
|
12
|
+
# Class constant variables
|
13
|
+
|
14
|
+
attr_accessor :verbose, :yst_user_report, :yst_org_report, :file_user_map
|
15
|
+
attr_reader :yst_user_entitlement, :yst_org_entitlement, :yst_2_ad_user
|
16
|
+
|
17
|
+
# Instance default variables
|
18
|
+
def initialize (params ={})
|
19
|
+
|
20
|
+
@verbose=params.fetch(:verbose, false)
|
21
|
+
# Yst user entitlement report in CSV format, generated by Ryan Li's user table exportation script
|
22
|
+
@yst_user_report = File.dirname(__FILE__)+"/../../data/yst/YiShiTong_User.csv"
|
23
|
+
# Yst user entitlement report in CSV format, generated by Ryan Li's user table exportation script
|
24
|
+
@yst_org_report = File.dirname(__FILE__)+"/../../data/yst/YiShiTong_Org.csv"
|
25
|
+
# Yst to AD user map file
|
26
|
+
@file_user_map = File.dirname(__FILE__)+"/../../data/yst/yst_user_map.txt"
|
27
|
+
# Load the user map file to an instance variable (for performance gain)
|
28
|
+
@yst_2_ad_user=load_known_user_map_from_file(@file_user_map)
|
29
|
+
# Load the user entitlement instance variable from the native Yst user entitlement report
|
30
|
+
@yst_user_entitlement=parse_yst_user_report(@yst_user_report)
|
31
|
+
# Insert DN field into the user entitlement data structure
|
32
|
+
insert_dn
|
33
|
+
# Load the org entitlement instance variable from the native Yst org entitlement reportk=Uc
|
34
|
+
@yst_org_entitlement=parse_yst_org_report(@yst_org_report)
|
35
|
+
save!
|
36
|
+
end
|
37
|
+
|
38
|
+
# Parsing the Yst user entitlement report in CSV format
|
39
|
+
def parse_yst_user_report (file)
|
40
|
+
begin
|
41
|
+
user_entitlement=Hash.new
|
42
|
+
user_record=0
|
43
|
+
line_cnt=0
|
44
|
+
cur_user_id=String.new
|
45
|
+
header=Array.new
|
46
|
+
# File.open(file,'r:gb18030:UTF-8').each do |line|
|
47
|
+
# YST report encoding format change since September 2017. Refer to Ryan Li for more info. - Yang Li
|
48
|
+
File.open(file,'r').each do |line|
|
49
|
+
puts "Processing YST user report line number #{line_cnt.inspect}" if @verbose
|
50
|
+
entry=line.chomp.split(",").map {|x| x.gsub(/(\s|\")/,"")}
|
51
|
+
# skip the 1st line of the file (header line)
|
52
|
+
if line_cnt == 0
|
53
|
+
header=entry
|
54
|
+
line_cnt+=1
|
55
|
+
next
|
56
|
+
end
|
57
|
+
# clean the entry data
|
58
|
+
puts entry.inspect if @verbose
|
59
|
+
# Determine the start of a user_user_record
|
60
|
+
entry[0].strip!
|
61
|
+
if entry[0].nil?
|
62
|
+
line_cnt+=1
|
63
|
+
next
|
64
|
+
elsif entry[0].empty?
|
65
|
+
line_cnt+=1
|
66
|
+
next
|
67
|
+
#app=Hash.new
|
68
|
+
elsif entry[0] != cur_user_id
|
69
|
+
user_record+=1
|
70
|
+
cur_user_id=entry[0]
|
71
|
+
end
|
72
|
+
record=Hash[header.zip(entry)] unless entry[0].nil?
|
73
|
+
puts "User record: #{record}" if @verbose
|
74
|
+
user_entitlement[user_record]=record unless user_entitlement.key?(user_record)
|
75
|
+
line_cnt+=1
|
76
|
+
end
|
77
|
+
return user_entitlement
|
78
|
+
rescue => ee
|
79
|
+
puts "Exception on method #{__method__}: #{ee}"
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
# Parsing the Yi Shi Tong org entitlement report in CSV format
|
84
|
+
def parse_yst_org_report (file)
|
85
|
+
begin
|
86
|
+
org_entitlement=Hash.new
|
87
|
+
line_cnt=0
|
88
|
+
cur_org_id=String.new
|
89
|
+
header=Array.new
|
90
|
+
#File.open(file,'r:gb18030:UTF-8').each do |line|
|
91
|
+
# YST report encoding format change since September 2017. Refer to Ryan Li for more info. - Yang Li
|
92
|
+
File.open(file,'r').each do |line|
|
93
|
+
puts "Processing YST organization report line number #{line_cnt.inspect}" if @verbose
|
94
|
+
entry=line.chomp.split(",").map {|x| x.gsub(/(\s|\")/,"")}
|
95
|
+
# skip the 1st line of the file (header line)
|
96
|
+
if line_cnt == 0
|
97
|
+
header=entry
|
98
|
+
line_cnt+=1
|
99
|
+
next
|
100
|
+
end
|
101
|
+
# clean the entry data
|
102
|
+
puts entry.inspect if @verbose
|
103
|
+
# Determine the start of a user_user_record
|
104
|
+
entry[0].strip!
|
105
|
+
if entry[0].nil?
|
106
|
+
line_cnt+=1
|
107
|
+
next
|
108
|
+
elsif entry[0].empty?
|
109
|
+
line_cnt+=1
|
110
|
+
next
|
111
|
+
#app=Hash.new
|
112
|
+
elsif entry[0] != cur_org_id
|
113
|
+
cur_org_id=entry[0]
|
114
|
+
end
|
115
|
+
record=Hash[header.zip(entry)] unless entry[0].nil?
|
116
|
+
puts "User record: #{record}" if @verbose
|
117
|
+
org_entitlement[cur_org_id]=record unless org_entitlement.key?(cur_org_id)
|
118
|
+
line_cnt+=1
|
119
|
+
end
|
120
|
+
return org_entitlement
|
121
|
+
rescue => ee
|
122
|
+
puts "Exception on method #{__method__}: #{ee}"
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
# Procedures to add additonal field 'dn' into the @yst_user_entitlement data structure, by person the AD search
|
127
|
+
def insert_dn
|
128
|
+
begin
|
129
|
+
puts "Insert DN into the record ..." if @verbose
|
130
|
+
tracker = Ucert::AdTracker.new(:verbose=>@verbose)
|
131
|
+
@yst_user_entitlement.each do |index, record|
|
132
|
+
puts "\n\nPerform DN lookup for record: #{record}" if @verbose
|
133
|
+
key1 = record['USER_NAME'] if record['USER_NAME']
|
134
|
+
key2 = record['EMAIL'] if record['EMAIL']
|
135
|
+
key3 = key2.gsub(/\d+/,"")
|
136
|
+
key4 = key3.split("_")[0]
|
137
|
+
my_key = key1.upcase + ":" + key2.upcase
|
138
|
+
puts "Perform 1st order search from the local cache: #{my_key}" if @verbose
|
139
|
+
if @yst_2_ad_user.key?(my_key)
|
140
|
+
dn=@yst_2_ad_user[my_key]
|
141
|
+
# additional logic to update the existing DN record
|
142
|
+
unless tracker.ad_person_records.key?(dn)
|
143
|
+
dn = update_dn(tracker,dn)
|
144
|
+
end
|
145
|
+
puts "Found in the local cache file: #{dn}" if @verbose
|
146
|
+
else
|
147
|
+
if dn.nil? and !key1.nil?
|
148
|
+
puts "Perform 2nd order search only if the 1st one fail, by using: #{key1}" if @verbose
|
149
|
+
dn = tracker.ad_search_by_text(key1, "person")
|
150
|
+
end
|
151
|
+
if dn.nil? and !key2.nil?
|
152
|
+
puts "Perform 3rd order search only if the last fail, by using: #{key2}" if @verbose
|
153
|
+
dn = tracker.ad_search_by_text(key2, "person")
|
154
|
+
end
|
155
|
+
if dn.nil? and !key3.nil?
|
156
|
+
puts "Perform 4th order search only if the last fail, by using: #{key3}" if @verbose
|
157
|
+
dn = tracker.ad_search_by_text(key3, "person")
|
158
|
+
end
|
159
|
+
if dn.nil? and !key4.nil?
|
160
|
+
puts "Perform 5th order search only if the last fail, by using: #{key4}" if @verbose
|
161
|
+
dn = tracker.ad_search_by_text(key4, "person")
|
162
|
+
end
|
163
|
+
end
|
164
|
+
@yst_user_entitlement[index]['DN'] = dn
|
165
|
+
end
|
166
|
+
tracker=nil
|
167
|
+
rescue => ee
|
168
|
+
puts "Exception on method #{__method__}: #{ee}"
|
169
|
+
tracker=nil
|
170
|
+
end
|
171
|
+
end
|
172
|
+
|
173
|
+
# DN lookup via YST for systems under YST, such as CVM
|
174
|
+
def yst_id_2_dn (id)
|
175
|
+
@yst_user_entitlement.each do |key,val|
|
176
|
+
return val["DN"] if val["USER_ID"] == id.strip
|
177
|
+
end
|
178
|
+
return nil
|
179
|
+
end
|
180
|
+
|
181
|
+
|
182
|
+
# Print out the user entitlement table in plain text, to be imported into database
|
183
|
+
def print_user_entitlement
|
184
|
+
begin
|
185
|
+
puts "User Entitlement Report in Plain-text Format" if @verbose
|
186
|
+
@yst_user_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
|
187
|
+
puts if @verbose
|
188
|
+
@yst_user_entitlement.values.map do |rec|
|
189
|
+
rec.each {|k,v| print v,"|"}
|
190
|
+
puts
|
191
|
+
end
|
192
|
+
rescue => ee
|
193
|
+
puts "Exception on method #{__method__}: #{ee}"
|
194
|
+
end
|
195
|
+
end
|
196
|
+
alias_method :print_user, :print_user_entitlement
|
197
|
+
|
198
|
+
# Print out the org entitlement table in plain text, to be imported into database
|
199
|
+
def print_org_entitlement
|
200
|
+
begin
|
201
|
+
puts "Organization Entitlement Report in Plain-text Format" if @verbose
|
202
|
+
@yst_org_entitlement.first[1].each {|k,v| print k,"|"} if @verbose
|
203
|
+
puts if @verbose
|
204
|
+
@yst_org_entitlement.values.map do |rec|
|
205
|
+
rec.each {|k,v| print v,"|"}
|
206
|
+
puts
|
207
|
+
end
|
208
|
+
rescue => ee
|
209
|
+
puts "Exception on method #{__method__}: #{ee}"
|
210
|
+
end
|
211
|
+
end
|
212
|
+
alias_method :print_org, :print_org_entitlement
|
213
|
+
|
214
|
+
# Save the Yi Shi Tong to AD user mapping relation into the cache file
|
215
|
+
def save_yst_user_map!(file=@file_user_map)
|
216
|
+
puts "Saving the known Yst to AD user mapping relationship to file: #{file} ..." if @verbose
|
217
|
+
begin
|
218
|
+
timestamp=Time.now
|
219
|
+
f=File.open(file, 'w')
|
220
|
+
f.write "# local Yst to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
|
221
|
+
@yst_user_entitlement.values.map do |record|
|
222
|
+
key = record['USER_NAME'].upcase + ':' + record['EMAIL'].upcase
|
223
|
+
value = record['DN']
|
224
|
+
f.write "\n#{key}|#{value}"
|
225
|
+
end
|
226
|
+
f.close
|
227
|
+
puts "Yst to AD user map file is successfully saved to: #{file}" if @verbose
|
228
|
+
rescue => ee
|
229
|
+
puts "Exception on method #{__method__}: #{ee}" if @verbose
|
230
|
+
end
|
231
|
+
end
|
232
|
+
alias_method :save!, :save_yst_user_map!
|
233
|
+
|
234
|
+
# Search user entitlement record by AD DN
|
235
|
+
def yst_search_by_dn (dn)
|
236
|
+
begin
|
237
|
+
puts "Perform search on the user entitlement record by AD DN: #{dn}" if @verbose
|
238
|
+
@yst_user_entitlement.each do |key, val|
|
239
|
+
return val if @yst_user_entitlement[key]['DN'].eql? dn
|
240
|
+
end
|
241
|
+
return nil
|
242
|
+
rescue => ee
|
243
|
+
puts "Exception on method #{__method__}: #{ee}"
|
244
|
+
end
|
245
|
+
end
|
246
|
+
alias_method :search_by_dn, :yst_search_by_dn
|
247
|
+
|
248
|
+
# Search user entitlement record by USER_ID
|
249
|
+
def yst_search_by_id (id)
|
250
|
+
begin
|
251
|
+
puts "Perform search on the user entitlement record by USER_ID: #{id}" if @verbose
|
252
|
+
@yst_user_entitlement.each do |key, val|
|
253
|
+
return val if @yst_user_entitlement[key]['USER_ID'].eql? id.strip
|
254
|
+
end
|
255
|
+
return nil
|
256
|
+
rescue => ee
|
257
|
+
puts "Exception on method #{__method__}: #{ee}"
|
258
|
+
end
|
259
|
+
end
|
260
|
+
alias_method :search_by_id, :yst_search_by_id
|
261
|
+
|
262
|
+
private :parse_yst_user_report, :parse_yst_org_report, :insert_dn
|
263
|
+
|
264
|
+
end
|