From 5efaeb07daac00012eff7d26c17f84764644af03 Mon Sep 17 00:00:00 2001 From: George Taylor Date: Wed, 6 Sep 2023 11:03:07 +0100 Subject: [PATCH] Nit 824 nit 823 - update user roles and user notes (#18) * new functions and structure * find common entries in both * refactor + python rewrite foruser roles * remove action * remove debugging * start oracle db * add update notes * typo + rm commented code * refactor + comments * Update __init__.py * fix logger duplicates * re format + remove print debugging * log levels + debugging * Update logger.py * fixes requirements * reformat connection for oracle * Update user.py * Update user.py * Update user.py * Update user.py * Update user.py * Update user.py * Update user.py * Update user.py * bind by name * Update user.py * Update user.py * Update user.py * Update user.py * Update user.py * Update user.py * add handling for user notes --- cli/__init__.py | 48 +++++- cli/database/__init__.py | 13 ++ cli/git/__init__.py | 2 - cli/ldap/__init__.py | 4 +- cli/ldap/add_roles_to_username.py | 42 ------ cli/ldap/rbac.py | 90 +++++++----- cli/ldap/update_user_home_areas.py | 30 ---- cli/ldap/user.py | 229 +++++++++++++++++++++++++++++ cli/logger.py | 53 +++++++ cli/logging.py | 25 ---- setup.py | 11 +- 11 files changed, 405 insertions(+), 142 deletions(-) create mode 100644 cli/database/__init__.py delete mode 100644 cli/ldap/add_roles_to_username.py delete mode 100644 cli/ldap/update_user_home_areas.py create mode 100644 cli/ldap/user.py create mode 100644 cli/logger.py delete mode 100644 cli/logging.py diff --git a/cli/__init__.py b/cli/__init__.py index 706b9fd..fab1241 100644 --- a/cli/__init__.py +++ b/cli/__init__.py @@ -1,8 +1,7 @@ import click -import cli.ldap.add_roles_to_username, cli.ldap.rbac, cli.ldap.update_user_home_areas +import cli.ldap.rbac, cli.ldap.user -from cli import git -import cli.env +from cli import git, logger @click.group() @@ -15,16 +14,48 @@ def main_group(): @click.option("-r", "--root-dn", help="Root DN to add users to", default="dc=moj,dc=com") @click.argument("user-role-list", required=True) def add_roles_to_users(user_ou, root_dn, user_role_list): - cli.ldap.add_roles_to_username.process_user_roles_list(user_role_list, user_ou, root_dn) + cli.ldap.user.process_user_roles_list(user_role_list, user_ou, root_dn) # Update user home area @click.command() @click.option("-o", "--old-home-area", help="name of old home area", required=True) @click.option("-n", "--new-home-area", help="name of new home area", required=True) -def update_user_home_areas(old_home_area, new_home_area): - base_dn = env.vars.get("LDAP_CONFIG").get("base_users") - cli.ldap.update_user_home_areas.update_user_home_areas(old_home_area, new_home_area, base_dn) +@click.option("-u", "--user-ou", help="OU to add users to, defaults to ou=Users", default="ou=Users") +@click.option("-r", "--root-dn", help="Root DN to add users to, defaults to dc=moj,dc=com", default="dc=moj,dc=com") +def update_user_home_areas(old_home_area, new_home_area, user_ou, root_dn): + cli.ldap.user.change_home_areas(old_home_area, new_home_area, user_ou, root_dn) + + +# Update user roles +@click.command() +@click.argument("roles", required=True) +@click.argument("user-note", required=False) +@click.option("-u", "--user-ou", help="OU to add users to, defaults to ou=Users", default="ou=Users") +@click.option("-r", "--root-dn", help="Root DN to add users to, defaults to dc=moj,dc=com", default="dc=moj,dc=com") +@click.option("--add", help="Add role to users", is_flag=True) +@click.option("--remove", help="Remove role from users", is_flag=True) +@click.option("--update-notes", help="Remove role from users", is_flag=True) +@click.option( + "-rf", + "--role-filter", + help='Comma seperated string to generate roles filter from eg "role1,role2,role3"', + required=False, + default="*", +) +@click.option("-uf", "--user-filter", help="Filter to find users", required=False, default="(userSector=*)") +def update_user_roles(roles, user_ou, root_dn, add, remove, update_notes, user_note, user_filter, role_filter): + cli.ldap.user.update_roles( + roles, + user_ou, + root_dn, + add, + remove, + update_notes, + user_note=user_note, + user_filter=user_filter, + role_filter=role_filter, + ) @click.command() @@ -38,6 +69,9 @@ def rbac_uplift(rbac_repo_tag): main_group.add_command(add_roles_to_users) main_group.add_command(rbac_uplift) main_group.add_command(update_user_home_areas) +main_group.add_command(update_user_roles) + +logger.configure_logging() if __name__ == "__main__": main_group() diff --git a/cli/database/__init__.py b/cli/database/__init__.py new file mode 100644 index 0000000..9b64657 --- /dev/null +++ b/cli/database/__init__.py @@ -0,0 +1,13 @@ +import oracledb +from cli import env +from cli.logger import log + + +def connection(): + try: + conn = oracledb.connect(env.secrets.get("DB_CONNECTION_STRING")) + log.debug("Created database connection successfully") + return conn + except Exception as e: + log.exception(e) + raise e diff --git a/cli/git/__init__.py b/cli/git/__init__.py index 5378e65..2486329 100644 --- a/cli/git/__init__.py +++ b/cli/git/__init__.py @@ -1,10 +1,8 @@ -from github import Github, Auth from git import Repo import jwt import time import requests import logging -from cli import env def get_access_token(app_id, private_key, installation_id): diff --git a/cli/ldap/__init__.py b/cli/ldap/__init__.py index a969c09..07fe481 100644 --- a/cli/ldap/__init__.py +++ b/cli/ldap/__init__.py @@ -1,10 +1,10 @@ from ldap3 import Server, Connection, ALL -from logging import log # import oracledb def ldap_connect(ldap_host, ldap_user, ldap_password): - server = Server(ldap_host, get_info=ALL) + server = Server(ldap_host) + return Connection( server=server, user=ldap_user, password=ldap_password, auto_bind="NO_TLS", authentication="SIMPLE" ) diff --git a/cli/ldap/add_roles_to_username.py b/cli/ldap/add_roles_to_username.py deleted file mode 100644 index c1736a9..0000000 --- a/cli/ldap/add_roles_to_username.py +++ /dev/null @@ -1,42 +0,0 @@ -from cli.logging import log -from cli import env -from cli.ldap import ldap_connect - - -def parse_user_role_list(user_role_list): - # The format of the list should be a pipe separated list of username and role lists, - # where the username and role list is separated by a comma character, - # and the roles are separated by a semi-colon: - # username1,role1;role2;role3|username2,role1;role2 - - return {user.split(",")[0]: user.split(",")[1].split(";") for user in user_role_list.split("|")} - - -def add_roles_to_user(username, roles, user_ou="ou=Users", root_dn="dc=moj,dc=com"): - log.info(f"Adding roles {roles} to user {username}") - ldap_connection = ldap_connect( - env.vars.get("LDAP_HOST"), env.vars.get("LDAP_USER"), env.secrets.get("LDAP_BIND_PASSWORD") - ) - for role in roles: - ldap_connection.add( - f"cn={role},cn={username},{user_ou},{root_dn}", - attributes={ - "objectClass": ["NDRoleAssociation", "alias"], - "aliasedObjectName": f"cn={role},cn={username},cn=ndRoleCatalogue,{root_dn}", - }, - ) - if ldap_connection.result["result"] == 0: - print(f"Successfully added role {role} to user {username}") - elif ldap_connection.result["result"] == 68: - print(f"Role {role} already exists for user {username}") - else: - print(ldap_connection.result) - print(ldap_connection.response) - raise Exception(f"Failed to add role {role} to user {username}") - - -def process_user_roles_list(user_role_list, user_ou="ou=Users", root_dn="dc=moj,dc=com"): - log.info(f"secrets: {env.secrets}") - user_roles = parse_user_role_list(user_role_list) - for user, roles in user_roles.items(): - add_roles_to_user(user, roles, user_ou, root_dn) diff --git a/cli/ldap/rbac.py b/cli/ldap/rbac.py index c942a1f..a73adae 100644 --- a/cli/ldap/rbac.py +++ b/cli/ldap/rbac.py @@ -1,11 +1,9 @@ -import re - import ldap3.utils.hashed from cli.ldap import ldap_connect from cli import env import cli.git as git import glob -from cli.logging import log +from cli.logger import log from pathlib import Path import cli.template from ldif import LDIFParser @@ -73,10 +71,15 @@ def context_ldif(rendered_files): env.vars.get("LDAP_HOST"), env.vars.get("LDAP_USER"), env.secrets.get("LDAP_BIND_PASSWORD") ) ldap_connection.add(dn, attributes=record) - if any(result not in [0, 68] for result in ldap_connection.result["result"]): - log.debug(ldap_connection.result) - log.debug(ldap_connection.response) - raise Exception(f"Failed to add context {dn}, status: {ldap_connection.result['result']}") + print(ldap_connection.result["result"]) + if ldap_connection.result["result"] == 0: + print(f"Successfully added context") + elif ldap_connection.result["result"] == 68: + print(f"{dn} already exists") + else: + print(ldap_connection.result) + print(ldap_connection.response) + raise Exception(f"Failed to add {dn}... {record}") def group_ldifs(rendered_files): @@ -98,12 +101,14 @@ def group_ldifs(rendered_files): if record.get("description"): print("updating description") ldap_connection.modify(dn, {"description": [(ldap3.MODIFY_REPLACE, record["description"])]}) - if any(result not in [0, 68] for result in ldap_connection.result["result"]): - log.debug(ldap_connection.result) - log.debug(ldap_connection.response) - raise Exception( - f"Failed to update description for group {dn}, status: {ldap_connection.result['result']}" - ) + if ldap_connection.result["result"] == 0: + print(f"Successfully added groups") + elif ldap_connection.result["result"] == 68: + print(f"{dn} already exists") + else: + print(ldap_connection.result) + print(ldap_connection.response) + raise Exception(f"Failed to add {dn}... {record}") def policy_ldifs(rendered_files): @@ -126,10 +131,14 @@ def policy_ldifs(rendered_files): # print(record) # add the record to ldap ldap_connection.add(dn, attributes=record) - if any(result not in [0, 68] for result in ldap_connection.result["result"]): - log.debug(ldap_connection.result) - log.debug(ldap_connection.response) - raise Exception(f"Failed to add policy {dn}, status: {ldap_connection.result['result']}") + if ldap_connection.result["result"] == 0: + print(f"Successfully added policies") + elif ldap_connection.result["result"] == 68: + print(f"{dn} already exists") + else: + print(ldap_connection.result) + print(ldap_connection.response) + raise Exception(f"Failed to add {dn}... {record}") def role_ldifs(rendered_files): @@ -156,10 +165,14 @@ def role_ldifs(rendered_files): # print(record) # add the record to ldap ldap_connection.add(dn, attributes=record) - if any(result not in [0, 68] for result in ldap_connection.result["result"]): - log.debug(ldap_connection.result) - log.debug(ldap_connection.response) - raise Exception(f"Failed to add role {dn}, status: {ldap_connection.result['result']}") + if ldap_connection.result["result"] == 0: + print(f"Successfully added roles") + elif ldap_connection.result["result"] == 68: + print(f"{dn} already exists") + else: + print(ldap_connection.result) + print(ldap_connection.response) + raise Exception(f"Failed to add {dn}... {record}") # not complete!! @@ -182,10 +195,14 @@ def schema_ldifs(rendered_files): # print(record) # add the record to ldap ldap_connection.add(dn, attributes=record) - if any(result not in [0, 68] for result in ldap_connection.result["result"]): - log.debug(ldap_connection.result) - log.debug(ldap_connection.response) - raise Exception(f"Failed to add schema {dn}, status: {ldap_connection.result['result']}") + if ldap_connection.result["result"] == 0: + print(f"Successfully added schemas") + elif ldap_connection.result["result"] == 68: + print(f"{dn} already exists") + else: + print(ldap_connection.result) + print(ldap_connection.response) + raise Exception(f"Failed to add {dn}... {record}") def user_ldifs(rendered_files): @@ -202,13 +219,16 @@ def user_ldifs(rendered_files): # loop through the records for dn, record in parser.parse(): print("got entry record: %s" % dn) + + # for each user find child entries and delete them + ldap_connection.search(dn, "(objectclass=*)", search_scope=ldap3.SUBTREE) + for entry in ldap_connection.entries: + print(entry.entry_dn) + ldap_connection.delete(entry.entry_dn) + # print(record) # add the record to ldap ldap_connection.delete(dn) - if any(result not in [0, 68] for result in ldap_connection.result["result"]): - log.debug(ldap_connection.result) - log.debug(ldap_connection.response) - raise Exception(f"Failed to delete user {dn}, status: {ldap_connection.result['result']}") # loop through the user files for file in user_files: @@ -220,10 +240,14 @@ def user_ldifs(rendered_files): # print(record) # add the record to ldap ldap_connection.add(dn, attributes=record) - if any(result not in [0, 68] for result in ldap_connection.result["result"]): - log.debug(ldap_connection.result) - log.debug(ldap_connection.response) - raise Exception(f"Failed to add user {dn}, status: {ldap_connection.result['result']}") + if ldap_connection.result["result"] == 0: + print(f"Successfully added users") + elif ldap_connection.result["result"] == 68: + print(f"{dn} already exists") + else: + print(ldap_connection.result) + print(ldap_connection.response) + raise Exception(f"Failed to add {dn}... {record}") def main(rbac_repo_tag, clone_path="./rbac"): diff --git a/cli/ldap/update_user_home_areas.py b/cli/ldap/update_user_home_areas.py deleted file mode 100644 index 1a34b3f..0000000 --- a/cli/ldap/update_user_home_areas.py +++ /dev/null @@ -1,30 +0,0 @@ -from cli.logging import log -from cli import env - -from cli.ldap import ldap_connect -import ldap3 -from ldap3 import MODIFY_REPLACE - - -def update_user_home_areas(old_home_area, new_home_area, base_dn, attribute="userHomeArea", object_class="NDUser"): - log.info(f"Updating user home areas from {old_home_area} to {new_home_area}") - ldap_connection = ldap_connect( - env.vars.get("LDAP_HOST"), env.vars.get("LDAP_USER"), env.secrets.get("LDAP_BIND_PASSWORD") - ) - - search_filter = ( - f"(&(objectclass={object_class})(userHomeArea={old_home_area})(!(cn={old_home_area}))(!(endDate=*)))" - ) - ldap_connection.search(base_dn, search_filter, attributes=[attribute]) - - # Iterate through the search results and update the attribute - for entry in ldap_connection.entries: - dn = entry.entry_dn - changes = {attribute: [(MODIFY_REPLACE, [new_home_area])]} - ldap_connection.modify(dn, changes) - - # Check if the modification was successful - if ldap_connection.result["result"] == 0: - log.info(f"Successfully updated {attribute} for {dn}") - else: - log.error(f"Failed to update {attribute} for {dn}: {ldap_connection.result}") diff --git a/cli/ldap/user.py b/cli/ldap/user.py new file mode 100644 index 0000000..16b6fed --- /dev/null +++ b/cli/ldap/user.py @@ -0,0 +1,229 @@ +import oracledb + +import cli.ldap + +from cli.logger import log +from cli import env + +from cli.ldap import ldap_connect +from ldap3 import MODIFY_REPLACE, DEREF_NEVER + +import cli.database +from itertools import product + + +######################################### +# Change a users home area +######################################### +def change_home_areas(old_home_area, new_home_area, user_ou, root_dn, attribute="userHomeArea", object_class="NDUser"): + log.info(f"Updating user home areas from {old_home_area} to {new_home_area}") + ldap_connection = ldap_connect( + env.vars.get("LDAP_HOST"), env.vars.get("LDAP_USER"), env.secrets.get("LDAP_BIND_PASSWORD") + ) + + search_filter = ( + f"(&(objectclass={object_class})(userHomeArea={old_home_area})(!(cn={old_home_area}))(!(endDate=*)))" + ) + ldap_connection.search(",".join([user_ou, root_dn]), search_filter, attributes=[attribute]) + + # Iterate through the search results and update the attribute + for entry in ldap_connection.entries: + dn = entry.entry_dn + changes = {attribute: [(MODIFY_REPLACE, [new_home_area])]} + ldap_connection.modify(dn, changes) + + # Check if the modification was successful + if ldap_connection.result["result"] == 0: + log.info(f"Successfully updated {attribute} for {dn}") + else: + log.error(f"Failed to update {attribute} for {dn}: {ldap_connection.result}") + + +######################################### +# Add roles to a user +######################################### + + +def parse_user_role_list(user_role_list): + # The format of the list should be a pipe separated list of username and role lists, + # where the username and role list is separated by a comma character, + # and the roles are separated by a semi-colon: + # username1,role1;role2;role3|username2,role1;role2 + + return {user.split(",")[0]: user.split(",")[1].split(";") for user in user_role_list.split("|")} + + +def add_roles_to_user(username, roles, user_ou="ou=Users", root_dn="dc=moj,dc=com"): + log.info(f"Adding roles {roles} to user {username}") + ldap_connection = ldap_connect( + env.vars.get("LDAP_HOST"), env.vars.get("LDAP_USER"), env.secrets.get("LDAP_BIND_PASSWORD") + ) + for role in roles: + ldap_connection.add( + f"cn={role},cn={username},{user_ou},{root_dn}", + attributes={ + "objectClass": ["NDRoleAssociation", "alias"], + "aliasedObjectName": f"cn={role},cn={username},cn=ndRoleCatalogue,{user_ou},{root_dn}", + }, + ) + if ldap_connection.result["result"] == 0: + print(f"Successfully added role {role} to user {username}") + elif ldap_connection.result["result"] == 68: + print(f"Role {role} already exists for user {username}") + else: + print(ldap_connection.result) + print(ldap_connection.response) + raise Exception(f"Failed to add role {role} to user {username}") + + +def process_user_roles_list(user_role_list, user_ou="ou=Users", root_dn="dc=moj,dc=com"): + log.info(f"secrets: {env.secrets}") + user_roles = parse_user_role_list(user_role_list) + for user, roles in user_roles.items(): + add_roles_to_user(user, roles, user_ou, root_dn) + + +######################################### +# Update user roles +######################################### + + +def update_roles( + roles, + user_ou, + root_dn, + add, + remove, + update_notes, + user_note, + user_filter="(userSector=*)", + role_filter="*", +): + if update_notes and (user_note is None or len(user_note) < 1): + log.error("User note must be provided when updating notes") + raise Exception("User note must be provided when updating notes") + ldap_connection_user_filter = ldap_connect( + env.vars.get("LDAP_HOST"), env.vars.get("LDAP_USER"), env.secrets.get("LDAP_BIND_PASSWORD") + ) + + # # Search for users matching the user_filter + ldap_connection_user_filter.search(",".join([user_ou, root_dn]), user_filter, attributes=["cn"]) + users_found = sorted([entry.cn.value for entry in ldap_connection_user_filter.entries if entry.cn.value]) + log.debug("users found from user filter") + log.debug(users_found) + ldap_connection_user_filter.unbind() + + roles_filter_list = role_filter.split(",") + roles = roles.split(",") + + # create role filter + if len(roles_filter_list) > 0: + full_role_filter = ( + f"(&(objectclass=NDRoleAssociation)(|{''.join(['(cn=' + role + ')' for role in roles_filter_list])}))" + ) + else: + full_role_filter = "(&(objectclass=NDRoleAssociation)(cn=*))" + + # Search for roles matching the role_filter + ldap_connection_role_filter = ldap_connect( + env.vars.get("LDAP_HOST"), env.vars.get("LDAP_USER"), env.secrets.get("LDAP_BIND_PASSWORD") + ) + + ldap_connection_role_filter.search( + ",".join([user_ou, root_dn]), + full_role_filter, + attributes=["cn"], + dereference_aliases=DEREF_NEVER, + ) + roles_found = sorted( + list(set([entry.entry_dn.split(",")[1].split("=")[1] for entry in ldap_connection_role_filter.entries])) + ) + log.debug("users found from roles filter: ") + log.debug(roles_found) + + ldap_connection_role_filter.unbind() + + # generate a list of matches in roles and users + matched_users = set(users_found) & set(roles_found) + log.debug("matched users: ") + log.debug(matched_users) + + # cartesian_product = [(user, role) for user in matched_users for role in roles] + + cartesian_product = list(product(matched_users, roles)) + log.debug("cartesian product: ") + log.debug(cartesian_product) + + ldap_connection_action = ldap_connect( + env.vars.get("LDAP_HOST"), env.vars.get("LDAP_USER"), env.secrets.get("LDAP_BIND_PASSWORD") + ) + + for item in cartesian_product: + if add: + ldap_connection_action.add( + f"cn={item[1]},cn={item[0]},{user_ou},{root_dn}", + attributes={ + "cn": item[1], + "aliasedObjectName": f"cn={item[1]},cn=ndRoleCatalogue,{user_ou},{root_dn}", + "objectClass": ["NDRoleAssociation", "alias", "top"], + }, + ) + if ldap_connection_action.result["result"] == 0: + log.info(f"Successfully added role '{item[1]}' to user '{item[0]}'") + elif ldap_connection_action.result["result"] == 68: + log.info(f"Role '{item[1]}' already present for user '{item[0]}'") + else: + log.error(f"Failed to add role '{item[1]}' to user '{item[0]}'") + log.debug(ldap_connection_action.result) + elif remove: + ldap_connection_action.delete(f"cn={item[1]},cn={item[0]},{user_ou},{root_dn}") + if ldap_connection_action.result["result"] == 0: + log.info(f"Successfully removed role '{item[1]}' from user '{item[0]}'") + elif ldap_connection_action.result["result"] == 32: + log.info(f"Role '{item[1]}' already absent for user '{item[0]}'") + else: + log.error(f"Failed to remove role '{item[1]}' from user '{item[0]}'") + log.debug(ldap_connection_action.result) + else: + log.error("No action specified") + + if update_notes: + connection = cli.database.connection() + log.debug("Created database cursor successfully") + for user in matched_users: + try: + update_sql = "UPDATE USER_ SET LAST_UPDATED_DATETIME=CURRENT_DATE, LAST_UPDATED_USER_ID=4 WHERE UPPER(DISTINGUISHED_NAME)=UPPER(:user_dn)" + update_cursor = connection.cursor() + update_cursor.execute(update_sql, [user]) + update_cursor.close() + + insert_sql = """ + INSERT INTO USER_NOTE ( + USER_NOTE_ID, + USER_ID, + LAST_UPDATED_USER_ID, + LAST_UPDATED_DATETIME, + NOTES + ) + SELECT + user_note_id_seq.nextval, + USER_ID, + 4, + sysdate, + :user_note + FROM + USER_ + WHERE + UPPER(DISTINGUISHED_NAME) = UPPER(:user_dn) + """ + insert_cursor = connection.cursor() + insert_cursor.setinputsizes(user_note=oracledb.CLOB) + insert_cursor.execute(insert_sql, user_note=user_note, user_dn=user) + insert_cursor.close() + + log.info(f"Updated notes for user {user}") + connection.commit() + log.info("Committed changes to database successfully") + except: + log.exception(f"Failed to update notes for user {user}") + connection.close() diff --git a/cli/logger.py b/cli/logger.py new file mode 100644 index 0000000..aba6e5f --- /dev/null +++ b/cli/logger.py @@ -0,0 +1,53 @@ +import logging +import cli.env + + +def configure_logging(): + class SensitiveFormatter(logging.Formatter): + """Formatter that removes secrets from log messages.""" + + def __init__(self, format_str=None, datefmt_str=None): + super().__init__(fmt=format_str, datefmt=datefmt_str) + self._secrets_set = set(cli.env.secrets.values()) # Retrieve secrets set here + self.default_msec_format = "%s.%03d" + + def _filter(self, s): + redacted = " ".join( + ["*" * len(string) if string in self._secrets_set else string for string in s.split(" ")] + ) + + return redacted + + def format(self, record): + original = super().format(record) + return self._filter(original) + + print("configure_logging") + """Configure logging based on environment variables.""" + format = cli.env.vars.get("LOG_FORMAT") or "%(asctime)s.%(msecs)03d - %(levelname)s: %(message)s" + datefmt = cli.env.vars.get("LOG_DATE_FORMAT") or "%Y-%m-%d %H:%M:%S" + + log = logging.getLogger(__name__) + + if logging.root.hasHandlers(): + logging.root.handlers = [] + + handler = logging.StreamHandler() + handler.setFormatter(SensitiveFormatter(format_str=format, datefmt_str=datefmt)) + logging.root.addHandler(handler) + if cli.env.vars.get("LOG_LEVEL") == "DEBUG": + print("DEBUG") + log.setLevel(logging.DEBUG) + elif cli.env.vars.get("LOG_LEVEL") == "WARNING": + print("WARNING") + log.setLevel(logging.WARNING) + elif cli.env.vars.get("LOG_LEVEL") == "ERROR": + print("ERROR") + log.setLevel(logging.ERROR) + elif cli.env.vars.get("LOG_LEVEL") == "INFO": + print("INFO") + log.setLevel(logging.INFO) + return True + + +log = logging.getLogger(__name__) diff --git a/cli/logging.py b/cli/logging.py deleted file mode 100644 index 4ab4238..0000000 --- a/cli/logging.py +++ /dev/null @@ -1,25 +0,0 @@ -import logging -import cli.env - - -class SensitiveFormatter(logging.Formatter): - """Formatter that removes secrets from log messages.""" - - @staticmethod - def _filter(s): - secrets_set = set(cli.env.secrets.values()) - redacted = " ".join([s.replace(secret, "*" * len(secret)) for secret in secrets_set if secret is not None]) - return redacted - - def format(self, record): - original = logging.Formatter.format(self, record) - return self._filter(original) - - -if cli.env.vars.get("DEBUG") == 1: - logging.basicConfig(level=logging.DEBUG) -else: - logging.basicConfig(level=logging.INFO) -log = logging.getLogger(__name__) -for handler in log.root.handlers: - handler.setFormatter(SensitiveFormatter()) diff --git a/setup.py b/setup.py index b8e1107..cd85c83 100644 --- a/setup.py +++ b/setup.py @@ -1,10 +1,19 @@ from setuptools import setup, find_packages +# Read requirements from requirements.txt +with open("requirements.txt") as f: + requirements = f.read().splitlines() + +standard_pkgs = [r for r in requirements if not r.startswith("git+")] +git_pkgs = [r for r in requirements if r.startswith("git+")] +formatted_git_pkgs = [f"{git_pkg.split('/')[-1].split('.git@')[0]} @ {git_pkg}" for git_pkg in git_pkgs] +all_reqs = standard_pkgs + formatted_git_pkgs + setup( name="ldap-automation", version="0.1", packages=find_packages(), - install_requires=["Click", "ldap3", "PyGithub", "python-dotenv", "pyjwt", "GitPython"], + install_requires=all_reqs, entry_points=""" [console_scripts] ldap-automation=cli:main_group