-
Notifications
You must be signed in to change notification settings - Fork 20
/
runner.py
157 lines (139 loc) · 5.7 KB
/
runner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
import time
from Crypto import Random
from twitter.common import log
from google.admin import GoogleAdminApi
from google.calendar import GoogleCalendarApi
from google.drive import GoogleDriveApi
from google.gmail import GoogleGmailApi
from google.oauth import GoogleOAuthApi
from helper_functions import HelperFunctions
from ldap_client import LDAPClient
from pagerduty import PagerDutyApi
from duo import DuoAdminApi
config = HelperFunctions().read_config_from_yaml()
NO_SUSPEND_ACTIONS = ["remove_from_oncalls", "org_unit_reset"]
class Runner(object):
def __init__(self, user=None):
Random.atfork()
self.ADMIN_USER = config["google_apps"]["admin_user"]
self.DOMAIN = config["google_apps"]["domain"]
self.use_proxy = config["defaults"]["http_proxy"]["use_proxy"]
self.user = user
self.admin_email = "%s@%s" % (self.ADMIN_USER, self.DOMAIN)
self.user_email = "%s@%s" % (user, self.DOMAIN)
self.google_oauth = GoogleOAuthApi(config=config)
self.oauth_admin = self.google_oauth.get_oauth_token(self.admin_email)
self.oauth_user = self.google_oauth.get_oauth_token(self.user_email)
self.admin_api = GoogleAdminApi(self.oauth_admin, config=config["google_apps"])
self.gmail_api = GoogleGmailApi(self.oauth_user)
self.drive_api = GoogleDriveApi(self.oauth_user)
self.calendar_api = GoogleCalendarApi(self.oauth_user)
self.ldap_client = LDAPClient(config=config["ldap"])
self.is_valid_user = self._is_valid_user()
self.is_suspended_user = self._is_suspended_user()
self.pagerduty_api = PagerDutyApi(config=config["pagerduty"],
use_proxy=self.use_proxy,
proxy_config=config["defaults"]["http_proxy"])
self.duo_api = DuoAdminApi(config=config["duo"],
use_proxy=self.use_proxy,
proxy_config=config["defaults"]["http_proxy"])
def _is_valid_user(self):
"""
Checks whether the user is a valid LDAP user.
:return: bool
Note: Additional check now makes sure the user's name on LDAP matches than on Google Apps.
"""
name_on_gapps = ""
is_valid = self.ldap_client.is_valid_user(user=self.user)
user_info = self.ldap_client.get_user_info(user=self.user)
name_on_ldap = user_info["sn"][0]
if self.oauth_admin is not None:
try:
name_on_gapps = ("{familyName}"
.format(**self.admin_api.get_user_name(self.user_email)))
except (TypeError, UnicodeEncodeError) as e:
log.info("is_valid: %s" % e)
log.info("user: %s - is_valid: %r - name_on_ldap: %s - name_on_gapps: %s" %
(self.user, is_valid, name_on_ldap, name_on_gapps))
if is_valid and name_on_ldap == name_on_gapps:
return True
else:
return False
def _is_suspended_user(self):
"""
Checks whether the user is suspended.
:return: bool
"""
is_suspended = False
if self.is_valid_user:
is_suspended = self.admin_api.is_suspended(self.user_email)
log.info("user: %s - is_suspended: %r" % (self.user, is_suspended))
return is_suspended
def suspend_user(self, suspend):
"""
Suspends or un-suspends a user.
:param: suspend: bool
"""
msg = ""
if self.is_valid_user:
if suspend and self._is_suspended_user():
msg = "%s - User already suspended" % self.user
elif suspend and not self._is_suspended_user():
self.admin_api.suspend(self.user_email)
msg = "%s - User was suspended" % self.user
elif not suspend and self._is_suspended_user():
self.admin_api.un_suspend(self.user_email)
while self._is_suspended_user(): # workaround for google api delays in propagation
time.sleep(8)
msg = "%s - User was un-suspended" % self.user
elif not suspend and not self._is_suspended_user():
msg = "%s - User already un-suspended" % self.user
else:
msg = "%s - Not a valid LDAP user" % self.user
log.info(msg)
return msg
def perform_action(self, api_connector, action, kwargs):
"""
Performs offboarding actions selected from the Web UI form.
:param api_connector: string of the API connector to use
:param action: name of action to be performed
:return: msg log for action performed, along with status
Note: action item must match function names of the equivalent API class.
"""
msg = ""
if self.is_valid_user:
if self.is_suspended_user and action not in NO_SUSPEND_ACTIONS:
self.suspend_user(False)
connector = getattr(self, api_connector)
result = getattr(connector, action)(self.user_email, **kwargs)
if type(result) is dict:
results = []
for k, v in result.items():
if v is True:
results.append("<span class='text-success'>%s</span>" % k)
elif v is False:
results.append("<span class='text-danger'>%s</span>" % k)
else:
results.append(k)
if not results:
results = "<span class='text-success'>SUCCESS</span>"
msg = "<p>%s: %s</p>" % (action.replace("_", " ").upper(), results)
else:
if result is False:
msg_color = "danger"
msg_text = "FAILED"
elif result is True:
msg_color = "success"
msg_text = "SUCCESS"
elif result is None:
msg_color = "danger"
msg_text = "FAILED (EMPTY RESULT)"
else:
msg_color = "success"
msg_text = "SUCCESS"
msg = ("<p>%s: <span class=\"text-%s\">%s</span></p>" %
(action.replace("_", " ").upper(), msg_color, msg_text))
else:
msg = "<p><span class=\"text-danger\">FAILED - INVALID USER</span></p>"
log.info(msg)
return msg