import time from Crypto import Random from twitter.common import log from google.admin import GoogleAdminApi from google.calendar import GoogleCalendarApi from google.drive import GoogleDriveApi from google.gmail import GoogleGmailApi from google.oauth import GoogleOAuthApi from helper_functions import HelperFunctions from ldap_client import LDAPClient from pagerduty import PagerDutyApi from duo import DuoAdminApi config = HelperFunctions().read_config_from_yaml() NO_SUSPEND_ACTIONS = ["remove_from_oncalls", "org_unit_reset"] class Runner(object): def __init__(self, user=None): Random.atfork() self.ADMIN_USER = config["google_apps"]["admin_user"] self.DOMAIN = config["google_apps"]["domain"] self.use_proxy = config["defaults"]["http_proxy"]["use_proxy"] self.user = user self.admin_email = "%s@%s" % (self.ADMIN_USER, self.DOMAIN) self.user_email = "%s@%s" % (user, self.DOMAIN) self.google_oauth = GoogleOAuthApi(config=config) self.oauth_admin = self.google_oauth.get_oauth_token(self.admin_email) self.oauth_user = self.google_oauth.get_oauth_token(self.user_email) self.admin_api = GoogleAdminApi(self.oauth_admin, config=config["google_apps"]) self.gmail_api = GoogleGmailApi(self.oauth_user) self.drive_api = GoogleDriveApi(self.oauth_user) self.calendar_api = GoogleCalendarApi(self.oauth_user) self.ldap_client = LDAPClient(config=config["ldap"]) self.is_valid_user = self._is_valid_user() self.is_suspended_user = self._is_suspended_user() self.pagerduty_api = PagerDutyApi(config=config["pagerduty"], use_proxy=self.use_proxy, proxy_config=config["defaults"]["http_proxy"]) self.duo_api = DuoAdminApi(config=config["duo"], use_proxy=self.use_proxy, proxy_config=config["defaults"]["http_proxy"]) def _is_valid_user(self): """ Checks whether the user is a valid LDAP user. :return: bool Note: Additional check now makes sure the user's name on LDAP matches than on Google Apps. """ name_on_gapps = "" is_valid = self.ldap_client.is_valid_user(user=self.user) user_info = self.ldap_client.get_user_info(user=self.user) name_on_ldap = user_info["sn"][0] if self.oauth_admin is not None: try: name_on_gapps = ("{familyName}" .format(**self.admin_api.get_user_name(self.user_email))) except (TypeError, UnicodeEncodeError) as e: log.info("is_valid: %s" % e) log.info("user: %s - is_valid: %r - name_on_ldap: %s - name_on_gapps: %s" % (self.user, is_valid, name_on_ldap, name_on_gapps)) if is_valid and name_on_ldap == name_on_gapps: return True else: return False def _is_suspended_user(self): """ Checks whether the user is suspended. :return: bool """ is_suspended = False if self.is_valid_user: is_suspended = self.admin_api.is_suspended(self.user_email) log.info("user: %s - is_suspended: %r" % (self.user, is_suspended)) return is_suspended def suspend_user(self, suspend): """ Suspends or un-suspends a user. :param: suspend: bool """ msg = "" if self.is_valid_user: if suspend and self._is_suspended_user(): msg = "%s - User already suspended" % self.user elif suspend and not self._is_suspended_user(): self.admin_api.suspend(self.user_email) msg = "%s - User was suspended" % self.user elif not suspend and self._is_suspended_user(): self.admin_api.un_suspend(self.user_email) while self._is_suspended_user(): # workaround for google api delays in propagation time.sleep(8) msg = "%s - User was un-suspended" % self.user elif not suspend and not self._is_suspended_user(): msg = "%s - User already un-suspended" % self.user else: msg = "%s - Not a valid LDAP user" % self.user log.info(msg) return msg def perform_action(self, api_connector, action, kwargs): """ Performs offboarding actions selected from the Web UI form. :param api_connector: string of the API connector to use :param action: name of action to be performed :return: msg log for action performed, along with status Note: action item must match function names of the equivalent API class. """ msg = "" if self.is_valid_user: if self.is_suspended_user and action not in NO_SUSPEND_ACTIONS: self.suspend_user(False) connector = getattr(self, api_connector) result = getattr(connector, action)(self.user_email, **kwargs) if type(result) is dict: results = [] for k, v in result.items(): if v is True: results.append("<span class='text-success'>%s</span>" % k) elif v is False: results.append("<span class='text-danger'>%s</span>" % k) else: results.append(k) if not results: results = "<span class='text-success'>SUCCESS</span>" msg = "<p>%s: %s</p>" % (action.replace("_", " ").upper(), results) else: if result is False: msg_color = "danger" msg_text = "FAILED" elif result is True: msg_color = "success" msg_text = "SUCCESS" elif result is None: msg_color = "danger" msg_text = "FAILED (EMPTY RESULT)" else: msg_color = "success" msg_text = "SUCCESS" msg = ("<p>%s: <span class=\"text-%s\">%s</span></p>" % (action.replace("_", " ").upper(), msg_color, msg_text)) else: msg = "<p><span class=\"text-danger\">FAILED - INVALID USER</span></p>" log.info(msg) return msg