Merge pull request #4 from strongdm/development

bump python version

Author: U Cirello

dist/strongdm-1.0.0.tar.gz

@@ -1,3 +1,17 @@
+# Copyright 2020 StrongDM Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
 import yaml
 import os
 import strongdm
@@ -6,25 +20,32 @@
 from okta.models.user.User import User
 from okta.models.usergroup.UserGroup import UserGroup
 
+
 def load_matchers():
     f = open('matchers.yml')
-    data = yaml.load(f, Loader = yaml.Loader)
+    data = yaml.load(f, Loader=yaml.Loader)
     return data
 
+
 class OktaUser:
     def __init__(self, login, first_name, last_name, groups):
         self.login = login
         self.first_name = first_name
         self.last_name = last_name
         self.groups = groups
+
     def __repr__(self):
-        return "%s %s"%(self.login,self.groups)
+        return "%s %s" % (self.login, self.groups)
+
 
 def load_okta_users():
     ret = []
-    apiClient = ApiClient(pathname='/api/v1/users', base_url=os.getenv('OKTA_CLIENT_ORGURL'), api_token=os.getenv('OKTA_CLIENT_TOKEN'))
+    apiClient = ApiClient(pathname='/api/v1/users',
+                          base_url=os.getenv('OKTA_CLIENT_ORGURL'),
+                          api_token=os.getenv('OKTA_CLIENT_TOKEN'))
     params = {
-        'search': "profile.department eq \"Engineering\" and (status eq \"ACTIVE\")"
+        'search':
+        "profile.department eq \"Engineering\" and (status eq \"ACTIVE\")"
     }
     response = ApiClient.get_path(apiClient, '/', params=params)
     users = Utils.deserialize(response.text, User)
@@ -34,15 +55,18 @@ def load_okta_users():
         groups = []
         for ug in userGroups:
             groups.append(ug.profile.name)
-        oktaUser = OktaUser(u.profile.login, u.profile.firstName, u.profile.lastName, groups)
+        oktaUser = OktaUser(u.profile.login, u.profile.firstName,
+                            u.profile.lastName, groups)
         ret.append(oktaUser)
     return ret
 
+
 def main():
     try:
         okta_sync()
     except Exception as ex:
-        print("okta sync failed:"+str(ex))
+        print("okta sync failed:" + str(ex))
+
 
 def okta_sync():
     SDM_API_ACCESS_KEY = os.getenv('SDM_API_ACCESS_KEY')
@@ -52,23 +76,25 @@ def okta_sync():
 
     if SDM_API_ACCESS_KEY is None or SDM_API_SECRET_KEY is None \
         or OKTA_CLIENT_TOKEN is None or OKTA_CLIENT_ORGURL is None:
-        print("SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, OKTA_CLIENT_TOKEN, and OKTA_CLIENT_ORGURL must be set")
+        print(
+            "SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY, OKTA_CLIENT_TOKEN, and OKTA_CLIENT_ORGURL must be set"
+        )
         return
 
     matchers = load_matchers()
     okta_users = load_okta_users()
 
     client = strongdm.Client(SDM_API_ACCESS_KEY, SDM_API_SECRET_KEY)
 
-    accounts = {o.email:o.id for o in client.accounts.list("")}
+    accounts = {o.email: o.id for o in client.accounts.list("")}
     permissions = [v for v in client.account_grants.list("")]
 
     # define current state
     current = {}
     for p in permissions:
         if p.account_id not in current:
             current[p.account_id] = set()
-        current[p.account_id].add((p.resource_id,p.id))
+        current[p.account_id].add((p.resource_id, p.id))
 
     # define desired state
     desired = {}
@@ -80,33 +106,35 @@ def okta_sync():
                     if group["name"] in u.groups:
                         if u.login not in accounts:
                             continue
-                        overlapping+=1
+                        overlapping += 1
                         aid = accounts[u.login]
                         if aid not in desired:
                             desired[aid] = set()
                         desired[aid].add(res.id)
 
     # revoke things
     revocations = 0
-    for aid,curRes in current.items():
-        desRes = desired.get(aid,set())
+    for aid, curRes in current.items():
+        desRes = desired.get(aid, set())
         for rid in curRes:
             if rid[0] not in desRes:
-                revocations+=1
+                revocations += 1
                 client.account_grants.delete(rid[1])
 
     # grant things
     grants = 0
-    for aid,desRes in desired.items():
-        curRes = current.get(aid,set())
+    for aid, desRes in desired.items():
+        curRes = current.get(aid, set())
         for rid in desRes:
             for cr in curRes:
                 if rid != cr[0]:
-                    grants+=1
-                    client.account_grants.create(strongdm.AccountGrant(resource_id=rid, account_id=aid))
+                    grants += 1
+                    client.account_grants.create(
+                        strongdm.AccountGrant(resource_id=rid, account_id=aid))
 
     print("{} Okta users, {} strongDM users, {} overlapping users, {} grants, {} revocations".format(\
         len(okta_users),len(accounts), overlapping, grants, revocations))
 
+
 if __name__ == '__main__':
     main()

dist/strongdm-1.0.0.zip

@@ -20,6 +20,7 @@
 import os
 import strongdm
 
+
 # panicButton.py suspends all users except for one admin,
 # in the fake use case of a critical break in or something
 # usage:
@@ -50,20 +51,28 @@ def main():
                 client.accounts.update(user)
             for attachment in state['attachments']:
                 try:
-                    client.account_attachments.create(strongdm.AccountAttachment(account_id=attachment["account_id"],role_id=attachment["role_id"]))
+                    client.account_attachments.create(
+                        strongdm.AccountAttachment(
+                            account_id=attachment["account_id"],
+                            role_id=attachment["role_id"]))
                 except strongdm.errors.AlreadyExistsError:
                     pass
                 except Exception as ex:
-                    print("skipping creation of attachment due to error: ", str(ex))
+                    print("skipping creation of attachment due to error: ",
+                          str(ex))
             for grant in state['grants']:
                 try:
-                    client.account_grants.create(strongdm.AccountGrant(account_id=grant["account_id"],resource_id=grant["resource_id"]))
+                    client.account_grants.create(
+                        strongdm.AccountGrant(
+                            account_id=grant["account_id"],
+                            resource_id=grant["resource_id"]))
                 except strongdm.errors.AlreadyExistsError:
                     pass
                 except Exception as ex:
                     print("skipping creation of grant due to error: ", str(ex))
             print("reinstated " + str(reinstated_count) + " users")
-            print("recreated " + str(len(state['attachments'])) + " account attachments")
+            print("recreated " + str(len(state['attachments'])) +
+                  " account attachments")
             print("recreated " + str(len(state['grants'])) + " account grants")
         return
 
@@ -83,17 +92,24 @@ def main():
     account_grants = client.account_grants.list('')
 
     state = {
-        'attachments': [{"account_id":x.account_id,"role_id":x.role_id} for x in account_attachments if x.account_id != admin_user_id],
-        'grants': [{"account_id":x.account_id,"resource_id":x.resource_id} for x in account_grants if x.account_id != admin_user_id and x.valid_until is None],
+        'attachments': [{
+            "account_id": x.account_id,
+            "role_id": x.role_id
+        } for x in account_attachments if x.account_id != admin_user_id],
+        'grants': [{
+            "account_id": x.account_id,
+            "resource_id": x.resource_id
+        } for x in account_grants
+                   if x.account_id != admin_user_id and x.valid_until is None],
     }
 
-    print("storing " + str(len(state['attachments'])) + " account attachments in state")
+    print("storing " + str(len(state['attachments'])) +
+          " account attachments in state")
     print("storing " + str(len(state['grants'])) + " account grants in state")
 
     with open('state.json', 'w') as outfile:
         json.dump(state, outfile)
 
-
     suspended_count = 0
     users = client.accounts.list('')
     for user in users:
@@ -104,11 +120,11 @@ def main():
             client.accounts.update(user)
             suspended_count += 1
         except Exception as ex:
-            print("skipping user " + user.id + " on account of error: " + str(ex))
-
+            print("skipping user " + user.id + " on account of error: " +
+                  str(ex))
 
     print("suspended " + str(suspended_count) + " users ")
 
 
 if __name__ == "__main__":
-    main()
+    main()

dist/strongdm-1.0.1.tar.gz

@@ -16,13 +16,13 @@
 setup(
     name='strongdm',
     packages=['strongdm'],
-    version='1.0.0',
+    version='1.0.1',
     license='apache-2.0',
     description='strongDM SDK for the Python programming language.',
     author='strongDM Team',
     author_email='[email protected]',
     url='https://github.com/strongdm/strongdm-sdk-python',
-    download_url='https://github.com/user/reponame/archive/v1.0.0.tar.gz',
+    download_url='https://github.com/user/reponame/archive/v1.0.1.tar.gz',
     keywords=[
         'strongDM', 'sdm', 'api', 'automation', 'security', 'audit',
         'database', 'server', 'ssh', 'rdp'