-
Notifications
You must be signed in to change notification settings - Fork 31
/
Copy pathlistrules.py
executable file
·125 lines (109 loc) · 5.72 KB
/
listrules.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# listrules.py
# August 2018
#
# listrules
#
# Change History
# December 2018 - Added custom CSV output code, which writes out consistent columns in a specific order for the result rules JSON
# January 2019 - Added 'id' to list of desired output columns
#
# Copyright © 2018, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the License);
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import argparse
from sharedfunctions import callrestapi, printresult
# setup command-line arguements
parser = argparse.ArgumentParser(description="List rules for a principal and/or an endpoint")
parser.add_argument("-u","--uri", help="Enter a string that the objecturi contains.",default="none")
parser.add_argument("-p","--principal", help="Enter the identity name or authenticatedUsers, everyone or guest",default='none')
parser.add_argument("-o","--output", help="Output Style", choices=['csv','json','simple','simplejson'],default='json')
args = parser.parse_args()
objuri=args.uri
ident=args.principal
output_style=args.output
# set the limit high so that all data is returned
limitval=10000
# Define columns we want to output for each rule item (whether the item has a value for that column or not)
desired_output_columns=['objectUri','containerUri','principalType','principal','setting','permissions','description','reason','createdBy','createdTimestamp','modifiedBy','modifiedTimestamp','condition','matchParams','mediaType','enabled','version','id']
valid_permissions=['read','update','delete','secure','add','remove','create']
# build the request depending on what options were passed in
if ident.lower()=='authenticatedusers': ident='authenticatedUsers'
if ident=='none' and objuri=='none': reqval= "/authorization/rules"
elif ident=='none' and objuri != 'none': reqval= "/authorization/rules?filter=contains(objectUri,'"+objuri+"')"
elif ident!='none' and objuri == 'none':
if ident=='guest' or ident=='everyone' or ident=='authenticatedUsers':
reqval= "/authorization/rules?filter=eq(principalType,'"+ident+"')"
else:
reqval= "/authorization/rules?filter=eq(principal,'"+ident+"')"
elif ident!='none' and objuri != 'none':
if ident=='guest' or ident=='everyone' or ident=='authenticatedUsers':
reqval= "/authorization/rules?filter=and(eq(principalType,'"+ident+"'),contains(objectUri,'"+objuri+"'))"
else:
reqval= "/authorization/rules?filter=and(eq(principal,'"+ident+"'),contains(objectUri,'"+objuri+"'))"
if ident=='none' and objuri=='none': reqval=reqval+'?limit='+str(limitval)
else: reqval=reqval+'&limit='+str(limitval)
reqtype='get'
#make the rest call
rules_result_json=callrestapi(reqval,reqtype)
#print(rules_result_json)
#print('rules_result_json is a '+type(rules_result_json).__name__+' object') #rules_result_json is a dict object
#print the result if output style is json or simple
if output_style in ['json','simple']:
printresult(rules_result_json,output_style)
elif output_style=='csv':
# Print a header row
print(','.join(map(str,desired_output_columns)))
if 'items' in rules_result_json:
#print "There are " + str(rules_result_json['count']) + " rules"
for item in rules_result_json['items']:
outstr=''
#print(item)
for column in desired_output_columns:
# Add a comma to the output string, even if we will not output anything else, unless this is the very first desired output column
if column is not desired_output_columns[0]: outstr=outstr+','
if column=='setting':
# The setting value is derived from two columns: type and condition.
if 'condition' in item:
#print("Condition found")
outstr=outstr+'conditional '+item['type']
else:
outstr=outstr+item['type']
elif column in item:
# This column is in the results item for this rule
# Most columns are straight strings, but a few need special handling
if column in ['condition','description','reason']:
# The these strings can have values whcih contain commas, need we to quote them to avoid the commas being interpreted as column separators in the CSV
outstr=outstr+'"'+item[column]+'"'
elif column=='permissions':
# Construct a string listing each permission in the correct order, separated by spaces and surrounded by square brackets
outstr=outstr+'['
permstr=''
# Output permissions in the order we choose, not the order they appear in the result item
for permission in valid_permissions:
for result_permission in item['permissions']:
if permission == result_permission:
# Add a space to separate permissions if this isn't the first permission
if not permstr=='': permstr=permstr+' '
permstr=permstr+result_permission
outstr=outstr+permstr+']'
else:
# Normal column
# Some columns contain non-string values: matchParams and enabled are boolean, version is integer. Convert everything to a string.
outstr=outstr+str(item[column])
print(outstr)
else:
print ("output_style can be json, simple or csv. You specified " + output_style + " which is invalid.")