From e7fdc2fe5d6242007a6b66f750c3b602e2d440e8 Mon Sep 17 00:00:00 2001 From: Guillaume Charest <1690085+gcharest@users.noreply.github.com> Date: Wed, 5 Jun 2024 16:00:53 +0000 Subject: [PATCH 1/5] feat: modify log to provide more details on event --- app/modules/provisioning/entities.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/app/modules/provisioning/entities.py b/app/modules/provisioning/entities.py index 20638664..c4487c6f 100644 --- a/app/modules/provisioning/entities.py +++ b/app/modules/provisioning/entities.py @@ -41,6 +41,13 @@ def provision_entities( f"{integration_name}:{entity_name}:{operation_name}: Started processing {len(entities)} entities" ) for entity in entities: + event = { + "name": "provision_entities", + "integration": integration_name, + "entity": entity_name, + "operation": operation_name, + "status": "dry_run", + } entity_string = ( filters.get_nested_value(entity, display_key) if display_key else entity ) @@ -50,17 +57,19 @@ def provision_entities( logger.info( f"{integration_name}:{entity_name}:{operation_name}:Successful: {entity_string}" ) + event["status"] = "successful" log_to_sentinel( - f"{integration_name}_{entity_name}_{operation_name}_successful", + event, {"entity": entity}, ) provisioned_entities.append({"entity": entity, "response": response}) else: + event["status"] = "failed" logger.error( f"{integration_name}:{entity_name}:{operation_name}:Failed: {entity_string}" ) log_to_sentinel( - f"{integration_name}_{entity_name}_{operation_name}_failed", + event, {"entity": entity}, ) else: @@ -68,7 +77,7 @@ def provision_entities( f"{integration_name}:{entity_name}:{operation_name}:Successful:DRY_RUN: {entity_string}" ) log_to_sentinel( - f"{integration_name}_{entity_name}_{operation_name}_dry_run", + event, {"entity": entity}, ) provisioned_entities.append({"entity": entity, "response": None}) From dab76065c4ff2f1082e1af753854e285dd574cbb Mon Sep 17 00:00:00 2001 From: Guillaume Charest <1690085+gcharest@users.noreply.github.com> Date: Wed, 5 Jun 2024 16:01:43 +0000 Subject: [PATCH 2/5] feat: pass standardized keys for sentinel logging --- app/modules/aws/identity_center.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/app/modules/aws/identity_center.py b/app/modules/aws/identity_center.py index 4a9c959a..c379ce64 100644 --- a/app/modules/aws/identity_center.py +++ b/app/modules/aws/identity_center.py @@ -105,6 +105,7 @@ def sync_users( ) preformatting_keys = [ ("primaryEmail", "email"), + ("primaryEmail", "log_user_name"), ("name.givenName", "first_name"), ("name.familyName", "family_name"), ] @@ -120,8 +121,13 @@ def sync_users( entity_name="User", display_key="primaryEmail", ) + preformatting_keys = [ + ("UserId", "user_id"), + ("UserName", "log_user_name"), + ] + for old_key, new_key in preformatting_keys: + users_to_delete = filters.preformat_items(users_to_delete, old_key, new_key) - users_to_delete = filters.preformat_items(users_to_delete, "UserId", "user_id") deleted_users = entities.provision_entities( identity_store.delete_user, users_to_delete, @@ -191,6 +197,8 @@ def sync_groups( **user, "user_id": target_user["UserId"], "group_id": target_groups_to_sync[i]["GroupId"], + "log_user_name": user["primaryEmail"], + "log_group_name": target_groups_to_sync[i]["DisplayName"], } for user in users_to_add for target_user in target_users @@ -209,7 +217,12 @@ def sync_groups( groups_memberships_created.extend(memberships_created) users_to_remove = [ - {**user, "membership_id": user["MembershipId"]} + { + **user, + "membership_id": user["MembershipId"], + "log_user_name": user["MemberId"]["UserName"], + "log_group_name": target_groups_to_sync[i]["DisplayName"], + } for user in users_to_remove if user.get("MembershipId") ] From b09a854ffb4a2a0233c90cc8d3c7f6e9c955fc56 Mon Sep 17 00:00:00 2001 From: Guillaume Charest <1690085+gcharest@users.noreply.github.com> Date: Wed, 5 Jun 2024 16:02:21 +0000 Subject: [PATCH 3/5] fix: update tests to match number of preformat items called --- .../modules/aws/test_sync_identity_center.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/app/tests/modules/aws/test_sync_identity_center.py b/app/tests/modules/aws/test_sync_identity_center.py index 783d3fef..3c5d25b9 100644 --- a/app/tests/modules/aws/test_sync_identity_center.py +++ b/app/tests/modules/aws/test_sync_identity_center.py @@ -62,6 +62,8 @@ def _provision_entities_calls( **user, "user_id": user["id"], "group_id": target_groups[i]["GroupId"], + "log_user_name": user["primaryEmail"], + "log_group_name": target_groups[i]["DisplayName"], } for user in group_users[i][0] ], @@ -74,7 +76,14 @@ def _provision_entities_calls( call( mock_identity_store.delete_group_membership, [ - {**user, "membership_id": user["MembershipId"]} + { + **user, + "membership_id": user["MembershipId"], + "log_user_name": user["MemberId"]["UserName"], + "log_group_name": target_groups[i][ + "DisplayName" + ], + } for user in group_users[i][1] ], execute=execute_delete, @@ -449,6 +458,8 @@ def test_sync_users_default( source_users, source_users, source_users, + source_users, + target_users, target_users, ] mock_filters.preformat_items.side_effect = preformat_side_effects @@ -514,6 +525,8 @@ def test_sync_users_enable_delete_true( source_users, source_users, source_users, + source_users, + target_users, target_users, ] mock_filters.compare_lists.return_value = source_users, target_users @@ -578,6 +591,8 @@ def test_sync_users_delete_target_all_disable_delete( source_users = google_users(3) target_users = aws_users(6) mock_filters.preformat_items.side_effect = [ + [], + [], [], [], [], @@ -639,6 +654,8 @@ def test_sync_users_delete_target_all_enable_delete( source_users = google_users(3) target_users = aws_users(6) mock_filters.preformat_items.side_effect = [ + [], + [], [], [], [], From d7f2c74cacdb169b84f0e0467d12aca64109d7fe Mon Sep 17 00:00:00 2001 From: Guillaume Charest <1690085+gcharest@users.noreply.github.com> Date: Wed, 5 Jun 2024 16:03:03 +0000 Subject: [PATCH 4/5] fix: make aws dev command execute sync in dry_run --- app/modules/dev/aws_dev.py | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/app/modules/dev/aws_dev.py b/app/modules/dev/aws_dev.py index 10afa499..b9559f7d 100644 --- a/app/modules/dev/aws_dev.py +++ b/app/modules/dev/aws_dev.py @@ -11,27 +11,10 @@ def aws_dev_command(ack, client, body, respond): ack() - response = identity_center.synchronize(enable_groups_sync=False) + response = identity_center.synchronize( + enable_user_create=False, enable_membership_create=False + ) if not response: - respond("No groups found.") + respond("Sync failed.") else: - message = "" - if identity_center.DRY_RUN: - message += "Dry run mode enabled.\n" - if response["users"]: - users_created, users_deleted = response["users"] - message += "Users created:\n- " + "\n- ".join(users_created) + "\n" - message += "Users deleted:\n- " + "\n- ".join(users_deleted) + "\n" - else: - message += "Users Sync Disabled.\n" - if response["groups"]: - groups_created, groups_deleted = response["groups"] - message += ( - "Groups memberships created:\n- " + "\n- ".join(groups_created) + "\n" - ) - message += ( - "Groups memberships deleted:\n- " + "\n- ".join(groups_deleted) + "\n" - ) - else: - message += "Groups Sync Disabled.\n" - respond(message) + respond("Sync successful.") From 5fe8d75e2e95d1474383f505e97ef41f7f6e1b90 Mon Sep 17 00:00:00 2001 From: Guillaume Charest <1690085+gcharest@users.noreply.github.com> Date: Wed, 5 Jun 2024 16:06:31 +0000 Subject: [PATCH 5/5] chore: run fmt --- app/tests/modules/aws/test_sync_identity_center.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/app/tests/modules/aws/test_sync_identity_center.py b/app/tests/modules/aws/test_sync_identity_center.py index 3c5d25b9..ab2b9721 100644 --- a/app/tests/modules/aws/test_sync_identity_center.py +++ b/app/tests/modules/aws/test_sync_identity_center.py @@ -80,9 +80,7 @@ def _provision_entities_calls( **user, "membership_id": user["MembershipId"], "log_user_name": user["MemberId"]["UserName"], - "log_group_name": target_groups[i][ - "DisplayName" - ], + "log_group_name": target_groups[i]["DisplayName"], } for user in group_users[i][1] ],