-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Marketplace Contribution] AWS - IAM Identity Center (#28559)
* Update Packs/AWS-IAMIdentityCenter/Integrations/AWSIAMIdentityCenter/AWSIAMIdentityCenter.py * Update AWSIAMIdentityCenter.py Fixing couple of issues * Update AWSIAMIdentityCenter.yml * Update AWSIAMIdentityCenter.yml * Update README.md * Update pack_metadata.json * Update AWSIAMIdentityCenter_description.md * Update AWSIAMIdentityCenter.yml * Update AWSIAMIdentityCenter.yml * Delete generated API module * Removed unnecessary package --------- Co-authored-by: sepaprivate <113604678+sepaprivate@users.noreply.github.com> Co-authored-by: anas-yousef <44998563+anas-yousef@users.noreply.github.com>
- Loading branch information
1 parent
d3c2457
commit 285f34c
Showing
9 changed files
with
590 additions
and
0 deletions.
There are no files selected for viewing
Empty file.
Empty file.
291 changes: 291 additions & 0 deletions
291
Packs/AWS-IAMIdentityCenter/Integrations/AWSIAMIdentityCenter/AWSIAMIdentityCenter.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,291 @@ | ||
import demistomock as demisto # noqa: F401 | ||
from CommonServerPython import * # noqa: F401 | ||
|
||
from AWSApiModule import * | ||
import urllib3.util | ||
|
||
# Disable insecure warnings | ||
urllib3.disable_warnings() | ||
|
||
param = demisto.params() | ||
|
||
SERVICE = 'identitystore' | ||
IDENTITYSTOREID = param.get('IdentityStoreId') | ||
|
||
|
||
def create_user(args, client): # pragma: no cover | ||
username = demisto.getArg('userName') | ||
familyName = demisto.getArg('familyName') | ||
givenName = demisto.getArg('givenName') | ||
userEmail = demisto.getArg('userEmailAddress') | ||
userDisplayName = demisto.getArg('displayName') | ||
|
||
response = client.create_user( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
UserName=f'{username}', | ||
Name={ | ||
'FamilyName': f'{familyName}', | ||
'GivenName': f'{givenName}' | ||
}, | ||
Emails=[ | ||
{ | ||
'Value': f'{userEmail}', | ||
'Type': 'work', | ||
'Primary': True | ||
}, | ||
], | ||
DisplayName=f'{userDisplayName}' | ||
) | ||
ec = {'AWS.IAMIdentityCenter.Users': response} | ||
human_readable = tableToMarkdown('AWS IAM Identity Center Users', response) | ||
return_outputs(human_readable, ec) | ||
|
||
|
||
def get_user(args, client): # pragma: no cover | ||
data = [] | ||
userName = demisto.getArg('userName') | ||
response = client.list_users( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
Filters=[ | ||
{ | ||
'AttributePath': 'UserName', | ||
'AttributeValue': f'{userName}' | ||
}, | ||
] | ||
) | ||
rep = json.dumps(response) | ||
repJSON = json.loads(rep) | ||
datas = repJSON.get('Users', []) | ||
for da in datas: | ||
for user in response['Users']: | ||
user_details = { | ||
'UserName': user['UserName'], | ||
'UserId': user['UserId'], | ||
'Email': user['Emails'][0]['Value'], | ||
'DisplayName': user['DisplayName'] | ||
} | ||
userID = user['UserId'] | ||
data.append(user_details) | ||
ec = {'AWS.IAM.IdentityCenter.Users': data} | ||
human_readable = tableToMarkdown('AWS IAM Users', data, removeNull=True) | ||
return_outputs(human_readable, ec) | ||
return userID | ||
|
||
|
||
def get_user_by_email(args, client): # pragma: no cover | ||
data = [] | ||
emailArg = demisto.getArg('emailAddress') | ||
response = client.list_users( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
) | ||
rep = json.dumps(response) | ||
repJSON = json.loads(rep) | ||
datas = repJSON.get('Users', []) | ||
for da in datas: | ||
for user in response['Users']: | ||
userEmail = user['Emails'][0]['Value'] | ||
if userEmail == emailArg: | ||
user_details = { | ||
'UserName': user['UserName'], | ||
'UserId': user['UserId'], | ||
'Email': user['Emails'][0]['Value'], | ||
'DisplayName': user['DisplayName'] | ||
} | ||
userID = user['UserId'] | ||
data.append(user_details) | ||
ec = {'AWS.IAM.IdentityCenter.Users': data[0]} | ||
human_readable = tableToMarkdown('AWS IAM Users ', data[0], removeNull=True) | ||
return_outputs(human_readable, ec) | ||
return userID | ||
|
||
|
||
def list_users(args, client): # pragma: no cover | ||
data = [] | ||
response = client.list_users( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
) | ||
rep = json.dumps(response) | ||
repJSON = json.loads(rep) | ||
datas = repJSON.get('Users', []) | ||
for da in datas: | ||
for user in response['Users']: | ||
user_details = { | ||
'UserName': user['UserName'], | ||
'UserId': user['UserId'] | ||
} | ||
data.append(user_details) | ||
ec = {'AWS.IAM.IdentityCenter.Users': data} | ||
human_readable = tableToMarkdown('AWS IAM Identity Center Users', data, removeNull=True) | ||
return_outputs(human_readable, ec) | ||
|
||
|
||
def list_groups(args, client): # pragma: no cover | ||
data = [] | ||
response = client.list_groups( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
) | ||
rep = json.dumps(response) | ||
repJSON = json.loads(rep) | ||
datas = repJSON.get('Groups', []) | ||
for da in datas: | ||
for group in response['Groups']: | ||
group_details = { | ||
'DisplayName': group['DisplayName'], | ||
'GroupId': group['GroupId'] | ||
} | ||
data.append(group_details) | ||
ec = {'AWS.IAM.IdentityCenter.Groups': data} | ||
human_readable = tableToMarkdown('AWS IAM Identity Center Groups', data) | ||
return_outputs(human_readable, ec) | ||
|
||
|
||
def get_group(args, client): # pragma: no cover | ||
data = [] | ||
groupName = demisto.getArg('groupName') | ||
response = client.list_groups( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
Filters=[ | ||
{ | ||
'AttributePath': 'DisplayName', | ||
'AttributeValue': f'{groupName}' | ||
}, | ||
] | ||
) | ||
rep = json.dumps(response) | ||
repJSON = json.loads(rep) | ||
datas = repJSON.get('Groups', []) | ||
for da in datas: | ||
for group in response['Groups']: | ||
group_details = { | ||
'DisplayName': group['DisplayName'], | ||
'GroupId': group['GroupId'] | ||
} | ||
groupID = group['GroupId'] | ||
data.append(group_details) | ||
ec = {'AWS.IAM.IdentityCenter.Groups': data} | ||
human_readable = tableToMarkdown('AWS IAM Identity Center Groups', data) | ||
return_outputs(human_readable, ec) | ||
return groupID | ||
|
||
|
||
def list_groups_for_user(args, client): # pragma: no cover | ||
data = [] | ||
userName = demisto.getArg('userName') | ||
userID = get_user(args, client) | ||
response = client.list_group_memberships_for_member( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
MemberId={ | ||
'UserId': f'{userID}' | ||
} | ||
) | ||
rep = json.dumps(response) | ||
repJSON = json.loads(rep) | ||
datas = repJSON.get('GroupMemberships', []) | ||
for da in datas: | ||
for group in response['GroupMemberships']: | ||
group_details = { | ||
'GroupId': group['GroupId'], | ||
'MembershipId': group['MembershipId'] | ||
} | ||
membershipID = group['MembershipId'] | ||
data.append(group_details) | ||
ec = {'AWS.IAM.IdentityCenter.Users.GroupMemeberships': data} | ||
human_readable = tableToMarkdown(f'AWS IAM Identity Center Group for user {userName} ', data) | ||
return_outputs(human_readable, ec) | ||
return membershipID | ||
|
||
|
||
def add_user_to_group(args, client): # pragma: no cover | ||
userID = get_user(args, client) | ||
GroupID = get_group(args, client) | ||
response = client.create_group_membership( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
GroupId=f'{GroupID}', | ||
MemberId={ | ||
'UserId': f'{userID}' | ||
} | ||
) | ||
if response['ResponseMetadata']['HTTPStatusCode'] == 200: | ||
demisto.results("The user {0} was added to the IAM group: {1}".format(args.get('userName'), | ||
args.get( | ||
'groupName'))) | ||
|
||
|
||
def remove_user_from_groups(args, client): # pragma: no cover | ||
membershipID = list_groups_for_user(args, client) | ||
response = client.delete_group_membership( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
MembershipId=f'{membershipID}' | ||
) | ||
if response['ResponseMetadata']['HTTPStatusCode'] == 200: | ||
demisto.results( | ||
"The User {0} has been removed from the group {1}".format(args.get('userName'), | ||
args.get('groupName'))) | ||
|
||
|
||
def test_function(args, client): | ||
response = client.list_users( | ||
IdentityStoreId=f'{IDENTITYSTOREID}', | ||
) | ||
if response['ResponseMetadata']['HTTPStatusCode'] == 200: | ||
demisto.results('ok') | ||
|
||
|
||
def main(): # pragma: no cover | ||
params = demisto.params() | ||
aws_default_region = params.get('defaultRegion') | ||
aws_role_arn = params.get('roleArn') | ||
aws_role_session_name = params.get('roleSessionName') | ||
aws_role_session_duration = params.get('sessionDuration') | ||
aws_role_policy = None | ||
aws_access_key_id = params.get('access_key') | ||
aws_secret_access_key = params.get('secret_key') | ||
verify_certificate = not params.get('insecure', True) | ||
timeout = params.get('timeout') | ||
retries = params.get('retries') or 5 | ||
|
||
validate_params(aws_default_region, aws_role_arn, aws_role_session_name, aws_access_key_id, | ||
aws_secret_access_key) | ||
|
||
aws_client = AWSClient(aws_default_region, aws_role_arn, aws_role_session_name, aws_role_session_duration, | ||
aws_role_policy, aws_access_key_id, aws_secret_access_key, verify_certificate, timeout, | ||
retries) | ||
command = demisto.command() | ||
args = demisto.args() | ||
client = aws_client.aws_session( | ||
service=SERVICE, | ||
role_arn=args.get('roleArn'), | ||
role_session_name=args.get('roleSessionName'), | ||
role_session_duration=args.get('roleSessionDuration'), | ||
) | ||
|
||
try: | ||
demisto.debug('Command being called is {command}'.format(command=command)) | ||
if command == 'test-module': | ||
test_function(args, client) | ||
elif command == 'aws-iam-identitycenter-create-user': | ||
create_user(args, client) | ||
elif command == 'aws-iam-identitycenter-get-user': | ||
get_user(args, client) | ||
elif command == 'aws-iam-identitycenter-get-user-by-email': | ||
get_user_by_email(args, client) | ||
elif command == 'aws-iam-identitycenter-list-users': | ||
list_users(args, client) | ||
elif command == 'aws-iam-identitycenter-list-groups': | ||
list_groups(args, client) | ||
elif command == 'aws-iam-identitycenter-get-group': | ||
get_group(args, client) | ||
elif command == 'aws-iam-identitycenter-list-groups-for-user': | ||
list_groups_for_user(args, client) | ||
elif command == 'aws-iam-identitycenter-add-user-to-group': | ||
add_user_to_group(args, client) | ||
elif command == 'aws-iam-identitycenter-remove-user-from-all-groups': | ||
remove_user_from_groups(args, client) | ||
|
||
except Exception as e: | ||
return_error('Error has occurred in the AWS IAM Integration: {code}\n {message}'.format( | ||
code=type(e), message=str(e))) | ||
|
||
|
||
if __name__ in ('__builtin__', 'builtins', '__main__'): | ||
main() |
Oops, something went wrong.