This driver was created for the Mozilla IAM Project to deprovision Wifi users using Clearpass authentication.
- Spin up on cron/event trigger.
- Scan the dynamodb table of all profiles.
- Build a group data structure from all profiles.
- Query the Clearpass API for all users profiles.
apps.ymlaccess control file.
- Disable any user without access to Clearpass (wifi in this case) through a Clearpass API call.
- Enable any previously-disabled user that is still present in Clearpass database.
Insert credstash api key
You only need to do this once.
credstash -r us-west-2 put -a clearpass-driver.token @clearpass-driver-api-key.txt app=clearpass-driver
To obtain the token, contact your Clearpass administator.
Deploy, test, etc
makefor a list of targets, ex:
make python-venvif you don't have your own virtual environment scripts
make testsruns all tests
make deploydeploys the code in the dev environment
make remove-deploydeletes the dev deployment
make STAGE=prod deploydeploys the code in the prod environment
make logsjust watch cloudwatch logs