In [81]:
import oci
import logging
import json
from operator import itemgetter
import pprint
import random
import string
import time

%load_ext lab_black

The lab_black extension is already loaded. To reload it, use:
  %reload_ext lab_black


In [82]:
def extract_value_by_field(obj, key):
    """Pull all values of specified key from nested JSON."""
    arr = []

    def extract(obj, arr, key):
        """Recursively search for values of key in JSON tree."""
        if isinstance(obj, dict):
            for k, v in obj.items():
                if isinstance(v, (dict, list)):
                    extract(v, arr, key)
                elif k == key:
                    arr.append(v)
        elif isinstance(obj, list):
            for item in obj:
                extract(item, arr, key)
        return arr

    results = extract(obj, arr, key)
    return results


def init_identity_client(config):
    identity_client = oci.identity.IdentityClient(config)
    return identity_client


def init_identity_composite_client(config):
    identity_client = oci.identity.IdentityClient(config)
    identity_composite_client = oci.identity.IdentityClientCompositeOperations(
        identity_client
    )
    return identity_composite_client


def load_json(json_file):
    with open(json_file, "r") as stream:
        json_dict = json.load(stream)
    return json_dict


def convert_response_to_dict(oci_response):
    return oci.util.to_dict(oci_response.data)

In [95]:
def print_user_creation_start(user_name):
    print("--------------------------------------------------------------------")
    print("STARTED CREATING USER: {}".format(user_name))
    print("--------------------------------------------------------------------")


def print_user_creation_info(user):
    print("--------------------------------------------------------------------")
    print("FINISHED CREATING USER: {}".format(user["name"]))
    print("--------------------------------------------------------------------")
    print("USER DETAILS")
    print("-----------------------------")
    print("user_name:  {}".format(user["name"]))
    print("user_description:  {}".format(user["description"]))
    print("user_email: {}".format(user["email"]))
    print("user_id: {}".format(user["id"]))
    print()


def print_group_creation_start(group_name):
    print("--------------------------------------------------------------------")
    print("STARTED CREATING GROUP: {}".format(group_name))
    print("--------------------------------------------------------------------")


def print_group_creation_info(group):
    print("--------------------------------------------------------------------")
    print("FINISHED CREATING GROUP: {}".format(group["name"]))
    print("--------------------------------------------------------------------")
    print("GROUP DETAILS")
    print("-----------------------------")
    print("group_name:  {}".format(group["name"]))
    print("group_description:  {}".format(group["description"]))
    print("group_id: {}".format(group["id"]))
    print()


def print_map_creation_start(user_name, group_name):
    print("--------------------------------------------------------------------")
    print("STARTED CREATING MAPPING")
    print("USER: {}".format(user_name))
    print("GROUP: {}".format(group_name))
    print("--------------------------------------------------------------------")


def print_map_creation_info(mapping):
    print("--------------------------------------------------------------------")
    print("FINISHED CREATING MAPPING")
    print("--------------------------------------------------------------------")
    print("MAPPING DETAILS")
    print("-----------------------------")
    print("group_id:  {}".format(mapping["user_id"]))
    print("user_id:  {}".format(mapping["group_id"]))
    print("mapping_id: {}".format(mapping["id"]))
    print()

In [96]:
def list_users(identity_client, compartment_id):
    return convert_response_to_dict(
        oci.pagination.list_call_get_all_results(
            identity_client.list_users, compartment_id=compartment_id, limit=500
        )
    )


def list_groups(identity_client, compartment_id):
    return convert_response_to_dict(
        oci.pagination.list_call_get_all_results(
            identity_client.list_groups, compartment_id=compartment_id, limit=500
        )
    )


def get_user(identity_client, user_id):
    return convert_response_to_dict(identity_client.get_user(user_id=user_id))


def get_group(identity_client, group_id):
    return convert_response_to_dict(identity_client.get_group(group_id=group_id))


def get_mapping(identity_client, mapping_id):
    return convert_response_to_dict(
        identity_client.get_user_group_membership(user_group_membership_id=mapping_id)
    )


def getByUserId_user_group_memberships(identity_client, user_id, compartment_id):
    return convert_response_to_dict(
        identity_client.list_user_group_memberships(compartment_id, user_id=user_id)
    )


def getByGroupId_user_group_memberships(identity_client, group_id, compartment_id):
    return convert_response_to_dict(
        identity_client.list_user_group_memberships(compartment_id, group_ip=group_id)
    )

In [97]:
def checkByName_if_user_exists(identity_client, compartment_id, user_name):
    userList = list_users(identity_client, compartment_id)
    filteredUserList = list(
        filter(lambda d: d["lifecycle_state"] == "ACTIVE", userList)
    )
    userNames = extract_value_by_field(filteredUserList, "name")
    userIDs = extract_value_by_field(filteredUserList, "id")
    userNameIdDict = dict(zip(userNames, userIDs))
    if user_name in userNames:
        return userNameIdDict[user_name]
    else:
        return None


def checkByName_if_group_exists(identity_client, compartment_id, group_name):
    groupList = list_groups(identity_client, compartment_id)
    filteredGroupList = list(
        filter(lambda d: d["lifecycle_state"] == "ACTIVE", groupList)
    )
    groupNames = extract_value_by_field(groupList, "name")
    groupIDs = extract_value_by_field(filteredGroupList, "id")
    groupNameIdDict = dict(zip(groupNames, groupIDs))
    if group_name in groupNames:
        return groupNameIdDict[group_name]
    else:
        return None


def check_if_group_membership_exists(
    identity_client, compartment_id, user_id, group_id
):
    memberShipList = getByUserId_user_group_memberships(
        identity_client, user_id, compartment_id
    )
    filteredMemberShipList = list(
        filter(lambda d: d["lifecycle_state"] == "ACTIVE", memberShipList)
    )

    memberShipIDs = extract_value_by_field(filteredMemberShipList, "id")
    groupIDs = extract_value_by_field(filteredMemberShipList, "group_id")
    groupIdMembershipIdDict = dict(zip(groupIDs, memberShipIDs))
    if group_id in groupIDs:
        return groupIdMembershipIdDict[group_id]
    else:
        return None

In [99]:
def create_user(identity_composite_client, compartment_id, user):
    user_details = oci.identity.models.CreateUserDetails(
        compartment_id=compartment_id,
        name=user["name"],
        description=user["description"],
        email=user["email"],
    )
    user = convert_response_to_dict(
        identity_composite_client.create_user_and_wait_for_state(
            create_user_details=user_details, wait_for_states=["ACTIVE"]
        )
    )
    return user


def create_users(config, compartment_id, usergroup_heirarchy):
    identity_client = init_identity_client(config)
    identity_composite_client = init_identity_composite_client(config)
    createdUsers = []
    for user_element in usergroup_heirarchy["users"]:
        print_user_creation_start(user_element["name"])
        user_id = checkByName_if_user_exists(
            identity_client, compartment_id, user_name=user_element["name"]
        )
        if user_id is None:
            user = create_user(identity_composite_client, compartment_id, user_element)
        else:
            user = get_user(identity_client, user_id)

        print_user_creation_info(user)
        createdUsers.append(user)
    return createdUsers


def create_group(identity_composite_client, compartment_id, group):
    group_details = oci.identity.models.CreateGroupDetails(
        compartment_id=compartment_id,
        name=group["name"],
        description=group["description"],
    )
    group = convert_response_to_dict(
        identity_composite_client.create_group_and_wait_for_state(
            group_details, wait_for_states=["ACTIVE"]
        )
    )
    return group


def create_groups(config, compartment_id, usergroup_heirarchy):
    identity_client = init_identity_client(config)
    identity_composite_client = init_identity_composite_client(config)
    createdGroups = []
    for group_element in usergroup_heirarchy["groups"]:
        print_group_creation_start(group_element["name"])
        group_id = checkByName_if_group_exists(
            identity_client, compartment_id, group_name=group_element["name"]
        )
        if group_id is None:
            group = create_group(
                identity_composite_client, compartment_id, group_element
            )
        else:
            group = get_group(identity_client, group_id)
        print_group_creation_info(group)
        createdGroups.append(group)
    return createdGroups


def create_group_membership(
    identity_composite_client, compartment_id, user_id, group_id
):
    user_group_mapping_details = oci.identity.models.AddUserToGroupDetails(
        user_id=user_id, group_id=group_id
    )
    user_group_mapping = convert_response_to_dict(
        identity_composite_client.add_user_to_group_and_wait_for_state(
            user_group_mapping_details, wait_for_states=["ACTIVE"]
        )
    )
    return user_group_mapping


def create_group_memberships(config, compartment_id, usergroup_heirarchy):
    identity_client = init_identity_client(config)
    identity_composite_client = init_identity_composite_client(config)
    groupMaps = []
    for group_mapping_element in usergroup_heirarchy["user-group-mapping"]:
        user_name = group_mapping_element["username"]
        group_name = group_mapping_element["groupname"]
        print_map_creation_start(user_name, group_name)
        user_id = checkByName_if_user_exists(identity_client, compartment_id, user_name)
        group_id = checkByName_if_group_exists(
            identity_client, compartment_id, group_name
        )
        mapping_id = check_if_group_membership_exists(
            identity_client, compartment_id, user_id=user_id, group_id=group_id
        )
        if mapping_id is None:
            mapping = create_group_membership(
                identity_composite_client, compartment_id, user_id, group_id
            )
        else:
            mapping = get_mapping(identity_client, mapping_id)
        print_map_creation_info(mapping)
        groupMaps.append(mapping)
    return groupMaps

In [100]:
config = oci.config.from_file(profile_name="WOLFCOMPARTMENT")
logging.basicConfig()
logging.getLogger("oci").setLevel(logging.ERROR)
json_file = "./user_groups.json"

In [101]:
tenancy_id = config["tenancy"]
usergroup_heirarchy = load_json(json_file)
users = create_users(config, tenancy_id, usergroup_heirarchy)
groups = create_groups(config, tenancy_id, usergroup_heirarchy)
mappings = create_group_memberships(config, tenancy_id, usergroup_heirarchy)

--------------------------------------------------------------------
STARTED CREATING USER: user1
--------------------------------------------------------------------
--------------------------------------------------------------------
FINISHED CREATING USER: user1
--------------------------------------------------------------------
USER DETAILS
-----------------------------
user_name:  user1
user_description:  user1
user_email: None
user_id: ocid1.user.oc1..aaaaaaaattpvguoidgbbjqe4muv5u4klc5twb5fbsakl3jfglxhcpugdeumq

--------------------------------------------------------------------
STARTED CREATING USER: user2
--------------------------------------------------------------------
--------------------------------------------------------------------
FINISHED CREATING USER: user2
--------------------------------------------------------------------
USER DETAILS
-----------------------------
user_name:  user2
user_description:  user2
user_email: None
user_id: ocid1.user.oc1..aaaaaaaa7jnr