class Ucert::FisPrimeTracker

Class to handle FIS Prime user account IDs

Attributes

file_user_map[RW]

Class constant variables

prime_2_ad_user[R]
prime_operator_entitlement[R]
prime_operator_right_report[RW]

Class constant variables

prime_operator_status_report[RW]

Class constant variables

prime_role_entitlement[R]
verbose[RW]

Class constant variables

Public Class Methods

new(params ={}) click to toggle source

Instance default variables

# File lib/ucert/fis_prime_tracker.rb, line 20
def initialize (params ={})
  @verbose=params.fetch(:verbose, false)
  # FIS Prime operator status report generation: Logon to Prime, under "ANALYTICS", Choose "Security Reports" ->
  # "OperStatus"; select "ALL" for all fields, click "OK" button; click  "Export this report" icon, then select "XML",
  # then select "XML" as the output foramt, click "OK"
  @prime_operator_status_report = File.dirname(__FILE__)+"/../../data/fis_prime/Prime_Operator_Status_Report.xml"
  # FIS Prime operator Right report generation: Logon to Prime, under "ANALYTICS", Choose "Security Reports" ->
  # "OperRights"; click  "Export this report" icon, then select "XML",
  # then select "XML" as the output foramt, click "OK"
  @prime_operator_rights_report = File.dirname(__FILE__)+"/../../data/fis_prime/Prime_Operator_Rights_Report.xml"
  # FIS Prime Operators and Roles report generation: Logon to Prime, under "ANALYTICS", Choose "Security Reports" ->
  # "RolesRights"; select "ALL" for all fields, click "OK" button; click  "Export this report" icon, then select "XML",
  # then select "XML" as the output foramt, click "OK"
  @prime_rights_by_role_report = File.dirname(__FILE__)+"/../../data/fis_prime/Prime_Rights_by_Role_Report.xml"
  # FIS Prime Operators and Roles report generation: Logon to Prime, under "ANALYTICS", Choose "Security Reports" ->
  # "OperRoles"; select "BOTH" for all fields, click "OK" button; click  "Export this report" icon, then select "XML",
  # then select "XML" as the output foramt, click "OK"
  @prime_operators_roles_report = File.dirname(__FILE__)+"/../../data/fis_prime/Prime_Operators_and_Roles_Report.xml"
  # FIS Prime to AD user map file
  @file_prime_user_map =  File.dirname(__FILE__)+"/../../data/fis_prime/prime_user_map.txt"
              # local the local cacsh file
              @prime_2_ad_user=load_known_user_map_from_file(@file_prime_user_map)
              # Load the user entitlement instance variable from the following 3 native FIS Prime reports as below.
              parse_operator_status_report(@prime_operator_status_report)
              parse_operator_right_report(@prime_operator_rights_report)
  parse_operators_and_roles_report(@prime_operators_roles_report)
              # Procedure to add DN foreign key to the @prime_operator_entitlement, by using key1 key2 to perform the AD search
              insert_dn
              # save user map to the local file
              save!
              # Load the role entitlement instance variable from the native FIS Prime reports
  @prime_role_entitlement=parse_rights_by_role_report(@prime_rights_by_role_report)
      end

Public Instance Methods

code_2_index(code) click to toggle source

Retrieve the operator index from the @prime_operator_entitlement data structure

# File lib/ucert/fis_prime_tracker.rb, line 279
def code_2_index (code)
                begin
(1..@prime_operator_entitlement.count).map do |index|
  return index if @prime_operator_entitlement[index]["Operator.Code"]==code
end
return 0
                rescue => ee
                        puts "Exception on method #{__method__}: #{ee}"
                end
end
fis_prime_search_by_dn(dn) click to toggle source

Search Operator entitlement record by AD DN

# File lib/ucert/fis_prime_tracker.rb, line 376
    def fis_prime_search_by_dn (dn)
            begin
  puts "Perform search on the operator entitlement records by AD DN: #{dn}" if @verbose
  @prime_operator_entitlement.each do |key, val|
      return val if @prime_operator_entitlement[key]['DN'].eql? dn
  end
                    return nil
rescue => ee
  puts "Exception on method #{__method__}: #{ee}"
end
    end
Also aliased as: search_by_dn
insert_dn() click to toggle source

Procedures to add additonal field 'dn' into the @prime_operator_entitlement data structure, by person the AD search

# File lib/ucert/fis_prime_tracker.rb, line 291
def insert_dn
        begin
                # Insert the foreign key pointing back to the AD user table
                tracker=Ucert::AdTracker.new
                @prime_operator_entitlement.each do |id, record|
                        my_key=record['Operator.Code'].upcase + ':' + record['Operator.UserName'].upcase
                        puts "Perform search from the local cache first: #{my_key}" if @verbose
                        if @prime_2_ad_user.key?(my_key)
                                dn=@prime_2_ad_user[my_key]
                                # additional logic to update the existing DN record
                                unless tracker.ad_person_records.key?(dn)
                                        dn = update_dn(tracker,dn)
                                end
                                puts "Found in the local cache file: #{dn}" if @verbose
                        else
                                if record["Operator.Email"].empty?
                                        keyword=record["Operator.UserName"]
                                else
                                        keyword=record["Operator.Email"]
                                end
                                puts "Perform 2nd order search only if the 1st one fail, by using: #{keyword}" if @verbose
                                dn=search_ad(keyword)
                                if dn.nil?
                                        keyword=record['Operator.Code']
                                        puts "Perform 3rd order search only if the 2nd one fail, by using: #{keyword}" if @verbose
                                        dn=search_ad(keyword)
                                end
                        end
                        @prime_operator_entitlement[id]['DN']=dn
                end
                tracker=nil
        rescue => ee
                puts "Exception on method #{__method__}: #{ee}"
        end
end
parse_operator_right_report(file) click to toggle source

Parsing the FIS Prime Operator Rights report in XML format, insert the additional entitlement information into our data structure

# File lib/ucert/fis_prime_tracker.rb, line 110
  def parse_operator_right_report (file)
begin
                          #prime_operator_entitlement=Hash.new
  operator_index=0
  xml_doc = Nokogiri::XML(File.open(file))
  xml_doc.css("Group").map do |record|
    record.css("GroupHeader Field").map do |field|
      puts "Attributes: #{field.attributes["Name"]}, #{field.attributes["FieldName"]}; Exacted Value: #{field.children[1].text}" if @verbose
      case field.attributes["Name"].text.strip
      when "Field8"
                                                  # Build-in validation logic to check the consistancy of the XML reports, skip the current record if consistancy problem found
                                                  operator_index=code_2_index(field.children[1].text)
                                                  break if operator_index==0
        @prime_operator_entitlement[operator_index]["Operator.Code"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Code"]
                                  when "Field11"
        @prime_operator_entitlement[operator_index]["Operator.Branch"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Branch"]
      when "Field12"
        @prime_operator_entitlement[operator_index]["Operator.Dept"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Dept"]
      when "Field20"
        @prime_operator_entitlement[operator_index]["Operator.Enabled"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Enabled"]
      when "Field23"
        @prime_operator_entitlement[operator_index]["Operator.Deleted"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Deleted"]
      else
        #do nothing
      end
    end
                                  # recording entitlement details
                                  record.css("Details").map do |detail|
      entitlement=Hash.new
      detail.css("Field").map do |field|
        puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{field.children[1].text}" if @verbose
                                                  case field.attributes["Name"].text.strip
        when "Field2"
          entitlement["ScopeText"]=field.children[1].text unless entitlement["ScopeText"]
        when "Field3"
          entitlement["OperRights.Right"]=field.children[1].text unless entitlement["OperRights.Right"]
        when "Field4"
          entitlement["OperRights.ObjBranch"]=field.children[1].text unless entitlement["OperRights.ObjBranch"]
        when "Field5"
          entitlement["OperRights.ObjDept"]=field.children[1].text unless entitlement["OperRights.ObjDept"]
        when "Field6"
          entitlement["OperRights.ObjOper"]=field.children[1].text unless entitlement["OperRights.ObjOper"]
        else
          #do nothing
        end
                                                  @prime_operator_entitlement[operator_index]["Entitlements"] = Hash.new unless @prime_operator_entitlement[operator_index].key?("Entitlements")
                                                  @prime_operator_entitlement[operator_index]["Entitlements"].merge!({entitlement['OperRights.Right'] => entitlement}) if entitlement.key?('OperRights.Right')
                                          end
    end
  end
  xml_doc=nil
  return prime_operator_entitlement
rescue => ee
                          puts "Exception on method #{__method__}: #{ee}"
                  end
  end
print_oper()
print_role()
save!(file=@file_prime_user_map)
search_by_dn(dn)

Private Instance Methods

parse_operator_status_report(file) click to toggle source

Parsing the FIS Prime Operator Status report in XML format, establish basic information such as 'Name', 'UserName', 'Email', 'CreateDate','ExpirationDate' in the @prime_operator_entitlement data structure.

# File lib/ucert/fis_prime_tracker.rb, line 56
  def parse_operator_status_report (file)
begin
                          @prime_operator_entitlement=Hash.new
                          operator_index=0
  xml_doc = Nokogiri::XML(File.open(file))
  xml_doc.css("Details").map do |record|
                                  operator_index+=1
                                  puts "Start process on prime operator: #{operator_index}" if @verbose
                                  @prime_operator_entitlement[operator_index]=Hash.new unless @prime_operator_entitlement.key?(operator_index)
    record.css("Field").map do |field|
      val=field.children[1].text
      puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose
      case field.attributes["Name"].text
      when "Field1"
                                                  @prime_operator_entitlement[operator_index]["Operator.Code"]=val

                                          when "Field4"
        @prime_operator_entitlement[operator_index]["Operator.UserName"]=val
                                          when "Field5"
        @prime_operator_entitlement[operator_index]["Operator.Email"]=val
                                          when "Field6"
                                                  @prime_operator_entitlement[operator_index]["Operator.Name"]=val
      when "Field11"
        @prime_operator_entitlement[operator_index]["Operator.Approved"]=val
      when "Field12"
        @prime_operator_entitlement[operator_index]["Operator.ApproveOper"]=val
      when "Field13"
        @prime_operator_entitlement[operator_index]["Operator.LastApprove"]=val
      when "Field14"
        @prime_operator_entitlement[operator_index]["Operator.ExpirationDate"] = val.nil? ? "" : val
      when "Field15"
        @prime_operator_entitlement[operator_index]["Operator.LastPwdChgDate"]=val
      when "Field16"
        @prime_operator_entitlement[operator_index]["Operator.LastPwdChgOper"]=val
      when "Field17"
        @prime_operator_entitlement[operator_index]["Operator.LastOper"]=val
      when "Field18"
        @prime_operator_entitlement[operator_index]["Operator.LastModify"]=val
      when "Field19"
        @prime_operator_entitlement[operator_index]["Operator.LastLogin"]=val
      when "Field20"
        @prime_operator_entitlement[operator_index]["Operator.CreateDate"]=val
      else
        #do nothing
      end
    end
  end
  xml_doc = nil
rescue => ee
                          puts "Exception on method #{__method__}: #{ee}"
                  end
  end
parse_operators_and_roles_report(file) click to toggle source

Parsing the FIS Prime Operators and Roles report in XML format, where additional field such as user roles are inserted into the @prime_operator_entitlement data structure accordingly

# File lib/ucert/fis_prime_tracker.rb, line 169
def parse_operators_and_roles_report (file)
  begin
    operator_index=1
    xml_doc = Nokogiri::XML(File.open(file))
    xml_doc.css("Group").map do |record|
      record.css("GroupHeader Field").map do |field|
        val=field.children[1].text
        puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose
        case field.attributes["Name"].text
        when "Field18"
          # Build-in validation logic to check the consistancy of the XML reports, skip the current record if consistancy problem found
          operator_index=code_2_index(val)
          break if operator_index==0
          puts "Start process on prime operator: #{operator_index}" if @verbose
        else
          #do nothing
        end
      end
      # extract the roles for the prime operators
      puts "Processing operator number: #{operator_index}" if @verbose
      next if operator_index==0
      record.css("Details").map do |roles|
        key=String.new
        roles.css("Field").map do |field|
          r=Hash.new
          val=field.children[1].text
          puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose
          case field.attributes["Name"].text
          when "Field1"
            key=val
          when "Field12"
            r[key]=val
            @prime_operator_entitlement[operator_index]["Operator.Roles"]=Hash.new unless @prime_operator_entitlement[operator_index]["Operator.Roles"]
            @prime_operator_entitlement[operator_index]["Operator.Roles"].merge!(r)
          else
            #do nothing
          end
        end
      end
    end
    xml_doc = nil
  rescue => ee
    puts "Exception on method #{__method__}: #{ee}"
  end
end
parse_rights_by_role_report(file) click to toggle source

Parse FIS Prime rights by role report, where each role is similiar to the 'Group' container concept, and have many 'rights' (previldges) under each

# File lib/ucert/fis_prime_tracker.rb, line 216
def parse_rights_by_role_report (file)
  begin
    prime_role_entitlement=Hash.new
    group_index=0
    xml_doc = Nokogiri::XML(File.open(file))
    xml_doc.css("Group").map do |record|
      group_index += 1
      puts "Start process record: #{group_index}" if @verbose
      prime_role_entitlement[group_index]=Hash.new unless prime_role_entitlement.key?(group_index)
      record.css("GroupHeader Field").map do |field|
        val=field.children[1].text
        puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose
        case field.attributes["Name"].text.strip
        when "Field13"
          prime_role_entitlement[group_index]['RoleCode']=val unless prime_role_entitlement[group_index]['RoleCode']
        when "Field15"
          prime_role_entitlement[group_index]['RoleDesc']=val unless prime_role_entitlement[group_index]['RoleDesc']
        when "Field5"
          prime_role_entitlement[group_index]['Enabled']=val unless prime_role_entitlement[group_index]['Enabled']
        when "Field9"
          prime_role_entitlement[group_index]['Delete']=val unless prime_role_entitlement[group_index]['Delete']
        when "Field10"
          prime_role_entitlement[group_index]['Approved']=val unless prime_role_entitlement[group_index]['Approved']
        else
          #do nothing
        end
      end
      # now exacting out the individual 'right' information for the specific role
      record.css("Details Section").map do |section|
          r=Hash.new
          section.css("Field").map do |field|
            val=field.children[1].text
            puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose
            case field.attributes["Name"].text.strip
            when "Field2"
              r['RightsCategory']=val
            when "Field3"
              r['RightCode']=val
                                                      when "Field4"
                                                              r['RightsDesc']=val
            when "Field6"
              r['ObjBranch']=val
            when "Field7"
              r['ObjDept']=val
            when "Field8"
              r['ObjOper']=val
            else
              #do nothing
            end
          end
          prime_role_entitlement[group_index]["Rights"]=Hash.new unless prime_role_entitlement[group_index]["Rights"]
          prime_role_entitlement[group_index]["Rights"].merge!({r['RightCode'] => r})
          r=nil
      end
      end
          xml_doc = nil
          return prime_role_entitlement
              rescue => ee
                puts "Exception on method #{__method__}: #{ee}"
              end
      end
print_operator_entitlement() click to toggle source

Print out the operator entitlement table in plain text, to be imported into database

Also aliased as: print_oper
print_role_entitlement() click to toggle source

Print out the group entitlement table in plain text, to be imported into database

Also aliased as: print_role
save_prime_operator_map!(file=@file_prime_user_map) click to toggle source

Save the Prime to AD user mapping relation into the cache file

# File lib/ucert/fis_prime_tracker.rb, line 356
def save_prime_operator_map!(file=@file_prime_user_map)
        puts "Saving the known Prime to AD user mapping relationship to file: #{file} ..." if @verbose
        begin
                timestamp=Time.now
                f=File.open(file, 'w')
                f.write "# local Prime to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}"
                @prime_operator_entitlement.values.map do |record|
                        key = record['Operator.Code'].upcase + ':' + record['Operator.UserName'].upcase
                        value = record['DN']
                        f.write "\n#{key}|#{value}"
                end
                f.close
                puts "Prime to AD user map file is successfully saved to: #{file}" if @verbose
        rescue => ee
                puts "Exception on method #{__method__}: #{ee}" if @verbose
        end
end
Also aliased as: save!