class Ucert::FisPrimeTracker
Class to handle FIS Prime user account IDs
Attributes
Class constant variables
Class constant variables
Class constant variables
Class constant variables
Public Class Methods
Instance default variables
# File lib/ucert/fis_prime_tracker.rb, line 20 def initialize (params ={}) @verbose=params.fetch(:verbose, false) # FIS Prime operator status report generation: Logon to Prime, under "ANALYTICS", Choose "Security Reports" -> # "OperStatus"; select "ALL" for all fields, click "OK" button; click "Export this report" icon, then select "XML", # then select "XML" as the output foramt, click "OK" @prime_operator_status_report = File.dirname(__FILE__)+"/../../data/fis_prime/Prime_Operator_Status_Report.xml" # FIS Prime operator Right report generation: Logon to Prime, under "ANALYTICS", Choose "Security Reports" -> # "OperRights"; click "Export this report" icon, then select "XML", # then select "XML" as the output foramt, click "OK" @prime_operator_rights_report = File.dirname(__FILE__)+"/../../data/fis_prime/Prime_Operator_Rights_Report.xml" # FIS Prime Operators and Roles report generation: Logon to Prime, under "ANALYTICS", Choose "Security Reports" -> # "RolesRights"; select "ALL" for all fields, click "OK" button; click "Export this report" icon, then select "XML", # then select "XML" as the output foramt, click "OK" @prime_rights_by_role_report = File.dirname(__FILE__)+"/../../data/fis_prime/Prime_Rights_by_Role_Report.xml" # FIS Prime Operators and Roles report generation: Logon to Prime, under "ANALYTICS", Choose "Security Reports" -> # "OperRoles"; select "BOTH" for all fields, click "OK" button; click "Export this report" icon, then select "XML", # then select "XML" as the output foramt, click "OK" @prime_operators_roles_report = File.dirname(__FILE__)+"/../../data/fis_prime/Prime_Operators_and_Roles_Report.xml" # FIS Prime to AD user map file @file_prime_user_map = File.dirname(__FILE__)+"/../../data/fis_prime/prime_user_map.txt" # local the local cacsh file @prime_2_ad_user=load_known_user_map_from_file(@file_prime_user_map) # Load the user entitlement instance variable from the following 3 native FIS Prime reports as below. parse_operator_status_report(@prime_operator_status_report) parse_operator_right_report(@prime_operator_rights_report) parse_operators_and_roles_report(@prime_operators_roles_report) # Procedure to add DN foreign key to the @prime_operator_entitlement, by using key1 key2 to perform the AD search insert_dn # save user map to the local file save! # Load the role entitlement instance variable from the native FIS Prime reports @prime_role_entitlement=parse_rights_by_role_report(@prime_rights_by_role_report) end
Public Instance Methods
Retrieve the operator index from the @prime_operator_entitlement data structure
# File lib/ucert/fis_prime_tracker.rb, line 279 def code_2_index (code) begin (1..@prime_operator_entitlement.count).map do |index| return index if @prime_operator_entitlement[index]["Operator.Code"]==code end return 0 rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Search Operator entitlement record by AD DN
# File lib/ucert/fis_prime_tracker.rb, line 376 def fis_prime_search_by_dn (dn) begin puts "Perform search on the operator entitlement records by AD DN: #{dn}" if @verbose @prime_operator_entitlement.each do |key, val| return val if @prime_operator_entitlement[key]['DN'].eql? dn end return nil rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Procedures to add additonal field 'dn' into the @prime_operator_entitlement data structure, by person the AD search
# File lib/ucert/fis_prime_tracker.rb, line 291 def insert_dn begin # Insert the foreign key pointing back to the AD user table tracker=Ucert::AdTracker.new @prime_operator_entitlement.each do |id, record| my_key=record['Operator.Code'].upcase + ':' + record['Operator.UserName'].upcase puts "Perform search from the local cache first: #{my_key}" if @verbose if @prime_2_ad_user.key?(my_key) dn=@prime_2_ad_user[my_key] # additional logic to update the existing DN record unless tracker.ad_person_records.key?(dn) dn = update_dn(tracker,dn) end puts "Found in the local cache file: #{dn}" if @verbose else if record["Operator.Email"].empty? keyword=record["Operator.UserName"] else keyword=record["Operator.Email"] end puts "Perform 2nd order search only if the 1st one fail, by using: #{keyword}" if @verbose dn=search_ad(keyword) if dn.nil? keyword=record['Operator.Code'] puts "Perform 3rd order search only if the 2nd one fail, by using: #{keyword}" if @verbose dn=search_ad(keyword) end end @prime_operator_entitlement[id]['DN']=dn end tracker=nil rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Parsing the FIS Prime Operator Rights report in XML format, insert the additional entitlement information into our data structure
# File lib/ucert/fis_prime_tracker.rb, line 110 def parse_operator_right_report (file) begin #prime_operator_entitlement=Hash.new operator_index=0 xml_doc = Nokogiri::XML(File.open(file)) xml_doc.css("Group").map do |record| record.css("GroupHeader Field").map do |field| puts "Attributes: #{field.attributes["Name"]}, #{field.attributes["FieldName"]}; Exacted Value: #{field.children[1].text}" if @verbose case field.attributes["Name"].text.strip when "Field8" # Build-in validation logic to check the consistancy of the XML reports, skip the current record if consistancy problem found operator_index=code_2_index(field.children[1].text) break if operator_index==0 @prime_operator_entitlement[operator_index]["Operator.Code"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Code"] when "Field11" @prime_operator_entitlement[operator_index]["Operator.Branch"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Branch"] when "Field12" @prime_operator_entitlement[operator_index]["Operator.Dept"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Dept"] when "Field20" @prime_operator_entitlement[operator_index]["Operator.Enabled"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Enabled"] when "Field23" @prime_operator_entitlement[operator_index]["Operator.Deleted"]=field.children[1].text unless @prime_operator_entitlement[operator_index]["Operator.Deleted"] else #do nothing end end # recording entitlement details record.css("Details").map do |detail| entitlement=Hash.new detail.css("Field").map do |field| puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{field.children[1].text}" if @verbose case field.attributes["Name"].text.strip when "Field2" entitlement["ScopeText"]=field.children[1].text unless entitlement["ScopeText"] when "Field3" entitlement["OperRights.Right"]=field.children[1].text unless entitlement["OperRights.Right"] when "Field4" entitlement["OperRights.ObjBranch"]=field.children[1].text unless entitlement["OperRights.ObjBranch"] when "Field5" entitlement["OperRights.ObjDept"]=field.children[1].text unless entitlement["OperRights.ObjDept"] when "Field6" entitlement["OperRights.ObjOper"]=field.children[1].text unless entitlement["OperRights.ObjOper"] else #do nothing end @prime_operator_entitlement[operator_index]["Entitlements"] = Hash.new unless @prime_operator_entitlement[operator_index].key?("Entitlements") @prime_operator_entitlement[operator_index]["Entitlements"].merge!({entitlement['OperRights.Right'] => entitlement}) if entitlement.key?('OperRights.Right') end end end xml_doc=nil return prime_operator_entitlement rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Private Instance Methods
Parsing the FIS Prime Operator Status report in XML format, establish basic information such as 'Name', 'UserName', 'Email', 'CreateDate','ExpirationDate' in the @prime_operator_entitlement data structure.
# File lib/ucert/fis_prime_tracker.rb, line 56 def parse_operator_status_report (file) begin @prime_operator_entitlement=Hash.new operator_index=0 xml_doc = Nokogiri::XML(File.open(file)) xml_doc.css("Details").map do |record| operator_index+=1 puts "Start process on prime operator: #{operator_index}" if @verbose @prime_operator_entitlement[operator_index]=Hash.new unless @prime_operator_entitlement.key?(operator_index) record.css("Field").map do |field| val=field.children[1].text puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose case field.attributes["Name"].text when "Field1" @prime_operator_entitlement[operator_index]["Operator.Code"]=val when "Field4" @prime_operator_entitlement[operator_index]["Operator.UserName"]=val when "Field5" @prime_operator_entitlement[operator_index]["Operator.Email"]=val when "Field6" @prime_operator_entitlement[operator_index]["Operator.Name"]=val when "Field11" @prime_operator_entitlement[operator_index]["Operator.Approved"]=val when "Field12" @prime_operator_entitlement[operator_index]["Operator.ApproveOper"]=val when "Field13" @prime_operator_entitlement[operator_index]["Operator.LastApprove"]=val when "Field14" @prime_operator_entitlement[operator_index]["Operator.ExpirationDate"] = val.nil? ? "" : val when "Field15" @prime_operator_entitlement[operator_index]["Operator.LastPwdChgDate"]=val when "Field16" @prime_operator_entitlement[operator_index]["Operator.LastPwdChgOper"]=val when "Field17" @prime_operator_entitlement[operator_index]["Operator.LastOper"]=val when "Field18" @prime_operator_entitlement[operator_index]["Operator.LastModify"]=val when "Field19" @prime_operator_entitlement[operator_index]["Operator.LastLogin"]=val when "Field20" @prime_operator_entitlement[operator_index]["Operator.CreateDate"]=val else #do nothing end end end xml_doc = nil rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Parsing the FIS Prime Operators and Roles report in XML format, where additional field such as user roles are inserted into the @prime_operator_entitlement data structure accordingly
# File lib/ucert/fis_prime_tracker.rb, line 169 def parse_operators_and_roles_report (file) begin operator_index=1 xml_doc = Nokogiri::XML(File.open(file)) xml_doc.css("Group").map do |record| record.css("GroupHeader Field").map do |field| val=field.children[1].text puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose case field.attributes["Name"].text when "Field18" # Build-in validation logic to check the consistancy of the XML reports, skip the current record if consistancy problem found operator_index=code_2_index(val) break if operator_index==0 puts "Start process on prime operator: #{operator_index}" if @verbose else #do nothing end end # extract the roles for the prime operators puts "Processing operator number: #{operator_index}" if @verbose next if operator_index==0 record.css("Details").map do |roles| key=String.new roles.css("Field").map do |field| r=Hash.new val=field.children[1].text puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose case field.attributes["Name"].text when "Field1" key=val when "Field12" r[key]=val @prime_operator_entitlement[operator_index]["Operator.Roles"]=Hash.new unless @prime_operator_entitlement[operator_index]["Operator.Roles"] @prime_operator_entitlement[operator_index]["Operator.Roles"].merge!(r) else #do nothing end end end end xml_doc = nil rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Parse FIS Prime rights by role report, where each role is similiar to the 'Group' container concept, and have many 'rights' (previldges) under each
# File lib/ucert/fis_prime_tracker.rb, line 216 def parse_rights_by_role_report (file) begin prime_role_entitlement=Hash.new group_index=0 xml_doc = Nokogiri::XML(File.open(file)) xml_doc.css("Group").map do |record| group_index += 1 puts "Start process record: #{group_index}" if @verbose prime_role_entitlement[group_index]=Hash.new unless prime_role_entitlement.key?(group_index) record.css("GroupHeader Field").map do |field| val=field.children[1].text puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose case field.attributes["Name"].text.strip when "Field13" prime_role_entitlement[group_index]['RoleCode']=val unless prime_role_entitlement[group_index]['RoleCode'] when "Field15" prime_role_entitlement[group_index]['RoleDesc']=val unless prime_role_entitlement[group_index]['RoleDesc'] when "Field5" prime_role_entitlement[group_index]['Enabled']=val unless prime_role_entitlement[group_index]['Enabled'] when "Field9" prime_role_entitlement[group_index]['Delete']=val unless prime_role_entitlement[group_index]['Delete'] when "Field10" prime_role_entitlement[group_index]['Approved']=val unless prime_role_entitlement[group_index]['Approved'] else #do nothing end end # now exacting out the individual 'right' information for the specific role record.css("Details Section").map do |section| r=Hash.new section.css("Field").map do |field| val=field.children[1].text puts "Attributes: #{field.attributes["Name"].text.strip}, #{field.attributes["FieldName"]}; Exacted Value: #{val}" if @verbose case field.attributes["Name"].text.strip when "Field2" r['RightsCategory']=val when "Field3" r['RightCode']=val when "Field4" r['RightsDesc']=val when "Field6" r['ObjBranch']=val when "Field7" r['ObjDept']=val when "Field8" r['ObjOper']=val else #do nothing end end prime_role_entitlement[group_index]["Rights"]=Hash.new unless prime_role_entitlement[group_index]["Rights"] prime_role_entitlement[group_index]["Rights"].merge!({r['RightCode'] => r}) r=nil end end xml_doc = nil return prime_role_entitlement rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Print out the operator entitlement table in plain text, to be imported into database
# File lib/ucert/fis_prime_tracker.rb, line 328 def print_operator_entitlement begin puts "Operator Entitlement Report in Plain-text Format" if @verbose puts "Operator.Code | Operator.Name | Operator.UserName | Operator.Dept | Operator.Enabled | Operator.Deleted | Operator.Email | Operator.ExpirationDate | Operator.CreateDate | Operator.Roles | Entitlements | DN" if @verbose @prime_operator_entitlement.values.map do |rec| puts "#{rec['Operator.Code']}|#{rec['Operator.Name']}|#{rec['Operator.UserName']}|#{rec['Operator.Dept']}|#{rec['Operator.Enabled']}|#{rec['Operator.Deleted']}|#{rec['Operator.Email']}|#{rec['Operator.ExpirationDate']}|#{rec['Operator.CreateDate']}|#{rec['Operator.Roles']}|#{rec['Entitlements']}|#{rec['DN']}" end rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Print out the group entitlement table in plain text, to be imported into database
# File lib/ucert/fis_prime_tracker.rb, line 342 def print_role_entitlement begin puts "Role Entitlement Report in Plain-text Format" if @verbose puts "RoleCode | RoleDesc | Enabled | Delete | Approved | Rights" if @verbose @prime_role_entitlement.values.map do |record| puts "#{record['RoleCode']}|#{record['RoleDesc']}|#{record['Enabled']}|#{record['Delete']}|#{record['Approved']}|#{record['Rights']}"# "\t#{record['VERSION']}\t#{record['FUNCTION']}" end rescue => ee puts "Exception on method #{__method__}: #{ee}" end end
Save the Prime to AD user mapping relation into the cache file
# File lib/ucert/fis_prime_tracker.rb, line 356 def save_prime_operator_map!(file=@file_prime_user_map) puts "Saving the known Prime to AD user mapping relationship to file: #{file} ..." if @verbose begin timestamp=Time.now f=File.open(file, 'w') f.write "# local Prime to AD user map file created by the #{self.class} class #{__method__} method at: #{timestamp}" @prime_operator_entitlement.values.map do |record| key = record['Operator.Code'].upcase + ':' + record['Operator.UserName'].upcase value = record['DN'] f.write "\n#{key}|#{value}" end f.close puts "Prime to AD user map file is successfully saved to: #{file}" if @verbose rescue => ee puts "Exception on method #{__method__}: #{ee}" if @verbose end end