forked from sig_core/toolkit
mangle: separate hbac hosts by lists
This commit is contained in:
parent
9c1b828ab7
commit
689e7aa793
@ -304,7 +304,7 @@ class IPAAudit:
|
|||||||
}
|
}
|
||||||
|
|
||||||
print('User Information')
|
print('User Information')
|
||||||
print('----------------------------------------')
|
print('------------------------------------------')
|
||||||
for key, value in starter_user.items():
|
for key, value in starter_user.items():
|
||||||
if len(value) > 0:
|
if len(value) > 0:
|
||||||
print(f'{key: <16}{value}')
|
print(f'{key: <16}{value}')
|
||||||
@ -312,7 +312,8 @@ class IPAAudit:
|
|||||||
|
|
||||||
if deep:
|
if deep:
|
||||||
group_list = [] if not user_results.get('memberof_group', None) else user_results['memberof_group']
|
group_list = [] if not user_results.get('memberof_group', None) else user_results['memberof_group']
|
||||||
IPAAudit.user_deep_list(api, name, group_list)
|
hbac_list = [] if not user_results.get('memberof_hbacrule', None) else user_results['memberof_hbacrule']
|
||||||
|
IPAAudit.user_deep_list(api, name, group_list, hbac_list)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def group_pull(api, name, deep):
|
def group_pull(api, name, deep):
|
||||||
@ -463,11 +464,11 @@ class IPAAudit:
|
|||||||
print(f'{key: <24}{value}')
|
print(f'{key: <24}{value}')
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def user_deep_list(api, user, groups):
|
def user_deep_list(api, user, groups, hbacs):
|
||||||
"""
|
"""
|
||||||
Does a recursive dig on a user
|
Does a recursive dig on a user
|
||||||
"""
|
"""
|
||||||
hbac_rule_list = []
|
hbac_rule_list = list(hbacs)
|
||||||
hbac_rule_all_hosts = []
|
hbac_rule_all_hosts = []
|
||||||
host_list = []
|
host_list = []
|
||||||
hostgroup_list = []
|
hostgroup_list = []
|
||||||
@ -481,8 +482,9 @@ class IPAAudit:
|
|||||||
# TODO: Add HBAC list (including services)
|
# TODO: Add HBAC list (including services)
|
||||||
# TODO: Add RBAC list
|
# TODO: Add RBAC list
|
||||||
|
|
||||||
hbac_hosts = []
|
hbac_host_dict = {}
|
||||||
for hbac in hbac_rule_list:
|
for hbac in hbac_rule_list:
|
||||||
|
hbac_hosts = []
|
||||||
hbac_results = IPAQuery.hbac_data(api, hbac)
|
hbac_results = IPAQuery.hbac_data(api, hbac)
|
||||||
hbac_host_list = [] if not hbac_results.get('memberhost_host', None) else hbac_results['memberhost_host']
|
hbac_host_list = [] if not hbac_results.get('memberhost_host', None) else hbac_results['memberhost_host']
|
||||||
hbac_hostgroup_list = [] if not hbac_results.get('memberhost_hostgroup', None) else hbac_results['memberhost_hostgroup']
|
hbac_hostgroup_list = [] if not hbac_results.get('memberhost_hostgroup', None) else hbac_results['memberhost_hostgroup']
|
||||||
@ -497,9 +499,9 @@ class IPAAudit:
|
|||||||
host_list = [] if not hostgroup_data.get('member_host', None) else hostgroup_data['member_host']
|
host_list = [] if not hostgroup_data.get('member_host', None) else hostgroup_data['member_host']
|
||||||
hbac_hosts.extend(host_list)
|
hbac_hosts.extend(host_list)
|
||||||
|
|
||||||
print(hbac_rule_list)
|
hbac_host_dict[hbac] = hbac_hosts
|
||||||
print(groups)
|
|
||||||
new_hbac_hosts = sorted(set(hbac_hosts))
|
#new_hbac_hosts = sorted(set(hbac_hosts))
|
||||||
print('User Has Access To These Hosts')
|
print('User Has Access To These Hosts')
|
||||||
print('------------------------------------------')
|
print('------------------------------------------')
|
||||||
if len(hbac_rule_all_hosts) > 0:
|
if len(hbac_rule_all_hosts) > 0:
|
||||||
@ -508,8 +510,12 @@ class IPAAudit:
|
|||||||
for allrule in hbac_rule_all_hosts:
|
for allrule in hbac_rule_all_hosts:
|
||||||
print(allrule)
|
print(allrule)
|
||||||
else:
|
else:
|
||||||
for hhost in new_hbac_hosts:
|
for hrule in hbac_host_dict:
|
||||||
print(hhost)
|
print()
|
||||||
|
print(f'HBAC Rule: {hrule}')
|
||||||
|
print('==========================================')
|
||||||
|
for h in hbac_host_dict[hrule]:
|
||||||
|
print(h)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def group_deep_list(api, group):
|
def group_deep_list(api, group):
|
||||||
|
Loading…
Reference in New Issue
Block a user