From 1470e590d3302cc6579ff4a71cb91f903757926d Mon Sep 17 00:00:00 2001
From: Louis Abel <label@rockylinux.org>
Date: Fri, 18 Oct 2024 14:24:26 -0700
Subject: [PATCH] add group auditor 1/?

---
 mangle/ipa/ipaauditor.py | 43 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

diff --git a/mangle/ipa/ipaauditor.py b/mangle/ipa/ipaauditor.py
index 6945fd3..2bc1e40 100644
--- a/mangle/ipa/ipaauditor.py
+++ b/mangle/ipa/ipaauditor.py
@@ -320,7 +320,46 @@ class IPAAudit:
         """
         Gets requested rbac info
         """
-        print()
+        try:
+            group_results = IPAQuery.group_data(api, name)
+        except:
+            print(f'Could not find {name}', sys.stderr)
+            sys.exit(1)
+
+        group_name = '' if not group_results.get('cn', None) else group_results['cn'][0]
+        group_gidnum = '' if not group_results.get('gidnumber', None) else group_results['gidnumber'][0]
+        group_members_direct = [] if not group_results.get('member_user', None) else group_results['member_user']
+        group_members_indirect = [] if not group_results.get('memberindirect_user', None) else group_results['memberindirect_user']
+        group_members = list(group_members_direct) + list(group_members_indirect)
+        num_of_group_members = str(len(group_members))
+
+        group_hbacs_direct = [] if not group_results.get('memberof_hbacrule', None) else group_results['memberof_hbacrule']
+        group_hbacs_indirect = [] if not group_results.get('memberofindirect_hbacrule', None) else group_results['memberofindirect_hbacrule']
+        group_hbacs = list(group_hbacs_direct) + list(group_hbacs_indirect)
+        num_of_hbacs = str(len(group_hbacs))
+
+        group_sudo_direct = [] if not group_results.get('memberof_sudorule', None) else group_results['memberof_sudorule']
+        group_sudo_indirect = [] if not group_results.get('memberofindirect_sudorule', None) else group_results['memberofindirect_sudorule']
+        group_sudos = list(group_sudo_direct) + list(group_sudo_indirect)
+        num_of_sudos = str(len(group_sudos))
+
+        starter_group = {
+                'Group name': group_name,
+                'GID': group_gidnum,
+                'Number of Users': num_of_group_members,
+                'Number of HBAC Rules': num_of_hbacs,
+                'Number of SUDO Rules': num_of_sudos,
+        }
+
+        print('Group Information')
+        print('------------------------------------------')
+        for key, value in starter_group.items():
+            if len(value) > 0:
+                print(f'{key: <24}{value}')
+        print('')
+
+        if deep:
+            IPAAudit.group_deep_list(api, name, group_members, group_hbacs, group_sudos)
 
     @staticmethod
     def hbac_pull(api, name, deep):
@@ -520,7 +559,7 @@ class IPAAudit:
                     print('(No hosts set for this rule)')
 
     @staticmethod
-    def group_deep_list(api, group):
+    def group_deep_list(api, group, members, hbacs, sudos):
         """
         Does a recursive dig on a group
         """