From 5b0ae6b264fc7e89da05dcb4fb3053f48b523e8b Mon Sep 17 00:00:00 2001 From: Chad Redman Date: Mon, 14 Feb 2022 00:40:37 -0500 Subject: [PATCH] Add a GSH report to 401.1 --- docs/copy-paste-markdown/401.1.md | 52 +++++++++++------ .../container_files/seed-data/bootstrap.gsh | 58 +++++++++++++++++-- 2 files changed, 88 insertions(+), 22 deletions(-) diff --git a/docs/copy-paste-markdown/401.1.md b/docs/copy-paste-markdown/401.1.md index 192c9b7..2c223f0 100644 --- a/docs/copy-paste-markdown/401.1.md +++ b/docs/copy-paste-markdown/401.1.md @@ -53,27 +53,43 @@ Another way to get the non-Faculty/Staff users is to use a membership filter. Us Before going live with the new group, we want to have the current exceptions looked at -* Export the membership of _test:vpn:vpn_legacy_exceptions_ (More actions -> Export Members) +* Grant READ to Networking Staff (basis:hr:employee:dept:10906:staff) +* Export the membership of test:vpn:vpn_legacy_exceptions (More actions -> Export Members) -### Get a list of current exceptions (Extra) +### Hands on: Get a list of current exceptions (better) -If the exception list is long, it will speed up review by listing the basis groups for each user - -* Run the SQL query from the Copy/paste to summarize basis groups for the exceptions +The membership export only retrieves the subject IDs and names. A superior version would add more LDAP attributes, plus would be kept up to date +* In vpn_legacy_exceptions, add a report (More actions -> Reports -> Add Report) + * Config type: GSH + * Config format: CSV + * Report name: `vpnLegacyExceptions` + * File name: `vpnLegacyExceptions_$$timestamp$$.csv` + * Description: `Members of the vpn legacy exceptions group, with extra LDAP fields` + * Viewers group id: `basis:hr:employee:dept:10906:staff` + * Quartz cron: sec min hr * * ? (set to 1 minute in the future) + * Send email: no + * Store report if no results: No + * GSH script: ``` -select distinct M.subject_id, M.subject_identifier0, M.name, group_concat(distinct G.display_extension) as "Basis Groups" from grouper_memberships_all_v V -join grouper_members M on V.member_id = M.id -join grouper_groups G on V.owner_group_id = G.id -where (G.name like 'basis:hr:employee:dept:%' or G.name like 'basis:sis:prog_status:year:%') -and M.subject_source = 'eduLDAP' -and M.subject_id in ( - select distinct subject_id from grouper_memberships_all_v V - join grouper_members M on V.member_id = M.id - join grouper_groups G on V.owner_group_id = G.id - where G.name = 'test:vpn:vpn_legacy_exceptions' - and M.subject_source = 'eduLDAP' -) group by M.subject_id -order by M.subject_id; +Group g = gsh_builtin_gshReportRuntime.ownerGroup +GrouperReportData grouperReportData = gsh_builtin_gshReportRuntime.grouperReportData + +grouperReportData.headers = ['Row', 'ID', 'UID', 'Name', 'Email'] +grouperReportData.data = new ArrayList() + +g.members.eachWithIndex { it, i -> + String[] row = [ + i+1, + it.subject.getAttributeValue('employeenumber'), + it.subject.getAttributeValue('uid'), + it.subject.getAttributeValue('cn'), + it.subject.getAttributeValue('mail'), + ] + + grouperReportData.data << row +} ``` + +* Wait for the report to run, view the results diff --git a/ex401/ex401.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.end/container_files/seed-data/bootstrap.gsh index 5037eb0..22e1624 100644 --- a/ex401/ex401.end/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.end/container_files/seed-data/bootstrap.gsh @@ -1,13 +1,16 @@ +import edu.internet2.middleware.grouper.app.attestation.*; +import edu.internet2.middleware.grouper.app.grouperTypes.* +import edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningAttributeNames +import edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningSettings +import edu.internet2.middleware.grouper.app.reports.GrouperReportConfigAttributeNames +import edu.internet2.middleware.grouper.app.reports.GrouperReportSettings import edu.internet2.middleware.grouper.grouperUi.beans.ui.GrouperNewServiceTemplateLogic import edu.internet2.middleware.grouper.grouperUi.beans.ui.GrouperTemplatePolicyGroupLogic import edu.internet2.middleware.grouper.grouperUi.beans.ui.ServiceAction import edu.internet2.middleware.grouper.grouperUi.beans.ui.StemTemplateContainer -import edu.internet2.middleware.grouper.app.grouperTypes.* -import edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningAttributeNames -import edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningSettings -import edu.internet2.middleware.grouper.app.attestation.*; import java.text.SimpleDateFormat; + GrouperSession gs = GrouperSession.start(SubjectFinder.findByIdentifierAndSource("banderson", "eduLDAP", true)) /* Creating a class for methods helps with gsh from the command line, which can't do functions called from other functions */ @@ -195,6 +198,53 @@ vpnLegacyExceptions.assignCompositeMember(CompositeType.COMPLEMENT, vpnLegacyGro println "${vpnLegacyExceptions.extension}: Person subjects = ${HelperMethods.countPersonSubjects(vpnLegacyExceptions)}" + +// Grant privs to networking staff, add a report +Subject networkingStaff = SubjectFinder.findByIdentifierAndSource("basis:hr:employee:dept:10906:staff", "g:gsa", false); +vpnLegacyExceptions.grantPriv(networkingStaff, Privilege.READ, false) + +AttributeAssign attributeAssign = vpnLegacyExceptions.attributeDelegate.assignAttribute(GrouperReportConfigAttributeNames.retrieveAttributeDefNameBase()).getAttributeAssign() +attributeAssign.attributeValueDelegate.with { + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_NAME, "vpnLegacyExceptions") + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_TYPE, "GSH") + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_FORMAT, "CSV") + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_FILE_NAME, 'vpnLegacyExceptions_$$timestamp$$.csv') + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_DESCRIPTION, "Members of the vpn legacy exceptions group, with extra LDAP fields") + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_VIEWERS_GROUP_ID, networkingStaff.id) + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_QUARTZ_CRON, "0 0 6 * * ?") + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_SEND_EMAIL, "false") + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_STORE_WITH_NO_DATA, "false") + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_ENABLED, "true") + //skipped: reportConfigEmailBody + //skipped: reportConfigSendEmailWithNoData + //skipped: reportConfigEmailSubject + //skipped: reportConfigSendEmailToViewers + //skipped: reportConfigQuery + //skipped: reportConfigSendEmailToGroupId + + assignValue(GrouperReportSettings.reportConfigStemName() + ":" + GrouperReportConfigAttributeNames.GROUPER_REPORT_CONFIG_SCRIPT, ''' + Group g = gsh_builtin_gshReportRuntime.ownerGroup + GrouperReportData grouperReportData = gsh_builtin_gshReportRuntime.grouperReportData + + grouperReportData.headers = ['Row', 'ID', 'UID', 'Name', 'Email'] + grouperReportData.data = new ArrayList() + + g.members.eachWithIndex { it, i -> + String[] row = [ + i+1, + it.subject.getAttributeValue('employeenumber'), + it.subject.getAttributeValue('uid'), + it.subject.getAttributeValue('cn'), + it.subject.getAttributeValue('mail'), + ] + + grouperReportData.data << row + } + '''.stripIndent()) +} + + + // Create app template HelperMethods.newApplicationTemplate(StemFinder.findByName(gs, "app", true),