Clean up and use config more consistently.

automation/config/cleu/config.py

@@ -1,18 +1,22 @@
 class Config:
     WEBEX_TEAM = 'CLEUR 20 NOC'
-    DNS_BASE = 'https://dc1-dns.ciscolive.network:8443/web-services/rest/resource/'
-    DHCP_BASE = 'https://dc1-dhcp.ciscolive.network:8443/web-services/rest/resource/'
     DNS_DOMAIN = 'ciscolive.network'
-    MONITORING = 'cl-monitoring.ciscolive.network'
-    DHCP_SERVER = 'dc1-dhcp.ciscolive.network'
-    PI = 'cl-pi.ciscolive.network'
-    CMX_GW = 'http://cl-freebsd.ciscolive.network:8002/api/v0.1/cmx'
-    TOOL_BASE = 'https://tool.ciscolive.network/n/static/port.html?'
+    DNS_BASE = 'https://dc1-dns.{}:8443/web-services/rest/resource/'.format(
+        DNS_DOMAIN)
+    DHCP_BASE = 'https://dc1-dhcp.{}:8443/web-services/rest/resource/'.format(
+        DNS_DOMAIN)
+    MONITORING = 'cl-monitoring.' + DNS_DOMAIN
+    DHCP_SERVER = 'dc1-dhcp.' + DNS_DOMAIN
+    PI = 'cl-pi.' + DNS_DOMAIN
+    CMX_GW = 'http://cl-freebsd.{}:8002/api/v0.1/cmx'.format(DNS_DOMAIN)
+    TOOL_BASE = 'https://tool.{}/n/static/port.html?'.format(DNS_DOMAIN)
     AD_DOMAIN = 'ad.' + DNS_DOMAIN
-    TOOL = 'tool.ciscolive.network'
-    VCENTER = 'cl-vcenter.ad.ciscolive.network'
+    AD_DN_BASE = 'cn=Users' + \
+        ''.join([', dc={}'.format(x) for x in AD_DOMAIN.split('.')])
+    TOOL = 'tool.' + DNS_DOMAIN
+    VCENTER = 'cl-vcenter.' + AD_DOMAIN
     SMTP_SERVER = '10.100.252.13'
     VPN_SERVER = 'cl-production.ciscolive.eu'
     VPN_SERVER_IP = '64.103.25.43'
     CISCOLIVE_YEAR = '2020'
-    PW_RESET_URL = 'https://cl-jump-01.ciscolive.network:8443'
+    PW_RESET_URL = 'https://cl-jump-01.{}:8443'.format(DNS_DOMAIN)

automation/services/AD/create_users.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
 #
-# Copyright (c) 2017-2018  Joe Clarke <jclarke@cisco.com>
+# Copyright (c) 2017-2019  Joe Clarke <jclarke@cisco.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -30,19 +30,15 @@ import re
 import sparker
 import CLEUCreds
 import time
+from cleu.config import Config as C
 
-
-AD_DN_BASE = 'cn=Users, dc=ad, dc=ciscolive, dc=network'
-DEFAULT_GROUP = 'NOC Users'
-AD_DOMAIN = 'ad.ciscolive.network'
-
-SPARK_TEAM = 'CL19 NOC Team'
+DEFAULT_GROUP = 'CL NOC Users'
 
 if __name__ == '__main__':
     spark = sparker.Sparker(token=CLEUCreds.SPARK_TOKEN)
-    members = spark.get_members(SPARK_TEAM)
+    members = spark.get_members(C.WEBEX_TEAM)
     #pyad.set_defaults(ldap_server=AD_DC, username=AD_USERNAME, password=AD_PASSWORD, ssl=True)
-    ou = adcontainer.ADContainer.from_dn(AD_DN_BASE)
+    ou = adcontainer.ADContainer.from_dn(C.AD_DN_BASE)
     if members is not None:
         for member in members:
             m = re.search(r'([^@]+)@cisco.com$', member['personEmail'])
@@ -54,7 +50,7 @@ if __name__ == '__main__':
                         fullname, AD_DN_BASE))
                     if ad_user is not None:
                         sys.stderr.write(
-                            'Not creating {} as they already exist.\n'.format(m.group(1)))
+                            'Not creating {} ({}) as they already exist.\n'.format(m.group(1), fullname))
                         continue
                 except Exception:
                     pass
@@ -69,7 +65,7 @@ if __name__ == '__main__':
                 try:
                     new_user.update_attribute('sAMAccountName', m.group(1))
                     new_user.update_attribute(
-                        'userPrincipalName', '{}@{}'.format(m.group(1), AD_DOMAIN))
+                        'userPrincipalName', '{}@{}'.format(m.group(1), C.AD_DOMAIN))
                 except Exception:
                     try:
                         new_user.delete()
@@ -82,11 +78,12 @@ if __name__ == '__main__':
                 try:
                     new_user.force_pwd_change_on_login()
                 except Exception as e:
-                    sys.stderr.write('Error setting password policy for user {}: {}'.format(m.group(1), e))
+                    sys.stderr.write(
+                        'Error setting password policy for user {}: {}'.format(m.group(1), e))
                 def_group = adgroup.ADGroup.from_cn(DEFAULT_GROUP)
                 def_group.add_members([new_user])
                 print('Added user {}'.format(m.group(1)))
                 time.sleep(1)
     else:
         sys.stderr.write(
-            'Unable to get members from Spark.\nMake sure the bot is part of the Spark team.\n')
+            'Unable to get members from Webex Teams.\nMake sure the bot is part of the Webex team.\n')

automation/services/AD/reset_password.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
 #
-# Copyright (c) 2017-2018  Joe Clarke <jclarke@cisco.com>
+# Copyright (c) 2017-2019  Joe Clarke <jclarke@cisco.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -32,20 +32,19 @@ from flask import request, Response, session
 from flask import Flask
 import pythoncom
 import CLEUCreds
+from cleu.config import Config as C
 
 
-AD_DN_BASE = 'cn=Users, dc=ad, dc=ciscolive, dc=network'
-AD_DOMAIN = 'ad.ciscolive.network'
-AD_DC = 'dc1-ad.ad.ciscolive.network'
+AD_DC = 'dc1-ad.' + AD_DOMAIN
 
 app = Flask('CLEU Password Reset')
 
 
 def query_user(username, password, target_user):
-    global AD_DC, AD_DN_BASE
+    global AD_DC
 
     try:
-        adcontainer.ADContainer.from_dn(AD_DN_BASE, options={
+        adcontainer.ADContainer.from_dn(C.AD_DN_BASE, options={
                                         'ldap_server': AD_DC, 'username': username, 'password': password})
     except Exception as e:
         print(e)
@@ -55,7 +54,7 @@ def query_user(username, password, target_user):
         q = adquery.ADQuery(
             options={'ldap_server': AD_DC, 'username': username, 'password': password})
         q.execute_query(attributes=['distinguishedName'], where_clause="sAMAccountName='{}'".format(
-            target_user), base_dn=AD_DN_BASE, options={'ldap_server': AD_DC, 'username': username, 'password': password})
+            target_user), base_dn=C.AD_DN_BASE, options={'ldap_server': AD_DC, 'username': username, 'password': password})
         for row in q.get_results():
             return row['distinguishedName']
     except Exception as e:
@@ -64,16 +63,18 @@ def query_user(username, password, target_user):
 
 
 def check_auth(username, password):
-    global AD_DOMAIN
-
     pythoncom.CoInitialize()
+
+    if username == C.VPN_USER or username == C.VPN_USER + '@' + C.AD_DOMAIN:
+        return False
+
     if 'dn' in session:
         return True
 
-    if not re.search(r'@{}$'.format(AD_DOMAIN), username):
-        username += '@{}'.format(AD_DOMAIN)
+    if not re.search(r'@{}$'.format(C.AD_DOMAIN), username):
+        username += '@{}'.format(C.AD_DOMAIN)
 
-    target_username = username.replace('@{}'.format(AD_DOMAIN), '')
+    target_username = username.replace('@{}'.format(C.AD_DOMAIN), '')
 
     try:
         dn = query_user(username, password, target_username)