vprasanth87/azureScripted.py

## azureScripted.py
from commonAuth import *
import requests
import json
requests.packages.urllib3.disable_warnings()

# If Azure is your identity provider, you can use this script to extract Security Assertion
# Markup Language (SAML) user information as an alternative to using SAML attribute
# query requests (AQR) which Azure does not support.
#
# You can provide your Azure API key credentials in the authentication.conf file and use
# the Azure API to extract user information. In authentication.conf, configure the
# 'scriptSecureArguments' setting to "azureKey:<your Azure API key>". For example:
#
# scriptSecureArguments = azureKey:<your Azure API key string>
#
# After you restart the Splunk platform, the platform encrypts your Azure credentials.
# For more information about Splunk platform configuration files, search the
# Splunk documentation for "about configuration files".

USER_ENDPOINT = 'https://graph.microsoft.com/v1.0/users/'

def getUserInfo(args):
        token_url = "https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token"

        client_id = '${AZURE_SPLUNK_SSO_APP_ID}'
        client_secret = '{AZURE_SSO_APP_API_KEY}'
        scope = 'https://graph.microsoft.com/.default'
        grant_type = 'client_credentials'

        payload = {'client_id': client_id, 'scope': scope, 'client_secret': client_secret, 'grant_type': 'client_credentials'}
        headers = {'Content-Type': 'application/x-www-form-urlencoded'}

        access_token_response = requests.post(token_url, data=payload, verify=False, allow_redirects=False, headers=headers)

        #print(access_token_response.headers)
        #print(access_token_response.text)

        tokens = json.loads(access_token_response.text)

        #print("access token: " + tokens['access_token'])
        API_KEY_HEADER = 'Bearer ' + tokens['access_token']
        AZURE_HEADERS = {'Authorization' : API_KEY_HEADER}

        realNameStr = ''
        # Assuming the username passed in is in the form of an email address corresponding
        # to the Azure user.
        usernameStr = args['username']
        objectId = ''
        fullString = ''
        rolesString = ''

        # Unable to append the username to users endpoint to gather user info, so get
        # all users, search for the username, and map this username to other user fields.
        # Operating under the assumption that the object id of a user needs to be appended
        # to the user endpoint in order to obtain information for the user.
        USER_ENDPOINT_USERNAME = USER_ENDPOINT + usernameStr
        print(USER_ENDPOINT_USERNAME)
        userResponse = requests.request('GET', USER_ENDPOINT_USERNAME, headers=AZURE_HEADERS, verify=False)
        print(userResponse.status_code)
        if userResponse.status_code != 200:
                print(FAILED)
                return

        # Assuming the username is the email for a user.
        userResponse_dictionary = userResponse.json()
        #print(userResponse_dictionary)

        #if userResponse_dictionary['userPrincipalName'] == usernameStr:
        objectId = userResponse_dictionary['id']
        #print(userResponse_dictionary['id'])
        realNameStr = userResponse_dictionary['displayName']
        #print(userResponse_dictionary['displayName'])
        #break

        # Construct a groups endpoint with the user's object ID
        groupsEndpoint = USER_ENDPOINT + objectId + '/memberOf'
        print(groupsEndpoint)
        groupsResponse = requests.request('GET', groupsEndpoint, headers=AZURE_HEADERS, verify=False)
        print(groupsResponse.status_code)
        if groupsResponse.status_code != 200:
                print(FAILED)
                return

        groupsResponse_dictonary = groupsResponse.json()
        #print(groupsResponse_dictonary)

        # Returning the display Name associated with each group the user is a part of
        for item in groupsResponse_dictonary['value']:
                rolesString += item['id']
                if item != groupsResponse_dictonary['value'][-1]:
                        rolesString += ':'

        fullString += SUCCESS + ' ' + '--userInfo=' + usernameStr + ';' + realNameStr + ';' + rolesString
        print(fullString)

if __name__ == "__main__":
        callName = sys.argv[1]
        dictIn = readInputs()

        if callName == "getUserInfo":
                getUserInfo(dictIn)
	from commonAuth import *
	import requests
	import json
	requests.packages.urllib3.disable_warnings()

	# If Azure is your identity provider, you can use this script to extract Security Assertion
	# Markup Language (SAML) user information as an alternative to using SAML attribute
	# query requests (AQR) which Azure does not support.
	#
	# You can provide your Azure API key credentials in the authentication.conf file and use
	# the Azure API to extract user information. In authentication.conf, configure the
	# 'scriptSecureArguments' setting to "azureKey:<your Azure API key>". For example:
	#
	# scriptSecureArguments = azureKey:<your Azure API key string>
	#
	# After you restart the Splunk platform, the platform encrypts your Azure credentials.
	# For more information about Splunk platform configuration files, search the
	# Splunk documentation for "about configuration files".

	USER_ENDPOINT = 'https://graph.microsoft.com/v1.0/users/'

	def getUserInfo(args):
	token_url = "https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token"

	client_id = '${AZURE_SPLUNK_SSO_APP_ID}'
	client_secret = '{AZURE_SSO_APP_API_KEY}'
	scope = 'https://graph.microsoft.com/.default'
	grant_type = 'client_credentials'

	payload = {'client_id': client_id, 'scope': scope, 'client_secret': client_secret, 'grant_type': 'client_credentials'}
	headers = {'Content-Type': 'application/x-www-form-urlencoded'}

	access_token_response = requests.post(token_url, data=payload, verify=False, allow_redirects=False, headers=headers)

	#print(access_token_response.headers)
	#print(access_token_response.text)

	tokens = json.loads(access_token_response.text)

	#print("access token: " + tokens['access_token'])
	API_KEY_HEADER = 'Bearer ' + tokens['access_token']
	AZURE_HEADERS = {'Authorization' : API_KEY_HEADER}

	realNameStr = ''
	# Assuming the username passed in is in the form of an email address corresponding
	# to the Azure user.
	usernameStr = args['username']
	objectId = ''
	fullString = ''
	rolesString = ''

	# Unable to append the username to users endpoint to gather user info, so get
	# all users, search for the username, and map this username to other user fields.
	# Operating under the assumption that the object id of a user needs to be appended
	# to the user endpoint in order to obtain information for the user.
	USER_ENDPOINT_USERNAME = USER_ENDPOINT + usernameStr
	print(USER_ENDPOINT_USERNAME)
	userResponse = requests.request('GET', USER_ENDPOINT_USERNAME, headers=AZURE_HEADERS, verify=False)
	print(userResponse.status_code)
	if userResponse.status_code != 200:
	print(FAILED)
	return

	# Assuming the username is the email for a user.
	userResponse_dictionary = userResponse.json()
	#print(userResponse_dictionary)

	#if userResponse_dictionary['userPrincipalName'] == usernameStr:
	objectId = userResponse_dictionary['id']
	#print(userResponse_dictionary['id'])
	realNameStr = userResponse_dictionary['displayName']
	#print(userResponse_dictionary['displayName'])
	#break

	# Construct a groups endpoint with the user's object ID
	groupsEndpoint = USER_ENDPOINT + objectId + '/memberOf'
	print(groupsEndpoint)
	groupsResponse = requests.request('GET', groupsEndpoint, headers=AZURE_HEADERS, verify=False)
	print(groupsResponse.status_code)
	if groupsResponse.status_code != 200:
	print(FAILED)
	return

	groupsResponse_dictonary = groupsResponse.json()
	#print(groupsResponse_dictonary)

	# Returning the display Name associated with each group the user is a part of
	for item in groupsResponse_dictonary['value']:
	rolesString += item['id']
	if item != groupsResponse_dictonary['value'][-1]:
	rolesString += ':'

	fullString += SUCCESS + ' ' + '--userInfo=' + usernameStr + ';' + realNameStr + ';' + rolesString
	print(fullString)

	if __name__ == "__main__":
	callName = sys.argv[1]
	dictIn = readInputs()

	if callName == "getUserInfo":
	getUserInfo(dictIn)