From f2ba1433fbb7e2834bbad113180562e43bd837ce Mon Sep 17 00:00:00 2001 From: Noah Date: Wed, 24 Jul 2024 18:11:29 -0500 Subject: [PATCH] Adding KAPPA 1.0.3 --- helpers/configs.py | 11 ++++++++++- helpers/utils.py | 10 ++++++---- setup.command | 14 +++++++++++--- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/helpers/configs.py b/helpers/configs.py index e03a33f..c83fff7 100755 --- a/helpers/configs.py +++ b/helpers/configs.py @@ -219,7 +219,9 @@ def name_to_id(ss_name, ss_type): category.get("id") for category in self.self_service if category.get("name") == ss_name ) except StopIteration: - self.output(f"WARNING: Provided category '{ss_name}' not found in Self Service!") if ss_name is not None else None + self.output( + f"WARNING: Provided category '{ss_name}' not found in Self Service!" + ) if ss_name is not None else None try: # Set category id to default (None check performed later) ss_assignment = ( @@ -291,6 +293,13 @@ def _set_kandji_config(self): # Grab auth token for Kandji API interactions self.kandji_token = self._retrieve_token(self.kandji_token_name) + if self.kandji_token is None: + self.output( + f"ERROR: Could not retrieve token value from key {self.kandji_token_name}! Run 'setup.command' and try again" + ) + raise ProcessorError( + f"ERROR: Could not retrieve token value from key {self.kandji_token_name}! Run 'setup.command' and try again" + ) #################################### ######### PUBLIC FUNCTIONS ######### diff --git a/helpers/utils.py b/helpers/utils.py index 013b2cb..4e33152 100755 --- a/helpers/utils.py +++ b/helpers/utils.py @@ -166,7 +166,7 @@ def _validate_curl_response(self, http_code, response, action): self.output( f"Assignment for 'action' must be one of [get|get_selfservice|presign|upload|create|update]; got '{action}'" ) - return False + raise ProcessorError(f"Assignment for 'action' must be one of [get|get_selfservice|presign|upload|create|update]; got '{action}'") return True elif http_code == 503 and (action.lower() == "update" or "create"): self.output(f"WARNING: (HTTP {http_code}): {response.get('detail')}\nRetrying in five seconds...") @@ -181,14 +181,16 @@ def _validate_curl_response(self, http_code, response, action): else: error_body = f"`{self.custom_app_name}`/`{self.pkg_name}` failed to {action}: `{response}`" if http_code == 401: - error_body += "\nValidate token is set/permissions and try again" + error_body += "\nValidate token is set and try again" + elif http_code == 403: + error_body += "\nValidate token permissions and try again" self.output(f"ERROR: Failed to {action.capitalize()} Custom App (HTTP {http_code})\n{error_body}") self.slack_notify( "ERROR", f"Failed to {action.capitalize()} Custom App (HTTP {http_code})", f"{error_body}", ) - return False + raise ProcessorError(f"ERROR: Failed to {action.capitalize()} Custom App (HTTP {http_code})\n{error_body}") ###################### # Audit Script Funcs @@ -200,7 +202,7 @@ def _customize_audit_for_upload(self): Searches for our keys and updates them with assigned vals Creates a backup file before modification""" epoch_now = datetime.now().strftime("%s") - with FileInput(files=self.audit_script_path, inplace=True, backup=".bak") as f: + with FileInput(files=self.audit_script_path, inplace=True, backup=".bak", encoding="utf-8") as f: for line in f: line = line.rstrip() # noqa: PLW2901 if "APP_NAME=" in line and hasattr(self, "app_name") and self.app_name is not None: diff --git a/setup.command b/setup.command index 7304a79..c11a291 100755 --- a/setup.command +++ b/setup.command @@ -67,7 +67,7 @@ config_file="${abs_dir}/${config_name}" kandji_api_re='^[A-Za-z0-9]+\.api(\.eu)?\.kandji\.io$' # xdigit is an RE pattern match for valid hex chars kandji_token_re='[[:xdigit:]]{8}(-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}' -slack_webhook_re='https://hooks.slack.com/services/[[:alnum:]]{9}/[[:alnum:]]{11}/[[:alnum:]]{24}' +slack_webhook_re='https://hooks.slack.com/services/[[:alnum:]]{9,11}/[[:alnum:]]{11}/[[:alnum:]]{24}' # Get login keychain for user user_keychain_path=$(security login-keychain | xargs) @@ -467,8 +467,16 @@ function check_store_env() { else dotfile_name=".profile" fi + dotfile_path="/Users/${user}/${dotfile_name}" + # Export token, write to dotfile + if grep -q "export ${token_name}=" "${dotfile_path}"; then + # Update existing token value if present + sed -i '' "s|export ${token_name}=.*|export ${token_name}=${BEARER_TOKEN}|g" "${dotfile_path}" + else + echo "export ${token_name}=${BEARER_TOKEN}" >> "${dotfile_path}" + fi # shellcheck disable=SC1090 - echo "export ${token_name}=${BEARER_TOKEN}" >> "/Users/${user}/${dotfile_name}" && source "/Users/${user}/${dotfile_name}" + source "${dotfile_path}" check_store_env fi else @@ -521,7 +529,7 @@ function check_store_keychain() { prompt_for_secret "${token_type}" echo "\n$(date +'%r') : Adding token to login keychain" echo "$(date +'%r') : Enter your password if prompted to unlock keychain" - if ! security unlock-keychain -u; then + if ! security unlock-keychain -u ${user_keychain_path}; then echo "$(date +'%r') : ERROR: Unable to unlock keychain; exiting" exit 1 fi