public static void DeleteGroupById(string id) { var client = DatabricksClientOps.GetOrCreate(); client.Delete(new DeleteGroupRequest() { id = id }); }
static void Main(string[] args) { #region Read Configurations from AppSettings // Please update the App.config for the required app settings var databricksUri = ConfigurationManager.AppSettings["DATABRICKS_URI"]; var databricksToken = ConfigurationManager.AppSettings["DATABRICKS_TOKEN"]; var msadLDAPUri = ConfigurationManager.AppSettings["MSAD_LDAP_URI"]; // Security Group that members need sync with Databricks Workspace var msadSGDN = ConfigurationManager.AppSettings["MSAD_SECURITY_GROUP_DN"]; // Additional Permission validation Security Group var msadPermissionSGDN = ConfigurationManager.AppSettings["MSAD_PERMISSION_SECURITY_GROUP_DN"]; // Please update the App.config to enable/disable Remove or Add var enableRemove = ConfigurationManager.AppSettings["ENABLE_REMOVE"]; enableRemove = enableRemove.Trim().ToUpper(); var enableAdd = ConfigurationManager.AppSettings["ENABLE_ADD"]; enableAdd = enableAdd.Trim().ToUpper(); #endregion #region Primary Logic Blocks Console.WriteLine("Execution Start for SG {0}", msadSGDN); int exitCode = 0; int addedCounter = 0; int removedCounter = 0; Dictionary <string, string> databricksAccounts = new Dictionary <string, string>(); Dictionary <string, string> securityGroupAccounts = new Dictionary <string, string>(); Dictionary <string, string> needRemoveAccounts = new Dictionary <string, string>(); List <string> needAddAccounts = new List <string>(); try { // Init LDAP Directory Root var directoryRoot = new DirectoryEntry(msadLDAPUri); directoryRoot.AuthenticationType = AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer; // Search SG's Members var sGSearcher = new DirectorySearcher(directoryRoot, string.Format("(distinguishedName={0})", msadSGDN)); sGSearcher.ReferralChasing = ReferralChasingOption.All; sGSearcher.PropertiesToLoad.AddRange(new[] { "member", "member;range=0-1499" }); sGSearcher.SizeLimit = 1; var sGSearchResult = sGSearcher.FindOne(); if (sGSearchResult != null) { var sGEntry = sGSearchResult.GetDirectoryEntry(); var sGMemberList = sGEntry.ReadPropertiesOrDefault <string>("member"); var sGMemberExtraList = sGEntry.ReadPropertiesOrDefault <string>("member;range=0-1499"); var allMembers = sGMemberList.Union(sGMemberExtraList); foreach (var sGMember in allMembers) { Console.WriteLine("Search {0}'s memberOf info.", sGMember); // Search current Memeber's MemberOf info var sGMemberSearcher = new DirectorySearcher(directoryRoot, string.Format("(distinguishedName={0})", sGMember)); sGMemberSearcher.ReferralChasing = ReferralChasingOption.All; sGMemberSearcher.PropertiesToLoad.AddRange(new[] { "memberOf", "userPrincipalName", "userAccountControl" }); sGMemberSearcher.SizeLimit = 1; var sGMemberSearchResult = sGMemberSearcher.FindOne(); if (sGMemberSearchResult != null) { var sGMemberEntry = sGMemberSearchResult.GetDirectoryEntry(); var sGMemberUserAccoutControl = sGMemberEntry.ReadPropertyOrDefault <int>("userAccountControl", -1); var sGMemberMemberOf = sGMemberEntry.ReadPropertiesOrDefault <string>("memberOf"); var sGMemberUserPrincipalName = sGMemberEntry.ReadPropertyOrDefault <string>("userPrincipalName", string.Empty); if (string.IsNullOrWhiteSpace(sGMemberUserPrincipalName)) { Console.WriteLine("Fail to found userPrincipalName !!!"); } else { Console.WriteLine("Processing {0}", sGMemberUserPrincipalName); if (sGMemberUserAccoutControl != -1) { if ((sGMemberUserAccoutControl & UserAccountControl.NORMAL_ACCOUNT) == UserAccountControl.NORMAL_ACCOUNT) // Check if it is normal account { if (sGMemberMemberOf.Any(row => string.Compare(row, msadPermissionSGDN, true) == 0)) // Check if belongs to permission SG { if ((sGMemberUserAccoutControl & UserAccountControl.ACCOUNTDISABLE) == UserAccountControl.ACCOUNTDISABLE) // Disabled account { /* * Some AD environment may contains mapped accounts that all permission mamanged by one disabled account but user uses its mapped account for login * E.g. [email protected] --> [email protected], tom uses [email protected] to login but most of his permission managed by [email protected] (Marked as Disabled in AD) in AD. */ Console.WriteLine("Account been disabled, you may need search for mapped account in different domain !!!"); } else { securityGroupAccounts.Add(sGMember, sGMemberUserPrincipalName); Console.WriteLine("Found {0} - {1} from member", sGMemberUserPrincipalName, sGMember); } } else { Console.WriteLine("Not member of permission SG !!!"); } } else { Console.WriteLine("UserAccountControl {0} indicate not NORMAL_ACCOUNT !!!", sGMemberUserAccoutControl); } } else { Console.WriteLine("Faile to found the userAccountControl flag !!!"); } } } else { Console.WriteLine("Fail to found !!!"); } } } DatabricksClientOps.GetOrCreate(databricksUri, databricksToken); var databricksUsers = ScimOps.GetUsers(); foreach (var databricksUser in databricksUsers.Resources) { Console.WriteLine("Check existing account {0}", databricksUser.userName); var accountInSecurityGroupSearchResults = securityGroupAccounts.Where(row => string.Compare(row.Value, databricksUser.userName, true) == 0); if (accountInSecurityGroupSearchResults.Count() == 1) { databricksAccounts.Add(accountInSecurityGroupSearchResults.First().Key, databricksUser.userName); Console.WriteLine("Keep Account"); } else { needRemoveAccounts.Add(databricksUser.userName, databricksUser.id); Console.WriteLine("Need Remove Account"); } } foreach (var securityGroupAccount in securityGroupAccounts) { if (!databricksAccounts.ContainsKey(securityGroupAccount.Key)) { needAddAccounts.Add(securityGroupAccount.Value); Console.WriteLine("Need Add {0}", securityGroupAccount.Value); } } foreach (var needAddAccount in needAddAccounts) { if (enableAdd == "TRUE") { var targetUser = ScimOps.CreateUser(new CreateUserRequest() { schemas = new List <string>() { ScimOps.SCHEMA_SCIM_2_0_USER }, userName = needAddAccount }); Console.WriteLine("{0} added as id {1}", needAddAccount, targetUser.id); addedCounter++; } else { Console.WriteLine("{0} add skipped"); } } foreach (var needRemoveAccount in needRemoveAccounts) { if (enableRemove == "TRUE") { ScimOps.DeleteUserById(needRemoveAccount.Value); Console.WriteLine("{0} removed as id {1}", needRemoveAccount.Key, needRemoveAccount.Value); removedCounter++; } else { Console.WriteLine("{0} remove skipped", needRemoveAccount.Key); } } } catch (Exception ex) { Console.WriteLine(ex); exitCode = -1; } Console.WriteLine("Final Exit Code {0}", exitCode); Environment.Exit(exitCode); #endregion }
public static GroupRecord CreateGroup(CreateGroupRequest request) { var client = DatabricksClientOps.GetOrCreate(); return(client.Post <GroupRecord>(request)); }
public static GroupRecord PatchGroupById(PatchGroupRequest request) { var client = DatabricksClientOps.GetOrCreate(); return(client.Patch <GroupRecord>(request)); }
public static GroupRecord GetGroupById(string id) { var client = DatabricksClientOps.GetOrCreate(); return(client.Get <GroupRecord>(string.Format("2.0/preview/scim/v2/Groups/{0}", id))); }
public static GetGroupsResponse GetGroups() { var client = DatabricksClientOps.GetOrCreate(); return(client.Get <GetGroupsResponse>("2.0/preview/scim/v2/Groups")); }
public static UserRecord PatchUserById(PatchUserRequest request) { var client = DatabricksClientOps.GetOrCreate(); return(client.Patch <UserRecord>(request)); }
public static UserRecord CreateUser(CreateUserRequest request) { var client = DatabricksClientOps.GetOrCreate(); return(client.Post <UserRecord>(request)); }
public static UserRecord GetUserById(string id) { var client = DatabricksClientOps.GetOrCreate(); return(client.Get <UserRecord>(string.Format("2.0/preview/scim/v2/Users/{0}", id))); }