|
|
@@ -1,4 +1,4 @@
|
|
|
-#!/usr/bin/env python
|
|
|
+#!/usr/bin/env python3
|
|
|
"""
|
|
|
Makes the Okta groups and group rules needed to support the Okta + AWS integration.
|
|
|
A master group has a group rule associated with it. The group rule auto-assigns
|
|
|
@@ -24,6 +24,7 @@ from requests.auth import AuthBase
|
|
|
LOGLEVEL = logging.DEBUG
|
|
|
API_URL = 'https://mdr-multipass.okta.com'
|
|
|
API_KEY = os.environ.get('OKTA_API_TOKEN')
|
|
|
+
|
|
|
MASTER_GROUPS = [
|
|
|
|
|
|
{
|
|
|
@@ -33,8 +34,11 @@ MASTER_GROUPS = [
|
|
|
{
|
|
|
'group_name': 'AWS - Cyber Range / A&I',
|
|
|
'subgroup_regex': r'^aws(?:-us-gov)?#afs-mdr-common-services(?:-gov)?#mdr_developer_readonly#\d+$'
|
|
|
- }
|
|
|
-
|
|
|
+ },
|
|
|
+ {
|
|
|
+ 'group_name': 'AWS - Feed Management',
|
|
|
+ 'subgroup_regex': r'^aws(?:-us-gov)?#afs-mdr-common-services(?:-gov)?#mdr_feedmgmt_readonly#\d+$'
|
|
|
+ },
|
|
|
]
|
|
|
|
|
|
class OktaAuth(AuthBase):
|
|
|
@@ -56,6 +60,10 @@ def main(args):
|
|
|
level=LOGLEVEL,
|
|
|
format='%(asctime)s %(levelname)s %(funcName)s %(message)s')
|
|
|
|
|
|
+ if API_KEY is None:
|
|
|
+ logging.fatal("No OKTA_API_TOKEN environment variable set")
|
|
|
+ return 1
|
|
|
+
|
|
|
for group in MASTER_GROUPS:
|
|
|
process_group(group)
|
|
|
|
Duane Waddle