lpmgt

package module
v0.0.0-...-66bcd6a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2017 License: MIT Imports: 16 Imported by: 0

README

lpmgt

lpmgt - A Command Line Tool that manages LastPass Enterprise using LastPass Provisioning API. This CLI helps to create/read/update/delete users/members and groups under your team/company. All outputs is in JSON format, so users can pipe the outputs using number of tools such as jq.

Setup

Prerequisite

This tool is only available to groups who contracts LastPass Enterprise API. If you meet the condition, obtain your companyID and provisioningHash from LastPass dashboard.

Mac

Windows

Source Build

$ go get github.com/moneyforward/manage_lastpass
# go install github.com/moneyforward/manage_lastpass

Usage

First, you need to set up couple of environment variables. Obtain those credentials from LastPass dashboard.

% export LASTPASS_COMPANY_ID={YOUR COMPANY ID}
% LASTPASS_APIKEY={YOUR PROVISIONING HASH from dashboard}

Or, you may rename config_ex.yaml as config.yaml and put replace relevant values.

company_id: {COMPANY_ID}
end_point_url: https://lastpass.com/enterpriseapi.php
secret: {SECRET/API_KEY}

Examples

lpmgt get groups
lpmgt get users
lpmgt get users -f non2fa
lpmgt create user <member@email.com> -d "Department" 
lpmgt create user <member@email.com> --bulk users.json
lpmgt update user transfer <member@email.com> --leave "departmentA" --join "departmentB"
lpmgt describe user <member@email.com>
lpmgt delete user <member@email.com> --mode delete
lpmgt --config config.yaml -t ASIA/TOKYO get dashboard

Limitation

One cannot create/delete/update group info because API is not prepared in LastPass

Contribution

  1. Fork
  2. Create a branch
  3. Create a PR.

License

MIT

Documentation

Index

Constants

View Source 
const (
	// LastPassFormat is a format used LastPass Provisioning API
	LastPassFormat = "2006-01-02 15:04:05"
	// LastPassTimeZone is only location acceptable to  LastPass Provisioning API
	LastPassTimeZone = "US/Eastern"
)

Variables

This section is empty.

Functions

func DieIf 

func DieIf(err error)

DieIf outputs log and exit(1) if `err` occurs.

func IndentedJSON 

func IndentedJSON(originalJSON interface{}) ([]byte, error)

IndentedJSON returns api.

func JSONBodyDecoder 

func JSONBodyDecoder(resp *http.Response, out interface{}) error

JSONBodyDecoder reads the next JSON-encoded value from its input and stores it in the value pointed to by out.

func JSONReader 

func JSONReader(v interface{}) (io.Reader, error)

JSONReader reads the value and converts it to JSON-encoded value

func LoadAPIKeyFromEnvOrConfig 

func LoadAPIKeyFromEnvOrConfig(configFile string) string

LoadAPIKeyFromEnvOrConfig returns API Key from either Env or LastPassConfig file If Env `LASTPASS_APIKEY` exists, that will be prioritized.

func LoadCompanyIDFromEnvOrConfig 

func LoadCompanyIDFromEnvOrConfig(configFile string) string

LoadCompanyIDFromEnvOrConfig returns Company ID provided by Lastpass.

func LoadEndPointURL 

func LoadEndPointURL(configFile string) string

LoadEndPointURL returns endpoint url

func Log 

func Log(prefix, message string)

Log outputs `message` with `prefix` by go-colorine

func PrintIndentedJSON 

func PrintIndentedJSON(originalJSON interface{}) error

PrintIndentedJSON output indented json via stdout.

Types

type APIResultStatus 

type APIResultStatus struct {
	Status string `json:"status,omitempty"`
	Errors string `json:"error,omitempty"`
}

APIResultStatus is a status of response from LastPass API {"status":"FAIL","error":"No such user: masayoshi.umeda@moneyforward.co.jp"}

func (*APIResultStatus) Error 

func (s *APIResultStatus) Error() error

func (*APIResultStatus) IsOK 

func (s *APIResultStatus) IsOK() bool

IsOK checks status of response from LastPass

func (*APIResultStatus) String 

func (s *APIResultStatus) String() string

type APIResultStatusForPasswordResetting 

type APIResultStatusForPasswordResetting struct {
	Status string   `json:"status,omitempty"`
	Errors []string `json:"error,omitempty"`
}

APIResultStatusForPasswordResetting has different format... {"status":"FAIL","error":["user not found: masayoshi.umeda@moneyforward.co.jp"]}

func (*APIResultStatusForPasswordResetting) Error 

func (s *APIResultStatusForPasswordResetting) Error() error

func (*APIResultStatusForPasswordResetting) String 

func (s *APIResultStatusForPasswordResetting) String() string

type DeactivationMode 

type DeactivationMode int

DeactivationMode is enum which deactivate/delete users 

const (
	// Deactivate deactivates user
	Deactivate DeactivationMode = iota
	// Remove removes user from Org
	Remove
	// Delete deletes user account (completely)
	Delete
)

type Event 

type Event struct {
	Time      time.Time `json:"JSONTime"`
	Username  string    `json:"Username,omitempty"`
	IPAddress string    `json:"IP_Address,omitempty"`
	Action    string    `json:"Action,omitempty"`
	Data      string    `json:"Data,omitempty"`
	ID        string    `json:"ID,omitempty"`
}

Event represents event data in LastPass

func (Event) IsAuditEvent 

func (e Event) IsAuditEvent() bool

IsAuditEvent checks whether Event is one to be audited.

func (*Event) String 

func (e *Event) String(timezone *time.Location) string

func (*Event) UnmarshalJSON 

func (e *Event) UnmarshalJSON(b []byte) error

UnmarshalJSON is written because it has a value(time) in a special format.

type EventService 

type EventService struct {
	// contains filtered or unexported fields
}

EventService is a service class that handles event objects in LastPass.

func NewEventService 

func NewEventService(client *LastPassClient) (s *EventService)

NewEventService creates a new EventService

func (*EventService) GetAPIEventReports 

func (s *EventService) GetAPIEventReports(from, to JSONLastPassTime) (*Events, error)

GetAPIEventReports retrieves events triggered by API. We first call s.GetEventReport("api", "", from, to) will return error "Please select a valid user."

func (*EventService) GetAllEventReports 

func (s *EventService) GetAllEventReports(from, to JSONLastPassTime) (*Events, error)

GetAllEventReports fetches event of all users in certain period of time. Filtering is also available by setting search string.

func (*EventService) GetEventReport 

func (s *EventService) GetEventReport(username, search string, from, to JSONLastPassTime) (*Events, error)

GetEventReport fetches event of an user in certain period of time. Filtering is also available by setting search string.

type Events 

type Events struct {
	Events []Event `json:"events"`
}

Events structure represents LastPass events.

func (*Events) ConvertTimezone 

func (es *Events) ConvertTimezone(timezone *time.Location)

ConvertTimezone overwrite events in new timezone.

func (*Events) GetUserEvents 

func (es *Events) GetUserEvents(username string) *Events

GetUserEvents get events from users

type FolderService 

type FolderService struct {
	// contains filtered or unexported fields
}

FolderService is a service class that handles folder objects in LastPass.

func NewFolderService 

func NewFolderService(client *LastPassClient) (s *FolderService)

NewFolderService creates a new NewFolderService

func (*FolderService) GetSharedFolders 

func (s *FolderService) GetSharedFolders() ([]SharedFolder, error)

GetSharedFolders returns a JSON object containing information on all Shared Folders in the enterprise and the permissions granted to them. # Request 

{
	"cid": "8771312",
	"provhash": "<Your API secret>",
    "cmd": "getsfdata"
}

Response 

{
    "101": {
        "sharedfoldername": "ThisSFName",
        "score": 99,
        "users": [
            {
                "username": "joe.user@lastpass.com",
                "readonly": 0,
                "give": 1,
                "can_administer": 1
            },
            {
                "username": "jane.user@lastpass.com",
                "readonly": 1,
                "give": 0,
                "can_administer": 0
            }
        ]
    }
}

type JSONLastPassTime 

type JSONLastPassTime struct {
	JSONTime time.Time
}

JSONLastPassTime is a golang structure used in LastPass

func (JSONLastPassTime) Format 

func (j JSONLastPassTime) Format() string

Format returns a textual representation of the time value formatted in LastPass Format

func (JSONLastPassTime) MarshalJSON 

func (j JSONLastPassTime) MarshalJSON() ([]byte, error)

MarshalJSON encodes golang structure into json format

type LastPassClient 

type LastPassClient struct {
	URL       *url.URL
	APIKey    string
	Verbose   bool
	UserAgent string
	Logger    *log.Logger
	Headers   http.Header
	CompanyID string
}

LastPassClient is a Client that

func NewClient 

func NewClient(apiKey, endpointURL, companyID string, verbose bool) (*LastPassClient, error)

NewClient returns a general Client structure.

func NewLastPassClient 

func NewLastPassClient(configFilePath string) (*LastPassClient, error)

NewLastPassClient returns LastPass Client from confFile

func (*LastPassClient) DoRequest 

func (c *LastPassClient) DoRequest(command string, payload interface{}) (*http.Response, error)

DoRequest executes LastPass specific request in JSON format and returns http Response

type LastPassConfig 

type LastPassConfig struct {
	CompanyID string `yaml:"company_id"`
	EndPoint  string `yaml:"end_point_url"`
	Secret    string `yaml:"secret"` // API Key
	TimeZone  string `yaml:"timezone,omitempty"`
}

LastPassConfig is config structure for LastPass

func LoadConfig 

func LoadConfig(configFile string) (*LastPassConfig, error)

LoadConfig loads config file in YAML format.

type Service 

type Service interface {
	DoRequest() (*http.Response, error)
}

Service is the interface that executes business logic

type SharedFolder 

type SharedFolder struct {
	ShareFolderName string  `json:"sharedfoldername"`
	Score           float32 `json:"score"`
	Users           []User  `json:"users"`
}

SharedFolder is a LastPass Object in which users share accounts.

type User 

type User struct {
	UserName               string   `json:"username"`
	FullName               string   `json:"fullname,omitempty"`
	MasterPasswordStrength string   `json:"mpstrength,omitempty"`
	Created                string   `json:"created,omitempty"`
	LastPasswordChange     string   `json:"last_pw_change,omitempty"`
	LastLogin              string   `json:"lastlogin,omitempty"`
	Disabled               bool     `json:"disabled,omitempty"`
	NeverLoggedIn          bool     `json:"neverloggedin,omitempty"`
	LinkedAccount          string   `json:"linked,omitempty"`
	NumberOfSites          float64  `json:"sites,omitempty"`
	NumberOfNotes          float64  `json:"notes,omitempty"`
	NumberOfFormFills      float64  `json:"formfills,omitempty"`
	NumberOfApplications   float64  `json:"applications,omitempty"`
	NumberOfAttachments    float64  `json:"attachment,omitempty"`
	Groups                 []string `json:"groups,omitempty"`
	Readonly               string   `json:"readonly,omitempty"`       // ShareFolderの設定に利用. BoolでもなくIntでもない...
	Give                   string   `json:"give,omitempty"`           // ShareFolderの設定に利用
	CanAdminister          string   `json:"can_administer,omitempty"` // ShareFolderの設定に利用
	IsAdmin                bool     `json:"admin,omitempty"`
	Duousername            string   `json:"duousername,omitempty"`
	LastPwChange           string   `json:"last_pw_change,omitempty"`
	Mpstrength             string   `json:"mpstrength,omitempty"`
	Multifactor            string   `json:"multifactor,omitempty"`
}

User is a structure

type UserService 

type UserService struct {
	// contains filtered or unexported fields
}

UserService is a service class that sends a request to LastPass provisioning API.

func NewUserService 

func NewUserService(client *LastPassClient) (s *UserService)

NewUserService creates a new UserService

func (*UserService) BatchAdd 

func (s *UserService) BatchAdd(users []User) error

BatchAdd - add users.

func (*UserService) DeleteUser 

func (s *UserService) DeleteUser(name string, mode DeactivationMode) error

DeleteUser - delete individual users.

0 - Deactivate user. This blocks logins but retains data and enterprise membership 1 - Remove user. This removed the user from the enterprise but otherwise keeps the account itself active. 2 - Delete user. This will delete the account entirely.

func (*UserService) DisableMultifactor 

func (s *UserService) DisableMultifactor(username string) (*APIResultStatus, error)

DisableMultifactor disables multifactor setting of user

func (*UserService) GetAdminUserData 

func (s *UserService) GetAdminUserData() ([]User, error)

GetAdminUserData gets admin users

func (*UserService) GetAllUsers 

func (s *UserService) GetAllUsers() ([]User, error)

GetAllUsers simply retrieves all users

func (*UserService) GetDisabledUsers 

func (s *UserService) GetDisabledUsers() ([]User, error)

GetDisabledUsers gets Deactivated user(Deleted user in mode 0)

func (*UserService) GetInactiveUsers 

func (s *UserService) GetInactiveUsers() ([]User, error)

GetInactiveUsers is Deactivated user(Deleted user in mode 0)

func (*UserService) GetNon2faUsers 

func (s *UserService) GetNon2faUsers() ([]User, error)

GetNon2faUsers retrieves users without 2 factor authentication setting.

func (*UserService) GetUserData 

func (s *UserService) GetUserData(userName string) (user User, err error)

GetUserData gets information on users enterprise. Request 

{
  "cid": "8771312",
  "provhash": "<Your API secret>",
  "cmd": "getuserdata",
  "data": {
      "username": "user1@lastpass.com" // This can be either UserName, disabled, or admin
  }
}

Response 

  {
    "Users": {
        "101": {
            "username": "user1@lastpass.com",
            "fullname": "Ned Flanders",
            "mpstrength": "100",
            "created": "2014-03-12 10:02:56",
            "last_pw_change": "2015-05-19 10:58:33",
            "last_login": "2015-05-29 11:45:05",
            "disabled": false,
            "neverloggedin": false,
            "linked": "personal.account@mydomain.com",
            "sites": 72,
            "notes": 19,
            "formfills": 2,
            "applications": 0,
            "attachments": 1,
            "groups": [
                "Domain Admins",
                "Dev Team",
                "Support Team"
            ]
        }
    },
    "Groups": {
        "Domain Admins": [
            "user1@lastpass.com"
        ],
        "Dev Team": [
            "user1@lastpass.com"
        ],
        "Support Team": [
            "user1@lastpass.com"
        ]
    }
}

func (*UserService) ResetPassword 

func (s *UserService) ResetPassword(username string) (*APIResultStatusForPasswordResetting, error)

ResetPassword reset password for the user

func (*UserService) UpdateUser 

func (s *UserService) UpdateUser(user User) error

UpdateUser updates user's info.

Source Files

View all Source files

Directories

Path Synopsis
cmd
lpmgt

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.