@@ -508,7 +508,7 @@ def resync_users(self, user_ids):
508508 raise Exception (response .text )
509509
510510 def create_or_get_manage_api_key_for_user (self , user_id ):
511- self .logger .info (f"Attempting to create Manage API Key for user { user_id } )
511+ self .logger .debug (f"Attempting to create Manage API Key for user { user_id } )
512512 url = f"{ self .manage_api_url_internal }
513513 querystring = {
514514 "ccm" : 1 ,
@@ -545,7 +545,9 @@ def create_or_get_manage_api_key_for_user(self, user_id):
545545 # any other 400 error is unexpected
546546 raise Exception (response .text )
547547
548- elif response .status_code != 201 :
548+ elif response .status_code == 201 :
549+ self .logger .info (f"Creating new Manage API Key for user { user_id } )
550+ else :
549551 # any other status code is unexpected
550552 raise Exception (response .text )
551553
@@ -580,7 +582,6 @@ def get_manage_api_key_for_user(self, user_id):
580582 headers = {
581583 "Accept" : "application/json" ,
582584 }
583- self .logger .debug (f" > { url } { querystring } )
584585
585586 response = requests .get (
586587 url ,
@@ -589,16 +590,16 @@ def get_manage_api_key_for_user(self, user_id):
589590 verify = self .manage_internal_ca_pem_file_path ,
590591 cert = self .manage_internal_client_pem_file_path
591592 )
592- self .logger .debug (f" < { response .status_code } )
593- if response .status_code != 200 :
594- raise Exception (response .text )
595593
596- json = response .json ()
594+ if response .status_code == 200 :
595+ json = response .json ()
597596
598- if "member" in json and len (json ["member" ]) > 0 :
599- return json ["member" ][0 ]
597+ if "member" in json and len (json ["member" ]) > 0 :
598+ return json ["member" ][0 ]
600599
601- return None
600+ return None
601+
602+ raise Exception (response .text )
602603
603604 def delete_manage_api_key (self , manage_api_key ):
604605 self .logger .info (f"Deleting Manage API Key for user { manage_api_key ['userid' ]} )
@@ -637,7 +638,7 @@ def get_manage_group_id(self, group_name):
637638 querystring = {
638639 "ccm" : 1 ,
639640 "lean" : 1 ,
640- "oslc.select" : "* " ,
641+ "oslc.select" : "maxgroupid " ,
641642 "oslc.where" : f"groupname=\" { group_name } \" " ,
642643 }
643644 headers = {
@@ -663,10 +664,42 @@ def get_manage_group_id(self, group_name):
663664
664665 return None
665666
667+ def is_user_in_manage_group (self , group_name , user_id ):
668+
669+ group_id = self .get_manage_group_id (group_name )
670+
671+ url = f"{ self .manage_api_url_internal } { group_id }
672+ querystring = {
673+ "lean" : 1 ,
674+ "oslc.where" : f"userid=\" { user_id } \" " ,
675+ }
676+ headers = {
677+ "Accept" : "application/json" ,
678+ "apikey" : self .manage_maxadmin_api_key ["apikey" ], # <--- careful, don't log headers as-is (apikey is sensitive)
679+ }
680+
681+ response = requests .get (
682+ url ,
683+ headers = headers ,
684+ params = querystring ,
685+ verify = self .manage_internal_ca_pem_file_path ,
686+ )
687+
688+ if response .status_code == 200 :
689+ json = response .json ()
690+ return "member" in json and len (json ["member" ]) > 0
691+
692+ raise Exception (f"{ response .status_code } { response .text } )
693+
666694 def add_user_to_manage_group (self , user_id , group_name ):
667695 '''
668- TODO: idempotency
696+ No-op if user_id is already a member of the manage security group
669697 '''
698+
699+ if self .is_user_in_manage_group (group_name , user_id ):
700+ self .logger .info (f"User { user_id } { group_name } )
701+ return None
702+
670703 self .logger .info (f"Adding user { user_id } { group_name } )
671704
672705 group_id = self .get_manage_group_id (group_name )
@@ -905,5 +938,5 @@ def create_initial_user_for_saas(self, user, user_type):
905938 for mas_application_id in mas_application_ids :
906939 self .check_user_sync (user_id , mas_application_id )
907940
908- # if "manage" in mas_application_ids:
909- # self.add_user_to_manage_group(user_id, "MAXADMIN")
941+ if "manage" in mas_application_ids :
942+ self .add_user_to_manage_group (user_id , "MAXADMIN" )
0 commit comments