Merge pull request #5385 from bcgov/feat/5124

golebu2020 · web-flow · commit a3288d892446 · 2025-04-09T11:34:55.000-07:00
Feat/5124
diff --git a/helm/tools/dags/_msgraph.py b/helm/tools/dags/_msgraph.py
@@ -0,0 +1,54 @@
+import requests
+from urllib.parse import quote
+
+
+class MsGraph:
+    def __init__(self, tenant_id, client_id, client_secret):
+        self.tenant_id = tenant_id
+        self.client_id = client_id
+        self.client_secret = client_secret
+        self.token_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
+        self.scope = "https://graph.microsoft.com/.default"
+        self.access_token = self._get_access_token()
+        self.extension_attribute = "extension_85cc52e9286540fcb1f97ed86114a0e5_bcgovGUID"  # pragma: allowlist secret
+
+    def _get_access_token(self):
+        payload = {
+            "client_id": self.client_id,
+            "client_secret": self.client_secret,
+            "scope": self.scope,
+            "grant_type": "client_credentials",
+        }
+        response = requests.post(self.token_url, data=payload)
+        response.raise_for_status()
+        return response.json().get("access_token", "")
+
+    def fetch_azure_user(self, matching_email, retry=True):
+        headers = {
+            "Authorization": f"Bearer {self.access_token}",
+            "ConsistencyLevel": "eventual",
+        }
+
+        escaped_email = matching_email.replace("'", "''")
+        filter_value = f"mail eq '{escaped_email}'"
+        params = {
+            "$filter": filter_value,
+            "$select": f"officeLocation,jobTitle,userPrincipalName,id,displayName,givenName,surname,mail,onPremisesSamAccountName,{self.extension_attribute}",
+            "$top": "1",
+        }
+
+        try:
+            response = requests.get("https://graph.microsoft.com/v1.0/users", params=params, headers=headers)
+
+            if response.status_code == 401 and retry:
+                self.access_token = self._get_access_token()
+                return self.fetch_azure_user(matching_email, retry=False)
+
+            if response.status_code == 200:
+                users = response.json().get("value", [])
+            else:
+                response.raise_for_status()
+            return {**users[0], "idirGuid": users[0].get(self.extension_attribute)} if users else None
+
+        except requests.exceptions.RequestException as e:
+            raise Exception(f"Failed to fetch user: {str(e)}")
diff --git a/helm/tools/dags/_sync_azure_ad_with_db.py b/helm/tools/dags/_sync_azure_ad_with_db.py
@@ -0,0 +1,51 @@
+from _projects import get_mongo_db
+from helm.tools.dags._msgraph import MsGraph
+
+
+def parse_ministry_from_display_name(display_name: str):
+    ministry = ""
+    if display_name and len(display_name) > 0:
+        divided_string = display_name.split()
+        if len(divided_string) >= 2:
+            ministry = divided_string[-1].split(":", 1)[0]
+    return ministry
+
+
+def sync_db_users_with_azure_ad(
+    mongo_conn_id, ms_graph_api_tenant_id, ms_graph_api_client_id, ms_graph_api_client_secret
+):
+    try:
+        db = get_mongo_db(mongo_conn_id)
+        projection = {"image": 0, "lastseen": 0, "updatedAt": 0, "createdAt": 0}
+        users_collection = db["User"]
+        db_users = users_collection.find({"archived": {"$eq": False}}, projection)
+
+        ms_graph = MsGraph(ms_graph_api_tenant_id, ms_graph_api_client_id, ms_graph_api_client_secret)
+
+        for db_user in db_users:
+            db_user_email = db_user["email"].lower()
+            azure_user = ms_graph.fetch_azure_user(db_user_email)
+            if azure_user is not None:
+                update_data = {
+                    "officeLocation": azure_user.get("officeLocation", ""),
+                    "jobTitle": azure_user.get("jobTitle", ""),
+                    "upn": azure_user.get("userPrincipalName", ""),
+                    "providerUserId": azure_user.get("id", ""),
+                    "ministry": parse_ministry_from_display_name(
+                        azure_user.get("displayName", ""),
+                    ),
+                    "firstName": azure_user.get("givenName", ""),
+                    "lastName": azure_user.get("surname", ""),
+                    "email": azure_user.get("mail", "").lower(),
+                    "idirGuid": azure_user.get("idirGuid", ""),
+                    "idir": azure_user.get("onPremisesSamAccountName", ""),
+                }
+
+                update_data = {k: v for k, v in update_data.items() if v is not None}
+
+                users_collection.update_one({"_id": db_user["_id"]}, {"$set": update_data})
+            else:
+                users_collection.update_one({"_id": db_user["_id"]}, {"$set": {"archived": True}})
+
+    except Exception as e:
+        print(f"[sync_users_in_db_and_azure_ad] Error: {e}")
diff --git a/helm/tools/dags/_task_failure_callback.py b/helm/tools/dags/_task_failure_callback.py
@@ -13,7 +13,7 @@ def send_alert(context, dag):
     airflow_dag_logs = f"https://secdash-airflow.apps.silver.devops.gov.bc.ca/dags/{dag}/grid"
 
     payload = {
-        "text": f":warning: Airlow: **{dag}**",
+        "text": f":warning: Airflow: **{dag}**",
         "attachments": [
             {
                 "color": "#d03ae8",
diff --git a/helm/tools/dags/sync_db_with_azure_ad_dev.py b/helm/tools/dags/sync_db_with_azure_ad_dev.py
@@ -0,0 +1,31 @@
+import os
+from airflow import DAG
+from airflow.operators.python_operator import PythonOperator
+from datetime import datetime, timedelta
+from _task_failure_callback import send_alert
+from helm.tools.dags._sync_azure_ad_with_db import sync_db_users_with_azure_ad
+
+MONGO_CONN_ID = "pltsvc-dev"
+MS_GRAPH_API_TENANT_ID = os.getenv("MS_GRAPH_API_TENANT_ID")
+MS_GRAPH_API_CLIENT_ID = os.getenv("MS_GRAPH_API_CLIENT_ID")
+MS_GRAPH_API_CLIENT_SECRET = os.getenv("MS_GRAPH_API_CLIENT_SECRET")
+
+with DAG(
+    dag_id="sync_user_dbs_dev",
+    schedule_interval="0 0 * * *",
+    start_date=datetime.now() - timedelta(days=1),
+    catchup=False,
+) as dag:
+    t1 = PythonOperator(
+        task_id="sync-db-users-with-azure-ad-dev",
+        python_callable=sync_db_users_with_azure_ad,
+        op_kwargs={
+            "mongo_conn_id": MONGO_CONN_ID,
+            "ms_graph_api_tenant_id": MS_GRAPH_API_TENANT_ID,
+            "ms_graph_api_client_id": MS_GRAPH_API_CLIENT_ID,
+            "ms_graph_api_client_secret": MS_GRAPH_API_CLIENT_SECRET,
+        },
+        provide_context=True,
+        on_failure_callback=lambda context: send_alert(context, "sync_user_dbs_dev"),
+        dag=dag,
+    )
diff --git a/helm/tools/dags/sync_db_with_azure_ad_prod.py b/helm/tools/dags/sync_db_with_azure_ad_prod.py
@@ -0,0 +1,32 @@
+import os
+from airflow import DAG
+from airflow.operators.python_operator import PythonOperator
+from datetime import datetime, timedelta
+from _task_failure_callback import send_alert
+from helm.tools.dags._sync_azure_ad_with_db import sync_db_users_with_azure_ad
+
+MONGO_CONN_ID = "pltsvc-prod"
+MS_GRAPH_API_TENANT_ID = os.getenv("MS_GRAPH_API_TENANT_ID")
+MS_GRAPH_API_CLIENT_ID = os.getenv("MS_GRAPH_API_CLIENT_ID")
+MS_GRAPH_API_CLIENT_SECRET = os.getenv("MS_GRAPH_API_CLIENT_SECRET")
+
+with DAG(
+    dag_id="sync_user_dbs_prod",
+    schedule_interval="30 0 * * *",
+    start_date=datetime.now() - timedelta(days=1),
+    catchup=False,
+    is_paused_upon_creation=True,
+) as dag:
+    t1 = PythonOperator(
+        task_id="sync-db-users-with-azure-ad-prod",
+        python_callable=sync_db_users_with_azure_ad,
+        op_kwargs={
+            "mongo_conn_id": MONGO_CONN_ID,
+            "ms_graph_api_tenant_id": MS_GRAPH_API_TENANT_ID,
+            "ms_graph_api_client_id": MS_GRAPH_API_CLIENT_ID,
+            "ms_graph_api_client_secret": MS_GRAPH_API_CLIENT_SECRET,
+        },
+        provide_context=True,
+        on_failure_callback=lambda context: send_alert(context, "sync_user_dbs_prod"),
+        dag=dag,
+    )
diff --git a/helm/tools/dags/sync_db_with_azure_ad_test.py b/helm/tools/dags/sync_db_with_azure_ad_test.py
@@ -0,0 +1,31 @@
+import os
+from airflow import DAG
+from airflow.operators.python_operator import PythonOperator
+from datetime import datetime, timedelta
+from _task_failure_callback import send_alert
+from helm.tools.dags._sync_azure_ad_with_db import sync_db_users_with_azure_ad
+
+MONGO_CONN_ID = "pltsvc-test"
+MS_GRAPH_API_TENANT_ID = os.getenv("MS_GRAPH_API_TENANT_ID")
+MS_GRAPH_API_CLIENT_ID = os.getenv("MS_GRAPH_API_CLIENT_ID")
+MS_GRAPH_API_CLIENT_SECRET = os.getenv("MS_GRAPH_API_CLIENT_SECRET")
+
+with DAG(
+    dag_id="sync_user_dbs_test",
+    schedule_interval="0 1 * * *",
+    start_date=datetime.now() - timedelta(days=1),
+    catchup=False,
+) as dag:
+    t1 = PythonOperator(
+        task_id="sync-db-users-with-azure-ad-test",
+        python_callable=sync_db_users_with_azure_ad,
+        op_kwargs={
+            "mongo_conn_id": MONGO_CONN_ID,
+            "ms_graph_api_tenant_id": MS_GRAPH_API_TENANT_ID,
+            "ms_graph_api_client_id": MS_GRAPH_API_CLIENT_ID,
+            "ms_graph_api_client_secret": MS_GRAPH_API_CLIENT_SECRET,
+        },
+        provide_context=True,
+        on_failure_callback=lambda context: send_alert(context, "sync_user_dbs_test"),
+        dag=dag,
+    )

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ def send_alert(context, dag):`
`13`	`13`	`airflow_dag_logs = f"https://secdash-airflow.apps.silver.devops.gov.bc.ca/dags/{dag}/grid"`
`14`	`14`
`15`	`15`	`payload = {`
`16`		`- "text": f":warning: Airlow: {dag}",`
	`16`	`+ "text": f":warning: Airflow: {dag}",`
`17`	`17`	`"attachments": [`
`18`	`18`	`{`
`19`	`19`	`"color": "#d03ae8",`