wellthatsjames
commented
2 years ago Hey @tolidano,
I am closing this GH issue, but you should see an email come from strongDM support via Zendesk where we will continue this!
Thanks,
Jmaes
Closed tolidano closed 2 years ago
wellthatsjames
commented
2 years ago Hey @tolidano,
I am closing this GH issue, but you should see an email come from strongDM support via Zendesk where we will continue this!
Thanks,
Jmaes
drogerschariot
commented
2 years ago What was the resolution for this? I am iterating with a client.accounts.list('') object and the only attribute that seems to be missing is permission_level
AttributeError: 'User' object has no attribute 'permission_level'
~/mnt/account-au
tolidano
commented
2 years ago You can’t get this info without the SDM CLI (available on all major OS) and either logging in via creds to the widget or an Admin (and not API) token with user read permissions). I’m wrapping the CLI tool with my script and calling sdm users audit first and dumping to JSON and then processing that with the user/role/attachment/resource data from the API token. We use Okta as the primary IDP so that is the final piece of the puzzle to provide a complete picture of audit (SCIM if you can but still, never hurts to audit)
The protobuf definition has it (looking at the v3.0.0 tag): https://github.com/strongdm/strongdm-sdk-python/blob/30f7175caac303ce8a6978a438bc45e107cda6c3/strongdm/accounts_pb2.py#L209
It's confusing because it's called accounts but it pulls users but accounts are something else? Is there a place to understand this distinction and the purpose of it?
I can get this data when I do
sdm audit usersbut I'm trying to acquire it programmatically along with the rest of the data for this system.