code42 / code42cli Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
For example if I run this "code42 devices list --active -f CSV" I get this error.
Error: Unknown problem validating connection.
View details in /home/i.kigozi/.code42cli/log/code42_errors.log
Please assist me on how to change the api url in the python env.
code42cli 1.8.0
code42cli version:
i.kigozi@SRA-9000000741:~$ code42 -h
Usage: code42 [OPTIONS] COMMAND [ARGS]...
dP""b8 dP"Yb 8888b. 888888 dP88 oP"Yb.
dP `" dP Yb 8I Yb 88__ dP 88 "' dP'
Yb Yb dP 8I dY 88"" d888888 dP'
YboodP YbodP 8888Y" 888888 88 .d8888
code42cli version 1.8.0, by Code42 Software. powered by py42 version
1.20.0.
i.kigozi@SRA-9000000741:~$ python --version
Python 2.7.18
Operating System -"Ubuntu 20.04.3 LTS"
code42 -h
--Included a new option/switch to list all the custodians in a legal hold matter
Create new option called users
legal-hold list users -m, --matter-id <matter_id>
This would allow one to pull a list of users/custodians in a specific matter. Very useful on very large legal holds. Paul Hirsts C42LegalHoldReportsMac
script is failing/timing out just due to the large number of legal hold users
Our existing getting started guide does a good job of explaining the install to a user who either has Python already installed or is already familiar with installing Python. However, many of the admins who use these tools do not have this experience and are starting "from scratch." It would be helpful to provide a general overview or links to how to install and any other configuration requirements that they need (e.g. Configuring the Path on Windows)
I can see two ways that this could go:
code42
command, your scripts location needs to be in the Path—and link out to some information on how to do thisMany Code42 admins don't have the most experience with python scripting, CLI tools or similar. Code42 TAMs, PS, and support is having to walk them through installing python, then the cli, then making other configuration changes to ensure that we can get them to the point of using it as a cli tool.
Providing more of a step-through walkthrough would allow some users to fully self-service, while others would find it easier to follow along with their Code42 support tech, which would reduce the frustration and friction with using this tool and create a better experience of Code42's product and support.
URL Reference:
https://clidocs.code42.com/en/stable/userguides/deactivatedevices.html#generate-the-list-and-deactivate-in-a-single-command
When running the bulk deactivation one-liner, the resulting CSV file include the username and hostname of the device.
Include switches like:
--include-hostname
--include-username
Headers for the CSV file would have:
change_device_name,deactivated,purge_date,hostname,username,guid
This would allow the ability to search/audit for specific users that were flagged to be deactivated.
Py42 allows authentication using Code42's two-factor authentication/TOTP implementation. The CLI currently doesn't support using this, and returns an error if you attempt to create a profile using an account with two-factor authentication enabled.
Because of the time-sensitive nature of the one-time passwords, we'd need to accept the code at command run-time. Ideally we would allow it to be passed as a parameter:
$ code42 example command --totp 123456
If the user doesn't provide the TOTP in the command, but Code42 requires it, we should prompt:
$ code42 example command
Please input the time-based one-time password for [email protected]: 123456
Long-running commands may require a second prompt if the token expires.
Support Code42's existing 2FA implementation when using the CLI.
code42
commands time out when run behind a proxy.
Please update the code42 cli to work behind a proxy.
note - I understand it's reliant on py42
and some pieces of py42
don't support proxies because it was missed
If you can test against users, that's the area I'm focused on right now.
When connected to our corporate network, all http/https traffic goes through proxies, all traffic trying to go direct is dropped.
favicon and logo on documentation site are out of date
code42 devices show <GUID>
The Last Completed Backup date should be displayed
No Last Completed Backup Date
I've checked on my local device and the backup is complete. The Console also reflects a last completed backup 14.7 hours ago.
Summarize users that are licensed, and break it down to know which users are consuming a license.
This will be for both Incydr and CrashPlan licenses.
Licensing for CrashPlan:
If a user has a CrashPlan archive they consume a license.
If there are more users consuming a license than subscriptions licenses are assigned based on user creation date. There is then a grace period for users over the total, that lasts 30 days from a users creation date.
Licensing for Incydr:
If a user has an active device in an org that has Incydr turned on they consume an Incydr license. (yes it is this simple)
This would replace the standalone license report app developed by Code42 professional services..
Usage would include:
code42 users list --licensed
code42 users list --licensed --deactivated-only
code42 users list --licensed --preservation-only
code42 users list --licensed --security-only
code42 users list --licensed --sum-on [orgName,orgId,orgExtRef]
Admins want to know how many licenses are being used in their environment, especially over time so that they can track usage.
In an effort to better assist our customers, it would be beneficial to add the ability for customers to utilize the CLI for the process of executing Push Restores.
code42 devices start-restore-job --target-device guid
--source-device guid
--targetpath 'C:/Users/user/Desktop
' --paths 'C:/
, D:/
, E:/
'
Provide Code42 admins the ability to execute push restores without the need of accessing the Code42 web console. This will additionally provide the same benefits of the now depreciated V1 Push Restore API.
There are many fields about a user in Code42 including title, department, location, etc.
Currently there is no way to get any of those fields via the code42
command.
Please add an argument to code42 users list that either outputs ALL info metadata about the user (title, department, location, manager) or allows us to select which additional fields to be output.
Many companies store data in these fields that might be more unique for the user.
For example putting an employeeID in the title field.
code42 profile update
command requires -n
. Like other profile commands, when -n
is not specified, it should know to use the default profile.
Also, if the user only wishes to change a single property, they still have to specify all of the other ones. For example, if I just want to change my server address, I have to still supply my username.
Allow command:
code42 profile update -s 127.0.0.1:4200
that only updates the server address for the default profile.
To be able to easily change the server address.
Please add a command "orgs list" that outputs the name of all the orgs the user has access to, and the UID that is used by many of the other commangds.
Command will output a list of the orgs.
Provide an argument so that user can have it only show orgs with a specific substring.
Makes it far easier to determine the UID that is needed for many other commands, right now you either have to do curl commands, or use py42 library to get the UID of orgs.
The order of operations when filtering a device list can be confusing and lead to unexpected behavior. Specifically I've seen a case where a user had multiple devices, one of which had connected recently, and then found that "devices list --last-connected-before 30d --exclude-most-recently-connected 1" did not list a device that they felt it should have.
code42 devices list --last-connected-before <some time period> --exclude-most-recently-connected 1
The device that is not backing up is listed.
Neither device is listed.
In list_devices()
we process the connected timestamps first: https://github.com/code42/code42cli/blob/master/src/code42cli/cmds/devices.py#L339-L340
and then process things like dropping latest connected after:
https://github.com/code42/code42cli/blob/master/src/code42cli/cmds/devices.py#L339-L340
If we process "drop last connected" first, then we both have a more consistent result (the devices excluded don't change depending on your timestamps), and a more intuitive behavior.
When using code42 security-data send-to
(or presumably any other command that runs a forensic search query) with a checkpoint, --include-non-exposure
, and no other parameters, the generated API command fails because no groups are set.
code42 security-data send-to target.host.name --include-non-exposure -c checkpointname
The search successfully executes and sends data to the target host.
An error is returned indicating that the command was missing groups. (Incidentally, this command still appears to be using the v1 APIs, not the newer v2).
Include the device GUID information in the code42 users show
command
Just include device info in the existing code42 users show [email protected] -f JSON
command
Use this GUID information to then get the device info from code42 devices list [GUID]
command
One of the most used scripts currently maintained by tech services is the device deactivations script. This script can be used either as scheduled task or for one-time cleanup efforts. It supports a variety of settings to customize the functionality.
The existing standalone script has a lot of functionality. In conversation with Paul Hirst, we separated it out into the important things that should be in the initial implementation, and then a set of things that would be nice-to-have, but aren't necessarily essential.
Important/first-pass:
_deactivated
in itNice-to-have:
Output - summary file:
Some proposed APIs:
code42cli devices bulk deactivate --filename devicesToDeactivate.csv --execute
code42cli devices bulk deactivate --daysSinceActive 90 --maximumArchiveSize 100GB --versions 6.8.9,7.0.5 --minimumDeviceCount 1 --coldStorageDays 1 --org 3099 --includeChildOrgs --execute
code42cli devices bulk deactivate --settingsFile settings.txt --execute
Environment cleanup and maintenance.
There is currently a bug with deactivating multiple devices for the same user too quickly. The server side can get a database deadlock and fail. The workaround would be to add an optional and configurable delay to the bulk commands.
Code42 administrators occasionally need to manage users in bulk, and may not have SCIM providers or other methods. Even if SCIM is present, occasionally there are one-time cleanup jobs that would benefit from the bulk processing offered by the CLI, but not available in the web UI.
One way to address this need would be to add a users
command that could accomplish tasks such as:
code42 users list --having-role "Customer Cloud Admin" --active-only --org-name "Example org"
code42 users list --licensed --deactivated-only
code42 users bulk deactivate users_to_deactivate.csv
code42 users bulk block users_to_block.csv
code42 users bulk change-username users_to_rename.csv
code42 users bulk change-organization users_to_move.csv --target-org "Example org"
There are a variety of use-cases for this command:
These are just a few examples from the top of my head, doubtless more is possible in the future.
The Code42 console does not offer sufficient options for querying legal hold. Technical Services utilizes and maintains a script that allows customer to report on legal hold objects and memberships. A number of these reporting options are already available through the legal-hold
cli command; however, some are not.
Paul Hirst, the developer of the script, and I identified the current gaps and separated them into two phases.
Phase I:
Phase II:
show
to show details for all matters, not just one specified mattercode42cli legal-hold show <matter_id> —-include-devices
—include-devices View all devices associated with legal hold custodians
code42cli legal-hold show <matter_id> —-include-org-storage
—include-org-storage View total legal hold storage by organization
code42cli legal-hold events —-begin ‘2020-01-01 00:00’ —end ‘2020-06-01 00:00'
Usage: Fetch legal hold events
--begin The beginning date range in which to look for events
--end The end of the date range in which to look for events
Environment reporting
Unable to -y for code42 profile create
.
code42 profile create -u
-y
is not an optionTo use -y
and afford automating creating a profile. The use case could be to create the test profile if one does not exist already before running the commands.
Failure
We currently offer a script to produce a report of devices and certain of their settings. We would like to move this functionality into the CLI
It currently does:
We would like to add:
code42 devices bulk info --include-settings
The device settings report is used by admins today to audit their environment and identify devices with unique configurations that need to be brought in line with the overall org config, and to identify and remediate devices that may have troubling misconfigurations (incorrect home directories, etc.).
Python 3.5 reached official end-of-life in September. Ending support for it allows us to take advantage of new language features and enables us to take on modern dependencies that could be useful to the cli such as pandas
.
A large part of the migration effort for this can probably be greatly simplified by changing our pyupgrade
style hook to be 3.6+.
Hey folks, I am migrating my code42cli solution from an older ubuntu 16.04 box that is using flatfile authentication to an ubuntu 20.04 box. The new box won't let me setup flat file auth and is forcing me to use python keyring=18.0.1
However, I can find no way to invoke the client from script(cron) that doesn't prompt me for the keyring password.
How do I programatically provide the keyring password so that I can call code42cli functions from script?
The DeviceBackupReport API allows for getting information about the status of device backups. However, the report will include duplicate rows if the user has more than one backup set (including if the user is active in a Code42 Legal Matter).
This request is to have access to the same report but "cleaned up" of duplicate rows.
DeviceBackupReport
--raw --onLegalHold --deactivated --lastCompleted # --lastConnected # --lastBackupActivity # --lessThan --state critical | warning | ok --org orgUid | orgName | [list of uids/names] --srtKey --srtDir
Enable the replacement of or simplification of other scripts written to provide this data.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.