code42 / code42cli Goto Github PK

Description

Steps to Reproduce

1. I get this error Found for url: https://crashplan.na.corp.samsungelectronics.net:4285/api/v3/auth/jwt?useBody=True
2. Correct API Url is [ Base URL: crashplan.na.corp.samsungelectronics.net:4285/c42api/v3
3. Where can I change the URL in the code in the python env.

For example if I run this "code42 devices list --active -f CSV" I get this error.

Error: Unknown problem validating connection.
View details in /home/i.kigozi/.code42cli/log/code42_errors.log

Please assist me on how to change the api url in the python env.
code42cli 1.8.0

Expected Behavior

Actual Behavior

Basic Information

• code42cli version:
  i.kigozi@SRA-9000000741:~$ code42 -h
  Usage: code42 [OPTIONS] COMMAND [ARGS]...

  dP""b8 dP"Yb 8888b. 888888 dP88 oP"Yb.
  dP `" dP Yb 8I Yb 88__ dP 88 "' dP'
  Yb Yb dP 8I dY 88"" d888888 dP'
  YboodP YbodP 8888Y" 888888 88 .d8888

  code42cli version 1.8.0, by Code42 Software. powered by py42 version
  1.20.0.

i.kigozi@SRA-9000000741:~$ python --version
Python 2.7.18

Operating System -"Ubuntu 20.04.3 LTS"

• python version: <!-- get using code42 -h--
• operating system:

Summary

Included a new option/switch to list all the custodians in a legal hold matter

Proposed API

Create new option called users
legal-hold list users -m, --matter-id <matter_id>

Intended Use Case

This would allow one to pull a list of users/custodians in a specific matter. Very useful on very large legal holds. Paul Hirsts C42LegalHoldReportsMac script is failing/timing out just due to the large number of legal hold users

Summary

Our existing getting started guide does a good job of explaining the install to a user who either has Python already installed or is already familiar with installing Python. However, many of the admins who use these tools do not have this experience and are starting "from scratch." It would be helpful to provide a general overview or links to how to install and any other configuration requirements that they need (e.g. Configuring the Path on Windows)

Proposed Change

I can see two ways that this could go:

1. We add a few notes to the existing getting started guide:
   • In the Installation section, we link out to instructions for installing Python on Windows, Mac, and Linux
   • We also include a note that in order to run the code42 command, your scripts location needs to be in the Path—and link out to some information on how to do this
2. Have a separate guide which has some more details (maybe even screenshots?) about how to do this.
   • I agree that we don't want to reinvent the wheel here, so we could still make use of linking out for more specific install instructions
   • But we don't even have a note about it needing to be in the user's path, or anything that is geared towards the typical Code42 user rather than a user who is very familiar with running scripts and CLIs already.

Intended Use Case

Many Code42 admins don't have the most experience with python scripting, CLI tools or similar. Code42 TAMs, PS, and support is having to walk them through installing python, then the cli, then making other configuration changes to ensure that we can get them to the point of using it as a cli tool.

Providing more of a step-through walkthrough would allow some users to fully self-service, while others would find it easier to follow along with their Code42 support tech, which would reduce the frustration and friction with using this tool and create a better experience of Code42's product and support.

Summary

URL Reference:
https://clidocs.code42.com/en/stable/userguides/deactivatedevices.html#generate-the-list-and-deactivate-in-a-single-command

When running the bulk deactivation one-liner, the resulting CSV file include the username and hostname of the device.

Proposed API

Include switches like:

--include-hostname
--include-username

Headers for the CSV file would have:
change_device_name,deactivated,purge_date,hostname,username,guid

Intended Use Case

This would allow the ability to search/audit for specific users that were flagged to be deactivated.

Summary

Py42 allows authentication using Code42's two-factor authentication/TOTP implementation. The CLI currently doesn't support using this, and returns an error if you attempt to create a profile using an account with two-factor authentication enabled.

Proposed API

Because of the time-sensitive nature of the one-time passwords, we'd need to accept the code at command run-time. Ideally we would allow it to be passed as a parameter:

$ code42 example command --totp 123456

If the user doesn't provide the TOTP in the command, but Code42 requires it, we should prompt:

$ code42 example command
Please input the time-based one-time password for [email protected]: 123456

Long-running commands may require a second prompt if the token expires.

Intended Use Case

Support Code42's existing 2FA implementation when using the CLI.

Summary

code42 commands time out when run behind a proxy.

Proposed API

Please update the code42 cli to work behind a proxy.

note - I understand it's reliant on py42 and some pieces of py42 don't support proxies because it was missed
If you can test against users, that's the area I'm focused on right now.

Intended Use Case

When connected to our corporate network, all http/https traffic goes through proxies, all traffic trying to go direct is dropped.

Description

favicon and logo on documentation site are out of date

Description

Steps to Reproduce

1. run code42 devices show <GUID>
2. output displayed shows no "Last Completed Backup"

Expected Behavior

The Last Completed Backup date should be displayed

Actual Behavior

No Last Completed Backup Date

Basic Information

• code42cli version: code42cli version 1.16.2, by Code42 Software. powered by py42 version 1.26.1.
• python version: Python 3.10.6
• operating system: Mac OS Ventura 13.1

I've checked on my local device and the backup is complete. The Console also reflects a last completed backup 14.7 hours ago.

Summary

Summarize users that are licensed, and break it down to know which users are consuming a license.

This will be for both Incydr and CrashPlan licenses.

Licensing for CrashPlan:
If a user has a CrashPlan archive they consume a license.
If there are more users consuming a license than subscriptions licenses are assigned based on user creation date. There is then a grace period for users over the total, that lasts 30 days from a users creation date.
Licensing for Incydr:
If a user has an active device in an org that has Incydr turned on they consume an Incydr license. (yes it is this simple)

This would replace the standalone license report app developed by Code42 professional services..

Usage would include:

• Listing out all users consuming both Incydr and CrashPlan licenses in an environment,
• Only looking at license usage for deactivated users
• Only looking at CrasPlan or Incydr license usage and not the other
• Summing the results for a more organized report. (Users want to know how many licenses are in use by different sub organizations)

Proposed API

code42 users list --licensed
code42 users list --licensed --deactivated-only
code42 users list --licensed --preservation-only
code42 users list --licensed --security-only
code42 users list --licensed --sum-on [orgName,orgId,orgExtRef]

Intended Use Case

Admins want to know how many licenses are being used in their environment, especially over time so that they can track usage.

Summary

In an effort to better assist our customers, it would be beneficial to add the ability for customers to utilize the CLI for the process of executing Push Restores.

Proposed API

code42 devices start-restore-job --target-device guid --source-device guid --targetpath 'C:/Users/user/Desktop' --paths 'C:/, D:/, E:/'

Intended Use Case

Provide Code42 admins the ability to execute push restores without the need of accessing the Code42 web console. This will additionally provide the same benefits of the now depreciated V1 Push Restore API.

Summary

There are many fields about a user in Code42 including title, department, location, etc.
Currently there is no way to get any of those fields via the code42 command.

Proposed API

Please add an argument to code42 users list that either outputs ALL info metadata about the user (title, department, location, manager) or allows us to select which additional fields to be output.

Intended Use Case

Many companies store data in these fields that might be more unique for the user.
For example putting an employeeID in the title field.

Summary

code42 profile update command requires -n. Like other profile commands, when -n is not specified, it should know to use the default profile.

Also, if the user only wishes to change a single property, they still have to specify all of the other ones. For example, if I just want to change my server address, I have to still supply my username.

Proposed API

Allow command:

code42 profile update -s 127.0.0.1:4200

that only updates the server address for the default profile.

Intended Use Case

To be able to easily change the server address.

Summary

Please add a command "orgs list" that outputs the name of all the orgs the user has access to, and the UID that is used by many of the other commangds.

Proposed API

Command will output a list of the orgs.
Provide an argument so that user can have it only show orgs with a specific substring.

Intended Use Case

Makes it far easier to determine the UID that is needed for many other commands, right now you either have to do curl commands, or use py42 library to get the UID of orgs.

Description

The order of operations when filtering a device list can be confusing and lead to unexpected behavior. Specifically I've seen a case where a user had multiple devices, one of which had connected recently, and then found that "devices list --last-connected-before 30d --exclude-most-recently-connected 1" did not list a device that they felt it should have.

Steps to Reproduce

1. Register two devices to a user in Code42
2. Prevent one from backing up for a period of time
3. Run code42 devices list --last-connected-before <some time period> --exclude-most-recently-connected 1

Expected Behavior

The device that is not backing up is listed.

Actual Behavior

Neither device is listed.

Analysis

In list_devices() we process the connected timestamps first: https://github.com/code42/code42cli/blob/master/src/code42cli/cmds/devices.py#L339-L340

and then process things like dropping latest connected after:
https://github.com/code42/code42cli/blob/master/src/code42cli/cmds/devices.py#L339-L340

If we process "drop last connected" first, then we both have a more consistent result (the devices excluded don't change depending on your timestamps), and a more intuitive behavior.

Basic Information

• code42cli version: 1.4.1
• python version: 3.9.2
• operating system: observed on Windows and Mac OS

Description

When using code42 security-data send-to (or presumably any other command that runs a forensic search query) with a checkpoint, --include-non-exposure, and no other parameters, the generated API command fails because no groups are set.

Steps to Reproduce

1. Install the Code42CLI
2. Create a checkpoint
3. Run code42 security-data send-to target.host.name --include-non-exposure -c checkpointname

Expected Behavior

The search successfully executes and sends data to the target host.

Actual Behavior

An error is returned indicating that the command was missing groups. (Incidentally, this command still appears to be using the v1 APIs, not the newer v2).

Basic Information

• code42cli version: 1.14.0
• python version: 3.7
• operating system: Linux

Summary

Include the device GUID information in the code42 users show command

Proposed API

Just include device info in the existing code42 users show [email protected] -f JSON command

Intended Use Case

Use this GUID information to then get the device info from code42 devices list [GUID] command

Summary

One of the most used scripts currently maintained by tech services is the device deactivations script. This script can be used either as scheduled task or for one-time cleanup efforts. It supports a variety of settings to customize the functionality.

Proposed API

The existing standalone script has a lot of functionality. In conversation with Paul Hirst, we separated it out into the important things that should be in the initial implementation, and then a set of things that would be nice-to-have, but aren't necessarily essential.

Important/first-pass:

• Dry-run by default - require a parameter to actually deactivate anything
• GUID list - no validation against anything else
• Last connected date
• Update cold storage
• Rename devices, customizable prefix, date appended - check to make sure the device doesn't already have _deactivated in it
• Org scope (included/excluded, option to include child orgs)
• option to leave users with a minimum count of devices (i.e. don't deactivate a device if it's a user's last device) - save most recently connected devices
• Outputs results/summary file (see below)

Nice-to-have:

• Min/max archive size
• Client version
• OS type
• Don't try to deactivate legal hold devices to save time (only if user can see legal hold)
• Settings can be saved to and read from a file - don't worry about compat

Output - summary file:

• CSV of all devices and status (deactivated, failed, not deactivated b/c legal hold) - include owning user
• How many devices (total)
• How much data recovered (total)
• Any errors - details?
• Record of settings used

Some proposed APIs:

code42cli devices bulk deactivate --filename devicesToDeactivate.csv --execute
code42cli devices bulk deactivate --daysSinceActive 90 --maximumArchiveSize 100GB --versions 6.8.9,7.0.5 --minimumDeviceCount 1 --coldStorageDays 1 --org 3099 --includeChildOrgs --execute
code42cli devices bulk deactivate --settingsFile settings.txt --execute

Intended Use Case

Environment cleanup and maintenance.

Summary

There is currently a bug with deactivating multiple devices for the same user too quickly. The server side can get a database deadlock and fail. The workaround would be to add an optional and configurable delay to the bulk commands.

Proposed API

Summary

Code42 administrators occasionally need to manage users in bulk, and may not have SCIM providers or other methods. Even if SCIM is present, occasionally there are one-time cleanup jobs that would benefit from the bulk processing offered by the CLI, but not available in the web UI.

One way to address this need would be to add a users command that could accomplish tasks such as:

• List users visible to the user running the CLI
• List users who have a particular role
• Add or remove a role from a user
• List users by org
• List users who are licensed
• Bulk deactivate/reactivate users
• Bulk change usernames
• Bulk change organization
• Bulk block/unblock

Proposed API

code42 users list --having-role "Customer Cloud Admin" --active-only --org-name "Example org" 
code42 users list --licensed --deactivated-only
code42 users bulk deactivate users_to_deactivate.csv
code42 users bulk block users_to_block.csv
code42 users bulk change-username users_to_rename.csv
code42 users bulk change-organization users_to_move.csv --target-org "Example org"

Intended Use Case

There are a variety of use-cases for this command:

• Admins needing to do one-time cleanup or rename operations prior to introducing a SCIM provider
• Admins needing to audit who has particular roles in their environment
• Admins needing to determine who is consuming licenses and when
• Building temporary user access controls (i.e. granting a role, and then removing it after 10 minutes)

These are just a few examples from the top of my head, doubtless more is possible in the future.

Summary

The Code42 console does not offer sufficient options for querying legal hold. Technical Services utilizes and maintains a script that allows customer to report on legal hold objects and memberships. A number of these reporting options are already available through the legal-hold cli command; however, some are not.

Paul Hirst, the developer of the script, and I identified the current gaps and separated them into two phases.

Phase I:

• Devices on Legal Hold
• Legal Hold Storage by Organization

Phase II:

• Transactions leveraging LegalHoldEvents endpoint (not currently on roadmap for Audit Log functionality)
• Allow show to show details for all matters, not just one specified matter

Proposed API

code42cli legal-hold show <matter_id> —-include-devices
—include-devices  View all devices associated with legal hold custodians


code42cli legal-hold show <matter_id> —-include-org-storage
—include-org-storage   View total legal hold storage by organization

code42cli legal-hold events —-begin ‘2020-01-01 00:00’ —end ‘2020-06-01 00:00'
Usage: Fetch legal hold events
--begin  The beginning date range in which to look for events
--end    The end of the date range in which to look for events

Intended Use Case

Environment reporting

Description

Unable to -y for code42 profile create.

Steps to Reproduce

1. Use code42 profile create -u
2. Notice that it says -y is not an option

Expected Behavior

To use -y and afford automating creating a profile. The use case could be to create the test profile if one does not exist already before running the commands.

Actual Behavior

Failure

Basic Information

• code42cli version: 1.0.0
• python version: 1.81
• operating system: Mac OS

Summary

We currently offer a script to produce a report of devices and certain of their settings. We would like to move this functionality into the CLI

It currently does:

• User Home Directory
• Included/Excluded File Selections
• Archive Security Key Type (This comes up less often, so we don't necessarily need it right away)
• USMT Migration Enabled (This isn't necessary for initial implementation, but do it if it's easy)

We would like to add:

• Full disk access

Proposed API

code42 devices bulk info --include-settings

Intended Use Case

The device settings report is used by admins today to audit their environment and identify devices with unique configurations that need to be brought in line with the overall org config, and to identify and remediate devices that may have troubling misconfigurations (incorrect home directories, etc.).

Summary

Python 3.5 reached official end-of-life in September. Ending support for it allows us to take advantage of new language features and enables us to take on modern dependencies that could be useful to the cli such as pandas.

A large part of the migration effort for this can probably be greatly simplified by changing our pyupgrade style hook to be 3.6+.

Hey folks, I am migrating my code42cli solution from an older ubuntu 16.04 box that is using flatfile authentication to an ubuntu 20.04 box. The new box won't let me setup flat file auth and is forcing me to use python keyring=18.0.1

However, I can find no way to invoke the client from script(cron) that doesn't prompt me for the keyring password.
How do I programatically provide the keyring password so that I can call code42cli functions from script?

Summary

The DeviceBackupReport API allows for getting information about the status of device backups. However, the report will include duplicate rows if the user has more than one backup set (including if the user is active in a Code42 Legal Matter).

This request is to have access to the same report but "cleaned up" of duplicate rows.

Proposed API

DeviceBackupReport --raw --onLegalHold --deactivated --lastCompleted # --lastConnected # --lastBackupActivity # --lessThan --state critical | warning | ok --org orgUid | orgName | [list of uids/names] --srtKey --srtDir

• raw: no removing of duplicate rows
• onLegalHold: assuming the user has the correct roles/permissions, only devices of users on legal hold.
• deactivated: the default is only active devices. This would include deactivated devices
• lastCompleted | lastConnected | lastBackupActivity : these would take a number of days (or a date) and only report on devices that have last thing greater than the date/days.
• lessThan: this would do the last thing and only report on the devices that have since the date/days.
• state: with a parameter to get the devices in the specified state
• org: allow to filter by orgUid or orgName or a list of either.
• srtKey: various columns to sort the results
• srtDir: direction of the sort

Intended Use Case

Enable the replacement of or simplification of other scripts written to provide this data.