Hello all, I'm trying to gather a list of users (role agnostic) and include only a specific set of fields in my output, filtered by a last_login_on timeframe. When I attempt to do this through the API via requests.get(url) via a python script (aka without invoking the SDK) it works just fine with no extra required fields in the output. However, when using the SDK API Class, I am required to include 'role,username,password,email' otherwise I receive an error. To make matters more confusing, when I add the required fields, the output then doesn't include just those specified fields, it includes all fields and ignores what I'm asking for. This leads me to two questions: Am I missing something regarding the SDK's logic or use? ... paraphrased... Why can't I only request the fields I care about like with the regular requests.get API calls? What benefit is there to requiring field for a "get"? Thanks for your responses in advance, Frank https://www.logicmonitor.com/support-files/rest-api-developers-guide/sdks/docs/#api-LM-getAdminList doc (for reference and websearchability) From the above link -

This is likely a bi-product of generating the python sdk through swagger in an automated fashion rather than building it by hand. The advantage is that we have a mostly working SDK for all our endpoints. Downside is stuff like this that doesn't always make usability sense. Hopefully that answers both your questions. As to what to do about it, is there any reason you can't just get all of it and filter through the response in python? It shouldn't be too hard and would still let you use the SDK. For what it's worth, when i do: .get_admin_list(fields="roles,username,password,email",filter="last_logon_on:"+str(int(datetime(2022,1,1,0,0,0).timestamp()))).items I get all the fields back too, so it's not just you.

Just now, Stuart Weenig said: This is likely a bi-product of generating the python sdk through swagger in an automated fashion rather than building it by hand. The advantage is that we have a mostly working SDK for all our endpoints. Downside is stuff like this that doesn't always make usability sense. Hopefully that answers both your questions. As to what to do about it, is there any reason you can't just get all of it and filter through the response in python? It shouldn't be too hard and would still let you use the SDK. For what it's worth, when i do: .get_admin_list(fields="roles,username,password,email",filter="last_logon_on:"+str(int(datetime(2022,1,1,0,0,0).timestamp()))).items I get all the fields back too, so it's not just you. Thank you for confirming I'm not nuts at least... ? I was intent on working with the SDK a bit and I chose a current need as an example and it looks like I picked the wrong one to start with. I'll jump back in the shallow end of the pool for now. Thanks Stuart!

I think doing it via the SDK for this case is still the right way to do it. Just instead of trying to filter using the fetch request, fetch everything, then filter in your script. What are the fields you're looking to get for each user?

I'm trying to gather user ID / email / last login and auto suspend inactive users and then notify them or account primary contact (manager) on the process to re-enable their account. It's all there on the requests.get side, so I will re-eval the SDK use for something else.

1 hour ago, Stuart Weenig said: Here you go. This uses my lmwrapper helper script, so if you're not using that, you'd need to setup the api object manually. Just set the month, day, and year variables to the date you'd want. from lm import lm from datetime import datetime #datetime before which to consider users inactive month = 10 day = 1 year = 2021 inactivedate = datetime(year,month,day,0,0,0) #these next few variables are for use in pagination size = 1000 offset = 0 results = [] endfound = False while not endfound: users = lm.get_admin_list(size=size, offset=offset).items #fetch a page results.extend(users) #add the fetched data to the tally offset += size #figure out the next page range endfound = len(users) < size #check to see if we fetched an incomplete page (e.g. we're done) for user in results: lastlogin = datetime.utcfromtimestamp(user.last_login_on) #convert the string to a datetime object so we can compare it to our inactivedate if lastlogin < inactivedate and user.status != 'suspended': print(f"Disabling {user.username} (id={user.id}), last login time: {lastlogin.strftime('%Y-%m-%d')}") response = lm.patch_admin_by_id(user.id, body={'status':'suspended'}) print(f"{user.username} (id={user.id}) is now {response.status}") This works great @Stuart Weenig. Thank you. Now to the second related issue... I wonder why there is a created_by field but not a created_on field for the user account. I see there is one for the api_tokens, but not the user itself. For example, now that I want to suspend user access automagically... I want to confirm that the user who hasn't logged in ever (aka last_login_on = 0) wasn't recently created, say the last 30 days. To handle that automatically I believe I'll need to query the audit log for a "Add a new account" text from the prior 30 days to define which set of users who've never logged in should be suspended. Do you know of another way to handle that @Stuart Weenig? I might submit an enhancement request if not. Seems useful to me, I'm sure it'd be useful for others. I'd rather not load the last 30 days of audit log entries looking for newly created users and mapping them to userIDs if possible. The audit log entries don't include the newly created user ID which also seems like an enhancement request. I've tried everything I can think of to make the filtering by description work in the SDK. This is another example where it also seems to work via the API (albeit after stealing the formatting from the Dev Tools) but not via the SDK. Thanks for your time!

Confusing requirements and output get_admin_list using the SDK - Guidance requested

14 Replies

Anonymous
3 years ago
This is likely a bi-product of generating the python sdk through swagger in an automated fashion rather than building it by hand. The advantage is that we have a mostly working SDK for all our endpoints. Downside is stuff like this that doesn't always make usability sense. Hopefully that answers both your questions.

As to what to do about it, is there any reason you can't just get all of it and filter through the response in python? It shouldn't be too hard and would still let you use the SDK.

For what it's worth, when i do:

.get_admin_list(fields="roles,username,password,email",filter="last_logon_on:"+str(int(datetime(2022,1,1,0,0,0).timestamp()))).items

I get all the fields back too, so it's not just you.
FrankG
3 years ago

Just now, Stuart Weenig said:

This is likely a bi-product of generating the python sdk through swagger in an automated fashion rather than building it by hand. The advantage is that we have a mostly working SDK for all our endpoints. Downside is stuff like this that doesn't always make usability sense. Hopefully that answers both your questions.

As to what to do about it, is there any reason you can't just get all of it and filter through the response in python? It shouldn't be too hard and would still let you use the SDK.

For what it's worth, when i do:

.get_admin_list(fields="roles,username,password,email",filter="last_logon_on:"+str(int(datetime(2022,1,1,0,0,0).timestamp()))).items

I get all the fields back too, so it's not just you.

Thank you for confirming I'm not nuts at least... ?

I was intent on working with the SDK a bit and I chose a current need as an example and it looks like I picked the wrong one to start with. I'll jump back in the shallow end of the pool for now. Thanks Stuart!
Anonymous
3 years ago
I think doing it via the SDK for this case is still the right way to do it. Just instead of trying to filter using the fetch request, fetch everything, then filter in your script. What are the fields you're looking to get for each user?
FrankG
3 years ago
I'm trying to gather user ID / email / last login and auto suspend inactive users and then notify them or account primary contact (manager) on the process to re-enable their account. It's all there on the requests.get side, so I will re-eval the SDK use for something else.

Anonymous

3 years ago

Here you go. This uses my lmwrapper helper script, so if you're not using that, you'd need to setup the api object manually. Just set the month, day, and year variables to the date you'd want.

from lm import lm
from datetime import datetime

#datetime before which to consider users inactive
month = 10
day = 1
year = 2021
inactivedate = datetime(year,month,day,0,0,0)

#these next few variables are for use in pagination
size = 1000
offset = 0
results = []
endfound = False
while not endfound:
    users = lm.get_admin_list(size=size, offset=offset).items #fetch a page
    results.extend(users) #add the fetched data to the tally
    offset += size #figure out the next page range
    endfound = len(users) < size #check to see if we fetched an incomplete page (e.g. we're done)

for user in results:
    lastlogin = datetime.utcfromtimestamp(user.last_login_on) #convert the string to a datetime object so we can compare it to our inactivedate
    if lastlogin < inactivedate and user.status != 'suspended':
        print(f"Disabling {user.username} (id={user.id}), last login time: {lastlogin.strftime('%Y-%m-%d')}")
        response = lm.patch_admin_by_id(user.id, body={'status':'suspended'})
        print(f"{user.username} (id={user.id}) is now {response.status}")

FrankG
3 years ago

1 hour ago, Stuart Weenig said:

Here you go. This uses my lmwrapper helper script, so if you're not using that, you'd need to setup the api object manually. Just set the month, day, and year variables to the date you'd want.

from lm import lm from datetime import datetime #datetime before which to consider users inactive month = 10 day = 1 year = 2021 inactivedate = datetime(year,month,day,0,0,0) #these next few variables are for use in pagination size = 1000 offset = 0 results = [] endfound = False while not endfound: users = lm.get_admin_list(size=size, offset=offset).items #fetch a page results.extend(users) #add the fetched data to the tally offset += size #figure out the next page range endfound = len(users) < size #check to see if we fetched an incomplete page (e.g. we're done) for user in results: lastlogin = datetime.utcfromtimestamp(user.last_login_on) #convert the string to a datetime object so we can compare it to our inactivedate if lastlogin < inactivedate and user.status != 'suspended': print(f"Disabling {user.username} (id={user.id}), last login time: {lastlogin.strftime('%Y-%m-%d')}") response = lm.patch_admin_by_id(user.id, body={'status':'suspended'}) print(f"{user.username} (id={user.id}) is now {response.status}")

This works great @Stuart Weenig. Thank you.

Now to the second related issue... I wonder why there is a created_by field but not a created_on field for the user account. I see there is one for the api_tokens, but not the user itself.

For example, now that I want to suspend user access automagically... I want to confirm that the user who hasn't logged in ever (aka last_login_on = 0) wasn't recently created, say the last 30 days. To handle that automatically I believe I'll need to query the audit log for a "Add a new account" text from the prior 30 days to define which set of users who've never logged in should be suspended.

Do you know of another way to handle that @Stuart Weenig? I might submit an enhancement request if not. Seems useful to me, I'm sure it'd be useful for others. I'd rather not load the last 30 days of audit log entries looking for newly created users and mapping them to userIDs if possible. The audit log entries don't include the newly created user ID which also seems like an enhancement request.

I've tried everything I can think of to make the filtering by description work in the SDK. This is another example where it also seems to work via the API (albeit after stealing the formatting from the Dev Tools) but not via the SDK.

Thanks for your time!
Anonymous
3 years ago

2 hours ago, FrankG said:

why there is a created_by field but not a created_on field for the user account.

¯\_(ツ)_/¯

2 hours ago, FrankG said:

I want to confirm that the user who hasn't logged in ever (aka last_login_on = 0) wasn't recently created, say the last 30 days.

I don't see another way. The id never decrements, so maybe if you're running it on a regular basis, you could keep track of what the max(id) was during a particular run and use that to determine which accounts are new since the last time you ran it. Would require local storage of that bit of data though.

2 hours ago, FrankG said:

I've tried everything I can think of to make the filtering by description work in the SDK. This is another example where it also seems to work via the API (albeit after stealing the formatting from the Dev Tools) but not via the SDK.

I don't know if i've ever gotten filtering/fields to work through the SDK.
FrankG
3 years ago
Thanks again @Stuart Weenig - I'll submit those enhancement requests.
Anonymous
3 years ago
I got some filtering working through the sdk, so i added the logic to look through the audit logs (don't worry, it only fetches the audit logs that indicate a new user was added). It checks, using username, to see if the user was added after the inactivedate and if so, doesn't disable that user.

https://github.com/sweenig/lmcommunity/blob/master/LMAutomation/disable_old_users.py
FrankG
3 years ago

On 2/4/2022 at 3:25 PM, Stuart Weenig said:

I got some filtering working through the sdk, so i added the logic to look through the audit logs (don't worry, it only fetches the audit logs that indicate a new user was added). It checks, using username, to see if the user was added after the inactivedate and if so, doesn't disable that user.

https://github.com/sweenig/lmcommunity/blob/master/LMAutomation/disable_old_users.py

Amazingly done. Very straightforward now that I'm looking at it. Seemed like more work than that, but this is why you're the master. I see your note about the filtering returning an extra unrelated entry for some reason. I see that when using the API directly also. Strangeness.

I'll have to fold that bit in and give it a test. I've also done some enhancements from this end that may be useful for others (excluding certain users with specific role assignments, usernames, or API Only users). I'll do the needful, decruft, and share shortly. Thanks again Stuart!

Forum Discussion

Confusing requirements and output get_admin_list using the SDK - Guidance requested

14 Replies

Related Content

Password and username requirements

Requirements for onboarding

HTTP Authentication Required?

Required LM Metrics on Azure PaaS and IaaS. If anyone configured please share the metrics along with pro's and con's

Failover Collector confusion

Recent Discussions

LM Logs SDT

Website Downtimes via API

LM Logs load-balancing

Checkpoint IPsec Tunnel Monitoring.

New VMware modules dropped