Skip to main content

Demo/Lab: Targeting with SQLite example

In this lab we build a connector to integrate with SQLite.

Prerequisites

Bravura Security Fabric is installed.

Steps

  1. Find the agtsqlitedemo.py sample script and agtsqlitedemo.con container file in <instance>/samples folder.

  2. Copy agtsqlitedemo.py and agtsqlitedemo.con into your <instance>/agent folder.

  3. With PyCharm or the editor of your choice, open your agtsqlitedemo.py script.

  4. Note that the connector bootstraps an SQLite database schema and preloads accounts and groups. This is not typical connector behavior, but given that this is a demo connector, this simplifies the creation and loading of an SQLite database with useful test accounts and groups.

    • The name of the database file is cereal-1.2.db.

    • If the cereal-1.2.db database does not already exist, the sample script will create the database schema and preload hard coded values.

  5. With PyCharm, you can turn on "structure view" to get a better understanding of what is in the Python file. To turn on this feature:

    1. Go to View > Tool Windows and select "Structure".

      The structure panel will appear in the bottom left corner of your screen.

    2. Click the settings cog on the right top corner of the window to select a different location for the window.

  6. Log into Bravura Security Fabric as an administrator and create a manually defined target with the following:

    • Type: Demo Python Agent using SQLite

    • ID: MYSQLITEDEMO

    • Description: My SQLite Demo

  7. Click Change next to the Address field.

    Notice that, at this time, this demo has no address attributes and, therefore, does not expose any target configuration options.

  8. Click Continue.

  9. Set Automatically manage groups to "All groups, approval required".

  10. Set Groups whose membership will be listed is set to "Managed groups".

  11. Click Add on the target main page.

  12. On the Credentials page enter in credentials. This SQLite database authenticates to the accounts and passwords stored inside the cereal-1.2.db. For this demo, start with:

    • Administrator ID : placeholder

    • Password: North*1

    • Confirm password: North*1

  13. Click Update.

  14. Select the Test connection tab

  15. Click Test credentials .

    Results will fail. Look at the code first to try and determine why it failed before looking at the logs.

  16. Navigate back to your agtsqlitedemo.py script in PyCharm.

  17. Since the connect operation failed, go to the connect definition in the code to examine the settings.

  18. Notice there are failure codes that will return for the line:

    • If account.get()

    • If account.passwd !=cinfo["adminpw"] or account.enabled !="1":

  19. Check the logs:

    1. Navigate to <Program Files path>\Bravura Security\Bravura Security Fabric\Logs\<instance> .

    2. Open the idmsuite.log contained in that folder with Notepad and scroll to the bottom of the file for the most recent logs. Alternatively, you can also click on the Logs tab on the target configuration page.

    3. Look for entries with agtpython.exe process running and find the lines for Attempting to connect to host [MYSQLITEDEMO]...

    4. You will see a line saying Warning: Account.get - account id does not exist [placeholder] meaning that our connection is failing because the placeholder account we used as credentials does not exist.

    5. As hinted above, we need to find an account and password that cereal-1.2.db was initially bootstrapped with. Go to the top of the script and look for the database bootstrap code.

    6. Note the following code:

      c.execute('''CREATE TABLE accounts (id text, shortid text, fullname text, passwd
            text, expiredpw integer, enabled integer, locked integer, expiredacct integer, email
            text, department text)''')
         
...
  c.execute("INSERT INTO accounts VALUES ('Administrator','Administrator','Administrator','Pa$$w0rd',0,1,0,0,'Administrator@cereal.com','The
            Boss')")

      It looks like there is an Administrator account with a password of Pa$$w0rd in the SQLite database.

    7. Verify the credentials by opening up cereal-1.2.db with SQLite Brower or a similar tool. This file is located in the <instance>\agent directory. To view the contents of that file :

      1. Open the Windows start menu and click DB Browser (SQLite) program.

      2. Click Open Database in the top toolbar.

      3. Navigate to the <instance>\script directory.

      4. Select the cereal-1.2.db file.

      5. Click Open.

      6. Click the Browse Data tab and in the Table: field select the "accounts" table. It should be something like the following:

        34765.png

  20. To resolve this issue, navigate back to the credential page, delete the previous credentials and enter:

    • Administrator ID : Administrator

    • Password: Pa$$w0rd

    • Confirm password: Pa$$w0rd

  21. Click Save.

  22. Navigate back to the Test connection page and click the Test connection tab.

  23. Click Test credentials .

    The test should succeed.

  24. Click Test list .

    The test should return the six users from the script since it built the database the first time we ran it.

  25. On your Bravura Security Fabric instance, navigate to Resources > Target Systems > Manually defined.

  26. Click the checkbox for the MYSQLITEDEMO target.

  27. Click Run discovery at the bottom of the target list.

  28. Confirm the action by clicking Ok in the confirmation pop-up window.

  29. Verify the accounts and groups listed using reports:

    1. Click the Home icon and navigate to Manage Reports > Reports > Users > Accounts. Select your Target System ID and click Run.

    2. Navigate to Manage Reports > Reports > Roles and Groups -> Groups. Select your Target System ID and click Run.

In this section: