)
parser.add_argument(
'-url',
'--uiurl',
type=str,
help='*Required* - Base URL used in the UI for connecting to Prisma Cloud. '
'Formatted as app.prismacloud.io or app2.prismacloud.io or app.eu.prismacloud.io, etc. '
'You can also input the api version of the URL if you know it and it will be passed through.'
)
args = parser.parse_args()
# --End parse command line arguments-- #
# --Main-- #
if args.username is not None and args.password is not None and args.uiurl is not None:
pc_lib_general.pc_settings_write(args.username, args.password, args.uiurl)
print('Settings successfully saved to disk.')
elif args.username is None and args.password is None and args.uiurl is None:
pc_settings = pc_lib_general.pc_settings_read()
print("Your currently configured Prisma Cloud Access Key is:")
print(pc_settings['username'])
if pc_settings['apiBase'] is not None:
print("Your currently configured Prisma Cloud API Base URL is:")
print(pc_settings['apiBase'])
else:
pc_lib_general.pc_exit_error(
400,
"Please input an Access Key (--username), Secret Key (--password), and UI base URL (--uiurl)"
" or no switches at all to see currently set information. Note: The Prisma Cloud UI Base URL should be "
"similar to app.prismacloud.io, app2.prismacloud.io, etc.")
# --Main-- #
# Get login details worked out
pc_settings = pc_lib_general.pc_login_get(args.username, args.password,
args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(
input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
pc_lib_general.pc_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
pc_settings = pc_lib_api.pc_jwt_get(pc_settings)
print('Done.')
print('File - Importing CSV from disk...', end='')
import_list_from_csv = pandas.read_csv(args.source_csv_account_groups_list)
print(import_list_from_csv)
print('Done.')
# Get existing cloud account list
print('API - Getting existing account group list...', end='')
#below gets level2
pc_settings, response_package = pc_lib_api.api_accounts_groups_list_get(
# --Main-- #
# Get login details worked out
pc_settings = pc_lib_general.pc_login_get(args.username, args.password,
args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(
input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
pc_lib_general.pc_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...')
pc_settings = pc_lib_api.pc_jwt_get(pc_settings)
print(' Done.')
print()
## Compliance Copy ##
# Read in the JSON import file
export_file_data = pc_lib_general.pc_file_read_json(
args.source_import_file_name)
# Do a quick validation to see if we are getting the base keys
if 'compliance_standard_original' not in export_file_data:
pc_lib_general.pc_exit_error(
# --Main-- #
# Get login details worked out
pc_settings = pc_lib_general.pc_login_get(args.username, args.password,
args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(
input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
pc_lib_general.pc_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...')
pc_settings = pc_lib_api.pc_jwt_get(pc_settings)
print(' Done.')
print()
## Compliance Copy ##
# Set up the data structure
export_file_data = {}
export_file_data[
'export_file_version'] = DEFAULT_COMPLIANCE_EXPORT_FILE_VERSION
export_file_data['compliance_section_list_original'] = {}
export_file_data['policy_object_original'] = {}
export_file_data['search_object_original'] = {}
# --Main-- #
# Get login details worked out
pc_settings = pc_lib_general.pc_login_get(args.username, args.password,
args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(
input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
pc_lib_general.pc_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
pc_settings = pc_lib_api.pc_jwt_get(pc_settings)
print('Done.')
## Compliance Copy ##
wait_timer = 5
# Check the compliance standard and get the JSON information
print('API - Getting the Compliance Standards list...', end='')
pc_settings, response_package = pc_lib_api.api_compliance_standard_list_get(
pc_settings)
compliance_standard_list_temp = response_package['data']
compliance_standard_original = search_list_object_lower(
compliance_standard_list_temp, 'name',
args = parser.parse_args()
# --End parse command line arguments-- #
# --Main-- #
print("Configuration file:")
if args.config_file is None:
print(pc_lib_general.DEFAULT_SETTINGS_FILE_NAME)
else:
print(args.config_file)
print()
if args.username is not None and args.password is not None and args.uiurl is not None:
pc_lib_general.pc_settings_write(args.username, args.password, args.uiurl,
args.config_file)
print('Settings saved to configuration file.')
elif args.username is None and args.password is None and args.uiurl is None:
pc_settings = pc_lib_general.pc_settings_read(args.config_file)
print("Your currently configured Prisma Cloud Access Key is:")
print(pc_settings['username'])
print()
if pc_settings['apiBase'] is not None:
print("Your currently configured Prisma Cloud API/UI Base URL is:")
print(pc_settings['apiBase'])
print()
else:
pc_lib_general.pc_exit_error(
400,
"Please specify an Access Key (--username), Secret Key (--password), and API/UIUI Base URL (--uiurl) "
"or no switches, other than an optional (--config_file), to view your current settings. "
"Note: The Prisma Cloud API/UI Base URL should be similar to: app.prismacloud.io, app2.prismacloud.io, etc."
)
def pc_call_api(action,
api_url,
pc_settings,
data=None,
params=None,
try_count=5,
max_retries=9,
auth_count=0,
auth_retries=5,
headers_param={'Content-Type': 'application/json'}):
retry_statuses = [429, 500, 502, 503, 504]
auth_statuses = [401]
retry_wait_timer = 30
headers = headers_param
headers['x-redlock-auth'] = pc_settings['jwt']
# Make the API Call
print(headers)
response = requests.request(action,
api_url,
params=params,
headers=headers,
data=json.dumps(data))
print(response)
# Check for an error to retry, re-auth, or fail
if response.status_code in retry_statuses:
try_count = try_count + 1
if try_count <= max_retries:
time.sleep(retry_wait_timer)
return pc_call_api(action=action,
api_url=api_url,
pc_settings=pc_settings,
data=data,
params=params,
try_count=try_count,
max_retries=max_retries,
auth_count=auth_count,
auth_retries=auth_retries,
headers_param=headers)
else:
response.raise_for_status()
elif response.status_code in auth_statuses and pc_settings[
'jwt'] is not None:
auth_count = auth_count + 1
if auth_count <= auth_retries:
pc_settings = pc_jwt_get(pc_settings)
return pc_call_api(action=action,
api_url=api_url,
pc_settings=pc_settings,
data=data,
params=params,
try_count=try_count,
max_retries=max_retries,
auth_count=auth_count,
auth_retries=auth_retries,
headers_param=headers)
else:
response.raise_for_status()
else:
response.raise_for_status()
# Check for valid response and catch if blank or unexpected
api_response_package = {}
api_response_package['statusCode'] = response.status_code
try:
# Check if response should be CSV or JSON
if 'accept' in headers and headers['accept'] == 'text/csv':
api_response_package['data'] = response.text
else:
api_response_package['data'] = response.json()
except ValueError:
if response.text == '':
api_response_package['data'] = None
else:
pc_lib_general.pc_exit_error(
501, 'The server returned an unexpected server response.')
return pc_settings, api_response_package
args = parser.parse_args()
# --End parse command line arguments-- #
# --Main-- #
# Get login details worked out
pc_settings = pc_lib_general.pc_login_get(args.username, args.password, args.uiurl, args.config_file)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to execute commands against your Prisma Cloud tenant.')
verification_response = str(input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
pc_lib_general.pc_exit_error(400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
pc_settings = pc_lib_api.pc_jwt_get(pc_settings)
print('Done.')
print('API - Getting user...', end='')
pc_settings, response_package = pc_lib_api.api_user_get(pc_settings, args.useremail.lower())
user_new = response_package['data']
print('Done.')
# Figure out what was updated and then post the changes as a complete package
if args.role is not None:
print('API - Getting user roles list...', end='')
pc_settings, response_package = pc_lib_api.api_user_role_list_get(pc_settings)
# --Main-- #
# Get login details worked out
pc_settings = pc_lib_general.pc_login_get(args.username, args.password,
args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(
input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
pc_lib_general.pc_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...')
pc_settings = pc_lib_api.pc_jwt_get(pc_settings)
print(' Done.')
print()
# Read in the JSON import file
export_file_data = pc_lib_general.pc_file_read_json(
args.source_import_file_name)
# Do a quick validation to see if we are getting the base keys
if 'policy_list_original' not in export_file_data:
pc_lib_general.pc_exit_error(
404,
