def create(self, group_name, **kwargs):
"""Creates a ServerGroup.
Args:
group_name (str): Name for the new group
Keyword Args:
firewall_policy_id (str): ID of firewall policy to be assigned to \
the group (deprecated- use linux_firewall_policy_id)
linux_firewall_policy_id (str): ID of linux firewall policy to \
associate with the new group
windows_firewall_policy_id (str): ID of Windows firewall policy \
to associate with the new group
policy_ids (list): List of Linux configuration policy IDs
windows_policy_ids (list): List of Windows configuration policy IDs
fim_policy_ids (list): List of Linux FIM policies
linux_fim_policy_ids (list): List of Linux FIM policies
windows_fim_policy_ids (list): List of Windows FIM policies
lids_policy_ids (list): List of LIDS policy IDs
tag (str): Server group tag-used for auto-assignment of group.
server_events_policy (str): Special events policy IDs
alert_profiles (list): List of alert profile IDs
Returns:
str: ID of newly-created group.
"""
endpoint = "/v1/groups"
group_data = {"name": group_name, "policy_ids": [], "tag": None}
body = {"group": utility.merge_dicts(group_data, kwargs)}
request = HttpHelper(self.session)
response = request.post(endpoint, body)
return response["group"]["id"]
def create(self, fim_policy_id, server_id, **kwargs):
"""Creates a FIM baseline
Args:
fim_policy_id (str): ID of FIM policy to baseline
server_id (str): ID of server to use for generating baseline
Keyword Args:
expires (int): Number of days from today for expiration of baseline
comment (str): Guess.
Returns:
str: ID of new baseline
"""
sanity.validate_object_id([fim_policy_id, server_id])
request = HttpHelper(self.session)
endpoint = "/v1/fim_policies/%s/baselines" % fim_policy_id
request_body = {"baseline": {"server_id": server_id,
"expires": None,
"comment": None}}
if "expires" in kwargs:
request_body["baseline"]["expires"] = kwargs["expires"]
if "comment" in kwargs:
request_body["baseline"]["comment"] = kwargs["comment"]
response = request.post(endpoint, request_body)
policy_id = response["baseline"]["id"]
return policy_id
def create(self, fim_policy_id, server_id, **kwargs):
"""Creates a FIM baseline
Args:
fim_policy_id (str): ID of FIM policy to baseline
server_id (str): ID of server to use for generating baseline
Keyword Args:
expires (int): Number of days from today for expiration of baseline
comment (str): Guess.
Returns:
str: ID of new baseline
"""
sanity.validate_object_id([fim_policy_id, server_id])
request = HttpHelper(self.session)
endpoint = "/v1/fim_policies/%s/baselines" % fim_policy_id
request_body = {
"baseline": {
"server_id": server_id,
"expires": None,
"comment": None
}
}
if "expires" in kwargs:
request_body["baseline"]["expires"] = kwargs["expires"]
if "comment" in kwargs:
request_body["baseline"]["comment"] = kwargs["comment"]
response = request.post(endpoint, request_body)
policy_id = response["baseline"]["id"]
return policy_id
def initiate_scan(self, server_id, scan_type):
"""Initiate a scan on a specific server.
Args:
server_id (str): ID of server to be scanned
scan_type (str): Type of scan to be run.
Valid scan types:
sca - Configuration scan
csm - Configuration scan (same as sca)
svm - Software vulnerability scan
sva - Software vulnerability scan (same as svm)
sam - Server access management scan
fim - File integrity monitoring scan
sv - Agent self-verifiation scan
Returns:
dict: Dictionary describing command created as a result of this \
call
Failure throws an exception.
"""
sanity.validate_object_id(server_id)
if self.scan_type_supported(scan_type) is False:
exception_message = "Unsupported scan type: %s" % scan_type
raise CloudPassageValidation(exception_message)
else:
scan_type_normalized = self.supported_scans[scan_type]
request_body = {"scan": {"module": scan_type_normalized}}
endpoint = "/v1/servers/%s/scans" % server_id
request = HttpHelper(self.session)
response = request.post(endpoint, request_body)
command_info = response["command"]
return command_info
def initiate_scan(self, server_id, scan_type):
"""Initiate a scan on a specific server.
Args:
server_id (str): ID of server to be scanned
scan_type (str): Type of scan to be run.
Valid scan types:
sca - Configuration scan
csm - Configuration scan (same as sca)
svm - Software vulnerability scan
sva - Software vulnerability scan (same as svm)
sam - Server access management scan
fim - File integrity monitoring scan
sv - Agent self-verifiation scan
Returns:
dict: Dictionary describing command created as a result of this \
call
Failure throws an exception.
"""
sanity.validate_object_id(server_id)
if self.scan_type_supported(scan_type) is False:
exception_message = "Unsupported scan type: %s" % scan_type
raise CloudPassageValidation(exception_message)
else:
scan_type_normalized = self.supported_scans[scan_type]
request_body = {"scan": {"module": scan_type_normalized}}
endpoint = "/v1/servers/%s/scans" % server_id
request = HttpHelper(self.session)
response = request.post(endpoint, request_body)
command_info = response["command"]
return command_info
def create(self, policy_body):
"""Creates a policy from JSON document.
Returns the ID of the new policy
"""
request = HttpHelper(self.session)
request_body = utility.policy_to_dict(policy_body)
return request.post(self.endpoint(), request_body)["id"]
def create(self, policy_body):
"""Creates a policy from JSON document.
Returns the ID of the new policy
"""
request = HttpHelper(self.session)
request_body = utility.policy_to_dict(policy_body)
return request.post(self.endpoint(),
request_body)["id"]
def create(self, group_name, **kwargs):
"""Creates a ServerGroup.
Args:
group_name (str): Name for the new group
Keyword Args:
firewall_policy_id (str): ID of firewall policy to be assigned to \
the group (deprecated- use linux_firewall_policy_id)
linux_firewall_policy_id (str): ID of linux firewall policy to \
associate with the new group
windows_firewall_policy_id (str): ID of Windows firewall policy \
to associate with the new group
policy_ids (list): List of Linux configuration policy IDs
windows_policy_ids (list): List of Windows configuration policy IDs
fim_policy_ids (list): List of Linux FIM policies
linux_fim_policy_ids (list): List of Linux FIM policies
windows_fim_policy_ids (list): List of Windows FIM policies
linux_lids_policy_ids (list): List of Linux LIDS policy IDs
windows_lids_policy_ids (list): List of Windows LIDS policy IDs
tag (str): Server group tag-used for auto-assignment of group.
server_events_policy (str): Special events policy IDs
alert_profiles (list): List of alert profile IDs
Returns:
str: ID of newly-created group.
"""
endpoint = "/v1/groups"
group_data = {"name": group_name, "policy_ids": [], "tag": None}
try:
sanity.validate_servergroup_create(kwargs)
except TypeError as exc:
raise CloudPassageValidation(exc)
body = {"group": utility.merge_dicts(group_data, kwargs)}
request = HttpHelper(self.session)
response = request.post(endpoint, body)
return response["group"]["id"]
def create(self, firewall_policy_id, rule_body):
"""Creates a rule within a firewall policy.
Args:
rule_body (dict or str): string or dict containing the json \
representation of the firewall policy to be created.
Returns:
str: ID of newly-created firewall rule
Example rule_body:
::
{
"firewall_rule" : {
"chain": "INPUT",
"active": true,
"firewall_interface": "7b881ca072b1012ec681404096c01709",
"firewall_service": "7b6409a072b1012ec681404096c01709",
"connection_states": "NEW, ESTABLISHED",
"action": "ACCEPT",
"log": true,
"log_prefix": "East-3 input-accept",
"comment": "All servers in group East-3 must include this rule",
"position": 4
}
}
"""
sanity.validate_object_id(firewall_policy_id)
request = HttpHelper(self.session)
endpoint = ("/v1/firewall_policies/%s/firewall_rules" %
firewall_policy_id)
response = request.post(endpoint, rule_body)
policy_id = response["firewall_rule"]["id"]
return policy_id