# --Main-- # # Get login details worked out rl_settings = rl_lib_general.rl_login_get(args.username, args.password, args.uiurl) # Verification (override with -y) if not args.yes: print() print('Ready to excute commands aginst your Prisma Cloud tenant.') verification_response = str( input('Would you like to continue (y or yes to continue)?')) continue_response = {'yes', 'y'} print() if verification_response not in continue_response: rl_lib_general.rl_exit_error( 400, 'Verification failed due to user response. Exiting...') # Sort out API Login print('API - Getting authentication token...', end='') rl_settings = rl_lib_api.rl_jwt_get(rl_settings) print('Done.') ## Compliance Copy ## wait_timer = 5 # Check the compliance standard and get the JSON information print('API - Getting the Compliance Standards list...', end='') rl_settings, response_package = rl_lib_api.api_compliance_standard_list_get( rl_settings) compliance_standard_list_temp = response_package['data'] compliance_standard_original = search_list_object_lower( compliance_standard_list_temp, 'name',
# --Main-- # # Get login details worked out rl_settings = rl_lib_general.rl_login_get(args.username, args.password, args.customername, args.uiurl) # Verification (override with -y) if not args.yes: print() print('This action will be done against the customer account name of "' + rl_settings['customerName'] + '".') verification_response = str( input('Is this correct (y or yes to continue)?')) continue_response = {'yes', 'y'} print() if verification_response not in continue_response: rl_lib_general.rl_exit_error( 400, 'Verification failed due to user response. Exiting...') # Sort out API Login print('API - Getting authentication token...', end='') rl_settings = rl_lib_api.rl_jwt_get(rl_settings) print('Done.') print('API - Getting user...', end='') rl_settings, response_package = rl_lib_api.api_user_get( rl_settings, args.useremail.lower()) user_new = response_package['data'] print('Done.') # Figure out what was updated and then post the changes as a complete package if args.role is not None: print('API - Getting user roles list...', end='')
# --Main-- # # Get login details worked out rl_settings = rl_lib_general.rl_login_get(args.username, args.password, args.customername, args.uiurl) # Verification (override with -y) if not args.yes: print() print('This action will be done against the customer account name of "' + rl_settings['customerName'] + '".') verification_response = str( input('Is this correct (y or yes to continue)?')) continue_response = {'yes', 'y'} print() if verification_response not in continue_response: rl_lib_general.rl_exit_error( 400, 'Verification failed due to user response. Exiting...') # Sort out API Login print('API - Getting authentication token...', end='') rl_settings = rl_lib_api.rl_jwt_get(rl_settings) print('Done.') print('API - Getting list of Policies...', end='') rl_settings, response_package = rl_lib_api.api_policy_list_get(rl_settings) policy_list_old = response_package['data'] print('Done.') print('Filter policy list for indicated policy types of ' + args.policytype + '...', end='') policy_type = args.policytype.lower()
def rl_call_api(action, api_url, rl_settings, data=None, params=None, try_count=0, max_retries=2, auth_count=0, auth_retries=1): retry_statuses = [429, 500, 502, 503, 504] auth_statuses = [401] retry_wait_timer = 5 headers = { 'Content-Type': 'application/json', 'x-redlock-auth': rl_settings['jwt'] } # Make the API Call response = requests.request(action, api_url, params=params, headers=headers, data=json.dumps(data)) # Check for an error to retry, re-auth, or fail if response.status_code in retry_statuses: try_count = try_count + 1 if try_count <= max_retries: time.sleep(retry_wait_timer) return rl_call_api(action=action, api_url=api_url, rl_settings=rl_settings, data=data, params=params, try_count=try_count, max_retries=max_retries, auth_count=auth_count, auth_retries=auth_retries) else: response.raise_for_status() elif response.status_code in auth_statuses and rl_settings[ 'jwt'] is not None: auth_count = auth_count + 1 if auth_count <= auth_retries: rl_settings = rl_jwt_get(rl_settings) return rl_call_api(action=action, api_url=api_url, rl_settings=rl_settings, data=data, params=params, try_count=try_count, max_retries=max_retries, auth_count=auth_count, auth_retries=auth_retries) else: response.raise_for_status() else: response.raise_for_status() # Check for valid response and catch if blank or unexpected api_response_package = {} api_response_package['statusCode'] = response.status_code try: api_response_package['data'] = response.json() except ValueError: if response.text == '': api_response_package['data'] = None else: rl_lib_general.rl_exit_error( 501, 'The server returned an unexpected server response.') return rl_settings, api_response_package
args = parser.parse_args() # --End parse command line arguments-- # # --Main-- # # Get login details worked out rl_settings = rl_lib_general.rl_login_get(args.username, args.password, args.uiurl) # Verification (override with -y) if not args.yes: print() print('Ready to excute commands aginst your Prisma Cloud tenant.') verification_response = str(input('Would you like to continue (y or yes to continue)?')) continue_response = {'yes', 'y'} print() if verification_response not in continue_response: rl_lib_general.rl_exit_error(400, 'Verification failed due to user response. Exiting...') # Sort out API Login print('API - Getting authentication token...', end='') rl_settings = rl_lib_api.rl_jwt_get(rl_settings) print(' Done.') ## Compliance Copy ## export_file_data = {} export_file_data['export_file_version'] = 1 export_file_data['compliance_section_list_original'] = {} export_file_data['policy_object_original'] = {} # Check the compliance standard and get the JSON information print('API - Getting the Compliance Standards list...', end='') rl_settings, response_package = rl_lib_api.api_compliance_standard_list_get(rl_settings)
) parser.add_argument( '-url', '--uiurl', type=str, help='*Required* - Base URL used in the UI for connecting to Prisma Cloud. ' 'Formatted as app.prismacloud.io or app2.prismacloud.io or app.eu.prismacloud.io, etc. ' 'You can also input the api version of the URL if you know it and it will be passed through.' ) args = parser.parse_args() # --End parse command line arguments-- # # --Main-- # if args.username is not None and args.password is not None and args.uiurl is not None: rl_lib_general.rl_settings_write(args.username, args.password, args.uiurl) print('Settings successfully saved to disk.') elif args.username is None and args.password is None and args.uiurl is None: rl_settings = rl_lib_general.rl_settings_read() print("Your currently configured Prisma Cloud Access Key is:") print(rl_settings['username']) if rl_settings['apiBase'] is not None: print("Your currently configured Prisma Cloud API Base URL is:") print(rl_settings['apiBase']) else: rl_lib_general.rl_exit_error( 400, "Please input an Access Key (--username), Secret Key (--password), and UI base URL (--uiurl)" " or no switches at all to see currently set information. Note: The Prisma Cloud UI Base URL should be " "similar to app.prismacloud.io, app2.prismacloud.io, etc.")
# --Main-- # # Get login details worked out rl_settings = rl_lib_general.rl_login_get(args.username, args.password, args.uiurl) # Verification (override with -y) if not args.yes: print() print('Ready to excute commands aginst your Prisma Cloud tenant.') verification_response = str( input('Would you like to continue (y or yes to continue)?')) continue_response = {'yes', 'y'} print() if verification_response not in continue_response: rl_lib_general.rl_exit_error( 400, 'Verification failed due to user response. Exiting...') # Sort out API Login print('API - Getting authentication token...', end='') rl_settings = rl_lib_api.rl_jwt_get(rl_settings) print(' Done.') ## Compliance Copy ## # Read in the JSON import file export_file_data = rl_lib_general.rl_file_read_json( args.source_import_file_name) # Do a quick validation to see if we are getting the base keys if 'compliance_standard_original' not in export_file_data: rl_lib_general.rl_exit_error( 404,
args = parser.parse_args() # --End parse command line arguments-- # # --Main-- # # Get login details worked out rl_settings = rl_lib_general.rl_login_get(args.username, args.password, args.uiurl) # Verification (override with -y) if not args.yes: print() print('Ready to excute commands aginst your Prisma Cloud tenant.') verification_response = str(input('Would you like to continue (y or yes to continue)?')) continue_response = {'yes', 'y'} print() if verification_response not in continue_response: rl_lib_general.rl_exit_error(400, 'Verification failed due to user response. Exiting...') # Sort out API Login print('API - Getting authentication token...', end='') rl_settings = rl_lib_api.rl_jwt_get(rl_settings) print('Done.') # Get policy list print('API - Getting the policy list...', end='') rl_settings, response_package = rl_lib_api.api_policy_list_get(rl_settings) policy_list = response_package['data'] print('Done.') # Figure out the policy ID from the name entered print('Search - Locate Policy ID from policy name...', end='') policy_id = None
type=str, help='*Required* - Name of the Redlock account to be used.') parser.add_argument( '-url', '--uiurl', type=str, help='*Required* - Base URL used in the UI for connecting to Redlock. ' 'Formatted as app.redlock.io or app2.redlock.io or app.eu.redlock.io, etc.') args = parser.parse_args() # --End parse command line arguments-- # # --Main-- # if args.username is not None and args.password is not None and args.customername is not None and args.uiurl is not None: rl_lib_general.rl_settings_write(args.username, args.password, args.customername, args.uiurl) print('Settings successfully saved to disk.') elif args.username is None and args.password is None and args.customername is None: rl_settings = rl_lib_general.rl_settings_read() print("Your currently configured Redlock UserName is:") print(rl_settings['username']) print("Your currently configured Redlock CustomerName is:") print(rl_settings['customerName']) if rl_settings['apiBase'] is not None: print("Your currently configured Redlock API Base URL is:") print(rl_settings['apiBase']) else: rl_lib_general.rl_exit_error(400,"Please input a username (-u), password (-p), customer name (-c), and UI base URL (-url)" " or no switches at all to see currently set information. Note: The Redlock UI Base URL should be " "similar to app.redlock.io, app2.redlock.io, etc.")
# --Main-- # # Get login details worked out rl_settings = rl_lib_general.rl_login_get(args.username, args.password, args.uiurl) # Verification (override with -y) if not args.yes: print() print('Ready to excute commands aginst your Prisma Cloud tenant.') verification_response = str( input('Would you like to continue (y or yes to continue)?')) continue_response = {'yes', 'y'} print() if verification_response not in continue_response: rl_lib_general.rl_exit_error( 400, 'Verification failed due to user response. Exiting...') # Sort out API Login print('API - Getting authentication token...', end='') rl_settings = rl_lib_api.rl_jwt_get(rl_settings) print('Done.') # Ingest CSV list of accounts to add print('File - Importing CSV from disk...', end='') import_list_from_csv = rl_lib_general.rl_file_load_csv( args.source_csv_cloud_accounts_list) print('Done.') # Convert groupId to an array for import print('Data - Converting CSV data format for import...', end='') cloud_accounts_to_import = []