# --Main-- #
# Get login details worked out
rl_settings = rl_lib_general.rl_login_get(args.username, args.password,
args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(
input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
rl_lib_general.rl_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
rl_settings = rl_lib_api.rl_jwt_get(rl_settings)
print('Done.')
## Compliance Copy ##
wait_timer = 5
# Check the compliance standard and get the JSON information
print('API - Getting the Compliance Standards list...', end='')
rl_settings, response_package = rl_lib_api.api_compliance_standard_list_get(
rl_settings)
compliance_standard_list_temp = response_package['data']
compliance_standard_original = search_list_object_lower(
compliance_standard_list_temp, 'name',
# --Main-- #
# Get login details worked out
rl_settings = rl_lib_general.rl_login_get(args.username, args.password,
args.customername, args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('This action will be done against the customer account name of "' +
rl_settings['customerName'] + '".')
verification_response = str(
input('Is this correct (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
rl_lib_general.rl_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
rl_settings = rl_lib_api.rl_jwt_get(rl_settings)
print('Done.')
print('API - Getting user...', end='')
rl_settings, response_package = rl_lib_api.api_user_get(
rl_settings, args.useremail.lower())
user_new = response_package['data']
print('Done.')
# Figure out what was updated and then post the changes as a complete package
if args.role is not None:
print('API - Getting user roles list...', end='')
# --Main-- #
# Get login details worked out
rl_settings = rl_lib_general.rl_login_get(args.username, args.password,
args.customername, args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('This action will be done against the customer account name of "' +
rl_settings['customerName'] + '".')
verification_response = str(
input('Is this correct (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
rl_lib_general.rl_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
rl_settings = rl_lib_api.rl_jwt_get(rl_settings)
print('Done.')
print('API - Getting list of Policies...', end='')
rl_settings, response_package = rl_lib_api.api_policy_list_get(rl_settings)
policy_list_old = response_package['data']
print('Done.')
print('Filter policy list for indicated policy types of ' + args.policytype +
'...',
end='')
policy_type = args.policytype.lower()
def rl_call_api(action,
api_url,
rl_settings,
data=None,
params=None,
try_count=0,
max_retries=2,
auth_count=0,
auth_retries=1):
retry_statuses = [429, 500, 502, 503, 504]
auth_statuses = [401]
retry_wait_timer = 5
headers = {
'Content-Type': 'application/json',
'x-redlock-auth': rl_settings['jwt']
}
# Make the API Call
response = requests.request(action,
api_url,
params=params,
headers=headers,
data=json.dumps(data))
# Check for an error to retry, re-auth, or fail
if response.status_code in retry_statuses:
try_count = try_count + 1
if try_count <= max_retries:
time.sleep(retry_wait_timer)
return rl_call_api(action=action,
api_url=api_url,
rl_settings=rl_settings,
data=data,
params=params,
try_count=try_count,
max_retries=max_retries,
auth_count=auth_count,
auth_retries=auth_retries)
else:
response.raise_for_status()
elif response.status_code in auth_statuses and rl_settings[
'jwt'] is not None:
auth_count = auth_count + 1
if auth_count <= auth_retries:
rl_settings = rl_jwt_get(rl_settings)
return rl_call_api(action=action,
api_url=api_url,
rl_settings=rl_settings,
data=data,
params=params,
try_count=try_count,
max_retries=max_retries,
auth_count=auth_count,
auth_retries=auth_retries)
else:
response.raise_for_status()
else:
response.raise_for_status()
# Check for valid response and catch if blank or unexpected
api_response_package = {}
api_response_package['statusCode'] = response.status_code
try:
api_response_package['data'] = response.json()
except ValueError:
if response.text == '':
api_response_package['data'] = None
else:
rl_lib_general.rl_exit_error(
501, 'The server returned an unexpected server response.')
return rl_settings, api_response_package
args = parser.parse_args()
# --End parse command line arguments-- #
# --Main-- #
# Get login details worked out
rl_settings = rl_lib_general.rl_login_get(args.username, args.password, args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
rl_lib_general.rl_exit_error(400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
rl_settings = rl_lib_api.rl_jwt_get(rl_settings)
print(' Done.')
## Compliance Copy ##
export_file_data = {}
export_file_data['export_file_version'] = 1
export_file_data['compliance_section_list_original'] = {}
export_file_data['policy_object_original'] = {}
# Check the compliance standard and get the JSON information
print('API - Getting the Compliance Standards list...', end='')
rl_settings, response_package = rl_lib_api.api_compliance_standard_list_get(rl_settings)
)
parser.add_argument(
'-url',
'--uiurl',
type=str,
help='*Required* - Base URL used in the UI for connecting to Prisma Cloud. '
'Formatted as app.prismacloud.io or app2.prismacloud.io or app.eu.prismacloud.io, etc. '
'You can also input the api version of the URL if you know it and it will be passed through.'
)
args = parser.parse_args()
# --End parse command line arguments-- #
# --Main-- #
if args.username is not None and args.password is not None and args.uiurl is not None:
rl_lib_general.rl_settings_write(args.username, args.password, args.uiurl)
print('Settings successfully saved to disk.')
elif args.username is None and args.password is None and args.uiurl is None:
rl_settings = rl_lib_general.rl_settings_read()
print("Your currently configured Prisma Cloud Access Key is:")
print(rl_settings['username'])
if rl_settings['apiBase'] is not None:
print("Your currently configured Prisma Cloud API Base URL is:")
print(rl_settings['apiBase'])
else:
rl_lib_general.rl_exit_error(
400,
"Please input an Access Key (--username), Secret Key (--password), and UI base URL (--uiurl)"
" or no switches at all to see currently set information. Note: The Prisma Cloud UI Base URL should be "
"similar to app.prismacloud.io, app2.prismacloud.io, etc.")
# --Main-- #
# Get login details worked out
rl_settings = rl_lib_general.rl_login_get(args.username, args.password,
args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(
input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
rl_lib_general.rl_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
rl_settings = rl_lib_api.rl_jwt_get(rl_settings)
print(' Done.')
## Compliance Copy ##
# Read in the JSON import file
export_file_data = rl_lib_general.rl_file_read_json(
args.source_import_file_name)
# Do a quick validation to see if we are getting the base keys
if 'compliance_standard_original' not in export_file_data:
rl_lib_general.rl_exit_error(
404,
args = parser.parse_args()
# --End parse command line arguments-- #
# --Main-- #
# Get login details worked out
rl_settings = rl_lib_general.rl_login_get(args.username, args.password, args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
rl_lib_general.rl_exit_error(400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
rl_settings = rl_lib_api.rl_jwt_get(rl_settings)
print('Done.')
# Get policy list
print('API - Getting the policy list...', end='')
rl_settings, response_package = rl_lib_api.api_policy_list_get(rl_settings)
policy_list = response_package['data']
print('Done.')
# Figure out the policy ID from the name entered
print('Search - Locate Policy ID from policy name...', end='')
policy_id = None
type=str,
help='*Required* - Name of the Redlock account to be used.')
parser.add_argument(
'-url',
'--uiurl',
type=str,
help='*Required* - Base URL used in the UI for connecting to Redlock. '
'Formatted as app.redlock.io or app2.redlock.io or app.eu.redlock.io, etc.')
args = parser.parse_args()
# --End parse command line arguments-- #
# --Main-- #
if args.username is not None and args.password is not None and args.customername is not None and args.uiurl is not None:
rl_lib_general.rl_settings_write(args.username, args.password, args.customername, args.uiurl)
print('Settings successfully saved to disk.')
elif args.username is None and args.password is None and args.customername is None:
rl_settings = rl_lib_general.rl_settings_read()
print("Your currently configured Redlock UserName is:")
print(rl_settings['username'])
print("Your currently configured Redlock CustomerName is:")
print(rl_settings['customerName'])
if rl_settings['apiBase'] is not None:
print("Your currently configured Redlock API Base URL is:")
print(rl_settings['apiBase'])
else:
rl_lib_general.rl_exit_error(400,"Please input a username (-u), password (-p), customer name (-c), and UI base URL (-url)"
" or no switches at all to see currently set information. Note: The Redlock UI Base URL should be "
"similar to app.redlock.io, app2.redlock.io, etc.")
# --Main-- #
# Get login details worked out
rl_settings = rl_lib_general.rl_login_get(args.username, args.password,
args.uiurl)
# Verification (override with -y)
if not args.yes:
print()
print('Ready to excute commands aginst your Prisma Cloud tenant.')
verification_response = str(
input('Would you like to continue (y or yes to continue)?'))
continue_response = {'yes', 'y'}
print()
if verification_response not in continue_response:
rl_lib_general.rl_exit_error(
400, 'Verification failed due to user response. Exiting...')
# Sort out API Login
print('API - Getting authentication token...', end='')
rl_settings = rl_lib_api.rl_jwt_get(rl_settings)
print('Done.')
# Ingest CSV list of accounts to add
print('File - Importing CSV from disk...', end='')
import_list_from_csv = rl_lib_general.rl_file_load_csv(
args.source_csv_cloud_accounts_list)
print('Done.')
# Convert groupId to an array for import
print('Data - Converting CSV data format for import...', end='')
cloud_accounts_to_import = []
