def update_coreos_csm_policy(coreos_policy, session):
if update_policy > 0:
csm_policy = cloudpassage.ConfigurationPolicy(session)
data = json.dumps(coreos_policy)
csm_policy.update(data)
else:
return
def build_config_policy_object(self):
session = cloudpassage.HaloSession(key_id, secret_key,
api_host=api_hostname,
api_port=api_port,
integration_string="SDK-Smoke")
return_obj = cloudpassage.ConfigurationPolicy(session)
return(return_obj)
def process_csm(csm_scan, server, session, tests):
scan = cloudpassage.Scan(session)
policy = cloudpassage.ConfigurationPolicy(session)
scan_details = scan.scan_details(csm_scan["id"])
csm_policy_list = scan_details["policies"]
csm_policies = [policy.describe(item["id"]) for item in csm_policy_list]
rules_dict = {}
for csm_policy in csm_policies:
for rule in csm_policy["rules"]:
rules_dict[rule["name"]] = rule
tests["max_criticals"]["actual"] = csm_scan["critical_findings_count"]
tests["max_non_criticals"]["actual"] = csm_scan["non_critical_findings_count"]
if tests["max_criticals"]["actual"] > tests["max_criticals"]["threshold"]:
tests["max_criticals"]["result"] = False
if tests["max_non_criticals"]["actual"] > tests["max_non_criticals"]["threshold"]:
tests["max_non_criticals"]["result"] = False
bad_findings = [finding for finding in csm_scan["findings"] if finding['status'] == ('bad' or 'indeterminate')]
scan_time = csm_scan["completed_at"]
generate_csm_report(tests, bad_findings, server, scan_time, rules_dict, csm_policies)
return all(v["result"] for v in tests.values())
def test_instantiation(self):
session = cloudpassage.HaloSession(key_id, secret_key)
assert cloudpassage.ConfigurationPolicy(session)
import os
import sys
import cloudpassage
from json2html import *
session = cloudpassage.HaloSession(sys.argv[1],
sys.argv[2],
api_host=sys.argv[3])
policy = cloudpassage.ConfigurationPolicy(session, endpoint_version=2)
policies = policy.list_all(template=False, retired=False)
request = cloudpassage.HttpHelper(session)
# Get all APA policies
results_table = []
for pol in policies:
incl_string = ""
excl_string = ""
if pol["assignment"]:
for excl in pol["assignment"]["excl"]:
excl_string += f'{excl["name"]}: {excl["value"][0] if isinstance(excl["value"], list) else excl["value"]};' + " "
for incl in pol["assignment"]["incl"]:
incl_string += f'{incl["name"]}: {incl["value"][0] if isinstance(incl["value"], list) else incl["value"]};' + " "
policy_response = request.get(f"/v2/policies/{pol['policy_id']}")
policy_detail = {}
for detail in policy_response.values():
policy_detail = detail
used_by = ""
def test_instantiation(self):
session = cloudpassage.HaloSession(None, None)
assert cloudpassage.ConfigurationPolicy(session)