def vnets_list_all(self, resourceId):
api_endpoint = self.config["AZURESDK"]["VirtualNetworksListAll"]
api_endpoint = api_endpoint.format(resourceId=resourceId)
with request_authenticated_azure_session() as req:
resource_policy_function = req.post(api_endpoint).json
return resource_policy_function
def get_keys(self, vaultBaseUrl):
api_endpoint = self.config['AZURESDK']['keyvault_get_keys']
api_endpoint = api_endpoint.format(vaultBaseUrl=vaultBaseUrl)
# with statement automatically closes the connection
with request_authenticated_azure_session() as req:
# Returns response object. The response object contains the HTTP status code, and the response of the service
keys = req.get(api_endpoint)
return keys
def list(self, organization, project):
api_endpoint = self.config["GIT"]['azure_devops_repositories_list']
api_endpoint = api_endpoint.format(organization=organization,
project=project)
with request_authenticated_azure_session() as req:
repositories = req.get(api_endpoint, auth=('', self.personal_access_token))
return repositories
def get_filtered(self, organization, project, repositoryId, filterValue):
api_endpoint = self.config["GIT"]['azure_devops_refs_list']
api_endpoint = api_endpoint.format(organization=organization,
project=project, repositoryId=repositoryId, filterValue=filterValue)
with request_authenticated_azure_session() as req:
refs_list = req.get(api_endpoint, auth=('', self.personal_access_token))
return refs_list
def policy_states_filter_and_multiple_groups(self, subscriptionId):
api_endpoint = self.config["AZURESDK"]["policy_states_filter_and_multiple_groups"]
api_endpoint = api_endpoint.format(subscriptionId=subscriptionId)
with request_authenticated_azure_session() as req:
r_policy_states_filter_and_multiple_groups = req.post(api_endpoint).json()
return r_policy_states_filter_and_multiple_groups
def vnet_list_usage(self, subscription, policyDefinitionName):
api_endpoint = ["AZURESDK"]["VirtualNetworksListUsage"]
api_endpoint = api_endpoint.format(
subscriptionId=subscription,
policyDefinitionName=policyDefinitionName)
with request_authenticated_azure_session() as req:
vnet_list_usage_fuction = req.post(api_endpoint).json
return vnet_list_usage_fuction
def policy_states_list_query_results_for_management_group(self, management_grp, policyStatesResource='latest'):
api_endpoint = self.config["AZURESDK"]["policy_states_list_query_results_for_management_group"]
api_endpoint = api_endpoint.format(managementGroupName=management_grp,
policyStatesResource=policyStatesResource)
with request_authenticated_azure_session() as req:
policy_states_summary_subscription = req.post(api_endpoint).json
return policy_states_summary_subscription
def get_tags(self, subscriptionId):
management_root = self.config['AZURESDK']['management_root']
api_version = self.config['AZURESDK']['apiversion']
api_endpoint = "{management_root}/subscriptions/{subscriptionId}/tagNames?api-version={api_version}".format(
management_root=management_root,
subscriptionId=subscriptionId,
api_version=api_version)
with request_authenticated_azure_session() as req:
tags = req.get(api_endpoint)
return tags
def policy_states_summarize_for_subscription_query(self):
"""
:param subscription:
:return:
"""
api_endpoint = self.config["AZURESDK"]["policystatessummarizeforsubscriptionquery"]
with request_authenticated_azure_session() as req:
policy_states_summary_subscription = req.post(api_endpoint).json
return policy_states_summary_subscription
def list(self, subscriptionId, policySetDefinitionName):
api_endpoint = self.config["AZURESDK"][
"policy_set_definitions_create_or_update"]
api_endpoint = api_endpoint.format(
subscriptionId=subscriptionId,
policySetDefinitionName=policySetDefinitionName)
with request_authenticated_azure_session() as req:
policy_set_definition = req.get(api_endpoint)
return policy_set_definition
def list_resourcegroup(self, subscriptionId):
"""
:return:
"""
api_endpoint = self.config["AZURESDK"]["resourcegroupslist"]
api_endpoint = api_endpoint.format(subscriptionId=subscriptionId)
with request_authenticated_azure_session() as req:
resource_group_function = req.post(api_endpoint).json
return resource_group_function
def policy_states_summarize_for_policy_definition(self, subscription_id,
policy_definition_name):
api_endpoint = self.config["AZURESDK"][
'policy_states_summarize_for_policy_definition']
api_endpoint = api_endpoint.format(
subscriptionId=subscription_id,
policyDefinitionName=policy_definition_name)
with request_authenticated_azure_session() as req:
policy_states_summary = req.post(api_endpoint)
return policy_states_summary
def policy_definition_via_policyDefinitionId(self, policyDefinitionId):
management_root = self.config['AZURESDK']['management_root']
api_version = self.config['AZURESDK']['apiversion']
api_endpoint = "{management_root}{policyDefinitionId}?api-version={api_version}".format(
management_root=management_root,
policyDefinitionId=policyDefinitionId,
api_version=api_version)
with request_authenticated_azure_session() as req:
policy_definitions = req.get(api_endpoint)
return policy_definitions
def list(self, subscriptionId, api_version=None):
api_endpoint = self.config['AZURESDK']['vaults_list']
if api_version is None:
api_version = self.config['AZURESDK']['apiversion']
api_endpoint = api_endpoint.format(subscriptionId=subscriptionId,
apiversion=api_version)
# with statement automatically closes the connection
with request_authenticated_azure_session() as req:
# Returns response object. The response object contains the HTTP status code, and the response of the service
vaults = req.get(api_endpoint)
return vaults
def policy_states_summarize_for_resourcegroup(self, subscriptionId):
"""
:param subscriptionId:
:return:
"""
api_endpoint = self.config["AZURESDK"]["policy_states_summarize_for_resource_group"]
api_endpoint = api_endpoint.format(subscriptionId=subscriptionId)
with request_authenticated_azure_session() as req:
summarized_resource_group_function = req.post(api_endpoint).json
return summarized_resource_group_function
def policy_states_summarize_for_resource(self, resourceId):
"""
:param resourceId:
:return: function
"""
api_endpoint = self.config["AZURESDK"]["policystatessummarizeforresource"]
api_endpoint = api_endpoint.format(resourceId=resourceId)
with request_authenticated_azure_session() as req:
resource_policy_function = req.post(api_endpoint).json
return resource_policy_function
def policy_definitions_by_subscription_req(self, subscriptionId):
"""
:param subscriptionId:
:return: Policy definitions by subscription request
"""
api_endpoint = self.config["AZURESDK"]["policy_definitions_list"]
api_endpoint = api_endpoint.format(subscriptionId=subscriptionId)
with request_authenticated_azure_session() as req:
policy_definitions = req.get(api_endpoint)
return policy_definitions
def get_by_id(self, id, api_version=None):
api_endpoint = self.config['AZURESDK']['vaults_get_by_id']
management_root = self.config['AZURESDK']['management_root']
if api_version is None:
api_version = self.config['AZURESDK']['apiversion']
api_endpoint = api_endpoint.format(management_root=management_root,
id=id,
apiversion=api_version)
# with statement automatically closes the connection
with request_authenticated_azure_session() as req:
# Returns response object. The response object contains the HTTP status code, and the response of the service
vault = req.get(api_endpoint)
return vault
def get_policy_definitions_list_by_management_group(
self, managementGroupId):
"""
Get the policy definitions from a management group
:param managementGroupId:
"""
api_endpoint = self.config['AZURESDK'][
'policy_definitions_list_by_management_group']
api_endpoint = api_endpoint.format(managementGroupId=managementGroupId)
with request_authenticated_azure_session() as req:
policy_definitions_response = req.get(api_endpoint)
return policy_definitions_response
def policy_states_summarize_for_subscription(self, subscription):
"""
:return:
:param subscription:
:return:
"""
api_endpoint = self.config["AZURESDK"]["policy_states_summarize_for_subscription"]
api_endpoint = api_endpoint.format(subscriptionId=subscription)
with request_authenticated_azure_session() as req:
policy_states_summary_subscription_response = req.post(api_endpoint)
return policy_states_summary_subscription_response
def policy_states_summarize_for_policy_definition(self, subscriptionId, policyDefinitionName):
"""
Summarizes policy states for the subscription level policy definition.
https://docs.microsoft.com/en-us/rest/api/policy-insights/policystates/summarizeforpolicydefinition#code-try-0
:param subscriptionId:
:param policyDefinitionName:
:return:
"""
api_endpoint = self.config["AZURESDK"]["policy_states_summarize_for_policy_definition"]
api_endpoint = api_endpoint.format(subscriptionId=subscriptionId, policyDefinitionName=policyDefinitionName)
with request_authenticated_azure_session() as req:
policy_states_summarize_for_policy_definition = req.post(api_endpoint)
return policy_states_summarize_for_policy_definition
def policy_states_summarize_for_subscription(self, subscriptionId):
"""
This method calls the policy compliance using the policy insights and query policy state
:rtype: response
:param subscriptionId:
:return:
"""
api_endpoint = self.config["AZURESDK"][
'policy_states_summarize_for_subscription']
api_endpoint = api_endpoint.format(subscriptionId=subscriptionId)
with request_authenticated_azure_session() as req:
policy_states_summary = req.post(api_endpoint)
return policy_states_summary
def policyinsights_generic_req(self, api_endpoint, *args):
"""
This function can theoretically call any Azure SDK API the service pricipal has access to
:param api_config_key:
:param args:
:return:
"""
# The policyinsights_generic_req has no way of learning the named string format parameters
# a simple replace makes the URL a workable generic call to the API
# example: api_config_key.replace('{subscriptionId}', '{}')
api_endpoint = api_endpoint.format(*args)
with request_authenticated_azure_session() as req:
return req.post(api_endpoint)
def get(self, organization, project, repositoryId, scopePath, versionDescriptor_version):
api_endpoint = self.config["GIT"]['azure_devops_items_list']
recursionLevel = 'Full'
includeLinks = 'true'
api_endpoint = api_endpoint.format(organization=organization,
project=project,
repositoryId=repositoryId,
scopePath=scopePath,
recursionLevel=recursionLevel,
includeLinks=includeLinks,
versionDescriptor_version=versionDescriptor_version)
with request_authenticated_azure_session() as req:
items = req.get(api_endpoint, auth=('', self.personal_access_token))
return items
def list(self):
"""
api_endpoint and api_api_version read from the app.config.ini or test.app.config.ini files.
In this way, the code is always loosely coupled from the service.
:return:
"""
api_endpoint = self.config['AZURESDK']['subscriptions']
api_version = self.config['AZURESDK']['apiversion']
api_endpoint = api_endpoint.format(apiversion=api_version)
# with statement automatically closes the connection
with request_authenticated_azure_session() as req:
# Returns response object. The response object contains the HTTP status code, and the response of the service
subscriptions = req.get(api_endpoint)
return subscriptions
def create_or_update(self, subscriptionId, policySetDefinitionName,
policy_set_properties_body, policyDefinitionsList,
policyDefinitionReferenceId):
api_endpoint = self.config["AZURESDK"][
"policy_set_definitions_create_or_update"]
api_endpoint = api_endpoint.format(
subscriptionId=subscriptionId,
policySetDefinitionName=policySetDefinitionName)
parameters_dict = {}
policyDefinitionReference = []
policyDefinitionId = ''
for policyDefinition in policyDefinitionsList:
if 'properties' in policyDefinition and 'policyDefinitionId' in policyDefinition[
'properties']:
if 'parameters' in policyDefinition:
parameters_dict = policyDefinition['parameters']
parameters = self.package_parameters_for_assignment(
parameters_dict)
if parameters is None:
"""TODO report policy non-compliance"""
continue
policyDefinition = {
"policyDefinitionId":
policyDefinition['properties']['policyDefinitionId'],
"policyDefinitionReferenceId":
policyDefinitionReferenceId + str(uuid.uuid4()),
"parameters":
parameters_dict
}
policyDefinitionReference.append(policyDefinition)
policy_set_properties_body['properties'][
'policyDefinitions'] = policyDefinitionReference
headers = {'content-type': 'application/json'}
policy_set_properties_body = json.dumps(policy_set_properties_body)
with request_authenticated_azure_session() as req:
policy_set_definition = req.put_create_assignment(
api_endpoint, data=policy_set_properties_body, headers=headers)
return policy_set_definition
def policy_states_summarize_for_subscription_compliant(
self, subscriptionId, is_compliant="true"
):
filter_condition = "IsCompliant eq {}".format(is_compliant)
api_endpoint = self.config["AZURESDK"][
"PolicyStatesSummarizeForSubscriptionFiltered"
]
api_endpoint = api_endpoint.format(
subscriptionId=subscriptionId, filter=filter_condition
)
with request_authenticated_azure_session() as req:
policy_states_summary_subscription = req.post(api_endpoint).json
return policy_states_summary_subscription
def policy_definitions_list_by_management_group(self,
management_grp,
authenticated_session=None
):
api_endpoint = self.config["AZURESDK"][
"policy_definitions_list_by_management_group"]
api_endpoint = api_endpoint.format(managementGroupId=management_grp)
if authenticated_session:
response = authenticated_session.get(api_endpoint)
else:
with request_authenticated_azure_session() as req:
response = req.get(api_endpoint)
if response is not None and response.status_code == 200:
return response
else:
return None
def get_policy_definitions(self,
subscription_id,
policy_definition_name,
authenticated_session=None):
"""
:param subscription_id:
:param policy_definition_name:
:param request_authenticated_prisma_session:
:return:
"""
api_endpoint = self.config["AZURESDK"]["policy_definitions_get"]
api_endpoint = api_endpoint.format(
subscriptionId=subscription_id,
policyDefinitionName=policy_definition_name)
api_endpoint_2 = self.config["AZURESDK"][
"get_policy_definition_by_name"]
api_endpoint_2 = api_endpoint_2.format(
policyDefinitionName=policy_definition_name)
policy_definitions_function = None
if authenticated_session:
policy_definitions_function = authenticated_session.get(
api_endpoint)
if policy_definitions_function.status_code == 404:
policy_definitions_function = authenticated_session.get(
api_endpoint_2)
else:
with request_authenticated_azure_session() as req:
policy_definitions_function = req.get(api_endpoint)
if policy_definitions_function.status_code == 404:
policy_definitions_function = req.get(api_endpoint_2)
if policy_definitions_function is not None and policy_definitions_function.status_code == 200:
return policy_definitions_function.json
else:
return None
def create_policy_definition(self, subscriptionId, policy_definition_name,
policy_definition_body):
"""
:param subscriptionId:
:param policy_definition_name:
:param policy_definition_body:
:return:
"""
api_endpoint = self.config["AZURESDK"][
"policy_definitions_create_or_update"]
api_endpoint = api_endpoint.format(
subscriptionId=subscriptionId,
policyDefinitionName=policy_definition_name)
headers = {'content-type': 'application/json'}
with request_authenticated_azure_session() as req:
policy_definitions = req.put_create_assignment(
api_endpoint, data=policy_definition_body, headers=headers)
return policy_definitions
