class AccessPolicy(object):
def __init__(self, base_url, username, password):
super(AccessPolicy, self).__init__()
self.client = RESTClient(base_url, username, password)
def get_policies(self, filter=None):
endpoint = None
if filter != None:
endpoint = "%s?filter=%s" % (ACCESS_POLICY, filter)
else:
endpoint = ACCESS_POLICY
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_policy(self, policy_id=None):
endpoint = "%s/%s" % (ACCESS_POLICY, policy_id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def create_policy(self,
policy_name=None,
category=None,
policy_type="JavaScript",
file_name=None):
data = DataObject()
response = None
try:
with open(file_name, 'rb') as content:
data.add_value_string('category', category)
data.add_value_string('type', policy_type)
data.add_value_string('name', policy_name)
data.add_value_string("content",
content.read().decode('utf-8'))
except IOError as e:
logger.error(e)
response = Response()
response.success = False
if response == None:
endpoint = ACCESS_POLICY
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
return response
def update_policy(self, policy_id=None, file_name=None):
data = DataObject()
try:
with open(file_name, 'rb') as content:
data.add_value_string("content",
content.read().decode('utf-8'))
except IOError as e:
logger.error(e)
response.success = False
endpoint = "%s/%s" % (ACCESS_POLICY, policy_id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
class ManagementAuthorization(object):
def __init__(self, base_url, username, password):
super(ManagementAuthorization, self).__init__()
self.client = RESTClient(base_url, username, password)
def enable(self, enforce=False):
data = DataObject()
data.add_value_boolean("enforcing", enforce)
endpoint = MANAGEMENT_AUTHORIZATION + '/config/v1'
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def update(self, enforce_config=False, roles=[]):
auth_config = DataObject()
auth_config.add_value_boolean("enforcing", enforce_config)
auth_roles = DataObject()
auth_roles.add_value_not_empty("roles", roles)
data = DataObject()
data.add_value("config", auth_config.data)
data.add_value_not_empty("roles", auth_roles.data)
endpoint = MANAGEMENT_AUTHORIZATION + '/v1'
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def get(self):
endpoint = MANAGEMENT_AUTHORIZATION + '/v1'
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def create_role(self, name=None, users=None, groups=None, features=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_not_empty("users", users)
data.add_value_not_empty("grpups", groups)
data.add_value_not_empty("features", features)
endpoint = MANAGEMENT_AUTHORIZATION_ROLES + '/v1'
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def update_role(self, name=None, users=None, groups=None, features=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_not_empty("users", users)
data.add_value_not_empty("grpups", groups)
data.add_value_not_empty("features", features)
endpoint = MANAGEMENT_AUTHORIZATION_ROLES + '/{}/v1'.format(name)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def delete_role(self, role=None):
endpoint = MANAGEMENT_AUTHORIZATION_ROLES "/{}/v1".format(role)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def get_role(self, role=None):
endpoint = MANAGEMENT_AUTHORIZATION_ROLES "/{}/v1".format(role)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_roles(self):
endpoint = MANAGEMENT_AUTHORIZATION_ROLES + '/v1'
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_features(self):
endpoint = MANAGEMENT_AUTHORIZATION_FEATURES + '/v1'
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_features_for_user(self, user=None):
endpoint = MANAGEMENT_AUTHORIZATION_FEATURES + '/users/{}/v1'.format(user)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_groups_for_role(self, role=None):
endpoint = MANAGEMENT_AUTHORIZATION_ROLES + '/{}/groups/v1'.format(role)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_users_for_role(self, role=None):
endpoint = MANAGEMENT_AUTHORIZATION_ROLES + '/{}/users/v1'
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
class Authentication(object):
def __init__(self, base_url, username, password):
super(Authentication, self).__init__()
self.client = RESTClient(base_url, username, password)
def create_mechanism(
self, description=None, name=None, uri=None, type_id=None,
properties=None, attributes=None):
data = DataObject()
data.add_value_string("description", description)
data.add_value_string("name", name)
data.add_value_string("uri", uri)
data.add_value_string("typeId", type_id)
data.add_value("properties", properties)
data.add_value("attributes", attributes)
response = self.client.post_json(AUTHENTICATION_MECHANISMS, data.data)
response.success = response.status_code == 201
return response
def list_mechanism_types(
self, sort_by=None, count=None, start=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("count", count)
parameters.add_value_string("start", start)
parameters.add_value_string("filter", filter)
response = self.client.get_json(
AUTHENTICATION_MECHANISM_TYPES, parameters.data)
response.success = response.status_code == 200
return response
def list_mechanisms(
self, sort_by=None, count=None, start=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("count", count)
parameters.add_value_string("start", start)
parameters.add_value_string("filter", filter)
response = self.client.get_json(
AUTHENTICATION_MECHANISMS, parameters.data)
response.success = response.status_code == 200
return response
def update_mechanism(
self, id, description=None, name=None, uri=None, type_id=None,
predefined=None, properties=None, attributes=None):
data = DataObject()
data.add_value_string("id", id)
data.add_value_string("description", description)
data.add_value_string("name", name)
data.add_value_string("uri", uri)
data.add_value_string("typeId", type_id)
data.add_value("predefined", predefined)
data.add_value("properties", properties)
data.add_value("attributes", attributes)
endpoint = "%s/%s" % (AUTHENTICATION_MECHANISMS, id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def create_policy(
self, name=None, policy=None, uri=None, description=None,
dialect="urn:ibm:security:authentication:policy:1.0:schema",
enabled=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("policy", policy)
data.add_value_string("uri", uri)
data.add_value_string("description", description)
data.add_value_string("dialect", dialect)
data.add_value_string("enabled", enabled)
response = self.client.post_json(AUTHENTICATION_POLICIES, data.data)
response.success = response.status_code == 201
return response
def get_policy(self, id):
endpoint = "%s/%s" % (AUTHENTICATION_POLICIES, id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def list_policies(
self, sort_by=None, count=None, start=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("count", count)
parameters.add_value_string("start", start)
parameters.add_value_string("filter", filter)
response = self.client.get_json(
AUTHENTICATION_POLICIES, parameters.data)
response.success = response.status_code == 200
return response
def update_policy(
self, id, name=None, policy=None, uri=None, description=None,
dialect="urn:ibm:security:authentication:policy:1.0:schema",
user_last_modified=None, last_modified=None,
date_created=None, predefined=None, enabled=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("policy", policy)
data.add_value_string("uri", uri)
data.add_value_string("description", description)
data.add_value_string("dialect", dialect)
data.add_value_string("id", id)
data.add_value_string("enabled", enabled)
data.add_value_string("userlastmodified", user_last_modified)
data.add_value_string("lastmodified", last_modified)
data.add_value_string("datecreated", date_created)
data.add_value("predefined", predefined)
endpoint = "%s/%s" % (AUTHENTICATION_POLICIES, id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
class Kerberos(object):
def __init__(self, base_url, username, password):
super(Kerberos, self).__init__()
self.client = RESTClient(base_url, username, password)
def create(self, _id=None, subsection=None, name=None, value=None):
data = DataObject()
data.add_value_not_empty("name", name)
data.add_value_not_empty("subsection", subsection)
data.add_value_string("value", value)
endpoint = KERBEROS_CONFIG + "/{}".format(_id)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def update(self, _id=None, value=None):
data = DataObject()
data.add_value_string("value", value)
endpoint = KERBEROS_CONFIG + "/{}".format(_id)
response = self.client.put_json(endpoint, data.data)
response.success = response.stauts_code == 200
return response
def get(self, _id=None):
endpoint = KERBEROS_CONFIG + "/{}".format(_id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def delete(self, _id=None):
endpoint = KERBEROS_CONFIG = "/{}".format(_id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 200
return response
def test(self, username=None, password=None):
data = DataObject()
data.add_value_string("username", username)
data.add_value_string("password", password)
endpoint = "/wga/kerberos/test"
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def import_keytab(self, keytab_file=None):
response = Response()
try:
with open(file_path, 'rb') as contents:
files = {"keytab_file": contents}
response = self.client.post_file(KERBEROS_KEYTAB, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def delete_keytab(self, _id=None):
endpoint = KERBEROS_KEYTAB + "/{}".format(_id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 200
return response
def combine_keytab(self, new_name=None, keytab_files=[]):
data = DataObject()
data.add_value_string("new_name", new_name)
data.add_value_not_empty("keytab_files", keytab_files)
response = self.client.put_json(KERBEROS_KEYTAB, data.data)
response.success = response.status_code == 200
return response
def list_keytab(self):
response = self.client.get_json(KERBEROS_KEYTAB)
response.success = response.status_code == 200
return response
def verify_keytab(self, _id=None, name=None):
data = DataObject()
data.add_value_string("name", name)
endpoint = KERBEROS_KEYTAB + "/{}".format(_id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
class AccessControl(object):
def __init__(self, base_url, username, password):
super(AccessControl, self).__init__()
self.client = RESTClient(base_url, username, password)
def create_policy(self,
name=None,
description=None,
dialect="urn:oasis:names:tc:xacml:2.0:policy:schema:os",
policy=None,
attributes_required=False):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("description", description)
data.add_value_string("dialect", dialect)
data.add_value_string("policy", policy)
data.add_value("attributesrequired", attributes_required)
data.add_value("predefined", False)
response = self.client.post_json(POLICIES, data.data)
response.success = response.status_code == 201
return response
def delete_policy(self, id=None):
endpoint = "%s/%s" % (POLICIES, id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def list_policies(self, sort_by=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("filter", filter)
response = self.client.get_json(POLICIES, parameters.data)
response.success = response.status_code == 200
return response
def authenticate_security_access_manager(self,
username=None,
password=None,
domain=None):
data = DataObject()
data.add_value_string("username", username)
data.add_value_string("password", password)
data.add_value_string("domain", domain)
data.add_value_string("command", "setCredential")
response = self.client.post_json(POLICY_ATTACHMENTS_PDADMIN, data.data)
response.success = response.status_code == 200
return response
def configure_resource(self,
server=None,
resource_uri=None,
policy_combining_algorithm=None,
policies=None):
data = DataObject()
data.add_value_string("server", server)
data.add_value_string("resourceUri", resource_uri)
data.add_value_string("policyCombiningAlgorithm",
policy_combining_algorithm)
data.add_value("policies", policies)
response = self.client.post_json(POLICY_ATTACHMENTS, data.data)
response.success = response.status_code == 201
return response
def remove_resource(self, id):
endpoint = "%s/%s" % (POLICY_ATTACHMENTS, id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def list_resources(self, sort_by=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("filter", filter)
response = self.client.get_json(POLICY_ATTACHMENTS, parameters.data)
response.success = response.status_code == 200
return response
def publish_policy_attachment(self, id):
endpoint = "%s/deployment/%s" % (POLICY_ATTACHMENTS, id)
response = self.client.put_json(endpoint)
response.success = response.status_code == 204
return response
def publish_multiple_policy_attachments(self, *ids):
id_string = ""
for id in ids:
if len(id_string) > 0:
id_string += ", "
id_string += str(id)
data = DataObject()
data.add_value_string("policyAttachmentIds", id_string)
endpoint = "%s/deployment" % POLICY_ATTACHMENTS
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def list_obligations(self, sort_by=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("filter", filter)
response = self.client.get_json(OBLIGATIONS, parameters.data)
response.success = response.status_code == 200
return response
def create_obligation(self,
name=None,
predefined=False,
description=None,
obligationURI=None,
type=None,
parameters=None,
typeId=None,
properties=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value("predefined", predefined)
data.add_value_string("description", description)
data.add_value_string("obligationURI", obligationURI)
data.add_value_string("type", type)
data.add_value("parameters", parameters)
data.add_value_string("typeId", typeId)
data.add_value("properties", properties)
response = self.client.post_json(OBLIGATIONS, data.data)
response.success = response.status_code == 201
return response
def delete_obligation(self, id):
endpoint = "%s/%s" % (OBLIGATIONS, id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
class Resources(object):
def __init__(self, base_url, username, password):
super(Resources, self).__init__()
self.client = RESTClient(base_url, username, password)
def create_server(self, instance, server_hostname=None, junction_point=None, junction_type=None,
policy_type=None, policy_name=None, authentication_type=None, oauth_introspection_transport=None,
oauth_introspection_proxy=None, oauth_introspection_auth_method=None, ouath_introspection_endpoint=None,
oauth_introspection_client_id=None, oauth_introspection_client_secret=None,
oauth_introspection_client_id_hdr=None, oauth_introspection_token_type_hint=None,
oauth_introspection_mapped_id=None, oauth_introspection_external_user=None,
oauth_introspection_response_attributes=None, static_response_headers=None, jwt_header_name=None,
jwt_certificate=None, jwt_claims=None, description=None, junction_hard_limit=None,
junction_soft_limit=None, basic_auth_mode=None, tfim_sso=None, remote_http_header=None,
stateful_junction=None, http2_junction=None, sni_name=None, preserve_cookie=None, cookie_include_path=None,
transparent_path_junction=None, mutual_auth=None, insert_ltpa_cookies=None, insert_session_cookies=None,
request_encoding=None, enable_basic_auth=None, key_label=None, gso_respource_group=None,
junction_cookie_javascript_block=None, client_ip_http=None, version_two_cookies=None, ltpa_keyfile=None,
authz_rules, fsso_config_file=None, username=None, password=None, server_uuid=None, server_port=None,
virtual_hostname=None, server_dn=None, local_ip=None, query_contents=None, case_sensitive_url=None,
windows_style_rul=None, ltpa_keyfile_password=None, https_port=None, http_port=None, proxy_hostname=None,
proxy_port=None, sms_environment=None, vhost_label=None, force=None, delegation_support=None, scripting_support=None):
data = DataObject()
data.add_value_string("server_hostname", server_hostname)
data.add_value_string("junction_point", junction_point)
data.add_value_string("juncton_type", junction_type)
policy = DataObject()
policy.add_value_string("name", policy_name)
policy.add_value_string("type", policy_type)
data.add_value_not_empty("policy", policy.data)
authentication = DataObject()
authentication.add_value_string("type", authentication_type)
oauth_introspection = DataObject()
oauth_introspection.add_value_string("transport", oauth_introspection_transport)
oauth_introspection.add_value_string("endpoint", oauth_introspection_endpoint)
oauth_introspection.add_value_string("proxy", oauth_introspection_proxy)
oauth_introspection.add_value_string("auth_method", oauth_introspection_auth_method)
oauth_introspection.add_value_string("client_id", oauth_introspection_client_id)
oauth_introspection.add_value_string("client_secret", oauth_introspection_client_secret)
oauth_introspection.add_value_string("client_id_hdr", oauth_introspection_client_id_hdr)
oauth_introspection.add_value_string("token_type_hint", oauth_introspection_token_type_hint)
oauth_introspection.add_value_string("mapped_id", oauth_introspection_mapped_id)
oauth_introspection.add_value_string("external_user", oauth_introspection_external_user)
oauth_introspection.add_value_not_empty("response_attributes", oauth_introspection_response_attributes)
authentication.add_value_string("oauth_introspection", oauth_introspection.data)
data.add_value_not_empty("authentication", authentication.data)
data.add_value_not_empty("static_response_headers", static_response_headers)
jwt = DataObject()
jwt.add_value_string("header_name", jwt_header_name)
jwt.add_value_string("certificate", jwt_certificate)
jwt.add_vaue_not_empty("claims", jwt_claims)
data.add_vaule_not_empty("jwt", jwt.data)
data.add_value_string("description", description)
data.add_value_string("junction_hard_limit", junction_hard_limit)
data.add_value_string("junction_soft_limit", junction_soft_limit)
data.add_value_string("basic_auth_mode", basic_auth_mode)
data.add_value_string("tfim_sso", tfim_sso)
data.add_value_not_empty("remote_http_header", remote_http_header)
data.add_value_string("stateful_junction", stateful_junction)
data.add_value_string("http2_junction", http2_junction)
data.add_value_string("sni_name", sni_name)
data.add_value_string("preserve_cookie", preserve_cookie)
data.add_value_string("cookie_include_path", cookie_include_path)
data.add_value_string("transparent_path_junction", transparent_path_junction)
data.add_value_string("mutual_auth", mutual_auth)
data.add_value_string("insert_ltpa_cookies", insert_ltpa_cookies)
data.add_value_string("insert_session_cookies", insert_session_cookies)
data.add_value_string("request_encoding", request_encoding)
data.add_value_string("enable_basic_auth", enable_basic_auth)
data.add_value_string("key_label", key_label)
data.add_value_string("gso_resource_group", gso_resource_group)
data.add_value_string("junction_cookie_javascript_block", junction_cookie_javascript_block)
data.add_value_string("client_ip_http", client_ip_http)
data.add_value_string("version_two_cookies", version_two_cookies)
data.add_value_string("ltpa_keyfile", ltpa_keyfile)
data.add_value_string("authz_rules", authz_rules)
data.add_value_string("fsso_config_file", fsso_config_file)
data.add_value_string("username", username)
data.add_value_string("password", password)
data.add_value_string("server_uuid", server_uuid)
data.add_value("server_port", server_port)
data.add_value_string("virtual_hostname", virtual_hostname)
data.add_value_string("server_dn", server_dn)
data.add_value_string("local_ip", local_ip)
data.add_value_string("query_contents", query_contents)
data.add_value_string("case_sensitive_url", case_sensitive_url)
data.add_value_string("windows_style_url", windows_style_url)
data.add_value_string("ltpa_keyfile_password", ltpa_keyfile_password)
data.add_value("https_port", https_port)
data.add_value("http_port", http_port)
data.add_value_string("proxy_hostname", proxy_hostname)
data.add_value("proxy_port", proxy_port)
data.add_value_string("sms_environment", sms_environment)
data.add_value_string("vhost_label", vhost_label)
data.add_value_string("force", force)
data.add_value_string("delegation_support", delegation_support)
data.add_value_string("scripting_support", scripting_support)
endpoint = APIAC + "/resource/instance/{}/server".format(instance)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def update_server(self, instance, resource_server, server_type="standard", server_hostname=None,
junction_point=None, junction_type=None, policyi_type=None, policy_name=None,
authenticationi_type=None, authentication_oauth_introspection=None,
static_response_headers=None, jwt_header_name=None, jwt_certificate=None, jwt_claims=None, description=None,
junction_hard_limit=None, junction_soft_limit=None, basic_auth_mode=None, tfim_sso=None,
remote_http_header=None, stateful_junction=None, http2_junction=None, sni_name=None,
preserve_cookie=None, cookie_include_path=None, transparent_path_junction=None, mutual_auth=None,
insert_ltpa_cookies=None, insert_session_cookies=None, request_encoding=None, enable_basic_auth=None,
key_label=None, gso_respource_group=None, junction_cookie_javascript_block=None, client_ip_http=None,
version_two_cookies=None, ltpa_keyfile=None, authz_rules, fsso_config_file=None, username=None,
password=None, server_uuid=None, server_port=None, virtual_hostname=None, server_dn=None,
local_ip=None, query_contents=None, case_sensitive_url=None, windows_style_rul=None,
ltpa_keyfile_password=None, https_port=None, http_port=None, proxy_hostname=None, proxy_port=None,
sms_environment=None, vhost_label=None, force=None, delegation_support=None, scripting_support=None):
data = DataObject()
data.add_value_string("server_hostname", server_hostname)
data.add_value_string("junction_point", junction_point)
data.add_value_string("juncton_type", junction_type)
policy = DataObject()
policy.add_value_string("name", policy_name)
policy.add_value_string("type", policy_type)
data.add_value_not_empty("policy", policy.data)
authentication = DataObject()
authentication.add_value_string("type", authentication_type)
authentication.add_value_string("oauth_introspection", authentication_oauth_introspection)
data.add_value_not_empty("authentication", authentication)
data.add_value_not_empty("static_response_headers", static_response_headers)
jwt = DataObject()
jwt.add_value_string("header_name", jwt_header_name)
jwt.add_value_string("certificate", jwt_certificate)
jwt.add_vaue_not_empty("claims", jwt_claims)
data.add_vaule_not_empty("jwt", jwt.data)
data.add_value_string("description", description)
data.add_value_string("junction_hard_limit", junction_hard_limit)
data.add_value_string("junction_soft_limit", junction_soft_limit)
data.add_value_string("basic_auth_mode", basic_auth_mode)
data.add_value_string("tfim_sso", tfim_sso)
data.add_value_not_empty("remote_http_header", remote_http_header)
data.add_value_string("stateful_junction", stateful_junction)
data.add_value_string("http2_junction", http2_junction)
data.add_value_string("sni_name", sni_name)
data.add_value_string("preserve_cookie", preserve_cookie)
data.add_value_string("cookie_include_path", cookie_include_path)
data.add_value_string("transparent_path_junction", transparent_path_junction)
data.add_value_string("mutual_auth", mutual_auth)
data.add_value_string("insert_ltpa_cookies", insert_ltpa_cookies)
data.add_value_string("insert_session_cookies", insert_session_cookies)
data.add_value_string("request_encoding", request_encoding)
data.add_value_string("enable_basic_auth", enable_basic_auth)
data.add_value_string("key_label", key_label)
data.add_value_string("gso_resource_group", gso_resource_group)
data.add_value_string("junction_cookie_javascript_block", junction_cookie_javascript_block)
data.add_value_string("client_ip_http", client_ip_http)
data.add_value_string("version_two_cookies", version_two_cookies)
data.add_value_string("ltpa_keyfile", ltpa_keyfile)
data.add_value_string("authz_rules", authz_rules)
data.add_value_string("fsso_config_file", fsso_config_file)
data.add_value_string("username", username)
data.add_value_string("password", password)
data.add_value_string("server_uuid", server_uuid)
data.add_value("server_port", server_port)
data.add_value_string("virtual_hostname", virtual_hostname)
data.add_value_string("server_dn", server_dn)
data.add_value_string("local_ip", local_ip)
data.add_value_string("query_contents", query_contents)
data.add_value_string("case_sensitive_url", case_sensitive_url)
data.add_value_string("windows_style_rul", windows_style_url)
data.add_value_string("ltpa_keyfile_password", ltpa_keyfile_password)
data.add_value("https_port", https_port)
data.add_value("http_port", http_port)
data.add_value_string("proxy_hostname", proxy_hostname)
data.add_value("proxy_port", proxy_port)
data.add_value_string("sms_environment", sms_environment)
data.add_value_string("vhost_label", vhost_label)
data.add_value_string("force", force)
data.add_value_string("delegation_support", delegation_support)
data.add_value_string("scripting_support", scripting_support)
endpoint = APIAC + "/resource/instance/{}/server/{}/resource?server_type={}".format(
instance, resource_server, server_type)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def delete_server(self, instance=None)
class FIDO2Config(object):
def __init__(self, base_url, username, password):
super(FIDO2Config, self).__init__()
self.client = RESTClient(base_url, username, password)
def list_relying_parties(self):
response = self.client.get_json(FIDO2_RELYING_PARTIES)
response.success = response.status_code == 200
return response
def get_relying_parties(self, _id):
endpoint = "{}/{}".format(FIDO2_RELYING_PARTIES, _id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def create_relying_party(
self, name=None, rp_id=None, origins=None, metadata_set=None, metadata_soft_fail=True,
mediator_mapping_rule_id=None, attestation_statement_types=None, attestation_statement_formats=None,
attestation_public_key_algorithms=None, attestation_android_safetynet_max_age=None,
attestation_android_safetynet_clock_skew=None, relying_party_impersonation_group="adminGroup"):
data = DataObject()
data.add_value("name", name)
data.add_value("rpId", rp_id)
fidoServerOptions = DataObject()
fidoServerOptions.add_value_not_empty("origins", origins)
fidoServerOptions.add_value("metadataSet", metadata_set)
fidoServerOptions.add_value("metadataSoftFail", metadata_soft_fail)
fidoServerOptions.add_value("mediatorMappingRuleId", mediator_mapping_rule_id)
attestation = DataObject()
attestation.add_value("statementTypes", attestation_statement_types)
attestation.add_value("statementFormats", attestation_statement_formats)
attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms)
fidoServerOptions.add_value("attestation", attestation.data)
attestationAndroidSafetyNetOptions = DataObject()
attestationAndroidSafetyNetOptions.add_value("attestationMaxAge", attestation_android_safetynet_max_age)
attestationAndroidSafetyNetOptions.add_value("clockSkew", attestation_android_safetynet_clock_skew)
fidoServerOptions.add_value("android-safetynet", attestationAndroidSafetyNetOptions.data)
data.add_value("fidoServerOptions", fidoServerOptions.data)
relyingPartyOptions = DataObject()
relyingPartyOptions.add_value("impersonationGroup", relying_party_impersonation_group)
data.add_value("relyingPartyOptions", relyingPartyOptions.data)
response = self.client.post_json(FIDO2_RELYING_PARTIES, data.data)
response.success = response.status_code == 201
return response
def update_relying_party(
self, id, name=None, rp_id=None, origins=None, metadata_set=None, metadata_soft_fail=True,
mediator_mapping_rule_id=None, attestation_statement_types=None, attestation_statement_formats=None,
attestation_public_key_algorithms=None, attestation_android_safety_net_max_age=None,
attestation_android_safetynet_clock_skew=None, relying_party_impersonation_group="adminGroup"):
data = DataObject()
data.add_value("id", id)
data.add_value("name", name)
data.add_value("rpId", rp_id)
fidoServerOptions = DataObject()
fidoServerOptions.add_value_not_empty("origins", origins)
fidoServerOptions.add_value("metadataSet", metadata_set)
fidoServerOptions.add_value("metadataSoftFail", metadata_soft_fail)
fidoServerOptions.add_value("mediatorMappingRuleId", mediator_mapping_rule_id)
attestation = DataObject()
attestation.add_value("statementTypes", attestation_statement_types)
attestation.add_value("statementFormats", attestation_statement_formats)
attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms)
attestation.add_value("publicKeyAlgorithms", attestation_public_key_algorithms)
fidoServerOptions.add_value("attestation", attestation.data)
attestationAndroidSafetyNetOptions = DataObject()
attestationAndroidSafetyNetOptions.add_value("attestationMaxAge", attestation_android_safetynet_max_age)
attestationAndroidSafetyNetOptions.add_value("clockSkew", attestation_android_safetynet_clock_skew)
fidoServerOptions.add_value("android-safetynet", attestationAndroidSafetyNetOptions.data)
data.add_value("fidoServerOptions", fidoServerOptions.data)
relyingPartyOptions = DataObject()
relyingPartyOptions.add_value("impersonationGroup", relying_party_impersonation_group)
data.add_value("relyingPartyOptions", relyingPartyOptions.data)
endpoint = "%s/%s" % (FIDO2_RELYING_PARTIES, id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def list_metadata(self):
endpoint = FIDO2_METADATA
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_metadata(self, _id):
endpoint = "{}/{}".format(FIDO2_METADATA, _id)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def create_metadata(self, filename=None):
response = Response()
try:
with open(filename, 'rb') as content:
data = DataObject()
data.add_value_string("filename", ntpath.basename(filename))
data.add_value_string("contents", content.read().decode('utf-8'))
endpoint = FIDO2_METADATA
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
except IOError as e:
logger.error(e)
response.success = False
return response
def update_metadata(self, id, filename=None):
response = Response()
try:
with open(filename, 'rb') as content:
files = {"file": content}
endpoint = ("%s/%s/file" % (FIDO2_METADATA, id))
response = self.client.post_file(endpoint, accept_type="application/json,text/html,application/*", files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def delete_metadata(self, id):
endpoint = ("%s/%s/file" % (FIDO2_METADATA, id))
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
def create_mediator(self, name=None, filename=None):
response = Response()
try:
with open(filename, 'rb') as content:
data = DataObject()
data.add_value_string("filename", ntpath.basename(filename))
data.add_value_string("content", content.read().decode('utf-8'))
data.add_value_string("type", "FIDO2")
data.add_value_string("name", name)
response = self.client.post_json(FIDO2_MEDIATOR, data.data)
response.success = response.status_code == 201
except IOError as e:
logger.error(e)
response.success = False
return response
def _update_mediator(self, id, filename=None):
response = Response()
try:
with open(filename, 'rb') as content:
data = DataObject()
data.add_value_string("content", content.read().decode('utf-8'))
endpoint = ("%s/%s" % (FIDO2_MEDIATOR, id))
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
except IOError as e:
logger.error(e)
response.success = False
return response
def get_mediator(self, id):
endpoint = ("%s/%s" % (FIDO2_MEDIATOR, id))
response = self.get_json(endpoint)
response.success = response.status_code == 200
return response
def list_mediator(self):
response = self.client.get_json(FIDO2_MEDIATOR)
rsponse.success = response.status_code == 200
return response
def delete_mediator(self, id):
endpoint = ("%s/%s" % (FIDO2_MEDIATOR, id))
response = self.delete_json(endpoint)
response.success = response.status_code == 204
return response
class TemplateFiles(object):
def __init__(self, base_url, username, password):
super(TemplateFiles, self).__init__()
self.client = RESTClient(base_url, username, password)
def create_directory(self, path, dir_name=None):
data = DataObject()
data.add_value_string("dir_name", dir_name)
data.add_value_string("type", "dir")
endpoint = "%s/%s" % (TEMPLATE_FILES, path)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def get_directory(self, path, recursive=None):
parameters = DataObject()
parameters.add_value("recursive", recursive)
endpoint = "%s/%s" % (TEMPLATE_FILES, path)
response = self.client.get_json(endpoint, parameters.data)
response.success == response.status_code == 200
if response.success and isinstance(response.json, dict):
response.json = response.json.get("contents", [])
return response
def create_file(self, path, file_name=None, contents=None):
data = DataObject()
data.add_value_string("file_name", file_name)
data.add_value_string("contents", contents)
data.add_value_string("type", "file")
endpoint = "%s/%s" % (TEMPLATE_FILES, path)
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def delete_file(self, path, file_name):
endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name))
response = self.client.delete_json(endpoint)
response.success = response.status_code == 200
return response
def get_file(self, path, file_name):
endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name))
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def import_file(self, path, file_name, file_path):
response = Response()
try:
with open(file_path, 'rb') as template:
files = {"file": template}
endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name))
response = self.client.post_file(endpoint, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def import_files(self, file_path, force=True):
response = Response()
try:
with open(file_path, 'rb') as templates:
files = {"file": templates}
data = DataObject()
data.add_value("force", force)
response = self.client.post_file(TEMPLATE_FILES,
data=data.data,
files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def update_file(self, path, file_name, contents=None, force=False):
data = DataObject()
data.add_value_string("contents", contents)
data.add_value_string("force", force)
data.add_value_string("type", "file")
endpoint = ("%s/%s/%s" % (TEMPLATE_FILES, path, file_name))
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
class SysAccount(object):
def __init__(self, base_url, username, password):
super(SysAccount, self).__init__()
self.client = RESTClient(base_url, username, password)
def get_users(self):
endpoint = SYSACCOUNT_USERS + '/v1'
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_user(self, user):
endpoint = SYSACCOUNT_USERS + '/' + user + '/v1'
rsponse = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def update_user(self, user, password=None):
data = DataObject()
data.add_value_string('password', password)
endpoint = SYSACCOUNT_USERS + '/' + user + '/v1'
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def create_user(self, user=None, password=None, groups=[]):
data = DataObject()
data.add_value_string('id', user)
data.add_value_string('password', password)
if groups:
groups_data = DataObject()
for group in groups:
groups_data.add_value('id', group)
data.add_value_not_empty('groups', groups_data.data)
endpoint = SYSACCOUNT_USERS + '/v1'
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def delete_user(self, user):
endpoint = SYSACCOUNT_USERS + '/' + user + '/v1'
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def get_groups(self):
endpoint = SYSACCOUNT_GROUPS + '/v1'
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_group(self, group=None):
endpoint = SYSACCOUNT_GROUPS + '/groups/{}/v1'.format(group)
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def add_user(self, group=None, user=None):
data = DataObject()
data.add_alue_string("id", group)
endpoint = SYSACCOUNT_GROUPS + '/{}/groups/v1'.format(user)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def remove_user(self, group=None, user=None):
endpoint = SYSACCOUNT_GROUPS + '/users/{}/groups/{}/v1'.format(user, group)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def create_group(self, group=None):
data = DataObject()
data.add_value_string("id", group)
endpoint = SYSACCOUNT_GROUPS +'/v1'
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 200
return response
def delete_group(self, group=None):
endpoint = SYSACCOUNT_GROUPS + '/{}/v1'.format(group)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def update_admin_password(self, old_password=None, password=None):
endpoint = SYSACCOUNT_GROUPS + '/self/v1'
data = DataObject()
data.add_value_string('old_password', old_password)
data.add_value_string('password', password)
response.self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
class RestartShutdown(object):
def __init__(self, base_url, username, password):
super(RestartShutdown, self).__init__()
self.client = RESTClient(base_url, username, password)
def get_lmi_status(self):
response = self.client.get_json(LMI)
response.success = response.status_code == 200
return response
def get_runtime_status(self):
response = self.client.get_json(RUNTIME)
response.success = response.status_code == 200 and response.json.get(
'return_code') == 0
return response
def restart_lmi(self):
last_start = -1
response = self.get_lmi_status()
if response.success:
last_start = response.json[0].get("start_time", -1)
if last_start > 0:
response = self.client.post_json(LMI_RESTART)
response.success = (response.status_code == 200 and
response.json.get("restart", False) == True)
if response.success:
logger.info("Waiting for LMI to restart...")
self._wait_on_lmi(last_start)
else:
logger.error("Invalid start time was retrieved: %i", last_start)
response.success = False
return response
def _wait_on_lmi(self, last_start, sleep_interval=3):
if last_start > 0:
restart_time = last_start
while (restart_time <= 0 or restart_time == last_start):
logger.debug("last_start: %i, restart_time: %i", last_start,
restart_time)
time.sleep(sleep_interval)
try:
response = self.get_lmi_status()
if response.success:
restart_time = response.json[0].get("start_time", -1)
except:
restart_time = -1
time.sleep(sleep_interval)
else:
logger.error("Invalid last start time: %i", last_start)
def restart_appliance(self):
last_start = -1
response = self.get_lmi_status()
if response.success:
last_start = response.json[0].get("start_time", -1)
if last_start > 0:
response = self.client.post_json(APPLIANCE_RESTART)
response.success = (response.status_code == 200
and response.json.get("status", False) == True)
if response.success:
logger.info("Waiting for LMI to restart...")
self._wait_on_lmi(last_start)
else:
logger.error("Invalid start time was retrieved: %i", last_start)
response.success = False
return response
def _wait_on_runtime(self, last_start, sleep_interval=3):
if last_start > 0:
restart_time = last_start
count = 0
while restart_time <= 0 or restart_time == last_start:
logger.debug("last_start: %i, restart_time: %i", last_start,
restart_time)
time.sleep(sleep_interval)
try:
response = self.get_runtime_status()
if response.success:
restart_time = response.json.get("last_start", -1)
except:
restart_time = -1
count += 1
if count > 10: # defaults to 30s total loop
logger.error("Failed to restart runtime after %i seconds",
sleep_interval * count)
break
else:
logger.error("Invalid runtime status was retrieved: %i",
last_start)
def restart_runtime(self):
last_start = -1
response = self.get_runtime_status()
if response.success:
last_start = response.json.get("last_start", -1)
if last_start >= 0:
response = self.client.put_json(RUNTIME_RESTART,
{"operation": "restart"})
response.success = response.status_code == 200
if response.success:
logger.info("Waiting for Runtime to restart. . .")
self._wait_on_runtime(last_start)
else:
logger.error("Invalid start time was retrieved: %i", last_start)
response.success = False
return response
class MappingRules(object):
def __init__(self, base_url, username, password):
super(MappingRules, self).__init__()
self.client = RESTClient(base_url, username, password)
def create_rule(self,
file_name=None,
rule_name=None,
category=None,
content=None):
response = Response()
try:
data = DataObject()
data.add_value_string("fileName",
("%s_%s.js" % (category, rule_name)))
data.add_value_string("category", category)
data.add_value_string("name", rule_name)
if content == None:
with open(file_name, 'rb') as content:
data.add_value_string("content",
content.read().decode('utf-8'))
else:
data.add_value_string("content", content)
endpoint = MAPPING_RULES
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
except IOError as e:
logger.error(e)
response.success = False
return response
def update_rule(self, rule_id, file_name=None):
response = Response()
try:
with open(file_name, 'rb') as content:
data = DataObject()
data.add_value_string("content",
content.read().decode('utf-8'))
endpoint = ("%s/%s" % (MAPPING_RULES, rule_id))
json.dumps(data.data,
sort_keys=True,
indent=4,
separators=(',', ': '))
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
except IOError as e:
logger.error(e)
response.success = False
return response
def get_rule(self, rule_id=None, filter=None):
endpoint = (
"%s/%s?filter=%s" %
(MAPPING_RULES, rule_id if rule_id != None else "", filter))
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
class PointOfContact(object):
def __init__(self, base_url, username, password):
super(PointOfContact, self).__init__()
self.client = RESTClient(base_url, username, password)
def get_profiles(self):
endpoint = POC_PROFILES
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def get_current_profile(self):
endpoint = POC
response = self.client.get_json(endpoint)
response.success = response.status_code == 200
return response
def set_current_profile(self, profile_id):
data = DataObject()
data.add_value('currentProfileId', profile_id)
endpoint = POC
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response
def create_like_credential(self,
name=None,
description="",
authenticate_callbacks=None,
local_id_callbacks=None,
sign_out_callbacks=None,
sign_in_callbacks=None):
data = DataObject()
initial_json = {
"id":
"",
"name":
name,
"description":
description,
"isReadOnly":
False,
"signInCallbacks": [{
"moduleReferenceId":
"websealPocSignInCallback",
"index":
0,
"parameters": [{
"name": "fim.user.response.header.name",
"value": ""
}, {
"name": "fim.user.session.id.response.header.name",
"value": ""
}, {
"name": "fim.target.response.header.name",
"value": "am-eai-redir-url"
}, {
"name": "fim.attributes.response.header.name",
"value": ""
}, {
"name": "fim.groups.response.header.name",
"value": ""
}, {
"name": "url.encoding.enabled",
"value": "false"
}, {
"name": "fim.server.response.header.name",
"value": ""
}, {
"name": "fim.cred.response.header.name",
"value": "am-eai-pac"
}, {
"name": "fim.user.request.header.name",
"value": "iv-user"
}]
}],
"signOutCallbacks": [{
"moduleReferenceId":
"websealPocSignOutCallback",
"index":
0,
"parameters": [{
"name": "fim.user.session.id.request.header.name",
"value": "user_session_id"
}, {
"name": "fim.user.request.header.name",
"value": "iv-user"
}]
}],
"localIdCallbacks": [{
"moduleReferenceId":
"websealPocLocalIdentityCallback",
"index":
0,
"parameters": [{
"name": "fim.attributes.request.header.name",
"value": ""
}, {
"name": "fim.groups.request.header.name",
"value": "iv-groups"
}, {
"name": "fim.cred.request.header.name",
"value": "iv-creds"
}, {
"name": "fim.user.request.header.name",
"value": "iv-user"
}]
}],
"authenticateCallbacks": [{
"moduleReferenceId":
"websealPocAuthenticateCallback",
"index":
0,
"parameters": [{
"name": "fim.user.request.header.name",
"value": "iv-user"
}]
}]
}
items_to_update = {
'signInCallbacks': sign_in_callbacks,
'authenticateCallbacks': authenticate_callbacks,
'signOutCallbacks': sign_out_callbacks,
'localIdCallbacks': local_id_callbacks
}
for work in items_to_update.items():
if work[1] == None:
continue
before = initial_json[work[0]][0]['parameters']
during = map(lambda ent: (ent['name'], ent['value']), before)
after = {}
after.update(during)
after.update(work[1])
initial_json[work[0]][0]['parameters'] = list(
map(lambda ent: {
"name": ent[0],
"value": ent[1]
}, after.items()))
data.from_json(initial_json)
endpoint = POC_PROFILES
response = self.client.post_json(endpoint, data.data)
response.success = response.status_code == 201
return response
class APIProtection(object):
def __init__(self, base_url, username, password):
super(APIProtection, self).__init__()
self.client = RESTClient(base_url, username, password)
def create_client(
self, name=None, redirect_uri=None, company_name=None,
company_url=None, contact_person=None, contact_type=None,
email=None, phone=None, other_info=None, definition=None,
client_id=None, client_secret=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("redirectUri", redirect_uri)
data.add_value_string("companyName", company_name)
data.add_value_string("companyUrl", company_url)
data.add_value_string("contactPerson", contact_person)
data.add_value_string("contactType", contact_type)
data.add_value_string("email", email)
data.add_value_string("phone", phone)
data.add_value_string("otherInfo", other_info)
data.add_value_string("definition", definition)
data.add_value_string("clientId", client_id)
data.add_value_string("clientSecret", client_secret)
response = self.client.post_json(CLIENTS, data.data)
response.success = response.status_code == 201
return response
def update_client(
self, id=None, name=None, redirect_uri=None, company_name=None,
company_url=None, contact_person=None, contact_type=None,
email=None, phone=None, other_info=None, definition=None,
client_id=None, client_secret=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("redirectUri", redirect_uri)
data.add_value("companyName", company_name)
data.add_value_string("companyUrl", company_url)
data.add_value_string("contactPerson", contact_person)
data.add_value_string("contactType", contact_type)
data.add_value_string("email", email)
data.add_value_string("phone", phone)
data.add_value_string("otherInfo", other_info)
data.add_value_string("definition", definition)
data.add_value_string("clientId", client_id)
data.add_value_string("clientSecret", client_secret)
response = self.client.put_json(CLIENTS+"/"+str(id), data.data)
response.success = response.status_code == 204
return response
def delete_client(self, id):
endpoint = "%s/%s" % (CLIENTS, id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def list_clients(self, sort_by=None, count=None, start=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("count", count)
parameters.add_value_string("start", start)
parameters.add_value_string("filter", filter)
response = self.client.get_json(CLIENTS, parameters.data)
response.success = response.status_code == 200
return response
def create_definition(
self, name=None, description=None, tcm_behavior=None,
token_char_set=None, access_token_lifetime=None,
access_token_length=None, authorization_code_lifetime=None,
authorization_code_length=None, refresh_token_length=None,
max_authorization_grant_lifetime=None, pin_length=None,
enforce_single_use_authorization_grant=None,
issue_refresh_token=None,
enforce_single_access_token_per_grant=None,
enable_multiple_refresh_tokens_for_fault_tolerance=None,
pin_policy_enabled=None, grant_types=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("description", description)
data.add_value_string("tcmBehavior", tcm_behavior)
data.add_value_string("tokenCharSet", token_char_set)
data.add_value("accessTokenLifetime", access_token_lifetime)
data.add_value("accessTokenLength", access_token_length)
data.add_value("authorizationCodeLifetime", authorization_code_lifetime)
data.add_value("authorizationCodeLength", authorization_code_length)
data.add_value("refreshTokenLength", refresh_token_length)
data.add_value(
"maxAuthorizationGrantLifetime", max_authorization_grant_lifetime)
data.add_value("pinLength", pin_length)
data.add_value(
"enforceSingleUseAuthorizationGrant",
enforce_single_use_authorization_grant)
data.add_value("issueRefreshToken", issue_refresh_token)
data.add_value(
"enforceSingleAccessTokenPerGrant",
enforce_single_access_token_per_grant)
data.add_value(
"enableMultipleRefreshTokensForFaultTolerance",
enable_multiple_refresh_tokens_for_fault_tolerance)
data.add_value("pinPolicyEnabled", pin_policy_enabled)
data.add_value("grantTypes", grant_types)
response = self.client.post_json(DEFINITIONS, data.data)
response.success = response.status_code == 201
return response
def update_definition(
self, definition_id=None, name=None, description=None, tcm_behavior=None,
token_char_set=None, access_token_lifetime=None,
access_token_length=None, authorization_code_lifetime=None,
authorization_code_length=None, refresh_token_length=None,
max_authorization_grant_lifetime=None, pin_length=None,
enforce_single_use_authorization_grant=None,
issue_refresh_token=None,
enforce_single_access_token_per_grant=None,
enable_multiple_refresh_tokens_for_fault_tolerance=None,
pin_policy_enabled=None, grant_types=None, oidc_enabled=False,
iss=None, poc=None, lifetime=None, alg=None, db=None, cert=None,
enc_enabled=False, enc_alg=None, enc_enc=None, access_policy_id=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("description", description)
data.add_value_string("tcmBehavior", tcm_behavior)
data.add_value_string("tokenCharSet", token_char_set)
data.add_value("accessTokenLifetime", access_token_lifetime)
data.add_value("accessTokenLength", access_token_length)
data.add_value("authorizationCodeLifetime", authorization_code_lifetime)
data.add_value("authorizationCodeLength", authorization_code_length)
data.add_value("refreshTokenLength", refresh_token_length)
data.add_value(
"maxAuthorizationGrantLifetime", max_authorization_grant_lifetime)
data.add_value("pinLength", pin_length)
data.add_value(
"enforceSingleUseAuthorizationGrant",
enforce_single_use_authorization_grant)
data.add_value("issueRefreshToken", issue_refresh_token)
data.add_value(
"enforceSingleAccessTokenPerGrant",
enforce_single_access_token_per_grant)
data.add_value(
"enableMultipleRefreshTokensForFaultTolerance",
enable_multiple_refresh_tokens_for_fault_tolerance)
data.add_value("pinPolicyEnabled", pin_policy_enabled)
data.add_value("grantTypes", grant_types)
data.add_value("accessPolicyId", access_policy_id)
if oidc_enabled:
oidc = DataObject()
oidc.add_value("enabled",True)
oidc.add_value("iss",iss)
oidc.add_value("poc",poc)
oidc.add_value("lifetime",lifetime)
oidc.add_value("alg",alg)
oidc.add_value("db",db)
oidc.add_value("cert",cert)
if enc_enabled:
enc_data = DataObject()
enc_data.add_value("db",enc_db)
enc_data.add_value("cert",enc_cert)
oidc.add_value("enc",enc_data.data)
data.add_value("oidc",oidc.data)
response = self.client.put_json(DEFINITIONS+"/"+str(definition_id), data.data)
response.success = response.status_code == 204
return response
def delete_definition(self, id):
endpoint = "%s/%s" % (DEFINITIONS, id)
response = self.client.delete_json(endpoint)
response.success = response.status_code == 204
return response
def list_definitions(
self, sort_by=None, count=None, start=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("count", count)
parameters.add_value_string("start", start)
parameters.add_value_string("filter", filter)
response = self.client.get_json(DEFINITIONS, parameters.data)
response.success = response.status_code == 200
return response
def create_mapping_rule(
self, name=None, category=None, file_name=None, content=None):
data = DataObject()
data.add_value_string("name", name)
data.add_value_string("category", category)
data.add_value_string("fileName", file_name)
data.add_value_string("content", content)
response = self.client.post_json(MAPPING_RULES, data.data)
response.success = response.status_code == 201
return response
def list_mapping_rules(
self, sort_by=None, count=None, start=None, filter=None):
parameters = DataObject()
parameters.add_value_string("sortBy", sort_by)
parameters.add_value_string("count", count)
parameters.add_value_string("start", start)
parameters.add_value_string("filter", filter)
response = self.client.get_json(MAPPING_RULES, parameters.data)
response.success = response.status_code == 200
return response
def import_mapping_rule(self, id, file_path):
response = Response()
try:
with open(file_path, 'rb') as mapping_rule:
files = {"file": mapping_rule}
endpoint = "%s/%s/file" % (MAPPING_RULES, id)
accept_type = "%s,%s" % ("application/json", "text/html")
response = self.client.post_file(
endpoint, accept_type=accept_type, files=files)
response.success = response.status_code == 200
except IOError as e:
logger.error(e)
response.success = False
return response
def update_mapping_rule(self, id, content=None):
data = DataObject()
data.add_value_string("content", content)
endpoint = "%s/%s" % (MAPPING_RULES, id)
response = self.client.put_json(endpoint, data.data)
response.success = response.status_code == 204
return response