Пример #1
0
    def unprotect_iam_safe_with_elevation(self, aws_cloud_account_id: str,
                                          entity_name: str,
                                          entity_type: str) -> None:
        """Protect iam safe with elevation

		:link   https://api-v2-docs.dome9.com/index.html?python#user_deleteiamsafeentitiesforuser
		:param  aws_cloud_account_id: Aws security group id.
		:type   aws_cloud_account_id: str
		:param  entity_name: Aws iam user name or aws role
		:type   entity_name: str
		:param  entity_type: Entity type, must be one of the following Role or User
		:type   entity_type: str
		:return None

		"""
        APIUtils.check_is_valid_entity_type(entity_type=entity_type)

        # in order to unprotect iam safe with elevation, first protect iam safe (restrict) then unprotect
        body = RestrictedIamEntitiesRequest(entity_type=entity_type,
                                            entity_name=entity_name)
        self.protect_iam_safe(aws_cloud_account_id=aws_cloud_account_id,
                              body=body)
        self.unprotect_iam_safe(aws_cloud_account_id=aws_cloud_account_id,
                                entity_type=entity_type,
                                entity_name=entity_name)
Пример #2
0
    def __post_init__(self):
        APIUtils.check_is_valid_aws_region_id(self.region)

        new_group_behaviors = [
            new_group_behavior.value
            for new_group_behavior in NewGroupBehaviors
        ]
        if self.new_group_behavior not in new_group_behaviors:
            raise UnsupportedCloudAccountGroupBehaviors(
                f'new group behaviors must be one of the following {new_group_behaviors}'
            )
Пример #3
0
    def update_iam_safe_with_elevation(
            self, aws_cloud_account_id: str, entity_name: str,
            entity_type: str, users_ids_to_protect: List[str]) -> None:
        """Protect iam safe with elevation

		:link   https://api-v2-docs.dome9.com/index.html?python#user_putiamsafeaccountiamentities
		:param  aws_cloud_account_id: Aws security group id.
		:type   aws_cloud_account_id: str
		:param  entity_name: Aws iam user name or aws role
		:type   entity_name: str
		:param  entity_type: Entity type, must be one of the following Role or User
		:type   entity_type: str
		:param  users_ids_to_protect: List of users ids to protect
		:type   users_ids_to_protect: List[str]
		:return https://api-v2-docs.dome9.com/index.html?python#schemadome9-web-api-userandrole-iamsafe-useriamsafeaccountputviewmodel
		:rtype  UserIamSafeAccountPut

		"""
        APIUtils.check_is_valid_entity_type(entity_type=entity_type)
        entities_failed_to_protect = set()

        entity_details = self._get_iam_entity_details(
            aws_cloud_account_id=aws_cloud_account_id,
            entity_name=entity_name,
            entity_type=entity_type)
        curr_protected_users_ids = AwsIamSafe._get_users_ids_according_to_emails(
            emails=entity_details['attachedDome9Users'])
        protected_unprotected_dict = AwsIamSafe._generate_protected_unprotected_map(
            curr_protected_users_ids=curr_protected_users_ids,
            users_ids_to_protect=users_ids_to_protect)

        unprotect_body = ProtectIamSafeWithElevation(iam_entities=[])
        protect_body = ProtectIamSafeWithElevation(
            iam_entities=[entity_details['arn']])

        for user_id, to_protect in protected_unprotected_dict.items():
            route = f'{UserConsts.USER.value}/{user_id}/{AwsIamSafeConsts.IAM_SAFE.value}/{AwsIamSafeConsts.ACCOUNTS.value}/{aws_cloud_account_id}/{AwsIamSafeConsts.IAM_ENTITIES.value}'
            if to_protect:
                resp = self._put(route=route, body=protect_body)
            else:
                resp = self._put(route=route, body=unprotect_body)

            if len(resp['failedIamEntities']) != 0:
                entities_failed_to_protect.add(user_id)

        if len(entities_failed_to_protect) != 0:
            logger.warning(
                f'failed to protect the following users with ids {entities_failed_to_protect}'
            )
Пример #4
0
    def unprotect_iam_safe(self, aws_cloud_account_id: str, entity_type: str,
                           entity_name: str) -> None:
        """Unprotect specific iam safe entity

		:param  aws_cloud_account_id: Aws security group id.
		:type   aws_cloud_account_id: str
		:param  entity_type: entity type, must be User or Role
		:type   entity_type: str
		:param  entity_name: Entity name
		:type   entity_name: str
		:return None

		"""
        APIUtils.check_is_valid_entity_type(entity_type=entity_type)

        route = f'{AwsCloudAccountConsts.CLOUD_ACCOUNTS.value}/{aws_cloud_account_id}/{AwsIamSafeConsts.RESTRICTED_IAM_ENTITIES.value}/{entity_type}'
        return self._delete(
            route=route,
            params={AwsIamSafeConsts.ENTITY_NAME.value: entity_name})
 def __post_init__(self):
     APIUtils.check_is_valid_protocol(protocol=self.protocolType)
 def __post_init__(self):
     APIUtils.check_is_valid_aws_region_id(region=self.regionId)
Пример #7
0
 def __post_init__(self):
     APIUtils.check_is_ip(self.ip)
Пример #8
0
 def __post_init__(self):
     APIUtils.check_is_valid_aws_region_id(self.region)
     APIUtils.check_is_valid_protocol(self.protocol)
Пример #9
0
	def __post_init__(self):
		APIUtils.check_is_valid_priority(self.priority)
		APIUtils.check_is_valid_protocol(self.protocol)
		APIUtils.check_is_valid_access(self.access)
		APIUtils.check_is_valid_direction(self.direction)
Пример #10
0
	def __post_init__(self):
		APIUtils.check_is_valid_azure_region(region=self.region)
Пример #11
0
 def __post_init__(self):
     APIUtils.check_is_valid_state(state=self.email_sending_state)
Пример #12
0
 def __post_init__(self):
     APIUtils.check_is_valid_state(state=self.state)
Пример #13
0
 def __post_init__(self):
     APIUtils.check_is_valid_state(state=self.email_sending_state)
     APIUtils.check_is_valid_state(
         state=self.email_per_finding_sending_state)
     APIUtils.check_is_valid_state(state=self.sns_sending_state)
     APIUtils.check_is_valid_state(
         state=self.external_ticket_creating_state)
     APIUtils.check_is_valid_state(
         state=self.aws_security_hub_integration_state)
     APIUtils.check_is_valid_state(state=self.webhook_integration_state)
Пример #14
0
 def __post_init__(self):
     APIUtils.check_is_valid_notification_output_format(
         notification_output_format=self.sns_output_format)
Пример #15
0
 def __post_init__(self):
     APIUtils.check_is_valid_entity_type(entity_type=self.entity_type)