Merge pull request #94 from ssh-morty/master

ADD connection tags and access group CA key APIs as well as examples

Author: rsemkin

examples/example-access-group-key.py

@@ -0,0 +1,62 @@
+# An example how to create a CA key for a access group and delete it.
+# Import the PrivX python library.
+import sys
+
+import config
+
+# this importation for demonstration purpose only
+# for proper importation of privx_api module
+# see https://github.com/SSHcom/privx-sdk-for-python#getting-started
+try:
+    # Running example with pip-installed SDK
+    import privx_api
+except ImportError:
+    # Running example without installing SDK
+    from utils import load_privx_api_lib_path
+
+    load_privx_api_lib_path()
+    import privx_api
+
+# eplace with the params of the access group ID and ca key ID
+ACCESS_GROUP_ID = "ACCESS_GROUP_ID"
+CA_ID = "CA_ID"
+
+# Initialize the API.
+api = privx_api.PrivXAPI(
+    config.HOSTNAME,
+    config.HOSTPORT,
+    config.CA_CERT,
+    config.OAUTH_CLIENT_ID,
+    config.OAUTH_CLIENT_SECRET,
+)
+
+# Authenticate.
+# NOTE: fill in your credentials from secure storage, this is just an example
+api.authenticate(config.API_CLIENT_ID, config.API_CLIENT_SECRET)
+
+def get_access_group_CA_key(access_group_id):
+    result = api.get_access_group_CA_key(access_group_id)
+    if result.ok:
+        return result.data
+    else:
+        print(result.data.get("details"))
+        sys.exit()
+
+
+def delete_access_group_CA_key(access_group_id, ca_id):
+    result = api.delete_access_group_CA_key(access_group_id, ca_id)
+    if result.ok:
+        print(result)
+        return
+    else:
+        print(result.data.get("details"))
+        sys.exit()
+
+
+def main():
+    ca_id = get_access_group_CA_key(ACCESS_GROUP_ID)
+    print(ca_id)
+    delete_access_group_CA_key(ACCESS_GROUP_ID, ca_id)
+
+if __name__ == "__main__":
+    main()

examples/get-connection-tags.py

@@ -0,0 +1,69 @@
+"""
+This example updates connection tags and fetch connection tags.
+
+"""
+import sys
+
+import config
+
+# this importation for demonstration purpose only
+# for proper importation of privx_api module
+# see https://github.com/SSHcom/privx-sdk-for-python#getting-started
+try:
+    # Running example with pip-installed SDK
+    import privx_api
+except ImportError:
+    # Running example without installing SDK
+    from utils import load_privx_api_lib_path
+
+    load_privx_api_lib_path()
+    import privx_api
+
+# Replace with the params of the connection tags
+CONNECTION_ID = "CONNECTION_ID"
+OFFSET = 0
+LIMIT = 100
+SORTDIR = "asc"
+QUERY = ""
+CONNECTION_TAGS = ["CONNECTION_TAGS"]
+
+# Initialize the API.
+api = privx_api.PrivXAPI(
+    config.HOSTNAME,
+    config.HOSTPORT,
+    config.CA_CERT,
+    config.OAUTH_CLIENT_ID,
+    config.OAUTH_CLIENT_SECRET,
+)
+
+# Authenticate.
+# NOTE: fill in your credentials from secure storage, this is just an example
+api.authenticate(config.API_CLIENT_ID, config.API_CLIENT_SECRET)
+
+
+def get_connection_tags(offset, limit, sort_dir, query):
+    """Fetch connection tags object"""
+    connection = api.get_connection_tags(offset, limit, sort_dir, query)
+    if connection.ok:
+        return connection.data
+
+    print(connection.data["details"])
+    sys.exit(1)
+
+def update_connection_tags(conn_id: str, connection_tags):
+    """Update connection tags object"""
+    result = api.update_connection_tags(conn_id, connection_tags)
+    if result.ok:
+        return
+
+    print(result.data["details"])
+    sys.exit(1)
+
+def main():
+    """Update and fetch the connection tags."""
+    update_connection_tags(CONNECTION_ID, CONNECTION_TAGS)
+    connection_tags = get_connection_tags(OFFSET, LIMIT, SORTDIR, QUERY)
+    print(connection_tags)
+
+if __name__ == "__main__":
+    main()

privx_api/authorizer.py

@@ -530,6 +530,34 @@ def delete_access_group(self, access_group_id: str) -> PrivXAPIResponse:
             UrlEnum.AUTHORIZER.ACCESS_GROUP, path_params={"id": access_group_id}
         )
         return PrivXAPIResponse(response_status, HTTPStatus.OK, data)
+    
+    def get_access_group_CA_key(
+        self,
+        access_group_id: str,
+    ) -> PrivXAPIResponse:
+        """
+        Create access group CA key.
+
+        Returns:
+            PrivXAPIResponse
+        """
+        response_status, data = self._http_post(
+            UrlEnum.AUTHORIZER.CREATE_ACCESS_GROUP_CA_KEY,
+            path_params={"id": access_group_id},
+        )
+        return PrivXAPIResponse(response_status, HTTPStatus.OK, data)
+    
+    def delete_access_group_CA_key(self, access_group_id: str, ca_id: str) -> PrivXAPIResponse:
+        """
+        Delete access group CA key.
+
+        Returns:
+            PrivXStreamResponse
+        """
+        response_status, data = self._http_delete(
+            UrlEnum.AUTHORIZER.DELETE_ACCESS_GROUP_CA_KEY, path_params={"id": access_group_id, "ca_id": ca_id}
+        )
+        return PrivXAPIResponse(response_status, HTTPStatus.OK, data)
 
     def search_certificates(
         self,

privx_api/connection_manager.py

@@ -88,6 +88,48 @@ def get_connection(self, connection_id: str) -> PrivXAPIResponse:
         )
         return PrivXAPIResponse(response_status, HTTPStatus.OK, data)
 
+    def get_connection_tags(
+        self,
+        offset: Optional[int] = None,
+        limit: Optional[int] = None,
+        sort_dir: Optional[str] = None,
+        query: Optional[str] = None,
+    ) -> PrivXAPIResponse:
+        """
+        Get connection tags.
+
+        Returns:
+            PrivXAPIResponse
+        """
+        search_params = self._get_search_params(
+            offset=offset,
+            limit=limit,
+            sortdir=sort_dir,
+            query=query,
+        )
+
+        response_status, data = self._http_get(
+            UrlEnum.CONNECTION_MANAGER.CONNECTION_TAGS,
+            query_params=search_params,
+        )
+        return PrivXAPIResponse(response_status, HTTPStatus.OK, data)
+    
+    def update_connection_tags(
+        self, connection_id: str, connection_tags
+    ) -> PrivXAPIResponse:
+        """
+        Update connection tags
+
+        Returns:
+            PrivXAPIResponse
+        """
+        response_status, data = self._http_put(
+            UrlEnum.CONNECTION_MANAGER.UPDATE_CONNECTION_TAGS,
+            path_params={"connection_id": connection_id},
+            body=get_value(connection_tags, []),
+        )
+        return PrivXAPIResponse(response_status, HTTPStatus.OK, data)
+
     def create_trail_download_handle(
         self, connection_id: str, channel_id: str, file_id: str
     ) -> PrivXAPIResponse:

privx_api/enums.py

@@ -200,6 +200,9 @@ class ConnectionManagerEnum:
     UEBA_CONNECTION_COUNT = "CONNECTION_MANAGER.UEBA_CONNECTION_COUNT"
     UEBA_INTERNAL_STATUS = "CONNECTION_MANAGER.UEBA_INTERNAL_STATUS"
     UEBA_STATUS = "CONNECTION_MANAGER.UEBA_STATUS"
+    CONNECTION_TAGS = "CONNECTION_MANAGER.CONNECTION_TAGS"
+    UPDATE_CONNECTION_TAGS = "CONNECTION_MANAGER.UPDATE_CONNECTION_TAGS"
+
 
     urls = {
         ACCESS_ROLE: "/connection-manager/api/v1/connections/access_roles/{role_id}",
@@ -236,6 +239,8 @@ class ConnectionManagerEnum:
         UEBA_CONNECTION_COUNT: "/connection-manager/api/v1/ueba/query-connection-count",
         UEBA_STATUS: "/connection-manager/api/v1/ueba/status",
         UEBA_INTERNAL_STATUS: "/connection-manager/api/v1/ueba/status/internal",
+        CONNECTION_TAGS: "/connection-manager/api/v1/connections/tags",
+        UPDATE_CONNECTION_TAGS: "/connection-manager/api/v1/connections/{connection_id}/tags",
     }
 
 
@@ -369,6 +374,8 @@ class TrailIndexEnum:
 class AuthorizerEnum:
     ACCESS_GROUP = "AUTHORIZER.ACCESS_GROUP"
     ACCESS_GROUPS = "AUTHORIZER.ACCESS_GROUPS"
+    CREATE_ACCESS_GROUP_CA_KEY = "AUTHORIZER.CREATE_ACCESS_GROUP_CA_KEY"
+    DELETE_ACCESS_GROUP_CA_KEY = "AUTHORIZER.DELETE_ACCESS_GROUP_CA_KEY"
     AUTHORIZER_CERT = "AUTHORIZER.AUTHORIZER_CERT"
     AUTHORIZER_CERT_ID = "AUTHORIZER.AUTHORIZER_CERT_ID"
     CARRIER_CONFIG_SESSION_ID = "AUTHORIZER.CARRIER_CONFIG_SESSION_ID"
@@ -402,6 +409,8 @@ class AuthorizerEnum:
     urls = {
         ACCESS_GROUP: "/authorizer/api/v1/accessgroups/{id}",
         ACCESS_GROUPS: "/authorizer/api/v1/accessgroups",
+        CREATE_ACCESS_GROUP_CA_KEY: "/authorizer/api/v1/accessgroups/{id}/cas",
+        DELETE_ACCESS_GROUP_CA_KEY: "/authorizer/api/v1/accessgroups/{id}/cas/{ca_id}",
         AUTHORIZER_CERT: "/authorizer/api/v1/cas",
         AUTHORIZER_CERT_ID: "/authorizer/api/v1/cas/{id}",
         CARRIER_CONFIG_SESSION_ID: "/authorizer/api/v1/carrier/conf"