Cpi 7 cp sdk upgrade (#209)

* update depreacted endponts * fix failed integration test cases Co-authored-by: tmiller <Thomas.Miller@fidelissecurity.com>
cloudpassage · May 24, 2022 · 78155c0 · 78155c0
1 parent 4cfc00e
commit 78155c0
Show file tree

Hide file tree

Showing 27 changed files with 169 additions and 71 deletions.
diff --git a/cloudpassage/__init__.py b/cloudpassage/__init__.py
@@ -56,5 +56,5 @@
     print(err_msg)
 
 __author__ = "CloudPassage"
-__version__ = "1.6.2"
+__version__ = "1.6.3"
 __license__ = "BSD"
diff --git a/cloudpassage/configuration_policy.py b/cloudpassage/configuration_policy.py
@@ -22,7 +22,8 @@ class ConfigurationPolicy(HaloEndpoint):
 
     object_name = "policy"
     objects_name = "policies"
-    default_endpoint_version = 1
+    # default_endpoint_version = 1 # deprecated
+    default_endpoint_version = 2
 
     def endpoint(self):
         """Return the endpoint for API requests."""

diff --git a/cloudpassage/container.py b/cloudpassage/container.py
@@ -17,7 +17,8 @@ class Container(HaloEndpoint):
 
     object_name = "container"
     objects_name = "containers"
-    default_endpoint_version = 1
+    # default_endpoint_version = 1 # deprecated
+    default_endpoint_version = 2
 
     def endpoint(self):
         """Return endpoint for API requests."""

diff --git a/cloudpassage/container_event.py b/cloudpassage/container_event.py
@@ -15,13 +15,16 @@ class ContainerEvent(HaloEndpoint):
         endpoint_version (int): Endpoint version override.
     """
 
-    object_name = "container_event"
-    objects_name = "container_events"
-    default_endpoint_version = 1
-
-    def endpoint(self):
+    # object_name = "container_event" # deprecated
+    # objects_name = "container_events" # deprecated
+    # default_endpoint_version = 1 # deprecated
+    object_name = "event"
+    objects_name = "events"
+    default_endpoint_version = 2
+
+    def endpoint(self, container_id):
         """Return endpoint for API requests."""
-        return "/v{}/{}".format(self.endpoint_version, self.objects_name)
+        return "/v{}/containers/{}/{}".format(self.endpoint_version, container_id, self.objects_name)
 
     def pagination_key(self):
         """Return the pagination key for parsing paged results."""

diff --git a/cloudpassage/container_image.py b/cloudpassage/container_image.py
@@ -15,9 +15,13 @@ class ContainerImage(HaloEndpoint):
         endpoint_version (int): Endpoint version override.
     """
 
-    object_name = "image"
-    objects_name = "images"
-    default_endpoint_version = 1
+    # object_name = "image" # deprecated
+    # objects_name = "images" # deprecated
+    # default_endpoint_version = 1 # deprecated
+
+    object_name = "container_image"
+    objects_name = "container_images"
+    default_endpoint_version = 2
 
     def endpoint(self):
         """Return endpoint for API requests."""

diff --git a/cloudpassage/container_package.py b/cloudpassage/container_package.py
@@ -15,13 +15,16 @@ class ContainerPackage(HaloEndpoint):
         endpoint_version (int): Endpoint version override.
     """
 
-    object_name = "software_package"
-    objects_name = "software_packages"
-    default_endpoint_version = 1
-
-    def endpoint(self):
+    # object_name = "software_package" # deprecated
+    # objects_name = "software_packages" # deprecated
+    # default_endpoint_version = 1 # deprecated
+    object_name = "package"
+    objects_name = "packages"
+    default_endpoint_version = 2
+
+    def endpoint(self, image_id):
         """Return endpoint for API requests."""
-        return "/v{}/{}".format(self.endpoint_version, self.objects_name)
+        return "/v{}/container_images/{}/{}".format(self.endpoint_version, image_id, self.objects_name)
 
     def pagination_key(self):
         """Return the pagination key for parsing paged results."""

diff --git a/cloudpassage/container_process.py b/cloudpassage/container_process.py
@@ -15,18 +15,21 @@ class ContainerProcess(HaloEndpoint):
         endpoint_version (int): Endpoint version override.
     """
 
+    # object_name = "process" # deprecated
+    # objects_name = "container_processes" # deprecated
+    # list_objects_name = "processes" # deprecated
+    # default_endpoint_version = 1 # deprecated
     object_name = "process"
-    objects_name = "container_processes"
-    list_objects_name = "processes"
-    default_endpoint_version = 1
+    objects_name = "processes"
+    default_endpoint_version = 2
 
-    def endpoint(self):
+    def endpoint(self, container_id):
         """Return endpoint for API requests."""
-        return "/v{}/{}".format(self.endpoint_version, self.objects_name)
+        return "/v{}/containers/{}/{}".format(self.endpoint_version, container_id, self.objects_name)
 
     def pagination_key(self):
         """Return the pagination key for parsing paged results."""
-        return self.list_objects_name
+        return self.objects_name
 
     def object_key(self):
         """Return the object key for parsing detailed results."""

diff --git a/cloudpassage/cve_exception.py b/cloudpassage/cve_exception.py
@@ -16,9 +16,12 @@ class CveExceptions(HaloEndpoint):
         endpoint_version (int): Endpoint version override.
     """
 
-    object_name = "cve_exception"
-    objects_name = "cve_exceptions"
-    default_endpoint_version = 1
+    # object_name = "cve_exception" # deprecated
+    # objects_name = "cve_exceptions"  # deprecated
+    # default_endpoint_version = 1 # deprecated
+    object_name = "exception"
+    objects_name = "exceptions"
+    default_endpoint_version = 2
 
     def endpoint(self):
         """Return the endpoint for API requests."""
@@ -34,9 +37,10 @@ def pagination_key(cls):
         """Return the pagination key for parsing paged results."""
         return cls.objects_name
 
+    # deprecated
+    '''
     def create(self, package_name, package_version, scope="all", scope_id=''):
         """This method allows user to create CVE exceptions.
-
         Args:
             package_name (str): The name of the vulnerable
                                 package to be excepted.
@@ -46,7 +50,6 @@ def create(self, package_name, package_version, scope="all", scope_id=''):
             scope_id (str): If you pass the value server as scope, this field
                 will include server ID. If you pass the value group as scope,
                 this field will include group ID.
-
         Returns:
             str: ID of the newly-created cve exception
         """
@@ -72,7 +75,40 @@ def create(self, package_name, package_version, scope="all", scope_id=''):
         request = HttpHelper(self.session)
         response = request.post(endpoint, body)
         return response["cve_exception"]["id"]
+    '''
+
+    def create(self, package_name, package_version, target_type):
+        """This method allows user to create CVE exceptions.
+
+        Args:
+            package_name (str): The name of the vulnerable
+                                package to be excepted.
+            package_version (str): The version number of the
+                                   vulnerable package.
+            target_type (str): Possible values are server, container_image.
+            
 
+        Returns:
+            str: ID of the newly-created cve exception
+        """
+
+        params = {
+            "target_type": target_type,
+            "status": "active",
+            "definition": {
+                "package_name": package_name,
+                "package_version": package_version,
+            }
+
+        }
+
+        endpoint = self.endpoint()
+
+        body = {"exception": params}
+        request = HttpHelper(self.session)
+        response = request.post(endpoint, body)
+        return response["exception"]["id"]
+
     def update(self, exception_id, **kwargs):
         """ Update CVE Exceptions.
 
@@ -92,7 +128,8 @@ def update(self, exception_id, **kwargs):
         """
 
         endpoint = "{}/{}".format(self.endpoint(), exception_id)
-        body = {"cve_exception": kwargs}
+        # body = {"cve_exception": kwargs} # deprecated
+        body = {"exception": kwargs}
         request = HttpHelper(self.session)
         response = request.put(endpoint, body)
         return response
@@ -111,9 +148,12 @@ class CveException(HaloEndpoint):
 
     """
 
-    object_name = "cve_exception"
-    objects_name = "cve_exceptions"
-    default_endpoint_version = 1
+    # object_name = "cve_exception" # deprecated
+    # objects_name = "cve_exceptions" # deprecated
+    # default_endpoint_version = 1 # deprecated
+    object_name = "exception"
+    objects_name = "exceptions"
+    default_endpoint_version = 2
 
     def endpoint(self):
         """Return the endpoint for API requests."""

diff --git a/cloudpassage/fim_policy.py b/cloudpassage/fim_policy.py
@@ -21,9 +21,12 @@ class FimPolicy(HaloEndpoint):
         endpoint_version (int): Endpoint version override.
     """
 
-    object_name = "fim_policy"
-    objects_name = "fim_policies"
-    default_endpoint_version = 1
+    # object_name = "fim_policy" # deprecated
+    # objects_name = "fim_policies" # deprecated
+    # default_endpoint_version = 1 # deprecated
+    object_name = "policy"
+    objects_name = "policies"
+    default_endpoint_version = 2
 
     def endpoint(self):
         """Return endpoint for API requests."""
@@ -51,11 +54,12 @@ class FimBaseline(HaloEndpoint):
     """
     object_name = "baseline"
     objects_name = "baselines"
-    default_endpoint_version = 1
+    # default_endpoint_version = 1 # deprecated
+    default_endpoint_version = 2
 
     def endpoint(self, policy_id):
         """Return endpoint for API requests."""
-        return "/v{}/fim_policies/{}/{}".format(self.endpoint_version,
+        return "/v{}/policies/{}/{}".format(self.endpoint_version,
                                                 policy_id, self.objects_name)
 
     def list_all(self, fim_policy_id):

diff --git a/cloudpassage/halo_endpoint.py b/cloudpassage/halo_endpoint.py
@@ -8,7 +8,8 @@
 class HaloEndpoint(object):
     """Base class inherited by other specific HaloEndpoint classes."""
 
-    default_endpoint_version = 1
+    # default_endpoint_version = 1 # deprecated
+    default_endpoint_version = 2
 
     def __init__(self, session, **kwargs):
         self.session = session

diff --git a/cloudpassage/image_registry.py b/cloudpassage/image_registry.py
@@ -17,7 +17,8 @@ class ImageRegistry(HaloEndpoint):
 
     object_name = "registry"
     objects_name = "registries"
-    default_endpoint_version = 1
+    # default_endpoint_version = 1 # deprecated
+    default_endpoint_version = 2
 
     def endpoint(self):
         """Return endpoint for API requests."""

diff --git a/cloudpassage/image_repo.py b/cloudpassage/image_repo.py
@@ -17,7 +17,8 @@ class ImageRepo(HaloEndpoint):
 
     object_name = "repository"
     objects_name = "repositories"
-    default_endpoint_version = 1
+    # default_endpoint_version = 1 # deprecated
+    default_endpoint_version = 2
 
     def endpoint(self):
         """Return endpoint for API requests."""

diff --git a/cloudpassage/issue.py b/cloudpassage/issue.py
@@ -19,7 +19,8 @@ class Issue(HaloEndpoint):
     """
     object_name = "issue"
     objects_name = "issues"
-    default_endpoint_version = 1
+    # default_endpoint_version = 1 # deprecated
+    default_endpoint_version = 3
 
     def endpoint(self):
         """Return endpoint for API requests."""

diff --git a/cloudpassage/lids_policy.py b/cloudpassage/lids_policy.py
@@ -16,9 +16,12 @@ class LidsPolicy(HaloEndpoint):
         endpoint_version (int): Endpoint version override.
     """
 
-    object_name = "lids_policy"
-    objects_name = "lids_policies"
-    default_endpoint_version = 1
+    # object_name = "lids_policy" # deprecated
+    # objects_name = "lids_policies" # deprecated
+    # default_endpoint_version = 1 # deprecated
+    object_name = "policy"
+    objects_name = "policies"
+    default_endpoint_version = 2
 
     def endpoint(self):
         """Return endpoint for API requests."""

diff --git a/cloudpassage/server_group.py b/cloudpassage/server_group.py
@@ -52,7 +52,8 @@ def list_members(self, group_id):
 
         """
         sanity.validate_object_id(group_id)
-        endpoint = "/v1/groups/{}/servers".format(group_id)
+        # endpoint = "/v1/groups/{}/servers".format(group_id) # Invalid Endpoint
+        endpoint = "/v1/servers?group_id={}".format(group_id)
         request = HttpHelper(self.session)
         return request.get(endpoint)["servers"]
 

diff --git a/cloudpassage/time_series.py b/cloudpassage/time_series.py
@@ -50,7 +50,7 @@ class TimeSeries(object):
             will return, effecting a clean exit.
     """
 
-    allowed_urls = ["/v1/events", "/v1/scans", "/v1/issues"]
+    allowed_urls = ["/v1/events", "/v1/scans", "/v3/issues"]
 
     def __init__(self, session, start_time, start_url, item_key, params={}):
         self.url = start_url

diff --git a/cloudpassage/utility.py b/cloudpassage/utility.py
@@ -56,14 +56,14 @@ def determine_policy_metadata(cls, policy):
         else:
             print("Policy type must be str or dict, not %s!" % type(policy))
         try:
-            derived_type = list(working_pol.items())[0][0]
-            if derived_type == "fim_policy":
+            derived_module_type = list(working_pol.items())[0][1]["module"]
+            if derived_module_type == "fim":
                 return_body["policy_type"] = "FIM"
-            if derived_type == "policy":
+            if derived_module_type == "csm":
                 return_body["policy_type"] = "CSM"
-            if derived_type == "lids_policy":
+            if derived_module_type == "lids":
                 return_body["policy_type"] = "LIDS"
-            if derived_type == "firewall_policy":
+            if derived_module_type == "fw":
                 return_body["policy_type"] = "Firewall"
         except AttributeError:
             pass

diff --git a/tests/integration/test_integration_cve_exception.py b/tests/integration/test_integration_cve_exception.py
@@ -53,20 +53,25 @@ def test_cve_exception_cud(self):
         ce_obj = self.build_ce_object()
         srv_obj = self.build_server_object()
         srvs = srv_obj.list_all()
-        target_srv_id = srvs[0]["id"]
+        # target_srv_id = srvs[0]["id"] # deprecated
         package_name = "apport"
         package_version = "2.14.1-0ubuntu3.11"
-        scope = "server"
-        ce_id = ce_obj.create(package_name, package_version,
-                              scope, target_srv_id)
-        ce_obj.update(ce_id, scope="all")
+        target_type = "server"
+        # scope = "server" # deprecated
+        # ce_id = ce_obj.create(package_name, package_version, target_type, target_srv_id) # deprecated
+        ce_id = ce_obj.create(package_name, package_version, target_type)
+        # ce_obj.update(ce_id, scope="all") # deprecated 
+        ce_obj.update(ce_id, target_type="server")
         delete_return = ce_obj.delete(ce_id)
         assert delete_return is None
 
+    # deprecated
+    '''
     def test_scope_id_is_strings(self):
         request = self.build_ce_object()
         package_name = "apport"
         package_version = "2.14.1-0ubuntu3.11"
         with pytest.raises(cloudpassage.CloudPassageValidation) as e:
             request.create(package_name, package_version, "server", "#$123dfe")
         assert "valid scope id" in str(e)
+    '''