Source code for bloxone.b1platform

#!/usr/local/bin/python3
# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4
'''
------------------------------------------------------------------------

 Description:

 Module to provide class hierachy to simplify access to the BloxOne APIs

 Date Last Updated: 20220815

 Todo:

 Copyright (c) 2020 Chris Marrison / Infoblox

 Redistribution and use in source and binary forms,
 with or without modification, are permitted provided
 that the following conditions are met:

 1. Redistributions of source code must retain the above copyright
 notice, this list of conditions and the following disclaimer.

 2. Redistributions in binary form must reproduce the above copyright
 notice, this list of conditions and the following disclaimer in the
 documentation and/or other materials provided with the distribution.

 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE.

------------------------------------------------------------------------
'''
import bloxone
import logging
import requests
import json

# ** Global Vars **
__version__ = '0.8.0'
__author__ = 'Chris Marrison'
__email__ = 'chris@infoblox.com'
__doc__ = 'https://python-bloxone.readthedocs.io/en/latest/'
__license__ = 'BSD'


[docs]class b1platform(bloxone.b1oph): ''' Class now reused for BloxOne Platform Methods, e.g. Audit Log Management of BloxOne On Prem Hosts is via the b1oph Class b1oph class is inherited here for compatibility '''
[docs] def auditlog(self, **params): ''' Get the audit log Parameters: **params (dict): Generic API parameters Returns: audit_log (list); list of dict ''' # Local variables audit_log = [] url = self.base_url + '/api/auditlog/' + self.api_version +'/logs' url = self._add_params(url, **params) logging.debug("URL: {}".format(url)) # Call API response = self._apiget(url) if response.status_code in self.return_codes_ok: if 'results' in response.json().keys(): audit_log = response.json()['results'] else: audit_log = response.json() return audit_log
[docs] def get_full_auditlog(self, **params): ''' ''' all_logs = [] offset = 0 limit = 1000 audit_log = self.auditlog(_offset=str(offset), _limit=str(limit), **params) while isinstance(audit_log, list) and len(audit_log): all_logs += audit_log offset += limit + 1 audit_log = self.auditlog(_offset=str(offset), _limit=str(limit), **params) return all_logs
# Methods for undocumented API Calls - use at own risk
[docs] def get_current_user(self, **params): ''' Get Current User Data Parameters: **params (dict): Generic API parameters Returns: response object: Requests response object ''' # Build URL url = self.base_url + '/v2/current_user' url = self._add_params(url, **params) logging.debug("URL: {}".format(url)) # Make API Call response = self._apiget(url) return response
[docs] def get_current_user_accounts(self, **params): ''' Get Current Users Accounts Data Parameters: **params (dict): Generic API parameters Returns: response object: Requests response object ''' # Build URL url = self.base_url + '/v2/current_user/accounts' url = self._add_params(url, **params) logging.debug("URL: {}".format(url)) # Make API Call response = self._apiget(url) return response
[docs] def get_current_tenant(self, **params): ''' Get name of current tenant Parameters: **params (dict): Generic API parameters Returns: string containing name of tenant or '' on failure ''' tenant_name = '' current_user = self.get_current_user() if current_user.status_code in self.return_codes_ok: user_id = current_user.json()['result']['account_id'] user_accounts = self.get_current_user_accounts() for account in user_accounts.json()['results']: if user_id == account['id']: tenant_name = account['name'] break else: logging.error('Failed to get account details API reponded with') logging.error(f'HTTP code: {current_user.status_code} ') logging.error(f'Response: {current_user.text}') tenant_name = '' return tenant_name
[docs] def get_users(self, **params): ''' Get User Data Parameters: **params (dict): Generic API parameters Returns: response object: Requests response object ''' # Build URL url = self.base_url + '/v2/users' url = self._add_params(url, **params) logging.debug("URL: {}".format(url)) # Make API Call response = self._apiget(url) return response
[docs] def audit_users(self, domains=[]): ''' Audit User Data for non compliant email domains Parameters: domain (list): List of valid email domains Returns: List of User Data (json) ''' users = [] user_data = [] valid = False # Check for list of domains, otherwise use current users if len(domains) == 0: current_user = self.get_current_user().json() email = current_user['result']['email'] domain = email.split('@')[1] domains.append(domain) logging.debug(f'Checking against domains: {domains}') # Get user data and check against valid domains response = self.get_users() user_data = response.json()['results'] for user in user_data: valid = False for domain in domains: if domain in user['email']: valid = True break if not valid: users.append(user) return users
[docs] def get_user_id(self, email="", include_path=False): ''' Get object id using key/value pair Parameters: email (str): email address of user account include_path (bool): Include path to object id Returns: id (str): object id or "" ''' # Local Variables id = "" # Make API Call response = self.get_users() # Process response if response.status_code in self.return_codes_ok: users = response.json().get('results') if users: for user in users: if email == user.get('email'): id = user.get('id') if not include_path: id = id.rsplit('/',1)[1] break else: logging.debug("User account {} not found." .format(email)) else: id = "" logging.debug("No results found.") else: id="" logging.debug("HTTP Error occured. {}".format(response.status_code)) logging.debug("id: {}".format(id)) return id
[docs] def create_user(self, name='', email='', type='interactive', authenticator='IDP', groups=['user', 'act_admin'], **params): ''' Create User Account Parameters: **params (dict): Generic API parameters Returns: response object: Requests response object ''' # Build URL url = self.base_url + '/v2/users' url = self._add_params(url, **params) logging.debug("URL: {}".format(url)) groups = self.get_group_ids(groups=groups) body = { 'name': name, 'email': email, 'type': type, 'authenticator': authenticator, 'groups': groups } # Make API Call response = self._apipost(url, body=json.dumps(body)) return response
[docs] def delete_user(self, email='', **params): ''' Create User Account Parameters: **params (dict): Generic API parameters Returns: response object: Requests response object ''' # Build URL url = self.base_url + '/v2/users' url = self._add_params(url, **params) logging.debug("URL: {}".format(url)) user_id = self.get_id(url, key='email', value=email, include_path=False) logging.debug("ID: {}".format(user_id)) if user_id: url = url + '/' + user_id # Make API Call response = self.delete(url) else: response = self._not_found_response return response
[docs] def get_groups(self, **params): ''' Get User Groups Parameters: **params (dict): Generic API parameters Returns: response object: Requests response object ''' # Build URL url = self.base_url + '/v2/groups' url = self._add_params(url, **params) logging.debug("URL: {}".format(url)) # Make API Call response = self._apiget(url) return response
[docs] def get_group_ids(self, groups=['user'], **params): ''' Get User Group IDs Parameters: groups (list): List of group names **params (dict): Generic API parameters Returns: response object: Requests response object ''' group_ids = [] # Make API Call response = self.get_groups(_fields='name,id') if response.status_code in self.return_codes_ok: grps = response.json().get('results') group_ids = [ grps[x].get('id') for x in range(len(grps)) if grps[x].get('name') in groups ] ''' for grp in grps: if grp.get('name') in groups: group_ids.append(grp.get('id')) logging.debug(f'Found id for group {grp.get("name")}') ''' else: logging.error('Failed to get User Groups API reponded with') logging.error(f'HTTP code: {response.status_code} ') logging.error(f'Response: {response.text}') group_ids = [] return group_ids