Client
Classes for calling Veza APIs and managing OAA providers and data sources.
Copyright 2022 Veza Technologies Inc.
Use of this source code is governed by the MIT license that can be found in the LICENSE file or at https://opensource.org/licenses/MIT.
Global Variables
OAACLIENT_VERSION
PROVIDER_ICON_MAX_SIZE
function report_builder_entrypoint
report_builder_entrypoint
Entry point for oaaclient-report-builder
command
Reads a JSON file and passes it to the oaaclient.utils.build_report
method
function main
main
class OAAClientError
OAAClientError
Error raised by OAAClient.
Raised for issues connecting to the OAA API and when the API returns an error.
Args:
error
(str): short string for error messagemessage
(str): detailed error messagestatus_code
(int, optional): status code for HTTP related errors. Defaults to None.details
(list, optional): list of additional details for error. Defaults to None.
method __init__
__init__
class OAAResponseError
OAAResponseError
Error returned from API Call
method __init__
__init__
class OAAConnectionError
OAAConnectionError
Error with API Connection
method __init__
__init__
class OAAClient
OAAClient
Class for OAA API Connection and Management.
Utilities for OAA-related operations with Veza API calls. Manages custom providers and data sources, and can push OAA payloads from JSON or template objects.
Connection url and API key can be automatically loaded from OS environment values if set. To utilize environment variables initialize OAAClient without providing a URL or API key value and set the VEZA_URL
and VEZA_API_KEY
OS environment variables.
Args:
url
(str, optional): URL for Veza instance.api_key
(str, optional): Veza API key.username
(str, optional): Not used (legacy). Defaults to None.token
(str, optional): Legacy parameter name for API key. Defaults to None.
Attributes:
url
(str): URL of the Veza instance to connect toapi_key
(str): Veza API keyenable_compression
(bool): Enable or disable compression of the OAA payload during push, defaults to enabled (True)
Raises:
OAAClientError
: For errors connecting to API and if API returns errors
method __init__
__init__
method add_query_report
add_query_report
Add a Query to a Report
Adds a Query to an existing Report by ID
Args:
report_id
(str): Report UUID to add Query toquery_id
(str): Query UUID to add
Returns:
dict
: API Response
method api_delete
api_delete
Perform REST API DELETE operation.
Args:
api_path
(str): API Path API path relative to Veza URL
Raises:
OAAResponseError
: API returned an errorOAAConnectionError
: Connection error during HTTP operation
Returns:
dict
: API response from call
method api_get
api_get
Perform a Veza API GET operation.
Makes the GET API call to the given path and processes the API response. Returns the value
or values
result returned from the API.
For API endpoints that return a list like
/api/v1/providers/custom
function will return a list of entities or an empty list if the API returns no results.For API endpoints that are a specific ID such as
/api/v1/providers/custom/<uuid>
function will return the dictionary result of the JSON returned by the API.
Args:
api_path
(str): API path relative to Veza URL (example/api/v1/providers
).
Raises:
OAAResponseError
: API returned an errorOAAConnectionError
: Connection error during HTTP operation
Returns:
list|dict
: Returns list or dict based on API destination
method api_patch
api_patch
Perform REST API PATCH operation.
Args:
api_path
(str): API Path API path relative to Veza URL
Raises:
OAAResponseError
: API returned an errorOAAConnectionError
: Connection error during HTTP operation
Returns:
dict
: API response from call
method api_post
api_post
Perform a Veza API POST operation.
Call POST on the supplied Veza instance API path, submitting a data payload.
Returns value
or values
response from API result. Paginated responses are automatically processed to collect all responses a single list.
Args:
api_path
(str): API path relative to Veza URL example/api/v1/providers
data
(dict): dictionary object included as JSON in body of POST operationparams
(dict, optional): Optional HTTP query parameters. Defaults to empty dictionary.
Raises:
OAAResponseError
: API returned an errorOAAConnectionError
: Connection error during HTTP operation
Returns:
dict
: API response as dictionary
method api_put
api_put
Perform Veza API PUT operation.
Call PUT on the supplied Veza instance API path, including the data payload.
Returns value
or values
response from API result. Paginated responses are automatically processed to collect all responses a single list.
Args:
api_path
(str): API path relative to Veza URL example/api/v1/providers
data
(dict): dictionary object included as JSON in body of PUT operationparams
(dict, optional): Optional HTTP query parameters. Defaults to empty dictionary.
Raises:
OAAResponseError
: API returned an errorOAAConnectionError
: Connection error during HTTP operation
Returns:
dict
: API response as dictionary
method create_data_source
create_data_source
Create a new Data Source for the given Provider ID.
Args:
name
(str): Name for new Data Sourceprovider_id
(str): Unique identifier for the Provideroptions
: (dict, optional): Additional arguments to be included with data source create call to Veza. Defaults to None.
Raises:
ValueError
: Data source name contains invalid characters
Returns:
dict
: dictionary of new Data Source
method create_datasource
create_datasource
Deprecated Legacy function for backward-compatibility.
method create_provider
create_provider
Create a new Provider.
Creates a new Provider with the given name. An error will be raised for naming conflicts.
Args:
name
(str): new Provider namecustom_template
(str): the OAA template to use for the Provider ("application" or "identity_provider")base64_icon
(str, optional): Base64 encoded string of icon to set for Provider. Defaults to "".options
: (dict, optional): Additional arguments to be included with provider create call to Veza. Defaults to None.
Raises:
ValueError
: Provider name contains invalid characters
Returns:
dict
: dictionary representing the created Provider
method create_query
create_query
Create a new Assessment Query
For details on how to define an Assessment Query see the Veza docs.
Args:
query
(dict): Query definition
Returns:
dict
: API response including ID of created Query
method create_report
create_report
Create a new Report
For details on how to define a new Report see the Veza docs.
Args:
report
(dict): Report definition
Returns:
dict
: API response including ID of created Report
method delete_data_source
delete_data_source
Delete an existing Data Source by ID.
Removes a Data Source and all entity data.
Args:
data_source_id
(str): ID of Data Source to deleteprovider_id
(str): ID of Data Source Provider
Returns:
dict
: API response
method delete_provider
delete_provider
Delete an existing provider by ID.
Deleting a provider removes all datasources and historical data. Fully deleting the provider is a background operation that will complete after API response is returned.
Args:
provider_id
(str): ID of provider to delete
Returns:
dict
: API response
method delete_query
delete_query
Delete an Assessment Query by ID
Args:
id
(str): UUID of Query to deleteforce
(bool): Force deletion of query that may be part of a report. Defaults to False
Returns:
dict
: API response from delete
method delete_report
delete_report
Delete Report by ID
Args:
id
(str): UUID of Report to delete
Returns:
dict
: API response
method get_data_source
get_data_source
Get Provider's Data Source by name.
Find a Data Source from a specific provider based on the name of the Data Source
Args:
name
(str): Data Source nameprovider_id
(str): Provider unique ID
Returns:
dict
: Data Source as dict or None
method get_data_sources
get_data_sources
Get Data Sources for Provider by ID.
Get the list of existing Data Sources, filtered by Provider UUID.
Args:
provider_id
(str): ID of Provider
Returns:
list[dict]
: List of Data Sources as dictionaries
method get_provider
get_provider
Get Provider by name.
Args:
name
(str): name of Provider
Returns:
dict
: dictionary representing Provider or None
method get_provider_by_id
get_provider_by_id
Get Provider by UUID identifier.
Args:
provider_id
(str): Unique global identifier for provider
Returns:
dict
: dictionary representation of Provider or None
method get_provider_list
get_provider_list
Return list of Providers.
Returns:
list[dict]
: Returns a list of existing Providers as dictionaries
method get_queries
get_queries
Get all saved Assessment Queries
Veza can filter out queries that include inactive entity types (e.g. Okta Users on a system without Okta configured). To only retrieve queries that include active entity types set include_inactive_queries
to False.
Args:
include_inactive_queries
(bool): Set False to exclude inactive queries from result. Defaults to True.
Returns:
list
: List of assessment Queries as dictionaries
method get_query_by_id
get_query_by_id
Get Assessment Query by ID
Args:
id
(str): UUID identifier for Query
Returns:
dict
: Query definition
method get_report_by_id
get_report_by_id
Get Report by ID
Veza can filter out queries from reports that only contain entity types that are not configured (e.g. Okta Users on a system without Okta configured). To only return queries configured on the report that match entity types configured on the system set include_inactive_queries
to False
Args:
id
(str): UUID of Report to getinclude_inactive_queries
(bool): Set True to include inactive queries. Default True.
Returns:
dict
: Report definition
method get_reports
get_reports
Get all Reports
Gets Reports created on the system. To get all reports include_inactive_reports
and include_inactive_queries
must be set to True.
Args:
include_inactive_reports
(bool, Optional): Set to True to include reports that contain no active providers, defaults to True.include_inactive_queries
(bool, Optional): Set to True to include reports that contain only inactive queries, defaults to True.
Returns:
list[dict]
: List of Reports as dictionary objects
method push_application
push_application
Push an OAA Application Object (such as CustomApplication).
Extracts the OAA JSON payload from the supplied OAA class (e.g. CustomApplication, CustomIdPProvider, etc) and push to the supplied Data Source.
The Provider with provider_name
must be a valid existing Provider or create_provider
must be set to True
. A new data source will be created automatically by default if it does not already exist.
For logging, and debugging, the optional save_json
flag writes the payload to a local file (before push). Output file name is formatted with a timestamp: {data source name}-{%Y%m%d-%H%M%S}.json
Args:
provider_name
(str): Name of an existing Provider.data_source_name
(str): Name for Data Source (will be created if it doesn't exist).application_object
(Class): OAA object to extract the payload fromsave_json
(bool, optional): Save the JSON payload to a local file before push. Defaults to False.create_provider
(bool, optional): Create a new Provider if Provider does not already exists. Defaults to False.options
(dict, optional): Additional dictionary of key/values to be included in push API call. Defaults to None.
Raises:
OAAClientError
: If any API call returns an error (including errors processing the OAA payload).
Returns:
dict
: API response from push, including any warnings that are returned.
method push_metadata
push_metadata
Push an OAA payload dictionary to Veza.
Publishes the supplied metadata
dictionary representing an OAA payload to the specified provider and data source. The function will create a new data source if it does not already exist, but requires the Provider be created ahead of time.
Args:
provider_name
(str): Name of existing Providerdata_source_name
(str): Name for Data Source, will be created if doesn't exist.metadata
(dict): Dictionary of OAA payload to push.save_json
(bool, optional): Save the OAA JSON payload to a local file before push. Defaults to False.options
(dict, optional): Additional dictionary of key/values to be included in push API call. Defaults to None.
Raises:
OAAClientError
: If any API call returns an error including errors processing the OAA payload.
Returns:
dict
: API response to the push request (including any warnings).
method update_provider_icon
update_provider_icon
Update an existing custom provider icon from base64 encoded string.
To load an icon from file, use utils.encode_icon_file
to get the base64 encoding of the file first
Args:
provider_id
(str): unique ID of existing providerbase64_icon
(str): base64 encoded string of new icon
Raises:
ValueError
: If icon size exceeds maximum allowed size
method update_report
update_report
Update an existing report
Args:
report_id
(str): UUID of Report to updatedreport
(dict): Updated Report definition
Returns:
dict
: API response
method update_user_agent
update_user_agent
Updates the User-Agent string passed with all API calls
Generates a User-Agent with the oaaclient version, Python version and platform information.
The optional extra
string will be appended if provided.
Args:
extra
(str, optional): Additional information to append to User-Agent string. Defaults to "".
class OAARetry
OAARetry
Super class for urllib3.util.retry
Super class to allow modifying the default max backoff time from 120 seconds to our own value
Args:
Retry
(type): description
method __init__
__init__
Last updated