Merge pull request #19 from ywei2017/main

Release 1.1.0, see CHANGELOG.md for details.
safepost · Feb 7, 2024 · 95d86e0 · 95d86e0
2 parents f62bb98 + 03175bb
commit 95d86e0
Show file tree

Hide file tree

Showing 15 changed files with 186 additions and 53 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.0] - 2024-02-03
+### Changes
+- Add "get_safe_details" method
+- Add support for "custom" configs to override the default logon and reconcile account index
+- Add support to retain cookies during login, and use for subsequent API calls for load-balanced PVWAs.
+
 ## [1.0.0] - 2024-01-26
 ### Changes
 - Adding some debug information

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -36,7 +36,7 @@ If you wish to contribute with code the workflow is :
 - Then, generate some accounts with mockaroo and the following schemas : https://www.mockaroo.com/b41fedb0. See "Troubleshoot"
   section of some cleanup to avoid issues.
 - Create the associated safes : sample-it-dept,sample-iaadmins,sample-coolteam
-- Create safe "BSA-SYS-PTT-R", and grant user "admin_bot" (see below) to the "Safe Management" permissions (for safe
+- Create safe "RENAME_ME", and grant user "admin_bot" (see below) to the "Safe Management" permissions (for safe
   rename testing)
 - Import the data (with bulk upload)
 - Create the configuration file for your testing Vault

diff --git a/aiobastion/accounts.py b/aiobastion/accounts.py
@@ -1,7 +1,8 @@
 # -*- coding: utf-8 -*-
 import asyncio
 import re
-from typing import List, Union, AsyncIterator, AsyncGenerator
+from typing import List, Union, AsyncIterator
+
 import aiohttp
 
 from .config import validate_ip, flatten
@@ -338,21 +339,21 @@ async def link_reconciliation_account(self, account: Union[PrivilegedAccount, Li
                                           reconcile_account: PrivilegedAccount):
         """
         | This function links the account (or the list of accounts) to the given reconcile account
-        | ⚠️ The "reconcile" Account is supposed to have an index of 3
+        | ⚠️ The "reconcile" Account index is default to 3
 
         :param account: a PrivilegedAccount object or a list of PrivilegedAccount objects
         :type account: PrivilegedAccount, list
         :param reconcile_account: The reconciliation PrivilegedAccount object
         :return: A boolean that indicates if the operation was successful.
         :raises CyberarkException: If link failed
         """
-        return await self.link_account(account, reconcile_account, 3)
+        return await self.link_account(account, reconcile_account, self.epv.RECONCILE_ACCOUNT_INDEX)
 
     async def link_logon_account(self, account: Union[PrivilegedAccount, List[PrivilegedAccount]],
                                  logon_account: PrivilegedAccount):
         """
         | This function links the account (or the list of accounts) to the given logon account
-        | ⚠️ The "logon" Account is supposed to have an index of 2
+        | ⚠️ The "logon" Account index is default to 2, you can change it by setting custom:LOGON_ACCOUNT_INDEX in the config
 
         :param account: a PrivilegedAccount object or a list of PrivilegedAccount objects
         :type account: PrivilegedAccount, list
@@ -361,7 +362,7 @@ async def link_logon_account(self, account: Union[PrivilegedAccount, List[Privil
         :raises CyberarkException: If link failed
         """
         #TODO check the index of logon account at platform level !
-        return await self.link_account(account, logon_account, 2)
+        return await self.link_account(account, logon_account, self.epv.LOGON_ACCOUNT_INDEX)
 
     async def link_reconcile_account_by_address(self, acc_username, rec_acc_username, address):
         """ This function links the account with the given username and address to the reconciliation account with
@@ -396,31 +397,32 @@ async def link_reconcile_account_by_address(self, acc_username, rec_acc_username
     async def remove_reconcile_account(self, account: Union[PrivilegedAccount, List[PrivilegedAccount]]):
         """
         | This function unlinks the reconciliation account of the given account (or the list of accounts)
-        | ⚠️ The "reconcile" Account is supposed to have an index of 3
+        | ⚠️ The "reconcile" Account index is default to 3
 
 
         :param account: a PrivilegedAccount object or a list of PrivilegedAccount objects
         :type account: PrivilegedAccount, list
         :return: A boolean that indicates if the operation was successful.
         :raises CyberarkException: If link failed:
         """
-        return await self.unlink_account(account, 3)
+        return await self.unlink_account(account, self.epv.RECONCILE_ACCOUNT_INDEX)
 
     async def remove_logon_account(self, account: Union[PrivilegedAccount, List[PrivilegedAccount]]):
         """
         | This function unlinks the logon account of the given account (or the list of accounts)
-        | ⚠️ The "logon" Account is supposed to have an index of 2
+        | ⚠️ The "logon" Account index is default to 2, you can change it by setting custom:LOGON_ACCOUNT_INDEX in the config
 
         :param account: a PrivilegedAccount object or a list of PrivilegedAccount objects
         :type account: PrivilegedAccount, list
         :return: A boolean that indicates if the operation was successful.
         :raises CyberarkException: If link failed:
         """
-        return await self.unlink_account(account, 2)
+        return await self.unlink_account(account, self.epv.LOGON_ACCOUNT_INDEX)
 
     async def unlink_account(self, account: Union[PrivilegedAccount, List[PrivilegedAccount]],
                              extra_password_index: int):
         """ This function unlinks the account of the given account (or the list of accounts)
+        | ⚠️ Double check the linked account index on your platform.
 
         :param account: a PrivilegedAccount object or a list of PrivilegedAccount objects
         :type account: PrivilegedAccount, list

diff --git a/aiobastion/config.py b/aiobastion/config.py
@@ -6,6 +6,7 @@
 
 
 class Config:
+    """Parse a config file into an object"""
     # Default value
     CYBERARK_DEFAULT_TIMEOUT = 30
     CYBERARK_DEFAULT_MAX_CONCURRENT_TASKS = 10
@@ -35,6 +36,7 @@ def __init__(self, configfile):
         self.max_concurrent_tasks = Config.CYBERARK_DEFAULT_MAX_CONCURRENT_TASKS
         self.timeout = Config.CYBERARK_DEFAULT_TIMEOUT
         self.PVWA_CA = False
+        self.keep_cookies = False
 
         with open(configfile, 'r') as config:
             configuration = yaml.safe_load(config)
@@ -125,6 +127,8 @@ def _read_section_pvwa(self, configuration):
             elif keyname == "maxtasks" or keyname == "max_concurrent_tasks":
                 self.max_concurrent_tasks = self._to_integer("PVWA/" + k, configuration[k])
                 synonyme_max_concurrent_tasks += 1
+            elif keyname == "keep_cookies":
+                self.keep_cookies = bool(configuration[k])
             elif keyname == "verify" or keyname == "ca":
                 self.PVWA_CA = configuration[k]
                 synonyme_PVWA_CA += 1
@@ -147,6 +151,7 @@ def _read_section_aim(self, configuration):
             "host":                 None,       # Default = PVWA (host)
             "key":                  None,
             "max_concurrent_tasks": None,       # Default = PVWA (max_concurrent_tasks)
+            "keep_cookies":         False,      # Default = False
             "verify":               None,       # Default = PVWA (PVWA_CA)
             "timeout":              None,       # Default = PVWA (timeout)
         }
@@ -161,6 +166,8 @@ def _read_section_aim(self, configuration):
                 configuration_aim[keyname] = configuration[k]
             elif keyname == "timeout":
                 configuration_aim[keyname] = self._to_integer("AIM/" + k, configuration[k])
+            elif keyname == "keep_cookies":
+                configuration_aim[keyname] = bool(configuration[k])
             elif keyname in ["maxtasks", "max_concurrent_tasks"]:
                 configuration_aim["max_concurrent_tasks"] = self._to_integer("AIM/" + k, configuration[k])
                 synonyme_max_concurrent_tasks += 1
@@ -195,6 +202,7 @@ def _read_section_aim(self, configuration):
         if self.AIM["verify"] is None:
             self.AIM["verify"] = self.PVWA_CA
 
+
     def _to_integer(self, section_key, val):
         try:
             v = int(val)