illumio-pylo 0.3.0__py3-none-any.whl → 0.3.2__py3-none-any.whl

illumio_pylo/cli/__init__.py

@@ -1,6 +1,7 @@
 import os
 from typing import Optional, Dict
-
+import time
+import datetime
 import sys
 import argparse
 from .NativeParsers import BaseParser
@@ -15,6 +16,8 @@ from illumio_pylo.cli import commands
 
 def run(forced_command_name: Optional[str] = None):
 
+    cli_start_time = datetime.datetime.now()
+
     def add_native_parser_to_argparse(parser: argparse.ArgumentParser, native_parsers: object):
         # each property of the native parser is an extension of BaseParser, we need to iterate over them and add them to the argparse parser
         for attr_name in dir(native_parsers):
@@ -33,9 +36,11 @@ def run(forced_command_name: Optional[str] = None):
                     print(" * Native CLI arguments parsing...")
                 attr.execute(args[attr.get_arg_name()], org, padding='    ')
 
-    parser = argparse.ArgumentParser(description='TODO LATER')
+    parser = argparse.ArgumentParser(description='PYLO-CLI: Illumio API&More Command Line Interface')
     parser.add_argument('--pce', type=str, required=False,
                         help='hostname of the PCE')
+    parser.add_argument('--force-async-mode', action='store_true',
+                        help='Forces the command to run async API queries when required (large PCEs which timeout on specific queries)')
     parser.add_argument('--debug', action='store_true',
                         help='Enables extra debugging output in Pylo framework')
     parser.add_argument('--use-cache', action='store_true',
@@ -89,14 +94,16 @@ def run(forced_command_name: Optional[str] = None):
     
     print("* Started Pylo CLI version {}".format(pylo.__version__))
 
+
     if not selected_command.credentials_manager_mode:
+        timer_start = time.perf_counter()
         # credential_profile_name is required for all commands except the credential manager
         if credential_profile_name is None:
             raise pylo.PyloEx("The --pce argument is required for this command")
         if settings_use_cache:
             print(" * Loading objects from cached PCE '{}' data... ".format(credential_profile_name), end="", flush=True)
             org = pylo.Organization.get_from_cache_file(credential_profile_name)
-            print("OK!")
+            print("OK! (execution time: {:.2f} seconds)".format(time.perf_counter() - timer_start))
             connector = pylo.APIConnector.create_from_credentials_in_file(credential_profile_name, request_if_missing=False)
             if connector is not None:
                 org.connector = connector
@@ -106,8 +113,9 @@ def run(forced_command_name: Optional[str] = None):
             print("OK!")
 
             print(" * Downloading PCE objects from API... ".format(credential_profile_name), end="", flush=True)
-            config_data = connector.get_pce_objects(list_of_objects_to_load=selected_command.load_specific_objects_only)
-            print("OK!")
+            config_data = connector.get_pce_objects(list_of_objects_to_load=selected_command.load_specific_objects_only, force_async_mode=args['force_async_mode'])
+            timer_download_finished = time.perf_counter()
+            print("OK! (execution time: {:.2f} seconds)".format(timer_download_finished - timer_start))
 
             org = pylo.Organization(1)
             org.connector = connector
@@ -116,7 +124,7 @@ def run(forced_command_name: Optional[str] = None):
                 print(" * Loading objects from PCE '{}' via API... ".format(credential_profile_name), end="", flush=True)
                 org.pce_version = connector.get_software_version()
                 org.load_from_json(config_data, list_of_objects_to_load=selected_command.load_specific_objects_only)
-                print("OK!")
+                print("OK! (execution time: {:.2f} seconds)".format(time.perf_counter() - timer_download_finished))
 
         print()
         if not selected_command.skip_pce_config_loading:
@@ -126,6 +134,7 @@ def run(forced_command_name: Optional[str] = None):
             print(flush=True)
 
     print("**** {} UTILITY ****".format(selected_command.name.upper()), flush=True)
+    command_execution_time_start = time.perf_counter()
     if selected_command.native_parsers is None:
         native_parsers = None
     else:
@@ -138,7 +147,11 @@ def run(forced_command_name: Optional[str] = None):
         commands.available_commands[selected_command.name].main(args, org=org, config_data=config_data, connector=connector, pce_cache_was_used=settings_use_cache)
 
     print()
+    cli_end_time = datetime.datetime.now()
     print("**** END OF {} UTILITY ****".format(selected_command.name.upper()))
+    print("Command Specific Execution time: {:.2f} seconds".format(time.perf_counter() - command_execution_time_start))
+    print("CLI started at {} and finished at {}".format(cli_start_time, cli_end_time))
+    print("CLI Total Execution time: {}".format(cli_end_time - cli_start_time))
     print()
 
 

illumio_pylo/cli/commands/credential_manager.py

@@ -1,3 +1,5 @@
+import sys
+
 from prettytable import PrettyTable
 import argparse
 import os
@@ -7,7 +9,8 @@ import paramiko
 import illumio_pylo as pylo
 import click
 from illumio_pylo.API.CredentialsManager import get_all_credentials, create_credential_in_file, CredentialFileEntry, \
-    create_credential_in_default_file, encrypt_api_key_with_paramiko_key, decrypt_api_key_with_paramiko_key
+    create_credential_in_default_file, encrypt_api_key_with_paramiko_ssh_key_fernet, decrypt_api_key_with_paramiko_ssh_key_fernet, \
+    get_credentials_from_file
 
 from illumio_pylo import log
 from . import Command
@@ -20,19 +23,24 @@ objects_load_filter = None
 def fill_parser(parser: argparse.ArgumentParser):
     sub_parser = parser.add_subparsers(dest='sub_command', required=True)
     list_parser = sub_parser.add_parser('list', help='List all credentials')
-    create_parser = sub_parser.add_parser('create', help='Create a new credential')
 
-    create_parser.add_argument('--name', required=True, type=str,
-                               help='Name of the credential')
-    create_parser.add_argument('--fqdn', required=True, type=str,
+    test_parser = sub_parser.add_parser('test', help='Test a credential')
+    test_parser.add_argument('--name', required=False, type=str, default=None,
+                             help='Name of the credential profile to test')
+
+
+    create_parser = sub_parser.add_parser('create', help='Create a new credential')
+    create_parser.add_argument('--name', required=False, type=str, default=None,
+                     help='Name of the credential')
+    create_parser.add_argument('--fqdn', required=False, type=str, default=None,
                                  help='FQDN of the PCE')
-    create_parser.add_argument('--port', required=True, type=int,
+    create_parser.add_argument('--port', required=False, type=int, default=None,
                                  help='Port of the PCE')
-    create_parser.add_argument('--org', required=True, type=int,
+    create_parser.add_argument('--org', required=False, type=int, default=None,
                                  help='Organization ID')
-    create_parser.add_argument('--api-user', required=True, type=str,
+    create_parser.add_argument('--api-user', required=False, type=str, default=None,
                                     help='API user')
-    create_parser.add_argument('--verify-ssl', required=True, type=bool,
+    create_parser.add_argument('--verify-ssl', required=False, type=bool, default=None,
                                  help='Verify SSL')
 
 
@@ -54,14 +62,10 @@ def __main(args, **kwargs):
                   )
 
     elif args['sub_command'] == 'create':
-        print("Recap:")
-        print("Name: {}".format(args['name']))
-        print("FQDN: {}".format(args['fqdn']))
-        print("Port: {}".format(args['port']))
-        print("Org ID: {}".format(args['org']))
-        print("API User: {}".format(args['api_user']))
-        print("Verify SSL: {}".format(args['verify_ssl']))
-        print()
+
+        wanted_name = args['name']
+        if wanted_name is None:
+            wanted_name = click.prompt('> Input a Profile Name (ie: prod-pce)', type=str)
 
         print("* Checking if a credential with the same name already exists...", flush=True, end="")
         credentials = get_all_credentials()
@@ -70,20 +74,52 @@ def __main(args, **kwargs):
                 raise pylo.PyloEx("A credential named '{}' already exists".format(args['name']))
         print("OK!")
 
+        wanted_fqdn = args['fqdn']
+        if wanted_fqdn is None:
+            wanted_fqdn = click.prompt('> PCE FQDN (ie: pce1.mycompany.com)', type=str)
+
+        wanted_port = args['port']
+        if wanted_port is None:
+            wanted_port = click.prompt('> PCE Port (ie: 8443)', type=int)
+
+        wanted_org = args['org']
+        if wanted_org is None:
+            wanted_org = click.prompt('> Organization ID', type=int)
+
+        wanted_api_user = args['api_user']
+        if wanted_api_user is None:
+            wanted_api_user = click.prompt('> API User', type=str)
+
+        wanted_verify_ssl = args['verify_ssl']
+        if wanted_verify_ssl is None:
+            wanted_verify_ssl = click.prompt('> Verify SSL/TLS certificate? Y/N', type=bool)
+
+
+        print()
+        print("Recap:")
+        print("Name: {}".format(wanted_name))
+        print("FQDN: {}".format(wanted_fqdn))
+        print("Port: {}".format(wanted_port))
+        print("Org ID: {}".format(wanted_org))
+        print("API User: {}".format(wanted_api_user))
+        print("Verify SSL: {}".format(wanted_verify_ssl))
+        print()
+
+
         # prompt of API key from user input, single line, hidden
         api_key = click.prompt('> API Key', hide_input=True)
 
         credentials_data: CredentialFileEntry = {
-            "name": args['name'],
-            "fqdn": args['fqdn'],
-            "port": args['port'],
-            "org_id": args['org'],
-            "api_user": args['api_user'],
-            "verify_ssl": args['verify_ssl'],
+            "name": wanted_name,
+            "fqdn": wanted_fqdn,
+            "port": wanted_port,
+            "org_id": wanted_org,
+            "api_user": wanted_api_user,
+            "verify_ssl": wanted_verify_ssl,
             "api_key": api_key
         }
 
-        encrypt_api_key = click.prompt('> Encrypt API? Y/N', type=bool)
+        encrypt_api_key = click.prompt('> Encrypt API (requires an SSH agent running and an RSA or Ed25519 key) ? Y/N', type=bool)
         if encrypt_api_key:
             print("Available keys (ECDSA NISTPXXX keys and a few others are not supported and will be filtered out):")
             ssh_keys = paramiko.Agent().get_keys()
@@ -100,10 +136,10 @@ def __main(args, **kwargs):
                                                       selected_ssh_key.get_fingerprint().hex(),
                                                       selected_ssh_key.comment))
             print(" * encrypting API key with selected key (you may be prompted by your SSH agent for confirmation or PIN code) ...", flush=True, end="")
-            encrypted_api_key = encrypt_api_key_with_paramiko_key(ssh_key=selected_ssh_key, api_key=api_key)
+            encrypted_api_key = encrypt_api_key_with_paramiko_ssh_key_fernet(ssh_key=selected_ssh_key, api_key=api_key)
             print("OK!")
             print(" * trying to decrypt the encrypted API key...", flush=True, end="")
-            decrypted_api_key = decrypt_api_key_with_paramiko_key(encrypted_api_key_payload=encrypted_api_key)
+            decrypted_api_key = decrypt_api_key_with_paramiko_ssh_key_fernet(encrypted_api_key_payload=encrypted_api_key)
             if decrypted_api_key != api_key:
                 raise pylo.PyloEx("Decrypted API key does not match original API key")
             print("OK!")
@@ -122,6 +158,35 @@ def __main(args, **kwargs):
 
         print("OK! ({})".format(file_path))
 
+    elif args['sub_command'] == 'test':
+        print("* Profile Tester command")
+        wanted_name = args['name']
+        if wanted_name is None:
+            wanted_name = click.prompt('> Input a Profile Name to test (ie: prod-pce)', type=str)
+        found_profile = get_credentials_from_file(wanted_name, fail_with_an_exception=False)
+        if found_profile is None:
+            print("Cannot find a profile named '{}'".format(wanted_name))
+            print("Available profiles:")
+            credentials = get_all_credentials()
+            for credential in credentials:
+                print(" - {}".format(credential.name))
+            sys.exit(1)
+
+        print("Selected profile:")
+        print(" - Name: {}".format(found_profile.name))
+        print(" - FQDN: {}".format(found_profile.fqdn))
+        print(" - Port: {}".format(found_profile.port))
+        print(" - Org ID: {}".format(found_profile.org_id))
+        print(" - API User: {}".format(found_profile.api_user))
+        print(" - Verify SSL: {}".format(found_profile.verify_ssl))
+
+        print("* Testing credential...", flush=True, end="")
+        connector = pylo.APIConnector.create_from_credentials_object(found_profile)
+        connector.objects_label_dimension_get()
+        print("OK!")
+
+    else:
+        raise pylo.PyloEx("Unknown sub-command '{}'".format(args['sub_command']))
 
 command_object = Command(command_name, __main, fill_parser, credentials_manager_mode=True)
 

illumio_pylo/cli/commands/ruleset_export.py

@@ -1,8 +1,9 @@
 import argparse
 import os
-from typing import Dict, List
+from typing import Dict, List, Literal
 
 import illumio_pylo as pylo
+from illumio_pylo import ArraysToExcel, ExcelHeader
 from .utils.misc import make_filename_with_timestamp
 from . import Command
 
@@ -11,7 +12,7 @@ command_name = 'rule-export'
 
 def fill_parser(parser: argparse.ArgumentParser):
     parser.add_argument('--format', '-f', required=False, default='excel',choices=['csv', 'excel'], help='Output file format')
-    parser.add_argument('--output', '-o', required=False, default='.', help='Directory where to save the output file')
+    parser.add_argument('--output-dir', '-o', required=False, default='output', help='Directory where to save the output file')
     parser.add_argument('--prefix-objects-with-type', nargs='?', const=True, default=False,
                         help='Prefix objects with their type (e.g. "label:mylabel")')
     parser.add_argument('--object-types-as-section', action='store_true', default=False,
@@ -25,44 +26,26 @@ def fill_parser(parser: argparse.ArgumentParser):
 
 
 
-def __main(options: Dict, org: pylo.Organization, **kwargs):
-    csv_report_headers: List[pylo.ExcelHeader] = \
-        [{'name': 'ruleset', 'max_width': 40},
-         {'name': 'scope', 'max_width': 50},
-         {'name': 'type', 'max_width': 10},
-         {'name': 'consumers', 'max_width': 80},
-         {'name': 'providers', 'max_width': 80},
-         {'name': 'services', 'max_width': 30},
-         {'name': 'options', 'max_width': 40},
-         {'name': 'ruleset_url', 'max_width': 40, 'wrap_text': False},
-         {'name': 'ruleset_href', 'max_width': 30, 'wrap_text': False}
-         ]
+def __main(args: Dict, org: pylo.Organization, **kwargs):
+
+    setting_prefix_objects_with_type: bool|str = args['prefix_objects_with_type']
+    setting_object_types_as_section: bool = args['prefix_objects_with_type']
+    settings_output_file_format = args['format']
+    settings_output_dir = args['output_dir']
+
 
-    setting_prefix_objects_with_type: bool|str = options['prefix_objects_with_type']
     if setting_prefix_objects_with_type is False:
         print(" * Prefix for object types are disabled")
     else:
         print(" * Prefix for object types are enabled")
 
-    setting_object_types_as_section: bool = options['prefix_objects_with_type']
+
     if setting_object_types_as_section is False:
         print(" * Object types as section are disabled")
     else:
         print(" * Object types as section are enabled")
 
-    output_file_format = options.get('format')
-    if output_file_format == "excel":
-        output_file_extension = ".xlsx"
-    elif output_file_format == "csv":
-        output_file_extension = ".csv"
-    else:
-        raise Exception("Unknown output file format: %s" % output_file_format)
-
-    output_file_name = options.get('output') + os.sep + make_filename_with_timestamp('rule_export_') + output_file_extension
-    output_file_name = os.path.abspath(output_file_name)
-
-    csv_report = pylo.ArraysToExcel()
-    sheet = csv_report.create_sheet('rulesets', csv_report_headers, force_all_wrap_text=True, multivalues_cell_delimiter=',')
+    csv_report, output_file_name, sheet = prepare_csv_report_object(settings_output_file_format, settings_output_dir)
 
     for ruleset in org.RulesetStore.rulesets:
         for rule in ruleset.rules_ordered_by_type:
@@ -102,23 +85,47 @@ def __main(options: Dict, org: pylo.Organization, **kwargs):
                     'services': rule.services.members_to_str("\n"),
                     'options': pylo.string_list_to_text(rule_options, "\n"),
                     'ruleset_href': ruleset.href,
-                    'ruleset_url': ruleset.get_ruleset_url()}
-            if rule.is_extra_scope():
-                data['type'] = 'extra'
-            else:
-                data['type'] = 'intra'
+                    'ruleset_url': ruleset.get_ruleset_url(),
+                    'type': 'intra' if rule.is_intra_scope() else 'extra'
+                    }
+
             sheet.add_line_from_object(data)
 
-    if output_file_format == "csv":
+    if settings_output_file_format == "csv":
         print(" * Writing export file '{}' ... ".format(output_file_name), end='', flush=True)
         sheet.write_to_csv(output_file_name)
         print("DONE")
-    elif output_file_format == "excel":
+    elif settings_output_file_format == "excel":
         print(" * Writing export file '{}' ... ".format(output_file_name), end='', flush=True)
         csv_report.write_to_excel(output_file_name)
         print("DONE")
     else:
-        raise pylo.PyloEx("Unknown format: '{}'".format(options['format']))
+        raise pylo.PyloEx("Unknown format: '{}'".format(args['format']))
+
+
+def prepare_csv_report_object(output_file_format: Literal['excel', 'csv'], settings_output_dir: str):
+    if output_file_format == "excel":
+        output_file_extension = ".xlsx"
+    elif output_file_format == "csv":
+        output_file_extension = ".csv"
+    else:
+        raise Exception("Unknown output file format: %s" % output_file_format)
+    csv_report_headers = pylo.ExcelHeaderSet(
+        [ExcelHeader(name='ruleset', max_width=40),
+         ExcelHeader(name='scope', max_width=50),
+         ExcelHeader(name='type', max_width=10),
+         ExcelHeader(name='consumers', max_width=80),
+         ExcelHeader(name='providers', max_width=80),
+         ExcelHeader(name='services', max_width=30),
+         ExcelHeader(name='options', max_width=40),
+         ExcelHeader(name='ruleset_url', max_width=40, wrap_text=False),
+         ExcelHeader(name='ruleset_href', max_width=30, wrap_text=False)
+         ])
+    csv_report = ArraysToExcel()
+    sheet = csv_report.create_sheet('rulesets', csv_report_headers, force_all_wrap_text=True,
+                                    multivalues_cell_delimiter=',')
+    output_file_name = make_filename_with_timestamp('rule_export_', settings_output_dir) + output_file_extension
+    return csv_report, output_file_name, sheet
 
 
 command_object = Command(command_name, __main, fill_parser)

illumio_pylo/cli/commands/utils/misc.py

@@ -8,5 +8,9 @@ def make_filename_with_timestamp(prefix: str, output_directory: str = './') -> s
     if output_directory.startswith('.') or not output_directory.startswith('/') or not output_directory.startswith('\\'):
         output_directory = os.path.realpath(os.getcwd() + os.path.sep + output_directory)
 
+    # if the directory does not exist, we will create it and its parents if needed
+    if not os.path.exists(output_directory):
+        os.makedirs(output_directory)
+
     now = datetime.now()
     return output_directory + os.path.sep + prefix + now.strftime("%Y%m%d-%H%M%S")

illumio_pylo/cli/commands/ven_compatibility_report_export.py

@@ -6,6 +6,7 @@ from typing import Dict, List
 from prettytable import PrettyTable
 
 import illumio_pylo as pylo
+from illumio_pylo import ArraysToExcel, ExcelHeader, ExcelHeaderSet
 from . import Command
 from .utils.misc import make_filename_with_timestamp
 
@@ -39,17 +40,22 @@ def __main(args, org: pylo.Organization, **kwargs):
     pylo.file_clean(output_filename_csv)
     pylo.file_clean(output_filename_xls)
 
-    csv_report_headers = [{'name':'name'},
-                          {'name':'hostname'}]
+    csv_report_headers = ExcelHeaderSet([
+        ExcelHeader(name='name', max_width=40),
+        ExcelHeader(name='hostname', max_width=40)
+    ])
 
     # insert all label dimensions
     for label_type in org.LabelStore.label_types:
-        csv_report_headers.append({'name': 'label_'+label_type, 'wrap_text': False})
-
-    csv_report_headers += [
-        'operating_system', 'report_failed', 'details',
-        {'name':'link_to_pce','max_width': 15, 'wrap_text': False, 'link_text': 'See in PCE', 'is_url': True},
-        {'name':'href', 'max_width': 15, 'wrap_text': False}]
+        csv_report_headers.append(ExcelHeader(name= 'label_'+label_type, wrap_text= False))
+
+    csv_report_headers.extend([
+        'operating_system',
+        'report_failed',
+        'details',
+        ExcelHeader(name ='link_to_pce', max_width= 15, wrap_text=False, url_text='See in PCE',is_url= True),
+        ExcelHeader(name='href', max_width=15, wrap_text=False)
+    ])
     csv_report = pylo.ArraysToExcel()
     sheet: pylo.ArraysToExcel.Sheet = csv_report.create_sheet('duplicates', csv_report_headers, force_all_wrap_text=True, multivalues_cell_delimiter=',')
     # </editor-fold desc="Prepare the output files and CSV/Excel Object">

illumio_pylo/cli/commands/ven_duplicate_remover.py

@@ -1,10 +1,11 @@
+from typing import Dict, List, Literal, Optional
 import datetime
-
 import click
+import argparse
 
 import illumio_pylo as pylo
-import argparse
-from typing import Dict, List, Literal, Optional
+from illumio_pylo import ArraysToExcel, ExcelHeader, ExcelHeaderSet
+
 from .utils.misc import make_filename_with_timestamp
 from . import Command
 
@@ -64,20 +65,22 @@ def __main(args, org: pylo.Organization, pce_cache_was_used: bool, **kwargs):
     output_file_excel = output_file_prefix + '.xlsx'
 
 
-    csv_report_headers = [{'name':'name'},
-                          {'name':'hostname'}]
-
+    csv_report_headers = pylo.ExcelHeaderSet([
+        ExcelHeader(name = 'name', max_width = 40),
+        ExcelHeader(name = 'hostname', max_width = 40)
+    ])
     # insert all label dimensions
     for label_type in org.LabelStore.label_types:
-        csv_report_headers.append({'name': 'label_'+label_type, 'wrap_text': False})
-
-    csv_report_headers += [
-                          'online',
-                          {'name':'last_heartbeat', 'max_width': 15, 'wrap_text': False},
-                          {'name': 'created_at', 'max_width': 15, 'wrap_text': False},
-                          'action',
-                          {'name':'link_to_pce','max_width': 15, 'wrap_text': False, 'link_text': 'See in PCE', 'is_url': True},
-                          {'name':'href', 'max_width': 15, 'wrap_text': False}]
+        csv_report_headers.append(ExcelHeader(name= f'label_{label_type}', wrap_text= False))
+
+    csv_report_headers.extend([
+        'online',
+        ExcelHeader(name = 'last_heartbeat', max_width = 15, wrap_text = False),
+        ExcelHeader(name = 'created_at', max_width = 15, wrap_text = False),
+        'action',
+        ExcelHeader(name = 'link_to_pce', max_width = 15, wrap_text = False, url_text = 'See in PCE', is_url = True),
+        ExcelHeader(name = 'href', max_width = 15, wrap_text = False)
+    ])
     csv_report = pylo.ArraysToExcel()
     sheet: pylo.ArraysToExcel.Sheet = csv_report.create_sheet('duplicates', csv_report_headers, force_all_wrap_text=True, multivalues_cell_delimiter=',')
 

illumio_pylo/cli/commands/ven_upgrader.py

@@ -11,14 +11,8 @@ objects_load_filter = ['workloads', 'labels']
 
 
 def fill_parser(parser: argparse.ArgumentParser):
-    parser.add_argument('--filter-env-label', type=str, required=False, default=None,
-                        help='Filter agents by environment labels (separated by commas)')
-    parser.add_argument('--filter-loc-label', type=str, required=False, default=None,
-                        help='Filter agents by location labels (separated by commas)')
-    parser.add_argument('--filter-app-label', type=str, required=False, default=None,
-                        help='Filter agents by application labels (separated by commas)')
-    parser.add_argument('--filter-role-label', type=str, required=False, default=None,
-                        help='Filter agents by role labels (separated by commas)')
+    parser.add_argument('--filter-label', '-fl', action='append',
+                        help='Only look at workloads matching specified labels')
 
     parser.add_argument('--filter-ven-versions', nargs='+', type=str, required=False, default=None,
                         help='Filter agents by versions (separated by spaces)')
@@ -67,58 +61,13 @@ def __main(args, org: pylo.Organization, **kwargs):
     target_version = pylo.SoftwareVersion(target_version_string)
 
     print(" * Parsing filters")
-
-    env_label_list = {}
-    if args['filter_env_label'] is not None:
-        print("   * Environment Labels specified")
-        for raw_label_name in args['filter_env_label'].split(','):
-            print("     - label named '{}'".format(raw_label_name), end='', flush=True)
-            label = org.LabelStore.find_label_by_name_and_type(raw_label_name, pylo.label_type_env)
-            if label is None:
-                print("NOT FOUND!")
-                raise pylo.PyloEx("Cannot find label named '{}'".format(raw_label_name))
-            else:
-                print("found")
-                env_label_list[label] = label
-
-    loc_label_list = {}
-    if args['filter_loc_label'] is not None:
-        print("   * Location Labels specified")
-        for raw_label_name in args['filter_loc_label'].split(','):
-            print("     - label named '{}' ".format(raw_label_name), end='', flush=True)
-            label = org.LabelStore.find_label_by_name_and_type(raw_label_name, pylo.label_type_loc)
-            if label is None:
-                print("NOT FOUND!")
-                raise pylo.PyloEx("Cannot find label named '{}'".format(raw_label_name))
-            else:
-                print("found")
-                loc_label_list[label] = label
-
-    app_label_list = {}
-    if args['filter_app_label'] is not None:
-        print("   * Application Labels specified")
-        for raw_label_name in args['filter_app_label'].split(','):
-            print("     - label named '{}' ".format(raw_label_name), end='', flush=True)
-            label = org.LabelStore.find_label_by_name_and_type(raw_label_name, pylo.label_type_app)
-            if label is None:
-                print("NOT FOUND!")
-                raise pylo.PyloEx("Cannot find label named '{}'".format(raw_label_name))
-            else:
-                print("found")
-                app_label_list[label] = label
-
-    role_label_list = {}
-    if args['filter_role_label'] is not None:
-        print("   * Role Labels specified")
-        for raw_label_name in args['filter_role_label']:
-            print("     - label named '{}' ".format(raw_label_name), end='', flush=True)
-            label = org.LabelStore.find_label_by_name_and_type(raw_label_name, pylo.label_type_role)
+    filter_labels: List[pylo.Label] = []  # the list of labels to filter the workloads against
+    if args['filter_label'] is not None:
+        for label_name in args['filter_label']:
+            label = org.LabelStore.find_label_by_name(label_name)
             if label is None:
-                print("NOT FOUND!")
-                raise pylo.PyloEx("Cannot find label named '{}'".format(raw_label_name))
-            else:
-                print("found")
-                role_label_list[label] = label
+                raise pylo.PyloEx("Cannot find label '{}' in the PCE".format(label_name))
+            filter_labels.append(label)
 
     filter_versions = {}
     if args['filter_ven_versions'] is not None:
@@ -149,25 +98,8 @@ def __main(args, org: pylo.Organization, **kwargs):
                 del agents[agent_href]
                 continue
 
-        if len(env_label_list) > 0 and (workload.env_label is None or workload.env_label not in env_label_list):
-            pylo.log.debug(" - workload '{}' does not match env_label filters, it's out!".format(workload.get_name()))
-            del agents[agent_href]
-            continue
-        if len(loc_label_list) > 0 and (workload.loc_label is None or workload.loc_label not in loc_label_list):
-            pylo.log.debug(" - workload '{}' does not match loc_label filters, it's out!".format(workload.get_name()))
-            del agents[agent_href]
-            continue
-        if len(app_label_list) > 0 and (workload.app_label is None or workload.app_label not in app_label_list):
-            pylo.log.debug(" - workload '{}' does not match app_label filters, it's out!".format(workload.get_name()))
-            del agents[agent_href]
-            continue
-        if len(role_label_list) > 0 and (workload.role_label is None or workload.role_label not in role_label_list):
-            pylo.log.debug(" - workload '{}' does not match role_label filters, it's out!".format(workload.get_name()))
-            del agents[agent_href]
-            continue
-
-        if agent.software_version.version_string not in filter_versions:
-            pylo.log.debug(" - workload '{}' does not match the version filter, it's out!".format(workload.get_name()))
+        if workload.uses_all_labels(filter_labels) is False:
+            pylo.log.debug(" - workload '{}' is not matching the labels filter".format(workload.get_name()))
             del agents[agent_href]
             continue