illumio-pylo 0.3.3__py3-none-any.whl → 0.3.5__py3-none-any.whl

illumio_pylo/API/APIConnector.py

@@ -62,16 +62,16 @@ all_object_types: Dict[ObjectTypes, ObjectTypes] = {
 class APIConnector:
     """docstring for APIConnector."""
 
-    def __init__(self, fqdn: str, port, apiuser: str, apikey: str, skip_ssl_cert_check=False, org_id=1, name='unnamed'):
+    def __init__(self, fqdn: str, port, api_user: str, api_key: str, skip_ssl_cert_check=False, org_id=1, name='unnamed'):
         self.name = name
         self.fqdn: str = fqdn
         if type(port) is int:
             port = str(port)
         self.port: int = port
-        self._api_key: str = apikey
+        self._api_key: str = api_key
         self._decrypted_api_key: str = None
-        self.api_user: str = apiuser
-        self.orgID: int = org_id
+        self.api_user: str = api_user
+        self.org_id: int = org_id
         self.skipSSLCertCheck: bool = skip_ssl_cert_check
         self.version: Optional['pylo.SoftwareVersion'] = None
         self.version_string: str = "Not Defined"
@@ -148,7 +148,7 @@ class APIConnector:
     def _make_api_url(self, path: str = '', include_org_id=False) -> str:
         url = self._make_base_url('/api/v2')
         if include_org_id:
-            url += '/orgs/' + str(self.orgID)
+            url += '/orgs/' + str(self.org_id)
         url += path
 
         return url
@@ -625,12 +625,14 @@ class APIConnector:
         return None
 
     def objects_ven_get(self,
-                             include_deleted=False,
-                             filter_by_ip: str = None,
-                             filter_by_label: Optional[WorkloadsGetQueryLabelFilterJsonStructure] = None,
-                             filter_by_name: str = None,
-                             max_results: int = None,
-                             async_mode=True) -> List[VenObjectJsonStructure]:
+                        include_deleted=False,
+                        filter_by_ip: str = None,
+                        filter_by_label: Optional[WorkloadsGetQueryLabelFilterJsonStructure] = None,
+                        filter_by_name: str = None,
+                        max_results: int = None,
+                        async_mode=True,
+                        representation: Optional[Literal['ven_labels']] = None
+                        ) -> List[VenObjectJsonStructure]:
         path = '/vens'
         data = {}
 
@@ -652,7 +654,6 @@ class APIConnector:
 
         return self.do_get_call(path=path, async_call=async_mode, params=data)
 
-
     def objects_workload_get(self,
                              include_deleted=False,
                              filter_by_ip: str = None,
@@ -935,18 +936,20 @@ class APIConnector:
 
         return self.do_get_call(path=path, async_call=False, include_org_id=False )
 
-    def object_network_device_endpoint_create(self, network_device_href: str, name: str, endpoint_type: Literal['switch_port'], workloads_href: List[str]) -> List[NetworkDeviceEndpointObjectJsonStructure]:
+    def object_network_device_endpoint_create(self, network_device_href: str, name: str,
+                                              endpoint_type: Literal['switch_port'], workloads_href: List[str]) \
+            -> List[NetworkDeviceEndpointObjectJsonStructure]:
+
         path = '{}/network_endpoints'.format(network_device_href)
 
-        worklaods_href_objects = []
+        workloads_href_objects = []
         for workload_href in workloads_href:
-            worklaods_href_objects.append({'href': workload_href})
+            workloads_href_objects.append({'href': workload_href})
 
-        data = { 'config': { 'name': name, 'endpoint_type': endpoint_type }, 'workloads': worklaods_href_objects}
+        data = {'config': {'name': name, 'endpoint_type': endpoint_type}, 'workloads': workloads_href_objects}
 
         return self.do_post_call(path=path, async_call=False, include_org_id=False, json_arguments=data, json_output_expected=True)
 
-
     def objects_ruleset_get(self, max_results: int = None, async_mode=True) -> List[RulesetObjectJsonStructure]:
         path = '/sec_policy/draft/rule_sets'
         data = {}
@@ -1069,7 +1072,7 @@ class APIConnector:
             'ingress_services': services_json
         }
 
-        path = ruleset_href+'/sec_rules'
+        path = ruleset_href + '/sec_rules'
 
         return self.do_post_call(path, json_arguments=data, json_output_expected=True, include_org_id=False)
 

illumio_pylo/API/CredentialsManager.py

@@ -4,6 +4,7 @@ from typing import Dict, TypedDict, Union, List, Optional
 import json
 import os
 from cryptography.fernet import Fernet
+from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
 from ..Exception import PyloEx
 from .. import log
 
@@ -122,7 +123,7 @@ def get_credentials_from_file(fqdn_or_profile_name: str = None,
 
     if fail_with_an_exception:
         raise PyloEx("No profile found in credential file '{}' with fqdn: {}".
-                    format(credential_file, fqdn_or_profile_name))
+                     format(credential_file, fqdn_or_profile_name))
 
     return None
 
@@ -133,8 +134,8 @@ def list_potential_credential_files() -> List[str]:
     :return:
     """
     potential_credential_files = []
-    if os.environ.get('Pylo_CREDENTIAL_FILE', None) is not None:
-        potential_credential_files.append(os.environ.get('Pylo_CREDENTIAL_FILE'))
+    if os.environ.get('PYLO_CREDENTIAL_FILE', None) is not None:
+        potential_credential_files.append(os.environ.get('PYLO_CREDENTIAL_FILE'))
     potential_credential_files.append(os.path.expanduser("~/.pylo/credentials.json"))
     potential_credential_files.append(os.path.join(os.getcwd(), "credentials.json"))
 
@@ -153,7 +154,7 @@ def get_all_credentials() -> List[CredentialProfile]:
     return credentials
 
 
-def create_credential_in_file(file_full_path: str, data: CredentialFileEntry, overwrite_existing_profile = False) -> str:
+def create_credential_in_file(file_full_path: str, data: CredentialFileEntry, overwrite_existing_profile=False) -> str:
     """
     Create a credential in a file and return the full path to the file
     :param file_full_path:
@@ -173,7 +174,10 @@ def create_credential_in_file(file_full_path: str, data: CredentialFileEntry, ov
                 for profile in credentials:
                     if profile['name'].lower() == data['name'].lower():
                         if overwrite_existing_profile:
-                            profile = data
+                            # profile is a dict, remove of all its entries
+                            for key in list(profile.keys()):
+                                del profile[key]
+                            profile.update(data)
                             break
                         else:
                             raise PyloEx("Profile with name {} already exists in file {}".format(data['name'], file_full_path))
@@ -187,7 +191,7 @@ def create_credential_in_file(file_full_path: str, data: CredentialFileEntry, ov
                 else:
                     credentials = [credentials, data]
     else:
-            credentials = [data]
+        credentials = [data]
 
     # write to the file
     with open(file_full_path, 'w') as f:
@@ -195,6 +199,7 @@ def create_credential_in_file(file_full_path: str, data: CredentialFileEntry, ov
 
     return file_full_path
 
+
 def create_credential_in_default_file(data: CredentialFileEntry) -> str:
     """
     Create a credential in the default credential file and return the full path to the file
@@ -206,32 +211,20 @@ def create_credential_in_default_file(data: CredentialFileEntry) -> str:
     return file_path
 
 
-def encrypt_api_key_with_paramiko_ssh_key_fernet(ssh_key: paramiko.AgentKey, api_key: str) -> str:
-    def encrypt(raw: str, key: bytes) -> bytes:
-        """
-
-        :param raw:
-        :param key:
-        :return: base64 encoded encrypted string
-        """
-        f = Fernet(base64.urlsafe_b64encode(key))
-        token = f.encrypt(bytes(raw, 'utf-8'))
-        return token
-
-
-    # generate a random 128bit key
-    session_key_to_sign = os.urandom(32)
+def encrypt_api_key_with_paramiko_ssh_key_chacha20poly1305(ssh_key: paramiko.AgentKey, api_key: str) -> str:
+    seed_key_to_be_signed = os.urandom(32)
+    signed_seed_key = ssh_key.sign_ssh_data(seed_key_to_be_signed)
+    encryption_key = sha256(signed_seed_key).digest()
 
-    signed_message = ssh_key.sign_ssh_data(session_key_to_sign)
+    nonce = seed_key_to_be_signed[:12]
+    chacha20_object = ChaCha20Poly1305(encryption_key)
 
-    # use SHA256 to hash the signed message and use it as final AES 256 key
-    encryption_key = sha256(signed_message).digest()
-    #print("Encryption key: {}".format(encryption_key.hex()))
-    encrypted_text = encrypt(api_key, encryption_key)
+    encrypted_text = chacha20_object.encrypt(nonce, bytes(api_key, 'utf-8'), ssh_key.get_fingerprint())
 
-    api_key = "$encrypted$:ssh-Fernet:{}:{}:{}".format(base64.urlsafe_b64encode(ssh_key.get_fingerprint()).decode('utf-8'),
-                                                       base64.urlsafe_b64encode(session_key_to_sign).decode('utf-8'),
-                                                       encrypted_text.decode('utf-8'))
+    api_key = "$encrypted$:ssh-ChaCha20Poly1305:{}:{}:{}".format(
+        base64.urlsafe_b64encode(ssh_key.get_fingerprint()).decode('utf-8'),
+        base64.urlsafe_b64encode(seed_key_to_be_signed).decode('utf-8'),
+        base64.urlsafe_b64encode(encrypted_text).decode('utf-8'))
 
     return api_key
 
@@ -251,36 +244,62 @@ def decrypt_api_key_with_paramiko_ssh_key_fernet(encrypted_api_key_payload: str)
     session_key = base64.urlsafe_b64decode(api_key_parts[3])
     encrypted_api_key = api_key_parts[4]
 
-    # find the key in the agent
-    keys = paramiko.Agent().get_keys()
-    found_key = None
-    for key in keys:
-        if key.get_fingerprint() == fingerprint:
-            found_key = key
-            break
-
-    if found_key is None:
+    ssh_key = find_ssh_key_from_fingerprint(fingerprint)
+    if ssh_key is None:
         raise PyloEx("No key found in the agent with fingerprint {}".format(fingerprint.hex()))
 
     # sign the session key
-    signed_session_key = found_key.sign_ssh_data(session_key)
+    signed_session_key = ssh_key.sign_ssh_data(session_key)
     encryption_key = sha256(signed_session_key).digest()
-    #print("Encryption key: {}".format(encryption_key.hex()))
-    #print("Encrypted from KEY fingerprint: {}".format(fingerprint.hex()))
+    # print("Encryption key: {}".format(encryption_key.hex()))
+    # print("Encrypted from KEY fingerprint: {}".format(fingerprint.hex()))
 
     return decrypt(token_b64_encoded=encrypted_api_key,
                    key=encryption_key
                    )
 
+
+def decrypt_api_key_with_paramiko_ssh_key_chacha20poly1305(encrypted_api_key_payload: str) -> str:
+    api_key_parts = encrypted_api_key_payload.split(":")
+    if len(api_key_parts) != 5:
+        raise PyloEx("Invalid encrypted API key format")
+
+    fingerprint = base64.urlsafe_b64decode(api_key_parts[2])
+    seed_key_to_be_signed = base64.urlsafe_b64decode(api_key_parts[3])
+    encrypted_api_key = base64.urlsafe_b64decode(api_key_parts[4])
+
+    ssh_key = find_ssh_key_from_fingerprint(fingerprint)
+    if ssh_key is None:
+        raise PyloEx("No key found in the agent with fingerprint {}".format(fingerprint.hex()))
+
+    signed_session_key = ssh_key.sign_ssh_data(seed_key_to_be_signed)
+    encryption_key = sha256(signed_session_key).digest()
+
+    chacha20_object = ChaCha20Poly1305(encryption_key)
+    nonce = seed_key_to_be_signed[:12]
+
+    return chacha20_object.decrypt(nonce, encrypted_api_key, ssh_key.get_fingerprint()).decode('utf-8')
+
+
 def decrypt_api_key(encrypted_api_key_payload: str) -> str:
     # detect the encryption method
     if not encrypted_api_key_payload.startswith("$encrypted$:"):
         raise PyloEx("Invalid encrypted API key format")
     if encrypted_api_key_payload.startswith("$encrypted$:ssh-Fernet:"):
         return decrypt_api_key_with_paramiko_ssh_key_fernet(encrypted_api_key_payload)
+    elif encrypted_api_key_payload.startswith("$encrypted$:ssh-ChaCha20Poly1305:"):
+        return decrypt_api_key_with_paramiko_ssh_key_chacha20poly1305(encrypted_api_key_payload)
 
     raise PyloEx("Unsupported encryption method: {}".format(encrypted_api_key_payload.split(":")[1]))
 
 
 def is_api_key_encrypted(encrypted_api_key_payload: str) -> bool:
-    return encrypted_api_key_payload.startswith("$encrypted$:")
+    return encrypted_api_key_payload.startswith("$encrypted$:")
+
+
+def find_ssh_key_from_fingerprint(fingerprint: bytes) -> Optional[paramiko.AgentKey]:
+    keys = paramiko.Agent().get_keys()
+    for key in keys:
+        if key.get_fingerprint() == fingerprint:
+            return key
+    return None

illumio_pylo/AgentStore.py

@@ -12,6 +12,9 @@ from typing import *
 
 class VENAgent(pylo.ReferenceTracker):
 
+    __slots__ = ['href', 'owner', 'workload', 'software_version', '_last_heartbeat', '_status_security_policy_sync_state',
+                 '_status_security_policy_applied_at', '_status_rule_count', 'mode', 'raw_json']
+
     def __init__(self, href: str, owner: 'pylo.AgentStore', workload: 'pylo.Workload' = None):
         pylo.ReferenceTracker.__init__(self)
         self.href: str = href

illumio_pylo/IPList.py

@@ -8,13 +8,7 @@ from .Helpers import *
 
 class IPList(pylo.ReferenceTracker):
 
-    """
-    :type owner: IPListStore
-    :type description: str|None
-    :type raw_entries: dict[str,str]
-    """
-    name: str
-    href: str
+    __slots__ = ['owner', 'name', 'href', 'description', 'raw_json', 'raw_entries']
 
     def __init__(self, name: str, href: str, owner: 'pylo.IPListStore', description=None):
         """

illumio_pylo/IPMap.py

@@ -20,6 +20,9 @@ for i in range(32):
 
 
 class IP4Map:
+
+    __slots__ = ['_entries']
+
     def __init__(self):
         self._entries = []
 

illumio_pylo/LabelCommon.py

@@ -5,6 +5,8 @@ from .LabelStore import label_type_role, label_type_env, label_type_loc, label_t
 
 class LabelCommon:
 
+    __slots__ = ['owner', 'name', 'href', 'type']
+
     def __init__(self, name: str, href: str, label_type: str, owner: LabelStore):
         self.owner: LabelStore = owner
         self.name: str = name

illumio_pylo/LabelGroup.py

@@ -8,6 +8,8 @@ from .API.JsonPayloadTypes import LabelGroupObjectJsonStructure
 
 class LabelGroup(pylo.ReferenceTracker, pylo.LabelCommon):
 
+    __slots__ = ['_members_by_href', 'raw_json']
+
     def __init__(self, name: str, href: str, label_type: str, owner):
         pylo.ReferenceTracker.__init__(self)
         pylo.LabelCommon.__init__(self, name, href, label_type, owner)

illumio_pylo/LabelStore.py

@@ -47,6 +47,8 @@ class LabelStore:
                         result.append(label)
             return result
 
+    __slots__ = ['owner', '_items_by_href', 'label_types', 'label_types_as_set', 'label_resolution_cache']
+
     def __init__(self, owner: 'pylo.Organization'):
         self.owner: "pylo.Organization" = owner
         self._items_by_href: Dict[str, Union[pylo.Label, pylo.LabelGroup]] = {}

illumio_pylo/LabeledObject.py

@@ -4,6 +4,8 @@ import illumio_pylo as pylo
 
 class LabeledObject:
 
+    __slots__ = ['_labels']
+
     def __init__(self):
         self._labels: Dict[str, 'pylo.Label'] = {}
 

illumio_pylo/Organization.py

@@ -9,6 +9,9 @@ from .API.CredentialsManager import get_credentials_from_file
 
 class Organization:
 
+    __slots__ = ['id', 'connector', 'LabelStore', 'IPListStore', 'WorkloadStore', 'VirtualServiceStore', 'AgentStore',
+                 'ServiceStore', 'RulesetStore', 'SecurityPrincipalStore', 'pce_version']
+
     def __init__(self, org_id):
         self.id: int = org_id
         self.connector: Optional['pylo.APIConnector'] = None
@@ -58,7 +61,7 @@ class Organization:
         """
         Credentials files will be looked for in the following order:
         1. The path provided in the credential_file argument
-        2. The path provided in the Pylo_CREDENTIAL_FILE environment variable
+        2. The path provided in the PYLO_CREDENTIAL_FILE environment variable
         3. The path ~/.pylo/credentials.json
         4. Current working directory credentials.json
         :param fqdn_or_profile_name:
@@ -71,7 +74,7 @@ class Organization:
         credentials = get_credentials_from_file(fqdn_or_profile_name, credential_file)
 
         connector = pylo.APIConnector(fqdn=credentials.fqdn, port=credentials.port,
-                                      apiuser=credentials.api_user, apikey=credentials.api_key,
+                                      api_user=credentials.api_user, api_key=credentials.api_key,
                                       org_id=credentials.org_id,
                                       skip_ssl_cert_check=not credentials.verify_ssl, name=fqdn_or_profile_name)
 

illumio_pylo/Rule.py

@@ -28,6 +28,9 @@ class RuleApiUpdateStack:
 
 class Rule:
 
+    __slots__ = ['owner', 'description', 'services', 'providers', 'consumers', 'consuming_principals', 'href', 'enabled',
+                 'secure_connect', 'unscoped_consumers', 'stateless', 'machine_auth', 'raw_json', 'batch_update_stack']
+
     def __init__(self, owner: 'Ruleset'):
         self.owner: Ruleset = owner
         self.description: Optional[str] = None
@@ -123,6 +126,9 @@ class Rule:
 
 
 class RuleSecurityPrincipalContainer(pylo.Referencer):
+
+    __slots__ = ['owner', '_items']
+
     def __init__(self, owner: 'pylo.Rule'):
         Referencer.__init__(self)
         self.owner = owner
@@ -140,6 +146,9 @@ class RuleSecurityPrincipalContainer(pylo.Referencer):
 
 
 class DirectServiceInRule:
+
+    __slots__ = ['protocol', 'port', 'to_port']
+
     def __init__(self, proto: int, port: int = None, toport: int = None):
         self.protocol = proto
         self.port = port
@@ -245,6 +254,9 @@ class DirectServiceInRule:
 
 
 class RuleServiceContainer(pylo.Referencer):
+
+    __slots__ = ['owner', '_items', '_direct_services', '_cached_port_map']
+
     def __init__(self, owner: 'pylo.Rule'):
         Referencer.__init__(self)
         self.owner = owner
@@ -380,6 +392,9 @@ class RuleServiceContainer(pylo.Referencer):
 
 
 class RuleHostContainer(pylo.Referencer):
+
+    __slots__ = ['owner', '_items', 'name', '_hasAllWorkloads']
+
     def __init__(self, owner: 'pylo.Rule', name: str):
         Referencer.__init__(self)
         self.owner = owner

illumio_pylo/Ruleset.py

@@ -10,6 +10,8 @@ ruleset_id_extraction_regex = re.compile(r"^/orgs/([0-9]+)/sec_policy/([0-9]+)?(
 
 class RulesetScope:
 
+    __slots__ = ['owner', 'scope_entries']
+
     def __init__(self, owner: 'pylo.Ruleset'):
         self.owner: 'pylo.Ruleset' = owner
         self.scope_entries: Dict['pylo.RulesetScopeEntry', 'pylo.RulesetScopeEntry'] = {}
@@ -39,6 +41,8 @@ class RulesetScope:
 
 class RulesetScopeEntry:
 
+    __slots__ = ['owner', '_labels']
+
     def __init__(self, owner: 'pylo.RulesetScope'):
         self.owner: pylo.RulesetScope = owner
         self._labels: Dict[str, Union['pylo.Label', 'pylo.LabelGroup']] = {}
@@ -144,6 +148,8 @@ class RulesetScopeEntry:
 
 class Ruleset:
 
+    __slots__ = ['owner', 'href', 'name', 'description', 'scopes', '_rules_by_href', '_rules', 'disabled']
+
     def __init__(self, owner: 'pylo.RulesetStore'):
         self.owner: 'pylo.RulesetStore' = owner
         self.href: Optional[str] = None

illumio_pylo/RulesetStore.py

@@ -7,6 +7,8 @@ from .Helpers import nice_json
 
 class RulesetStore:
 
+    __slots__ = ['owner', '_items_by_href']
+
     def __init__(self, owner: 'pylo.Organization'):
         self.owner: pylo.Organization = owner
         self._items_by_href: Dict[str, 'pylo.Ruleset'] = {}

illumio_pylo/SecurityPrincipal.py

@@ -5,6 +5,9 @@ from illumio_pylo import log
 
 
 class SecurityPrincipal(pylo.ReferenceTracker):
+
+    __slots__ = ['owner', 'name', 'href', 'sid', 'deleted', 'raw_json']
+
     def __init__(self, name: str, href: str, owner: 'pylo.SecurityPrincipalStore'):
         pylo.ReferenceTracker.__init__(self)
         self.owner: 'pylo.SecurityPrincipalStore' = owner

illumio_pylo/Service.py

@@ -6,6 +6,9 @@ from typing import *
 
 
 class PortMap:
+
+    __slots__ = ['_tcp_map', '_udp_map', '_protocol_map']
+
     def __init__(self):
         self._tcp_map: List[List[2]] = []  # [start, end]
         self._udp_map: List[List[2]] = []  # [start, end]
@@ -99,6 +102,9 @@ class PortMap:
 
 
 class ServiceEntry:
+
+    __slots__ = ['protocol', 'port', 'to_port', 'icmp_code', 'icmp_type']
+
     def __init__(self, protocol: int, port: int = None, to_port: Optional[int] = None, icmp_code: Optional[int] = None,
                  icmp_type: Optional[int] = None):
         self.protocol = protocol
@@ -160,6 +166,8 @@ class ServiceEntry:
 
 class Service(pylo.ReferenceTracker):
 
+    __slots__ = ['name', 'href', 'owner', 'entries', 'description', 'processName', 'deleted', 'raw_json']
+
     def __init__(self, name: str, href: str, owner: 'pylo.ServiceStore'):
         pylo.ReferenceTracker.__init__(self)
 

illumio_pylo/SoftwareVersion.py

@@ -6,9 +6,7 @@ version_regex = re.compile(r"^(?P<major>[0-9]+)\.(?P<middle>[0-9]+)\.(?P<minor>[
 
 class SoftwareVersion:
 
-    """
-    :type version_string: str
-    """
+    __slots__ = ['version_string', 'is_unknown', 'major', 'middle', 'minor', 'build']
 
     def __init__(self, version_string: str):
         self.version_string = version_string

illumio_pylo/VirtualService.py

@@ -4,6 +4,9 @@ import illumio_pylo as pylo
 
 
 class VirtualService(pylo.ReferenceTracker):
+
+    __slots__ = ['owner', 'name', 'href', 'raw_json']
+
     def __init__(self, name: str, href: str, owner: 'pylo.VirtualServiceStore'):
         pylo.ReferenceTracker.__init__(self)
         self.owner = owner

illumio_pylo/VirtualServiceStore.py

@@ -6,6 +6,8 @@ from .API.JsonPayloadTypes import VirtualServiceObjectJsonStructure
 
 class VirtualServiceStore:
 
+    __slots__ = ['owner', 'items_by_href', 'itemsByName']
+
     def __init__(self, owner: 'pylo.Organization'):
         self.owner: 'pylo.Organization' = owner
         self.items_by_href: Dict[str, 'pylo.VirtualService'] = {}

illumio_pylo/Workload.py

@@ -47,6 +47,9 @@ class WorkloadApiUpdateStack:
 
 class Workload(pylo.ReferenceTracker, pylo.Referencer, LabeledObject):
 
+    __slots__ = ['owner', 'name', 'href', 'forced_name', 'hostname', 'description', 'interfaces', 'online', 'os_id',
+                 'os_detail', 'ven_agent', 'unmanaged', 'temporary', 'deleted', 'raw_json', '_batch_update_stack']
+
     def __init__(self, name: str, href: str, owner: 'pylo.WorkloadStore'):
         ReferenceTracker.__init__(self)
         Referencer.__init__(self)

illumio_pylo/WorkloadStore.py

@@ -10,6 +10,8 @@ from .WorkloadStoreSubClasses import UnmanagedWorkloadDraft, UnmanagedWorkloadDr
 
 class WorkloadStore:
 
+    __slots__ = ['owner', 'itemsByHRef']
+
     def __init__(self, owner: 'Organization'):
         self.owner: Organization = owner
         self.itemsByHRef: Dict[str, Workload] = {}

illumio_pylo/WorkloadStoreSubClasses.py

@@ -66,6 +66,7 @@ class CreationTracker:
     workload: Optional[pylo.Workload] = None
     workload_href: Optional[str] = None
 
+
 class UnmanagedWorkloadDraftMultiCreatorManager:
     def __init__(self, owner: 'pylo.WorkloadStore'):
 

illumio_pylo/__init__.py

@@ -1,7 +1,5 @@
-__version__ = "0.3.3"
+__version__ = "0.3.5"
 
-import os
-import sys
 from typing import Callable
 
 from .tmp import *
@@ -43,7 +41,7 @@ def get_organization(fqdn: str, port: int, api_user: str, api_key: str,
     """
     Load an organization from the API with parameters provided as arguments.
     """
-    api = APIConnector(fqdn=fqdn, port=port, apiuser=api_user, apikey=api_key, org_id=organization_id,
+    api = APIConnector(fqdn=fqdn, port=port, api_user=api_user, api_key=api_key, org_id=organization_id,
                        skip_ssl_cert_check=not verify_ssl)
     org = Organization(1)
     org.load_from_api(api, include_deleted_workloads=include_deleted_workloads,
@@ -60,7 +58,7 @@ def get_organization_using_credential_file(fqdn_or_profile_name: str = None,
     """
     Credentials files will be looked for in the following order:
     1. The path provided in the credential_file argument
-    2. The path provided in the Pylo_CREDENTIAL_FILE environment variable
+    2. The path provided in the PYLO_CREDENTIAL_FILE environment variable
     3. The path ~/.pylo/credentials.json
     4. Current working directory credentials.json
     :param fqdn_or_profile_name:
@@ -77,7 +75,6 @@ def get_organization_using_credential_file(fqdn_or_profile_name: str = None,
                                                            callback_api_objects_downloaded=callback_api_objects_downloaded)
 
 
-
 ignoreWorkloadsWithSameName = True
 
 objectNotFound = object()

illumio_pylo/cli/commands/credential_manager.py

@@ -9,8 +9,9 @@ import paramiko
 import illumio_pylo as pylo
 import click
 from illumio_pylo.API.CredentialsManager import get_all_credentials, create_credential_in_file, CredentialFileEntry, \
-    create_credential_in_default_file, encrypt_api_key_with_paramiko_ssh_key_fernet, decrypt_api_key_with_paramiko_ssh_key_fernet, \
-    get_credentials_from_file
+    create_credential_in_default_file,  \
+    get_credentials_from_file, encrypt_api_key_with_paramiko_ssh_key_chacha20poly1305, \
+    decrypt_api_key_with_paramiko_ssh_key_chacha20poly1305, decrypt_api_key_with_paramiko_ssh_key_fernet
 
 from illumio_pylo import log
 from . import Command
@@ -28,7 +29,6 @@ def fill_parser(parser: argparse.ArgumentParser):
     test_parser.add_argument('--name', required=False, type=str, default=None,
                              help='Name of the credential profile to test')
 
-
     create_parser = sub_parser.add_parser('create', help='Create a new credential')
     create_parser.add_argument('--name', required=False, type=str, default=None,
                      help='Name of the credential')
@@ -46,20 +46,18 @@ def fill_parser(parser: argparse.ArgumentParser):
 
 def __main(args, **kwargs):
     if args['sub_command'] == 'list':
+        table = PrettyTable(field_names=["Name", "URL", "API User", "Originating File"])
+        # all should be left justified
+        table.align = "l"
+
         credentials = get_all_credentials()
         # sort credentials by name
         credentials.sort(key=lambda x: x.name)
 
-        # print credentials in a nice table
-        table_template = " {:<19} {:<40} {:<22} {:<25}"
-        print(table_template.format("Name", "URL", "API User", "Originating File"))
-
         for credential in credentials:
-            print(table_template.format(credential.name,
-                                        credential.fqdn + ':' + str(credential.port),
-                                        credential.api_user,
-                                        credential.originating_file)
-                  )
+            table.add_row([credential.name, credential.fqdn, credential.api_user, credential.originating_file])
+
+        print(table)
 
     elif args['sub_command'] == 'create':
 
@@ -136,10 +134,11 @@ def __main(args, **kwargs):
                                                       selected_ssh_key.get_fingerprint().hex(),
                                                       selected_ssh_key.comment))
             print(" * encrypting API key with selected key (you may be prompted by your SSH agent for confirmation or PIN code) ...", flush=True, end="")
-            encrypted_api_key = encrypt_api_key_with_paramiko_ssh_key_fernet(ssh_key=selected_ssh_key, api_key=api_key)
+            # encrypted_api_key = encrypt_api_key_with_paramiko_ssh_key_fernet(ssh_key=selected_ssh_key, api_key=api_key)
+            encrypted_api_key = encrypt_api_key_with_paramiko_ssh_key_chacha20poly1305(ssh_key=selected_ssh_key, api_key=api_key)
             print("OK!")
             print(" * trying to decrypt the encrypted API key...", flush=True, end="")
-            decrypted_api_key = decrypt_api_key_with_paramiko_ssh_key_fernet(encrypted_api_key_payload=encrypted_api_key)
+            decrypted_api_key = decrypt_api_key_with_paramiko_ssh_key_chacha20poly1305(encrypted_api_key_payload=encrypted_api_key)
             if decrypted_api_key != api_key:
                 raise pylo.PyloEx("Decrypted API key does not match original API key")
             print("OK!")

illumio_pylo/tmp.py

@@ -37,14 +37,33 @@ def find_connector_or_die(obj) -> 'pylo.APIConnector':
     :param obj:
     :return:
     """
-    connector = obj.__dict__.get('connector')  # type: pylo.APIConnector
-    if connector is None:
-        owner = obj.__dict__.get('owner')
-        if owner is None:
-            raise Exception("Could not find a Connector object")
-        return find_connector_or_die(owner)
-
-    return connector
+
+    connector = None
+
+    # check if object has a __dict__ attribute
+    if not hasattr(obj, '__dict__'):
+        # check if it's in __slots__
+        if hasattr(obj, '__slots__'):
+            if 'connector' in obj.__slots__:
+                connector = obj.__getattribute__('connector')
+                if connector is not None:
+                    return connector
+                raise Exception("Could not find a Connector object")
+            if 'owner' in obj.__slots__:
+                owner = obj.__getattribute__('owner')
+                if owner is None:
+                    raise Exception("Could not find a Connector object")
+                return find_connector_or_die(owner)
+        raise Exception("Could not find a Connector object")
+    else:
+        connector = obj.__dict__.get('connector')  # type: pylo.APIConnector
+        if connector is None:
+            owner = obj.__dict__.get('owner')
+            if owner is None:
+                raise Exception("Could not find a Connector object")
+            return find_connector_or_die(owner)
+
+        return connector
 
 
 class IDTranslationTable:

{illumio_pylo-0.3.3.dist-info → illumio_pylo-0.3.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: illumio_pylo
-Version: 0.3.3
+Version: 0.3.5
 Summary: A set of tools and library for working with Illumio PCE
 Home-page: https://github.com/cpainchaud/pylo
 Author: Christophe Painchaud

{illumio_pylo-0.3.3.dist-info → illumio_pylo-0.3.5.dist-info}/RECORD

@@ -1,32 +1,32 @@
-illumio_pylo/AgentStore.py,sha256=O4dz9m0KM0TQPZvvEMoD_5pCkMvQ70YVDaWqbqqhR4k,5091
+illumio_pylo/AgentStore.py,sha256=7xWpjGJHK5Xp69M-WzqcDeC1WMLCeMii1D_hh6xVqb4,5312
 illumio_pylo/Exception.py,sha256=3lxS-ANBaEvHAKhDb8UzNLj5IpQBmRHNs4YkHONmQjs,1033
-illumio_pylo/IPList.py,sha256=XljZM4AHjM59PoR0bPLoJDVjLFJGVjewF91GwXV29UY,4501
-illumio_pylo/IPMap.py,sha256=2xCU0BD6Zc5yWgemn6Q0jNgs0owzp7TCyh6sVRLMf5U,10232
+illumio_pylo/IPList.py,sha256=XvvE__qMISOrfHxM18tuLCv_fVWe_d3eb1eck3cEFvQ,4443
+illumio_pylo/IPMap.py,sha256=x8t4eeX0DDYRAoofjL7eeA9hkmQ6v7H0h7iRFHSye-w,10263
 illumio_pylo/Label.py,sha256=sn6qNFo8Etdl0lUYRoSp_VC0mJymuFJpQ99x9vAwKSY,835
-illumio_pylo/LabelCommon.py,sha256=2HzljD2xJSBjf4Ywxk8JpBQQfbiZILCMV_Mj_EATIGk,1500
-illumio_pylo/LabelGroup.py,sha256=bVXvONHwR44GkF-9S19Fs2cnc4g8IW42VjyKi7QXmvQ,2624
-illumio_pylo/LabelStore.py,sha256=_feA5HdrfnOgcWStBToesu1S2ymHQKEKEG2Ygcadh9g,19809
-illumio_pylo/LabeledObject.py,sha256=zXIFcHtuvgxhu93htxiWtHoJ_mMWfSSdOBRNlEiXej0,1991
-illumio_pylo/Organization.py,sha256=MeESA6HuU0HzzkIKbj1NW_wzkarq30ptsCiffD1lm2M,12379
+illumio_pylo/LabelCommon.py,sha256=MKdhxKKz6CTrAzI9f9YjtU_gf8G2QVprInNR_vCQ7OA,1551
+illumio_pylo/LabelGroup.py,sha256=ZPC3xBLJUEhStyBTMB3fTTcEi8Z4CDjHUwnq_T-8p5Y,2674
+illumio_pylo/LabelStore.py,sha256=bZjfCs4EZkY4SE5yI37_kshn24-DVhh2tn4YqS965OE,19917
+illumio_pylo/LabeledObject.py,sha256=MsXoe3olAntxIvwAzXaPeOrnJQ_lHXIXAFNsB0lNBAk,2020
+illumio_pylo/Organization.py,sha256=4IvTgJ27kFndBvwsWhcfZxuJ0PZvHH7pFGH4CMP83lE,12591
 illumio_pylo/Query.py,sha256=lgLjst41ma3HMVkngvTjL7zSLjh80RoXYL5vS3PWO7Q,13330
 illumio_pylo/ReferenceTracker.py,sha256=HyY0NwZwOdAzSXJrs6i6dhB_kgn1tidZL5LFLLkPuSM,1070
-illumio_pylo/Rule.py,sha256=jPU0hj8BDv2t-keL3NCK6NEd-kYSRkjwtzdo1xWiC5E,26352
-illumio_pylo/Ruleset.py,sha256=G-YrxHRovECDV0TVOLOJyRbMtlgSNmqiq4jMwR3175A,11711
-illumio_pylo/RulesetStore.py,sha256=wJLAKi32y-YiI8NLWWa_Ykrn54AQDcLz3rRlvTGUToI,3379
-illumio_pylo/SecurityPrincipal.py,sha256=8c7VYirJvByjW4r8Vz4NYHXlGYawOVE6YHDpizSIIO4,2280
-illumio_pylo/Service.py,sha256=CKj5VHjkvy7YL18afHqgJl-Qole7s1NWoah3rWHm6Zw,8280
-illumio_pylo/SoftwareVersion.py,sha256=Wg8Mi7vcoL9JgFSRo3i5aiX_OkUIU3ahmgLUrzJ9JYw,4348
-illumio_pylo/VirtualService.py,sha256=KAKE4iWuNmOumGradR2vwZxZ_3iiZg4pBST5ixCZSng,561
-illumio_pylo/VirtualServiceStore.py,sha256=b6bcMixq0Vfv7WjQTQnFHGCv_Mld7sOfvGi4NtFAMQ4,3057
-illumio_pylo/Workload.py,sha256=OIrP2TVFpCjQdjMYPdHkZHcKRszZ2hPnj4uRhI6d8EI,19677
-illumio_pylo/WorkloadStore.py,sha256=08FKIk9fubsaHy_-m2a0Io5sO_V9jmTa40-L3vyemRc,10947
-illumio_pylo/WorkloadStoreSubClasses.py,sha256=tK7s-7s5wRf9SHv3T00EOzgv4gX8gPIM77KBubCzBuo,6092
-illumio_pylo/__init__.py,sha256=xFZtrDXJzFs2mvE4B3udeNXJnu2o953tYyqsHCGSX1g,4192
-illumio_pylo/tmp.py,sha256=7PIn11aYfoxed7tjG_I1iZmiacn4TxZPihs7qD7f4DI,3123
-illumio_pylo/API/APIConnector.py,sha256=ksStxXka8a5gATM6GKb7foMLZZtBRAleuWJI96ioFoI,60494
+illumio_pylo/Rule.py,sha256=LUMNyHtbOWF207DSuD1Dy_X4Oo6eD_VQ1uQA3jqEMmE,26827
+illumio_pylo/Ruleset.py,sha256=c3mPoibfYroEtV4njBRux3R33772l2z8SDJnZcA_Jhc,11901
+illumio_pylo/RulesetStore.py,sha256=KgTjE-TXIbvzjxusadijpMKY2ySX3DZAwOk3e4GChmk,3424
+illumio_pylo/SecurityPrincipal.py,sha256=gASMxmNFDjfbfqJp0igmLeRpi03XLzGjbL-Ric_RGW4,2354
+illumio_pylo/Service.py,sha256=qyUWvYFtTpJzZMVkppvxnBFFbeQf9bow_K3OBFiEdZ4,8523
+illumio_pylo/SoftwareVersion.py,sha256=H_5WM42ObUkVtuxVWak30KMbEuar567k33E6pb83Zbo,4388
+illumio_pylo/VirtualService.py,sha256=K1GT8pzkMOYkD4ZEwDkdriLOAUFAr0oCYNErJAMy9Ck,617
+illumio_pylo/VirtualServiceStore.py,sha256=MNTwo1cvteUuID6JniWUk5oRHQHGY4OwrWvFaRXDuuk,3116
+illumio_pylo/Workload.py,sha256=9kZHawayQQ_L-OBzyuuDcViWSa7HzDKEfPtcSHMsInw,19910
+illumio_pylo/WorkloadStore.py,sha256=3C6SMU0wRlet6C6UVbjkYNsTY7vkyK_ZwqM1dlCBpsQ,10989
+illumio_pylo/WorkloadStoreSubClasses.py,sha256=4GBb5sXan38Y5OE7O6aAR-IZrZJar0mYE44FbCSb3_k,6093
+illumio_pylo/__init__.py,sha256=GmWEv5NapzQB7NgvF1pnLwBlFy7ybFXSZCFkv88p4g4,4172
+illumio_pylo/tmp.py,sha256=DYlm07YEP6Nm5qScByfTloGi7TGaN9WtklSqeVROPik,3913
+illumio_pylo/API/APIConnector.py,sha256=GxINSxd_6QdH0FLfJyh2OIXwGNwkrnXkz-ioY0Nj_lc,60633
 illumio_pylo/API/AuditLog.py,sha256=p0mfjrE5S8qoJgA5LIP_XGFBP3iL86Nl6BQEmhMVrPA,1533
 illumio_pylo/API/ClusterHealth.py,sha256=GdMpVQrHUW4zLM-409GcPHM8H8b3LAppO37ZcUZyT_Q,5122
-illumio_pylo/API/CredentialsManager.py,sha256=gGx63cEm4tnf4xLrmP5LAlDuEGlRjfuvOqut3xUl8i8,11030
+illumio_pylo/API/CredentialsManager.py,sha256=-7c9_2VBJ_7zttBd6aa9K8YZ1iZmuQGAURVAy2jPopQ,12166
 illumio_pylo/API/Explorer.py,sha256=fFAIF-67_uuKgJOP0eZPPJrOGuYmFl33GK75AyMjgJU,47590
 illumio_pylo/API/JsonPayloadTypes.py,sha256=9gql3-tn3cu1qmpOD_JcPCX5b594eOKDgVhTqHu6CsQ,7984
 illumio_pylo/API/RuleSearchQuery.py,sha256=O0-MsUXhwmywoO0G-GXnLq6kkVC9LgmxMZwqVKc_oJE,5325
@@ -38,7 +38,7 @@ illumio_pylo/cli/NativeParsers.py,sha256=nzDL54EV0J-Iz0P9EkeiPl6DWQBSbCu-MpEPRad
 illumio_pylo/cli/__init__.py,sha256=UuZ2KamgIpvfYE1FXilm_THHAvXimdUcvGb3Jrbjfhc,7737
 illumio_pylo/cli/__main__.py,sha256=ll1gK8k1YL_kPsImI7WVlw2sCyNyhocnuCqko6mGaYI,223
 illumio_pylo/cli/commands/__init__.py,sha256=yoVkXy-qBGiAAziWiayJdjcclx1WTayShXSPqHelcWA,1489
-illumio_pylo/cli/commands/credential_manager.py,sha256=nChEuE7jewCzVNH2dXn3VspsfPmplZO-TjXLt07h7MA,9613
+illumio_pylo/cli/commands/credential_manager.py,sha256=YHu8xb2ejOwt6FVkz6kfeP7mhhL85Vc4yU818iyE_3A,9638
 illumio_pylo/cli/commands/iplist_analyzer.py,sha256=vOl6fNd0HrUKnKXtY1sj7jeyx2GtuDZENV7mF79O7yU,3714
 illumio_pylo/cli/commands/iplist_import_from_file.py,sha256=XvC-GlJyjA4dDPzfvGoBFtwelI9g_rQqGzgKgqMYcsI,8284
 illumio_pylo/cli/commands/ruleset_export.py,sha256=E64oYgGKI1Ry382DqV1gT4IlsLdd55QTqdInXlL9EPU,5896
@@ -65,8 +65,8 @@ illumio_pylo/utilities/resources/iplists-import-example.xlsx,sha256=VW-7CRr8NA2V
 illumio_pylo/utilities/resources/workload-exporter-filter-example.csv,sha256=cn5IA8AGEPjvS-EsPXA_GJ-LFsdF9t_44rSzFTCmAzE,36
 illumio_pylo/utilities/resources/workloads-import-example.csv,sha256=DEOGVikFjxQpMFFI0l0jb3hrxEEeZCpTGkmWkz6GUcY,91
 illumio_pylo/utilities/resources/workloads-import-example.xlsx,sha256=U8Ac2BZidA6NlvBFAVPHqeY5zmg3rjmIAXp5b3b1P5w,17101
-illumio_pylo-0.3.3.dist-info/LICENSE,sha256=WYmcYJG1QFgu1hfo7qrEkZ3Jhcz8NUWe6XUraZvlIFs,10172
-illumio_pylo-0.3.3.dist-info/METADATA,sha256=cXr1ZrhFl1rQTJgE_0IFxb1okrSPSS0mNeqVS1XmHrs,12224
-illumio_pylo-0.3.3.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-illumio_pylo-0.3.3.dist-info/top_level.txt,sha256=c5cu_ZMuSuxjq48ih58Kc0Tr8-JdQtV8GrKJicvWNFE,13
-illumio_pylo-0.3.3.dist-info/RECORD,,
+illumio_pylo-0.3.5.dist-info/LICENSE,sha256=WYmcYJG1QFgu1hfo7qrEkZ3Jhcz8NUWe6XUraZvlIFs,10172
+illumio_pylo-0.3.5.dist-info/METADATA,sha256=NMRToIIoGNsxKDzjMrEuBXs9gxVwCfpVbYBlpHD9JmM,12224
+illumio_pylo-0.3.5.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+illumio_pylo-0.3.5.dist-info/top_level.txt,sha256=c5cu_ZMuSuxjq48ih58Kc0Tr8-JdQtV8GrKJicvWNFE,13
+illumio_pylo-0.3.5.dist-info/RECORD,,