pangea-sdk 3.1.0__py3-none-any.whl → 3.3.0__py3-none-any.whl

pangea/services/audit/audit.py

@@ -2,14 +2,18 @@
 # Author: Pangea Cyber Corporation
 import datetime
 import json
-from typing import Any, Dict, Optional, Union
+from typing import Any, Dict, List, Optional, Union
 
+import pangea.exceptions as pexc
 from pangea.response import PangeaResponse
 from pangea.services.audit.exceptions import AuditException, EventCorruption
 from pangea.services.audit.models import (
     Event,
     EventEnvelope,
     EventVerification,
+    LogBulkRequest,
+    LogBulkResult,
+    LogEvent,
     LogRequest,
     LogResult,
     PublishedRoot,
@@ -56,7 +60,29 @@ class AuditBase:
         self.prev_unpublished_root_hash: Optional[str] = None
         self.tenant_id = tenant_id
 
-    def _pre_log_process(self, event: dict, sign_local: bool, verify: bool, verbose: bool) -> LogRequest:
+    def _get_log_request(
+        self, events: Union[dict, List[dict]], sign_local: bool, verify: bool, verbose: Optional[bool]
+    ) -> Union[LogRequest, LogBulkResult]:
+        if isinstance(events, list):
+            request_events: List[LogEvent] = []
+            for e in events:
+                request_events.append(self._process_log(e, sign_local=sign_local))
+
+            input = LogBulkRequest(events=request_events, verbose=verbose)
+
+        elif isinstance(events, dict):
+            log = self._process_log(events, sign_local=sign_local)
+            input = LogRequest(event=log.event, signature=log.signature, public_key=log.public_key)
+            input.verbose = True if verify else verbose
+            if verify and self.prev_unpublished_root_hash:
+                input.prev_root = self.prev_unpublished_root_hash
+
+        else:
+            raise AttributeError(f"events should be a dict or a list[dict] and it is {type(events)}")
+
+        return input
+
+    def _process_log(self, event: dict, sign_local: bool) -> LogEvent:
         if event.get("tenant_id", None) is None and self.tenant_id:
             event["tenant_id"] = self.tenant_id
 
@@ -66,70 +92,60 @@ class AuditBase:
         if sign_local is True and self.signer is None:
             raise AuditException("Error: the `signing` parameter set, but `signer` is not configured")
 
-        input = LogRequest(event=event, verbose=verbose)
-
+        signature = None
+        pki = None
         if sign_local is True:
             data2sign = canonicalize_event(event)
             signature = self.signer.sign(data2sign)
-            if signature is not None:
-                input.signature = signature
-            else:
+            if signature is None:
                 raise AuditException("Error: failure signing message")
 
             # Add public key value to public key info and serialize
-            self._set_public_key(input, self.signer, self.public_key_info)
-
-        if verify:
-            input.verbose = True
-            if self.prev_unpublished_root_hash:
-                input.prev_root = self.prev_unpublished_root_hash
+            pki = self._get_public_key_info(self.signer, self.public_key_info)
 
-        return input
-
-    def handle_log_response(self, response: PangeaResponse, verify: bool) -> PangeaResponse[LogResult]:
-        if not response.success:
-            return response
+        return LogEvent(event=event, signature=signature, public_key=pki)
 
-        new_unpublished_root_hash = response.result.unpublished_root
+    def _process_log_result(self, result: LogResult, verify: bool):
+        new_unpublished_root_hash = result.unpublished_root
 
         if verify:
-            if response.result.envelope:
+            if result.envelope:
                 # verify event hash
-                if response.result.hash and not verify_envelope_hash(response.result.envelope, response.result.hash):
+                if result.hash and not verify_envelope_hash(result.envelope, result.hash):
                     # it's a extreme case, it's OK to raise an exception
-                    raise EventCorruption("Error: Event hash failed.", response.result.envelope)
+                    raise EventCorruption("Error: Event hash failed.", result.envelope)
 
-                response.result.signature_verification = self.verify_signature(response.result.envelope)
+                result.signature_verification = self.verify_signature(result.envelope)
 
             if new_unpublished_root_hash:
-                if response.result.membership_proof is not None:
+                if result.membership_proof is not None:
                     # verify membership proofs
-                    membership_proof = decode_membership_proof(response.result.membership_proof)
+                    membership_proof = decode_membership_proof(result.membership_proof)
                     if verify_membership_proof(
-                        node_hash=decode_hash(response.result.hash),
+                        node_hash=decode_hash(result.hash),
                         root_hash=decode_hash(new_unpublished_root_hash),
                         proof=membership_proof,
                     ):
-                        response.result.membership_verification = EventVerification.PASS
+                        result.membership_verification = EventVerification.PASS
                     else:
-                        response.result.membership_verification = EventVerification.FAIL
+                        result.membership_verification = EventVerification.FAIL
 
                 # verify consistency proofs (following events)
-                if response.result.consistency_proof is not None and self.prev_unpublished_root_hash:
-                    consistency_proof = decode_consistency_proof(response.result.consistency_proof)
+                if result.consistency_proof is not None and self.prev_unpublished_root_hash:
+                    consistency_proof = decode_consistency_proof(result.consistency_proof)
                     if verify_consistency_proof(
                         new_root=decode_hash(new_unpublished_root_hash),
                         prev_root=decode_hash(self.prev_unpublished_root_hash),
                         proof=consistency_proof,
                     ):
-                        response.result.consistency_verification = EventVerification.PASS
+                        result.consistency_verification = EventVerification.PASS
                     else:
-                        response.result.consistency_verification = EventVerification.FAIL
+                        result.consistency_verification = EventVerification.FAIL
 
         # Update prev unpublished root
         if new_unpublished_root_hash:
             self.prev_unpublished_root_hash = new_unpublished_root_hash
-        return response
+        return
 
     def handle_results_response(
         self, response: PangeaResponse[SearchResultOutput], verify_consistency: bool = False, verify_events: bool = True
@@ -348,12 +364,10 @@ class AuditBase:
         else:
             return EventVerification.NONE
 
-    def _set_public_key(self, input: LogRequest, signer: Signer, public_key_info: Dict[str, str]):
+    def _get_public_key_info(self, signer: Signer, public_key_info: Dict[str, str]):
         public_key_info["key"] = signer.get_public_key_PEM()
         public_key_info["algorithm"] = signer.get_algorithm()
-        input.public_key = json.dumps(
-            public_key_info, ensure_ascii=False, allow_nan=False, separators=(",", ":"), sort_keys=True
-        )
+        return json.dumps(public_key_info, ensure_ascii=False, allow_nan=False, separators=(",", ":"), sort_keys=True)
 
 
 class Audit(ServiceBase, AuditBase):
@@ -444,16 +458,13 @@ class Audit(ServiceBase, AuditBase):
             A PangeaResponse where the hash of event data and optional verbose
                 results are returned in the response.result field.
                 Available response fields can be found in our
-                [API documentation](https://pangea.cloud/docs/api/audit#log-an-entry).
+                [API documentation](https://pangea.cloud/docs/api/audit#/v1/log).
 
         Examples:
-            try:
-                log_response = audit.log(message="Hello world", verbose=False)
-                print(f"Response. Hash: {log_response.result.hash}")
-            except pe.PangeaAPIException as e:
-                print(f"Request Error: {e.response.summary}")
-                for err in e.errors:
-                    print(f"\\t{err.detail} \\n")
+            log_response = audit.log(
+                message="hello world",
+                verbose=True,
+            )
         """
 
         event = Event(
@@ -481,6 +492,7 @@ class Audit(ServiceBase, AuditBase):
         Log an entry
 
         Create a log entry in the Secure Audit Log.
+
         Args:
             event (dict[str, Any]): event to be logged
             verify (bool, optional): True to verify logs consistency after response.
@@ -493,11 +505,11 @@ class Audit(ServiceBase, AuditBase):
         Returns:
             A PangeaResponse where the hash of event data and optional verbose
                 results are returned in the response.result field.
-                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/audit#log-an-entry).
+                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/audit#/v1/log).
 
         Examples:
             try:
-                log_response = audit.log({"message"="Hello world"}, verbose=False)
+                log_response = audit.log({"message": "hello world"}, verbose=True)
                 print(f"Response. Hash: {log_response.result.hash}")
             except pe.PangeaAPIException as e:
                 print(f"Request Error: {e.response.summary}")
@@ -505,9 +517,98 @@ class Audit(ServiceBase, AuditBase):
                     print(f"\\t{err.detail} \\n")
         """
 
-        input = self._pre_log_process(event, sign_local=sign_local, verify=verify, verbose=verbose)
+        input = self._get_log_request(event, sign_local=sign_local, verify=verify, verbose=verbose)
         response = self.request.post("v1/log", LogResult, data=input.dict(exclude_none=True))
-        return self.handle_log_response(response, verify=verify)
+        if response.success:
+            self._process_log_result(response.result, verify=verify)
+        return response
+
+    def log_bulk(
+        self,
+        events: List[Dict[str, Any]],
+        sign_local: bool = False,
+        verbose: Optional[bool] = None,
+    ) -> PangeaResponse[LogBulkResult]:
+        """
+        Log multiple entries
+
+        Create multiple log entries in the Secure Audit Log.
+
+        OperationId: audit_post_v2_log
+
+        Args:
+            events (List[dict[str, Any]]): events to be logged
+            sign_local (bool, optional): True to sign event with local key.
+            verbose (bool, optional): True to get a more verbose response.
+        Raises:
+            AuditException: If an audit based api exception happens
+            PangeaAPIException: If an API Error happens
+
+        Returns:
+            A PangeaResponse where the hash of event data and optional verbose
+                results are returned in the response.result field.
+                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/audit#/v2/log).
+
+        Examples:
+            log_response = audit.log_bulk(
+                events=[{"message": "hello world"}],
+                verbose=True,
+            )
+        """
+
+        input = self._get_log_request(events, sign_local=sign_local, verify=False, verbose=verbose)
+        response = self.request.post("v2/log", LogBulkResult, data=input.dict(exclude_none=True))
+
+        if response.success:
+            for result in response.result.results:
+                self._process_log_result(result, verify=True)
+        return response
+
+    def log_bulk_async(
+        self,
+        events: List[Dict[str, Any]],
+        sign_local: bool = False,
+        verbose: Optional[bool] = None,
+    ) -> PangeaResponse[LogBulkResult]:
+        """
+        Log multiple entries asynchronously
+
+        Asynchronously create multiple log entries in the Secure Audit Log.
+
+        Args:
+            events (List[dict[str, Any]]): events to be logged
+            sign_local (bool, optional): True to sign event with local key.
+            verbose (bool, optional): True to get a more verbose response.
+        Raises:
+            AuditException: If an audit based api exception happens
+            PangeaAPIException: If an API Error happens
+
+        Returns:
+            A PangeaResponse where the hash of event data and optional verbose
+                results are returned in the response.result field.
+                Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/audit#/v2/log_async).
+
+        Examples:
+            log_response = audit.log_bulk_async(
+                events=[{"message": "hello world"}],
+                verbose=True,
+            )
+        """
+
+        input = self._get_log_request(events, sign_local=sign_local, verify=False, verbose=verbose)
+
+        try:
+            # Calling to v2 methods will return always a 202.
+            response = self.request.post(
+                "v2/log_async", LogBulkResult, data=input.dict(exclude_none=True), poll_result=False
+            )
+        except pexc.AcceptedRequestException as e:
+            return e.response
+
+        if response.success:
+            for result in response.result.results:
+                self._process_log_result(result, verify=True)
+        return response
 
     def search(
         self,
@@ -558,11 +659,17 @@ class Audit(ServiceBase, AuditBase):
 
         Returns:
             A PangeaResponse[SearchOutput] where the first page of matched events is returned in the
-                response.result field. Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/audit#search-for-events).
-                Pagination can be found in the [search results endpoint](https://pangea.cloud/docs/api/audit#search-results).
+                response.result field. Available response fields can be found in our [API documentation](https://pangea.cloud/docs/api/audit#/v1/search).
+                Pagination can be found in the [search results endpoint](https://pangea.cloud/docs/api/audit#/v1/results).
 
         Examples:
-            response: PangeaResponse[SearchOutput] = audit.search(query="message:test", search_restriction={'source': ["monitor"]}, limit=1, verify_consistency=True, verify_events=True)
+            response = audit.search(
+                query="message:test",
+                search_restriction={'source': ["monitor"]},
+                limit=1,
+                verify_consistency=True,
+                verify_events=True,
+            )
         """
 
         if verify_consistency:
@@ -609,17 +716,11 @@ class Audit(ServiceBase, AuditBase):
             PangeaAPIException: If an API Error happens
 
         Examples:
-            search_res: PangeaResponse[SearchOutput] = audit.search(
-                query="message:test",
-                search_restriction={'source': ["monitor"]},
-                limit=100,
-                verify_consistency=True,
-                verify_events=True)
-
-            result_res: PangeaResponse[SearchResultsOutput] = audit.results(
-                id=search_res.result.id,
+            response = audit.results(
+                id="pas_sqilrhruwu54uggihqj3aie24wrctakr",
                 limit=10,
-                offset=0)
+                offset=0,
+            )
         """
 
         if limit <= 0:

pangea/services/audit/models.py

@@ -146,6 +146,34 @@ class LogRequest(APIRequestModel):
     prev_root: Optional[str] = None
 
 
+class LogEvent(APIRequestModel):
+    """
+    Event to perform a log action
+
+    Arguments:
+    event -- A structured event describing an auditable activity.
+    signature -- An optional client-side signature for forgery protection.
+    public_key -- The base64-encoded ed25519 public key used for the signature, if one is provided.
+    """
+
+    event: Dict[str, Any]
+    signature: Optional[str] = None
+    public_key: Optional[str] = None
+
+
+class LogBulkRequest(APIRequestModel):
+    """
+    Request to perform a bulk log action
+
+    Arguments:
+    events -- A list structured events describing an auditable activity.
+    verbose -- If true, be verbose in the response; include membership proof, unpublished root and consistency proof, etc.
+    """
+
+    events: List[LogEvent]
+    verbose: Optional[bool] = None
+
+
 class LogResult(PangeaResponseResult):
     """
     Result class after an audit log action
@@ -167,6 +195,10 @@ class LogResult(PangeaResponseResult):
     signature_verification: EventVerification = EventVerification.NONE
 
 
+class LogBulkResult(PangeaResponseResult):
+    results: List[LogResult] = []
+
+
 class SearchRestriction(APIResponseModel):
     """
     Set of restrictions when perform an audit search action

pangea/services/authn/authn.py

@@ -520,9 +520,10 @@ class AuthN(ServiceBase):
 
         def update(
             self,
-            disabled: bool,
+            disabled: Optional[bool] = None,
             id: Optional[str] = None,
             email: Optional[str] = None,
+            unlock: Optional[bool] = None,
         ) -> PangeaResponse[m.UserUpdateResult]:
             """
             Update user's settings
@@ -534,6 +535,7 @@ class AuthN(ServiceBase):
             Args:
                 disabled (bool): New disabled value.
                     Disabling a user account will prevent them from logging in.
+                unlock (bool): Unlock a user account if it has been locked out due to failed Authentication attempts.
                 id (str, optional): The identity of a user or a service
                 email (str, optional): An email address
 
@@ -552,6 +554,7 @@ class AuthN(ServiceBase):
                 id=id,
                 email=email,
                 disabled=disabled,
+                unlock=unlock,
             )
 
             return self.request.post("v2/user/update", m.UserUpdateResult, data=input.dict(exclude_none=True))

pangea/services/authn/models.py

@@ -363,7 +363,8 @@ class UserProfileUpdateResult(User):
 class UserUpdateRequest(APIRequestModel):
     id: Optional[str] = None
     email: Optional[str] = None
-    disabled: bool
+    disabled: Optional[bool] = None
+    unlock: Optional[bool] = None
 
 
 class UserUpdateResult(User):

pangea/services/base.py

@@ -3,13 +3,13 @@
 
 import copy
 import logging
-from typing import Optional, Union
+from typing import Optional, Type, Union
 
 from pangea.asyncio.request import PangeaRequestAsync
 from pangea.config import PangeaConfig
 from pangea.exceptions import AcceptedRequestException
 from pangea.request import PangeaRequest
-from pangea.response import PangeaResponse
+from pangea.response import PangeaResponse, PangeaResponseResult
 
 
 class ServiceBase(object):
@@ -50,7 +50,13 @@ class ServiceBase(object):
 
         return self._request
 
-    def poll_result(self, exception: AcceptedRequestException) -> PangeaResponse:
+    def poll_result(
+        self,
+        exception: Optional[AcceptedRequestException] = None,
+        response: Optional[PangeaResponse] = None,
+        request_id: Optional[str] = None,
+        result_class: Union[Type[PangeaResponseResult], dict] = dict,
+    ) -> PangeaResponse:
         """
         Poll result
 
@@ -68,4 +74,11 @@ class ServiceBase(object):
         Examples:
             response = service.poll_result(exception)
         """
-        return self.request.poll_result_once(exception.response, check_response=True)
+        if exception is not None:
+            return self.request.poll_result_once(exception.response, check_response=True)
+        elif response is not None:
+            return self.request.poll_result_once(response, check_response=True)
+        elif request_id is not None:
+            return self.request.poll_result_by_id(request_id=request_id, result_class=result_class, check_response=True)
+        else:
+            raise AttributeError("Need to set exception, response or request_id")

pangea/services/file_scan.py

@@ -1,10 +1,12 @@
 # Copyright 2022 Pangea Cyber Corporation
 # Author: Pangea Cyber Corporation
 import io
+import logging
 from typing import Dict, List, Optional
 
+from pangea.request import PangeaConfig, PangeaRequest
 from pangea.response import APIRequestModel, PangeaResponse, PangeaResponseResult, TransferMethod
-from pangea.utils import get_presigned_url_upload_params
+from pangea.utils import FileUploadParams, get_file_upload_params
 
 from .base import ServiceBase
 
@@ -118,8 +120,11 @@ class FileScan(ServiceBase):
         if file or file_path:
             if file_path:
                 file = open(file_path, "rb")
-            if transfer_method == TransferMethod.DIRECT:
-                crc, sha, size, _ = get_presigned_url_upload_params(file)
+            if transfer_method == TransferMethod.DIRECT or transfer_method == TransferMethod.POST_URL:
+                params = get_file_upload_params(file)
+                crc = params.crc_hex
+                sha = params.sha256_hex
+                size = params.size
             else:
                 crc, sha, size = None, None, None
             files = [("upload", ("filename", file, "application/octet-stream"))]
@@ -137,3 +142,54 @@ class FileScan(ServiceBase):
         )
         data = input.dict(exclude_none=True)
         return self.request.post("v1/scan", FileScanResult, data=data, files=files, poll_result=sync_call)
+
+    def request_upload_url(
+        self,
+        transfer_method: TransferMethod = TransferMethod.PUT_URL,
+        params: Optional[FileUploadParams] = None,
+        verbose: Optional[bool] = None,
+        raw: Optional[bool] = None,
+        provider: Optional[str] = None,
+    ) -> PangeaResponse[FileScanResult]:
+        input = FileScanRequest(
+            verbose=verbose,
+            raw=raw,
+            provider=provider,
+            transfer_method=transfer_method,
+        )
+        if params is not None and (
+            transfer_method == TransferMethod.POST_URL or transfer_method == TransferMethod.DIRECT
+        ):
+            input.transfer_crc32c = params.crc_hex
+            input.transfer_sha256 = params.sha256_hex
+            input.transfer_size = params.size
+
+        data = input.dict(exclude_none=True)
+        return self.request.request_presigned_url("v1/scan", FileScanResult, data=data)
+
+
+class FileUploader:
+    def __init__(self):
+        self.logger = logging.getLogger("pangea")
+        self._request = PangeaRequest(
+            config=PangeaConfig(),
+            token="",
+            service="FileScanUploader",
+            logger=self.logger,
+        )
+
+    def upload_file(
+        self,
+        url: str,
+        file: io.BufferedReader,
+        transfer_method: TransferMethod = TransferMethod.PUT_URL,
+        file_details: Optional[Dict] = None,
+    ):
+        if transfer_method == TransferMethod.PUT_URL:
+            files = [("file", ("filename", file, "application/octet-stream"))]
+            self._request.put_presigned_url(url=url, files=files)
+        elif transfer_method == TransferMethod.POST_URL or transfer_method == TransferMethod.DIRECT:
+            files = [("file", ("filename", file, "application/octet-stream"))]
+            self._request.post_presigned_url(url=url, data=file_details, files=files)
+        else:
+            raise ValueError(f"Transfer method not supported: {transfer_method}")

pangea/services/redact.py

@@ -134,13 +134,8 @@ class Redact(ServiceBase):
 
     service_name = "redact"
 
-    def __init__(
-        self,
-        token,
-        config=None,
-        logger_name="pangea",
-    ):
-        super().__init__(token, config, logger_name)
+    def __init__(self, token, config=None, logger_name="pangea", config_id: Optional[str] = None):
+        super().__init__(token, config, logger_name, config_id=config_id)
 
     def redact(
         self,

pangea/services/vault/vault.py

@@ -537,7 +537,7 @@ class Vault(ServiceBase):
 
         Generate a symmetric key
 
-        OperationId: vault_post_v1_key_generate 1
+        OperationId: vault_post_v1_key_generate 2
 
         Args:
             algorithm (SymmetricAlgorithm): The algorithm of the key
@@ -611,7 +611,7 @@ class Vault(ServiceBase):
 
         Generate an asymmetric key
 
-        OperationId: vault_post_v1_key_generate 2
+        OperationId: vault_post_v1_key_generate 1
 
         Args:
             algorithm (AsymmetricAlgorithm): The algorithm of the key

pangea/utils.py

@@ -8,6 +8,7 @@ from collections import OrderedDict
 from hashlib import new, sha1, sha256, sha512
 
 from google_crc32c import Checksum as CRC32C
+from pydantic import BaseModel
 
 
 def format_datetime(dt: datetime.datetime) -> str:
@@ -100,7 +101,13 @@ def get_prefix(hash: str, len: int = 5):
     return hash[0:len]
 
 
-def get_presigned_url_upload_params(file: io.BufferedReader):
+class FileUploadParams(BaseModel):
+    crc_hex: str
+    sha256_hex: str
+    size: int
+
+
+def get_file_upload_params(file: io.BufferedReader) -> FileUploadParams:
     if "b" not in file.mode:
         raise AttributeError("File need to be open in binary mode")
 
@@ -118,4 +125,4 @@ def get_presigned_url_upload_params(file: io.BufferedReader):
         size += len(chunk)
 
     file.seek(0)  # restart reading
-    return crc.hexdigest().decode("utf-8"), sha.hexdigest(), size, file
+    return FileUploadParams(crc_hex=crc.hexdigest().decode("utf-8"), sha256_hex=sha.hexdigest(), size=size)