prelude-cli-beta 1405__py3-none-any.whl → 1407__py3-none-any.whl

prelude_sdk_beta/models/account.py

@@ -1,264 +0,0 @@
-import configparser
-import json
-import os
-from functools import wraps
-from pathlib import Path
-
-import requests
-
-
-class Keychain:
-
-    def __init__(
-        self,
-        keychain_location: str | None = os.path.join(
-            Path.home(), ".prelude", "keychain.ini"
-        ),
-    ):
-        self.keychain_location = keychain_location
-        if self.keychain_location and not os.path.exists(self.keychain_location):
-            head, _ = os.path.split(Path(self.keychain_location))
-            Path(head).mkdir(parents=True, exist_ok=True)
-            open(self.keychain_location, "x").close()
-            self.configure_keychain("", "")
-
-    def read_keychain(self):
-        cfg = configparser.ConfigParser()
-        cfg.read(self.keychain_location)
-        return cfg
-
-    def configure_keychain(
-        self,
-        account,
-        handle,
-        hq="https://api.us1.preludesecurity.com",
-        oidc=None,
-        profile="default",
-        slug=None,
-    ):
-        cfg = self.read_keychain()
-        cfg[profile] = {"account": account, "handle": handle, "hq": hq}
-        if oidc:
-            cfg[profile]["oidc"] = oidc
-        if slug:
-            cfg[profile]["slug"] = slug
-        with open(self.keychain_location, "w") as f:
-            cfg.write(f)
-
-    def get_profile(self, profile="default") -> dict:
-        try:
-            cfg = self.read_keychain()
-            profile = next(s for s in cfg.sections() if s == profile)
-            return dict(cfg[profile].items())
-        except StopIteration:
-            raise Exception(
-                "Could not find profile %s for account in %s"
-                % (profile, self.keychain_location)
-            )
-
-
-def exchange_token(
-    account: str, handle: str, hq: str, auth_flow: str, auth_params: dict
-):
-    """
-    Two token exchange auth flows:
-    1) Password auth: auth_flow = "password", auth_params = {"password": "your_password"}
-    2) Refresh token auth: auth_flow = "refresh", auth_params = {"refresh_token": "your_refresh_token"}
-    3) Exchange an OIDC authorization code for tokens:
-       auth_flow = "oauth_code", auth_params = {"code": "your_authorization_code", "verifier": "your_verifier", "source": "cli"}
-    """
-    res = requests.post(
-        f"{hq}/iam/token",
-        headers=dict(account=account, _product="py-sdk"),
-        json=dict(auth_flow=auth_flow, handle=handle, **auth_params),
-        timeout=10,
-    )
-    if res.status_code == 401:
-        raise Exception("Error logging in: Unauthorized")
-    if not res.ok:
-        raise Exception("Error logging in: %s" % res.text)
-    return res.json()
-
-
-class Account:
-
-    @staticmethod
-    def from_keychain(profile: str = "default"):
-        """
-        Create an account object from a pre-configured profile in your keychain file
-        """
-        keychain = Keychain()
-        profile_items = keychain.get_profile(profile)
-        if any([item not in profile_items for item in ["account", "handle", "hq"]]):
-            raise ValueError(
-                "Please make sure you are using an up-to-date profile with the following fields: account, handle, hq"
-            )
-        return _Account(
-            account=profile_items["account"],
-            handle=profile_items["handle"],
-            hq=profile_items["hq"],
-            oidc=profile_items.get("oidc"),
-            profile=profile,
-            slug=profile_items.get("slug"),
-        )
-
-    @staticmethod
-    def from_token(
-        account: str,
-        handle: str,
-        token: str | None = None,
-        refresh_token: str | None = None,
-        hq: str = "https://api.us1.preludesecurity.com",
-        oidc: str | None = None,
-        slug: str | None = None,
-    ):
-        """
-        Create an account object from an access token or a refresh token
-        """
-        if not any([token, refresh_token]):
-            raise ValueError("Please provide either an access token or a refresh token")
-        if refresh_token:
-            res = exchange_token(
-                account, handle, hq, "refresh", dict(refresh_token=refresh_token)
-            )
-            token = res["token"]
-        return _Account(
-            account,
-            handle,
-            hq,
-            keychain_location=None,
-            oidc=oidc,
-            slug=slug,
-            token=token,
-            token_location=None,
-        )
-
-
-class _Account:
-
-    def __init__(
-        self,
-        account: str,
-        handle: str,
-        hq: str,
-        oidc: str | None = None,
-        profile: str | None = None,
-        slug: str | None = None,
-        token: str | None = None,
-        keychain_location: str | None = os.path.join(
-            Path.home(), ".prelude", "keychain.ini"
-        ),
-        token_location: str | None = os.path.join(
-            Path.home(), ".prelude", "tokens.json"
-        ),
-    ):
-        if token is None and token_location is None:
-            raise ValueError(
-                "Please provide either an access token or a token location"
-            )
-
-        super().__init__()
-        self.account = account
-        self.handle = handle
-        self.headers = dict(account=account, _product="py-sdk")
-        self.hq = hq
-        self.keychain = Keychain(keychain_location)
-        self.oidc = oidc
-        self.profile = profile
-        self.slug = slug
-        self.token = token
-        self.token_location = token_location
-        if self.token_location and not os.path.exists(self.token_location):
-            head, _ = os.path.split(Path(self.token_location))
-            Path(head).mkdir(parents=True, exist_ok=True)
-            with open(self.token_location, "x") as f:
-                json.dump({}, f)
-        self.source = "cli" if self.oidc else "main"
-
-    @property
-    def token_key(self):
-        return f"{self.handle}/{self.oidc}" if self.oidc else self.handle
-
-    def _read_tokens(self):
-        with open(self.token_location, "r") as f:
-            return json.load(f)
-
-    def save_new_token(self, new_tokens):
-        existing_tokens = self._read_tokens()
-        if self.token_key not in existing_tokens:
-            existing_tokens[self.token_key] = dict()
-        existing_tokens[self.token_key][self.hq] = new_tokens
-        with open(self.token_location, "w") as f:
-            json.dump(existing_tokens, f)
-
-    def _verify(self):
-        if not self.token_location:
-            raise ValueError("Please provide a token location to continue")
-        if self.profile and not any([self.handle, self.account]):
-            raise ValueError(
-                "Please configure your %s profile to continue" % self.profile
-            )
-
-    def password_login(self, password, new_password=None):
-        self._verify()
-        tokens = exchange_token(
-            self.account,
-            self.handle,
-            self.hq,
-            "password_change" if new_password else "password",
-            dict(password=password, new_password=new_password),
-        )
-        self.save_new_token(tokens)
-        return tokens
-
-    def refresh_tokens(self):
-        self._verify()
-        existing_tokens = self._read_tokens().get(self.token_key, {}).get(self.hq, {})
-        if not (refresh_token := existing_tokens.get("refresh_token")):
-            raise Exception("No refresh token found, please login first to continue")
-        tokens = exchange_token(
-            self.account,
-            self.handle,
-            self.hq,
-            "refresh",
-            dict(refresh_token=refresh_token, source=self.source),
-        )
-        tokens = existing_tokens | tokens
-        self.save_new_token(tokens)
-        return tokens
-
-    def exchange_authorization_code(self, authorization_code: str, verifier: str):
-        self._verify()
-        tokens = exchange_token(
-            self.account,
-            self.handle,
-            self.hq,
-            "oauth_code",
-            dict(code=authorization_code, verifier=verifier, source=self.source),
-        )
-        existing_tokens = self._read_tokens().get(self.token_key, {}).get(self.hq, {})
-        tokens = existing_tokens | tokens
-        self.save_new_token(tokens)
-        return tokens
-
-    def get_token(self):
-        if self.token:
-            return self.token
-
-        tokens = self._read_tokens().get(self.token_key, {}).get(self.hq, {})
-        if "token" not in tokens:
-            raise Exception("Please login to continue")
-        return tokens["token"]
-
-    def update_auth_header(self):
-        self.headers |= dict(authorization=f"Bearer {self.get_token()}")
-
-
-def verify_credentials(func):
-    @wraps(verify_credentials)
-    def handler(*args, **kwargs):
-        args[0].account.update_auth_header()
-        return func(*args, **kwargs)
-
-    handler.__wrapped__ = func
-    return handler

prelude_sdk_beta/models/codes.py

@@ -1,446 +0,0 @@
-import logging
-
-from enum import Enum, EnumMeta
-
-
-class MissingItem(EnumMeta):
-    def __getitem__(cls, name):
-        try:
-            return super().__getitem__(name.upper())
-        except (AttributeError, KeyError):
-            try:
-                return cls(int(name))
-            except ValueError:
-                return cls(name)
-
-
-class RunCode(Enum, metaclass=MissingItem):
-    INVALID = -1
-    DAILY = 1
-    WEEKLY = 2
-    MONTHLY = 3
-    SMART = 4
-    DEBUG = 5
-    RUN_ONCE = 6
-    MONDAY = 10
-    TUESDAY = 11
-    WEDNESDAY = 12
-    THURSDAY = 13
-    FRIDAY = 14
-    SATURDAY = 15
-    SUNDAY = 16
-    MONTH_1 = 20
-
-    @classmethod
-    def _missing_(cls, value):
-        return RunCode.DAILY
-
-
-class Mode(Enum, metaclass=MissingItem):
-    MANUAL = 0
-    FROZEN = 1
-    AUTOPILOT = 2
-
-    @classmethod
-    def _missing_(cls, value):
-        return Mode.MANUAL
-
-
-class Permission(Enum, metaclass=MissingItem):
-    INVALID = -1
-    ADMIN = 0
-    EXECUTIVE = 1
-    BUILD = 2
-    SERVICE = 3
-    SUPPORT = 5
-
-    @classmethod
-    def _missing_(cls, value):
-        return Permission.INVALID
-
-
-class ExitCode(Enum):
-    MISSING = -1
-    UNKNOWN_ERROR = 1
-    MALFORMED_TEST = 2
-    UNREPORTED = 3
-    PROCESS_BLOCKED = 9
-    PROCESS_BLOCKED_GRACEFULLY = 15
-    PROTECTED = 100
-    UNPROTECTED = 101
-    TIMED_OUT = 102
-    FAILED_CLEANUP = 103
-    TEST_NOT_RELEVANT = 104
-    DYNAMIC_QUARANTINE = 105
-    BLOCKED_AT_PERIMETER = 106
-    EXPLOIT_PREVENTED = 107
-    ENDPOINT_NOT_RELEVANT = 108
-    INSUFFICIENT_PRIVILEGES = 109
-    INCORRECTLY_BLOCKED = 110
-    PREVENTED_EXECUTION = 126
-    STATIC_QUARANTINE = 127
-    BLOCKED = 137
-    UNEXPECTED_ERROR = 256
-
-    @classmethod
-    def _missing_(cls, value):
-        if value and not isinstance(value, int):
-            return cls(int(value))
-        logging.warning("Unknown ExitCode: %s", str(value))
-        return ExitCode.MISSING
-
-    @property
-    def state(self):
-        for k, v in State.mapping().items():
-            if self in v:
-                return k
-        return State.NONE
-
-
-class State(Enum):
-    NONE = 0
-    PROTECTED = 1
-    UNPROTECTED = 2
-    ERROR = 3
-    NOT_RELEVANT = 4
-
-    @classmethod
-    def mapping(cls):
-        return {
-            State.ERROR: [
-                ExitCode.FAILED_CLEANUP,
-                ExitCode.INCORRECTLY_BLOCKED,
-                ExitCode.MALFORMED_TEST,
-                ExitCode.TIMED_OUT,
-                ExitCode.UNEXPECTED_ERROR,
-                ExitCode.UNKNOWN_ERROR,
-                ExitCode.UNREPORTED,
-            ],
-            State.NONE: [ExitCode.MISSING],
-            State.NOT_RELEVANT: [
-                ExitCode.ENDPOINT_NOT_RELEVANT,
-                ExitCode.INSUFFICIENT_PRIVILEGES,
-                ExitCode.TEST_NOT_RELEVANT,
-            ],
-            State.PROTECTED: [
-                ExitCode.BLOCKED,
-                ExitCode.BLOCKED_AT_PERIMETER,
-                ExitCode.DYNAMIC_QUARANTINE,
-                ExitCode.EXPLOIT_PREVENTED,
-                ExitCode.PREVENTED_EXECUTION,
-                ExitCode.PROCESS_BLOCKED,
-                ExitCode.PROCESS_BLOCKED_GRACEFULLY,
-                ExitCode.PROTECTED,
-                ExitCode.STATIC_QUARANTINE,
-            ],
-            State.UNPROTECTED: [
-                ExitCode.UNPROTECTED,
-            ],
-        }
-
-
-class DOS(Enum):
-    none = "none"
-    arm64 = "arm64"
-    x86_64 = "x86_64"
-    aarch64 = "arm64"
-    amd64 = "x86_64"
-    x86 = "x86_64"
-
-    @classmethod
-    def normalize(cls, dos: str):
-        try:
-            arch = dos.split("-", 1)[-1]
-            return dos[: -len(arch)].lower() + cls[arch.lower()].value
-        except (KeyError, IndexError, AttributeError):
-            return cls.none.value
-
-
-class Control(Enum, metaclass=MissingItem):
-    INVALID = -1
-    NONE = 0
-    CROWDSTRIKE = 1
-    DEFENDER = 2
-    SPLUNK = 3
-    SENTINELONE = 4
-    VECTR = 5
-    S3 = 6
-    INTUNE = 7
-    SERVICENOW = 8
-    OKTA = 9
-    M365 = 10
-    ENTRA = 11
-    JAMF = 12
-    CROWDSTRIKE_IDENTITY = 13
-    GMAIL = 14
-    GOOGLE_IDENTITY = 15
-    DEFENDER_DISCOVERY = 16
-    TENABLE = 17
-    EC2 = 18
-    AWS_SSM = 19
-    AZURE_VM = 20
-    GITHUB = 21
-    TENABLE_DISCOVERY = 22
-    QUALYS = 23
-    QUALYS_DISCOVERY = 24
-
-    @classmethod
-    def _missing_(cls, value):
-        return Control.INVALID
-
-    @property
-    def control_category(self):
-        for k, v in ControlCategory.mapping().items():
-            if self in v:
-                return k
-        return ControlCategory.NONE
-
-    @property
-    def scm_category(self):
-        for k, v in SCMCategory.control_mapping().items():
-            if self in v:
-                return k
-        return SCMCategory.NONE
-
-
-class ControlCategory(Enum, metaclass=MissingItem):
-    INVALID = -1
-    NONE = 0
-    CLOUD = 1
-    EMAIL = 2
-    IDENTITY = 3
-    NETWORK = 4
-    XDR = 5
-    ASSET_MANAGER = 6
-    DISCOVERED_DEVICES = 7
-    VULN_MANAGER = 8
-    SIEM = 9
-    PRIVATE_REPO = 10
-
-    @classmethod
-    def _missing_(cls, value):
-        return ControlCategory.INVALID
-
-    @classmethod
-    def mapping(cls):
-        return {
-            ControlCategory.ASSET_MANAGER: [
-                Control.AWS_SSM,
-                Control.INTUNE,
-                Control.JAMF,
-            ],
-            ControlCategory.CLOUD: [],
-            ControlCategory.DISCOVERED_DEVICES: [
-                Control.AZURE_VM,
-                Control.DEFENDER_DISCOVERY,
-                Control.EC2,
-                Control.QUALYS_DISCOVERY,
-                Control.SERVICENOW,
-                Control.TENABLE_DISCOVERY,
-            ],
-            ControlCategory.EMAIL: [
-                Control.GMAIL,
-                Control.M365,
-            ],
-            ControlCategory.IDENTITY: [
-                Control.CROWDSTRIKE_IDENTITY,
-                Control.ENTRA,
-                Control.GOOGLE_IDENTITY,
-                Control.OKTA,
-            ],
-            ControlCategory.NETWORK: [],
-            ControlCategory.PRIVATE_REPO: [
-                Control.GITHUB,
-            ],
-            ControlCategory.SIEM: [
-                Control.S3,
-                Control.SPLUNK,
-                Control.VECTR,
-            ],
-            ControlCategory.VULN_MANAGER: [Control.QUALYS, Control.TENABLE],
-            ControlCategory.XDR: [
-                Control.CROWDSTRIKE,
-                Control.DEFENDER,
-                Control.SENTINELONE,
-            ],
-        }
-
-
-class SCMCategory(Enum, metaclass=MissingItem):
-    INVALID = -1
-    NONE = 0
-    ENDPOINT = 1
-    INBOX = 2
-    USER = 3
-
-    @classmethod
-    def _missing_(cls, value):
-        return SCMCategory.INVALID
-
-    @classmethod
-    def control_mapping(cls):
-        return {
-            SCMCategory.ENDPOINT: [
-                Control.AWS_SSM,
-                Control.AZURE_VM,
-                Control.CROWDSTRIKE,
-                Control.DEFENDER,
-                Control.DEFENDER_DISCOVERY,
-                Control.EC2,
-                Control.INTUNE,
-                Control.JAMF,
-                Control.QUALYS,
-                Control.QUALYS_DISCOVERY,
-                Control.SENTINELONE,
-                Control.SERVICENOW,
-                Control.TENABLE,
-                Control.TENABLE_DISCOVERY,
-            ],
-            SCMCategory.USER: [
-                Control.CROWDSTRIKE_IDENTITY,
-                Control.ENTRA,
-                Control.GOOGLE_IDENTITY,
-                Control.OKTA,
-            ],
-            SCMCategory.INBOX: [
-                Control.GMAIL,
-                Control.M365,
-            ],
-        }
-
-    @classmethod
-    def category_mapping(cls):
-        return {
-            SCMCategory.ENDPOINT: [
-                ControlCategory.ASSET_MANAGER,
-                ControlCategory.DISCOVERED_DEVICES,
-                ControlCategory.VULN_MANAGER,
-                ControlCategory.XDR,
-            ],
-            SCMCategory.USER: [ControlCategory.IDENTITY],
-            SCMCategory.INBOX: [ControlCategory.EMAIL],
-        }
-
-
-class BackgroundJobTypes(Enum, metaclass=MissingItem):
-    INVALID = -1
-    UPDATE_SCM = 1
-    DEPLOY_PROBE = 2
-    OBSERVED_DETECTED = 3
-    PRELUDE_ENDPOINT_SYNC = 4
-    EXPORT_SCM = 5
-    PARTNER_GROUPS = 6
-
-    @classmethod
-    def _missing_(cls, value):
-        return BackgroundJobTypes.INVALID
-
-
-class EDRResponse(Enum, metaclass=MissingItem):
-    INVALID = -1
-    OBSERVE = 1
-    DETECT = 2
-    PREVENT = 3
-
-    @classmethod
-    def _missing_(cls, value):
-        return EDRResponse.INVALID
-
-
-class PartnerEvents(Enum, metaclass=MissingItem):
-    INVALID = -1
-    REDUCED_FUNCTIONALITY_MODE = 1
-    NO_EDR = 2
-    MISSING_EDR_POLICY = 3
-    MISSING_AV_POLICY = 4
-    MISSING_MFA = 5
-    NO_ASSET_MANAGER = 6
-    MISCONFIGURED_POLICY_SETTING = 7
-    MISSING_SCAN = 8
-    OUT_OF_DATE_SCAN = 9
-    NO_VULN_MANAGER = 10
-    USER_MISSING_ASSET_MANAGER = 11
-    USER_MISSING_EDR = 12
-    USER_MISSING_VULN_MANAGER = 13
-
-    @classmethod
-    def _missing_(cls, value):
-        return PartnerEvents.INVALID
-
-    @classmethod
-    def control_category_mapping(cls):
-        return {
-            PartnerEvents.REDUCED_FUNCTIONALITY_MODE: [ControlCategory.XDR],
-            PartnerEvents.NO_EDR: [
-                ControlCategory.XDR,
-            ],
-            PartnerEvents.MISSING_EDR_POLICY: [ControlCategory.XDR],
-            PartnerEvents.MISSING_AV_POLICY: [ControlCategory.XDR],
-            PartnerEvents.MISSING_MFA: [ControlCategory.IDENTITY],
-            PartnerEvents.NO_ASSET_MANAGER: [ControlCategory.ASSET_MANAGER],
-            PartnerEvents.MISCONFIGURED_POLICY_SETTING: [
-                ControlCategory.XDR,
-                ControlCategory.EMAIL,
-                ControlCategory.IDENTITY,
-            ],
-            PartnerEvents.MISSING_SCAN: [ControlCategory.VULN_MANAGER],
-            PartnerEvents.OUT_OF_DATE_SCAN: [ControlCategory.VULN_MANAGER],
-            PartnerEvents.NO_VULN_MANAGER: [ControlCategory.VULN_MANAGER],
-            PartnerEvents.USER_MISSING_ASSET_MANAGER: [ControlCategory.IDENTITY],
-            PartnerEvents.USER_MISSING_EDR: [ControlCategory.IDENTITY],
-            PartnerEvents.USER_MISSING_VULN_MANAGER: [ControlCategory.IDENTITY],
-        }
-
-
-class AlertTypes(Enum, metaclass=MissingItem):
-    INVALID = -1
-    NEW_REDUCED_FUNCTIONALITY_MODE_ENDPOINTS = 1
-    NEW_NO_EDR_ENDPOINTS = 2
-    NEW_MISSING_EDR_POLICY_ENDPOINTS = 3
-    NEW_MISSING_AV_POLICY_ENDPOINTS = 4
-    NEW_MISSING_MFA_USERS = 5
-    NEW_NO_ASSET_MANAGER_ENDPOINTS = 6
-    NEW_POLICY_SETTING_FAILURE = 7
-    NEW_POLICY_SETTING_PASS = 8
-    NEW_MISSING_SCAN_ENDPOINTS = 9
-    NEW_NO_VULN_MANAGER_ENDPOINTS = 10
-    NEW_OUT_OF_DATE_SCAN_ENDPOINTS = 11
-    NEW_USER_MISSING_ASSET_MANAGER = 12
-    NEW_USER_MISSING_EDR = 13
-    NEW_USER_MISSING_VULN_MANAGER = 14
-
-    @classmethod
-    def _missing_(cls, value):
-        return AlertTypes.INVALID
-
-
-class PolicyType(Enum, metaclass=MissingItem):
-    INVALID = 0
-    EDR = 1
-    AV = 2
-    IDENTITY_PASSWORD = 3
-    EMAIL_ANTIPHISH = 4
-    EMAIL_OUTBOUND = 5
-    EMAIL_CONTENT = 6
-    EMAIL_MALWARE = 7
-    EMAIL_ATTACHMENT = 8
-    EMAIL_LINKS = 9
-    EMAIL_DKIM = 10
-    DEVICE_COMPLIANCE = 11
-    IDENTITY_MFA = 12
-
-    @classmethod
-    def _missing_(cls, value):
-        return PolicyType.INVALID
-
-
-class Platform(Enum, metaclass=MissingItem):
-    INVALID = 0
-    WINDOWS = 1
-    DARWIN = 2
-    LINUX = 3
-    ALL = 4
-
-    @classmethod
-    def _missing_(cls, value):
-        return Platform.INVALID