regscale-cli 6.19.1.0__py3-none-any.whl → 6.20.0.0__py3-none-any.whl

regscale/__init__.py

@@ -1 +1 @@
-__version__ = "6.19.1.0"
+__version__ = "6.20.0.0"

regscale/airflow/config.py

@@ -1,6 +1,7 @@
 """Provide configurations for Airflow."""
 
 from datetime import datetime, timedelta
+from regscale.airflow.tasks.groups import email_on_fail
 
 
 def yesterday():
@@ -18,6 +19,7 @@ DEFAULT_ARGS = {
     "retries": 2,
     "retry_delay": timedelta(minutes=2),
     "execution_timeout": timedelta(hours=3),
+    "on_failure_callback": email_on_fail,
     # 'queue': 'whatever queue we want to implement',  # left here for an example
     # 'pool': 'backfill',  # another example default arg
     # 'priority_weight': 10,  # give this a high priority weight

regscale/airflow/tasks/groups.py

@@ -2,14 +2,10 @@
 
 from uuid import uuid4
 
-from airflow import AirflowException, DAG
-from airflow.models import TaskInstance
 from airflow.operators.python import PythonOperator
-from airflow.utils.db import provide_session
-from airflow.utils.state import State
 from airflow.utils.task_group import TaskGroup
-from airflow.utils.trigger_rule import TriggerRule
 
+from airflow import AirflowException, DAG
 from regscale.airflow.hierarchy import AIRFLOW_CLICK_OPERATORS as OPERATORS
 from regscale.airflow.tasks.click import execute_click_command
 
@@ -54,63 +50,31 @@ def setup_task_group(
         return setup
 
 
-@provide_session
-def _email_on_fail(task, execution_date, dag, session=None, **kwargs):
+def email_on_fail(task, **_):
     """
     Send an email if any of the upstream DAGs failed
 
-    :param DAG dag: The DAG to add the operator to
-    :param execution_date: The execution date of the DAG
-    :param session: DAG session
+    :param task: The task that has failed
     :return: The PythonOperator to send an email if any of the DAG tasks fail
     :rtype: TaskGroup
     """
     from regscale.core.app.application import Application
     from regscale.models import Email
 
-    upstream_task_instances = (
-        session.query(TaskInstance)
-        .filter(
-            TaskInstance.dag_id == dag.dag_id,
-            TaskInstance.execution_date == execution_date,
-            TaskInstance.task_id.in_(task.upstream_task_ids),
-        )
-        .all()
-    )
-    upstream_states = [ti.state for ti in upstream_task_instances]
-    fail_this_task = State.FAILED in upstream_states
-    dag_config = kwargs["dag_run"].conf
-    app = Application(config=dag_config)
+    dag = task["dag"]
+    config = task["params"]
+    app = Application(config=config)
 
-    if email := kwargs["dag_run"].conf.get("email"):
+    if email := config.get("email"):
         email = Email(
             fromEmail="Support@RegScale.com",
             emailSenderId=app.config["userId"],
             to=email,
-            subject=f"An Automated Job Has Failed: {dag_config['jobName']} ({dag_config['cadence']})",
-            body=f"{dag.dag_id} with ID: {dag_config['dag_run_id']} job has failed. "
-            + f"Please check the logs for more information: {dag_config['job_url']}",
+            subject=f"An Automated Job Has Failed: {config['jobName']} ({config['cadence']})",
+            body=f"{dag.dag_id} with ID: {task['run_id']} job has failed. "
+            + f"Please check the logs for more information: {config['job_url']}",
         )
 
-    if fail_this_task:
         if email.send():
-            print(f"Email sent to {email} about {dag.dag_id} job failure.")
+            app.logger.info(f"Email sent to {email} about {task['run_id']} job failure.")
         raise AirflowException("Failing task because one or more upstream tasks failed.")
-
-
-def email_on_fail_operator(dag, email_tag: str = None) -> PythonOperator:
-    """
-    Create a PythonOperator to send an email if any of the DAGs fail
-
-    :param DAG dag: The DAG to add the operator to
-    :param str email_tag: A unique identifier for the task, if not provided one will be generated
-    :return: The PythonOperator to send an email if any of the DAG tasks fail
-    :rtype: TaskGroup
-    """
-    return PythonOperator(
-        task_id=generate_name("email", email_tag),
-        python_callable=_email_on_fail,
-        trigger_rule=TriggerRule.ALL_DONE,
-        provide_context=True,
-        dag=dag,
-    )

regscale/core/app/internal/login.py

@@ -74,35 +74,47 @@ def login(
     else:
         config["domain"] = host or config["domain"]
     token = token or os.getenv("REGSCALE_TOKEN")
+    if token is not None:
+        token = token if token.startswith("Bearer ") else f"Bearer {token}"
     if config and token:
-        if verify_token(app, token):
-            config["userId"] = parse_user_id_from_jwt(app, token)
-            config["token"] = token if token.startswith("Bearer ") else f"Bearer {token}"
-            if not running_in_airflow:
-                logger.info("RegScale Token and userId has been saved in init.yaml")
-                app.save_config(conf=config)
-            return token
-        else:
-            logger.error("Invalid token provided.")
+        try:
+            if verify_token(app, token):
+                config["userId"] = parse_user_id_from_jwt(app, token)
+                config["token"] = token
+                if not running_in_airflow:
+                    logger.info("RegScale Token and userId has been saved in init.yaml")
+                    app.save_config(conf=config)
+                return token
+            else:
+                logger.error("Invalid token provided.")
+                sys.exit(1)
+        except AttributeError as e:
+            logger.error("Unexpected error when verifying token: %s", e)
             sys.exit(1)
     from regscale.core.app.api import Api
 
-    if str_user and str_password:
-        if config and "REGSCALE_DOMAIN" not in os.environ and host is None:
-            host = config["domain"]
-        regscale_auth = RegScaleAuth.authenticate(
-            api=Api(),
-            username=str_user,
-            password=str_password,
-            domain=host,
-            mfa_token=mfa_token,
-        )
-    else:
-        regscale_auth = RegScaleAuth.authenticate(Api(), mfa_token=mfa_token)
-    if config and config["domain"] is None:
-        raise ValueError("No domain set in the init.yaml configuration file.")
-    if config and config["domain"] == "":
-        raise ValueError("The domain is blank in the init.yaml configuration file.")
+    try:
+        if str_user and str_password:
+            if config and "REGSCALE_DOMAIN" not in os.environ and host is None:
+                host = config["domain"]
+            regscale_auth = RegScaleAuth.authenticate(
+                api=Api(),
+                username=str_user,
+                password=str_password,
+                domain=host,
+                mfa_token=mfa_token,
+            )
+        else:
+            regscale_auth = RegScaleAuth.authenticate(Api(), mfa_token=mfa_token)
+        if config and config["domain"] is None:
+            raise ValueError("No domain set in the init.yaml configuration file.")
+        if config and config["domain"] == "":
+            raise ValueError("The domain is blank in the init.yaml configuration file.")
+    except TypeError as ex:
+        logger.error("TypeError: %s", ex)
+    except SSLCertVerificationError as sslex:
+        logger.error("SSLError, python requests requires a valid ssl certificate.\n%s", sslex)
+        sys.exit(1)
 
     # create object to authenticate
     auth = {
@@ -112,24 +124,18 @@ def login(
         "mfaToken": mfa_token,
     }
     if auth["password"]:
-        try:
-            # update init file from login
-            if config:
-                config["token"] = regscale_auth.token
-                config["userId"] = regscale_auth.user_id
-                config["domain"] = regscale_auth.domain
-                # write the changes back to file
-                app.save_config(config)
-            # set variables
-            logger.info("User ID: %s", regscale_auth.user_id)
-            logger.info("New RegScale Token has been updated and saved in init.yaml")
-            # Truncate token for logging purposes
-            logger.debug("Token: %s", regscale_auth.token[:20])
-        except TypeError as ex:
-            logger.error("TypeError: %s", ex)
-        except SSLCertVerificationError as sslex:
-            logger.error("SSLError, python requests requires a valid ssl certificate.\n%s", sslex)
-            sys.exit(1)
+        # update init file from login
+        if config:
+            config["token"] = regscale_auth.token
+            config["userId"] = regscale_auth.user_id
+            config["domain"] = regscale_auth.domain
+            # write the changes back to file
+            app.save_config(config)
+        # set variables
+        logger.info("User ID: %s", regscale_auth.user_id)
+        logger.info("New RegScale Token has been updated and saved in init.yaml")
+        # Truncate token for logging purposes
+        logger.debug("Token: %s", regscale_auth.token[:20])
     config["domain"] = host
     app.save_config(config)
     return regscale_auth.token

regscale/core/app/internal/model_editor.py

@@ -944,10 +944,11 @@ def map_workbook_to_lookups(file_path: str, workbook_data: Optional["pd.DataFram
         wb_data = workbook_data
     else:
         wb_data = pd.read_excel(file_path)
+
+    wb_data = wb_data.dropna()
     for cur_row in obj_fields:
         if len(cur_row.lookup_field) > 0 and cur_row.lookup_field != "module":
             if cur_row.column_name in wb_data.columns:
-                wb_data.fillna("None")
                 lookup_wb = pd.read_excel(file_path, sheet_name=cur_row.column_name)
                 if cur_row.lookup_field == "user":
                     lookup_wb = lookup_wb.rename(

regscale/dev/code_gen.py

@@ -80,14 +80,13 @@ from airflow import DAG
 
 from regscale.airflow.config import DEFAULT_ARGS, yesterday
 from regscale.airflow.hierarchy import AIRFLOW_CLICK_OPERATORS as OPERATORS
-from regscale.airflow.tasks.groups import email_on_fail_operator
 
 DAG_NAME = "{integration}"
 
 dag = DAG(
     DAG_NAME,
     default_args=DEFAULT_ARGS,
-    schedule_interval=None,
+    schedule=None,
     start_date=yesterday(),
     description=__doc__,
     is_paused_upon_creation=False,
@@ -100,9 +99,7 @@ integration_operator = OPERATORS["{integration.split('_')[0].lower()}__sync_{int
     op_kwargs={{{op_kwargs}\n    }},
 )
 
-email = email_on_fail_operator(dag, email_tag=DAG_NAME)
-
-integration_operator >> email
+integration_operator
             """
     with open(f"{save_dir}/{integration_name.lower()}.py", "w") as f:
         f.write("# flake8: noqa E501\n# pylint: disable=line-too-long\n")

regscale/integrations/commercial/amazon/common.py

@@ -56,17 +56,18 @@ def determine_status_and_results(finding: Any) -> Tuple[str, Optional[str]]:
     results = None
     if "Compliance" in finding.keys():
         status = "Fail" if finding["Compliance"]["Status"] == "FAILED" else "Pass"
-        results = ", ".join(finding["Compliance"]["RelatedRequirements"])
+        results = ", ".join(finding.get("Compliance", {}).get("RelatedRequirements", [])) or "N/A"
     if "FindingProviderFields" in finding.keys():
         status = (
             "Fail"
-            if finding["FindingProviderFields"]["Severity"]["Label"] in ["CRITICAL", "HIGH", "MEDIUM", "LOW"]
+            if finding.get("FindingProviderFields", {}).get("Severity", {}).get("Label", "")
+            in ["CRITICAL", "HIGH", "MEDIUM", "LOW"]
             else "Pass"
         )
     if "PatchSummary" in finding.keys() and not results:
         results = (
-            f"{finding['PatchSummary']['MissingCount']} Missing Patch(s) of "
-            "{finding['PatchSummary']['InstalledCount']}"
+            f"{finding.get('PatchSummary', {}).get('MissingCount', 0)} Missing Patch(s) of "
+            "{finding.get('PatchSummary', {}).get('InstalledCount', 0)}"
         )
     return status, results
 

regscale/integrations/commercial/aws/scanner.py

@@ -711,12 +711,13 @@ Description: {description if isinstance(description, str) else ''}"""
             )
         if not region:
             logger.warning("AWS region not provided. Defaulting to 'us-east-1'.")
-        client = boto3.client(
-            "securityhub",
+        session = boto3.Session(
             region_name=kwargs.get(region, "us-east-1"),
             aws_access_key_id=aws_secret_key_id,
             aws_secret_access_key=aws_secret_access_key,
+            aws_session_token=kwargs.get("aws_session_token"),
         )
+        client = session.client("securityhub")
         aws_findings = fetch_aws_findings(aws_client=client)
         self.num_findings_to_process = len(aws_findings)
         for finding in aws_findings:

regscale/integrations/commercial/synqly/assets.py

@@ -33,6 +33,16 @@ def sync_nozomi_vantage(regscale_ssp_id: int) -> None:
     assets_nozomi_vantage.run_sync(regscale_ssp_id=regscale_ssp_id)
 
 
+@assets.command(name="sync_qualys_cloud")
+@regscale_ssp_id()
+def sync_qualys_cloud(regscale_ssp_id: int) -> None:
+    """Sync Assets from Qualys Cloud to RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Assets
+
+    assets_qualys_cloud = Assets("qualys_cloud")
+    assets_qualys_cloud.run_sync(regscale_ssp_id=regscale_ssp_id)
+
+
 @assets.command(name="sync_servicenow")
 @regscale_ssp_id()
 def sync_servicenow(regscale_ssp_id: int) -> None:
@@ -43,4 +53,14 @@ def sync_servicenow(regscale_ssp_id: int) -> None:
     assets_servicenow.run_sync(regscale_ssp_id=regscale_ssp_id)
 
 
+@assets.command(name="sync_tanium_cloud")
+@regscale_ssp_id()
+def sync_tanium_cloud(regscale_ssp_id: int) -> None:
+    """Sync Assets from Tanium Cloud to RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Assets
+
+    assets_tanium_cloud = Assets("tanium_cloud")
+    assets_tanium_cloud.run_sync(regscale_ssp_id=regscale_ssp_id)
+
+
 # pylint: enable=line-too-long

regscale/integrations/commercial/synqly/ticketing.py

@@ -158,4 +158,29 @@ def sync_torq(regscale_id: int, regscale_module: str, name: str) -> None:
     ticketing_torq.run_sync(regscale_id=regscale_id, regscale_module=regscale_module, name=name)
 
 
+@ticketing.command(name="sync_zendesk")
+@regscale_id()
+@regscale_module()
+@click.option(
+    "--name",
+    type=click.STRING,
+    help="zendesk name",
+    required=True,
+    prompt="zendesk name",
+)
+@click.option(
+    "--subject",
+    type=click.STRING,
+    help="zendesk subject",
+    required=True,
+    prompt="zendesk subject",
+)
+def sync_zendesk(regscale_id: int, regscale_module: str, name: str, subject: str) -> None:
+    """Sync Ticketing data between Zendesk and RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Ticketing
+
+    ticketing_zendesk = Ticketing("zendesk")
+    ticketing_zendesk.run_sync(regscale_id=regscale_id, regscale_module=regscale_module, name=name, subject=subject)
+
+
 # pylint: enable=line-too-long

regscale/integrations/commercial/wizv2/click.py

@@ -128,7 +128,7 @@ def inventory(
 )
 def issues(
     wiz_project_id: str,
-    regscale_id: int,
+    regscale_ssp_id: int,
     client_id: str,
     client_secret: str,
     filter_by_override: Optional[str] = None,
@@ -152,9 +152,9 @@ def issues(
 
     filter_by["project"] = wiz_project_id
 
-    scanner = WizIssue(plan_id=regscale_id)
+    scanner = WizIssue(plan_id=regscale_ssp_id)
     scanner.sync_findings(
-        plan_id=regscale_id,
+        plan_id=regscale_ssp_id,
         filter_by_override=filter_by_override,  # type: ignore
         client_id=client_id,  # type: ignore
         client_secret=client_secret,  # type: ignore