-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathupdate_policy.py
More file actions
161 lines (137 loc) · 5.78 KB
/
update_policy.py
File metadata and controls
161 lines (137 loc) · 5.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
import os
import requests
SOURCE_POLICY_ID = os.getenv("SOURCE_POLICY_ID")
TARGET_POLICY_ID = os.getenv("TARGET_POLICY_ID")
SOURCE_ACCOUNT_ID = os.getenv("SOURCE_ACCOUNT_ID")
TARGET_ACCOUNT_ID = os.getenv("TARGET_ACCOUNT_ID")
SOURCE_ACCOUNT_AUTH = os.getenv("SOURCE_ACCOUNT_AUTH")
TARGET_ACCOUNT_AUTH = os.getenv("TARGET_ACCOUNT_AUTH")
SOURCE_ENV_URL = os.getenv("SOURCE_ENV_URL")
TARGET_ENV_URL = os.getenv("TARGET_ENV_URL")
SOURCE_ACCOUNT_HEADERS = {
"X-SKYFLOW-ACCOUNT-ID": SOURCE_ACCOUNT_ID,
"Authorization": f"Bearer {SOURCE_ACCOUNT_AUTH}",
"Content-Type": "application/json",
}
TARGET_ACCOUNT_HEADERS = {
"X-SKYFLOW-ACCOUNT-ID": TARGET_ACCOUNT_ID,
"Authorization": f"Bearer {TARGET_ACCOUNT_AUTH}",
"Content-Type": "application/json",
}
def get_source_policy(policy_id):
response = requests.get(
f"{SOURCE_ENV_URL}/v1/policies/{policy_id}", headers=SOURCE_ACCOUNT_HEADERS
)
response.raise_for_status()
return response.json()
def get_target_policy(policy_id):
response = requests.get(
f"{TARGET_ENV_URL}/v1/policies/{policy_id}", headers=TARGET_ACCOUNT_HEADERS
)
response.raise_for_status()
return response.json()
def update_policy(policy_data):
response = requests.patch(
f"{TARGET_ENV_URL}/v1/policies/{TARGET_POLICY_ID}",
json=policy_data,
headers=TARGET_ACCOUNT_HEADERS,
)
response.raise_for_status()
return response.json()
def transform_policy_payload(source_policy, target_policy):
target_resource = target_policy["policy"]
source_resource = source_policy["policy"]
update_payload = {
"policy": {
"ID": target_resource["ID"],
"name": source_resource["name"],
"displayName": source_resource["displayName"],
"description": source_resource["description"],
}
}
source_policy_rules = source_resource["rules"]
target_policy_rules = target_resource["rules"]
target_vault_id = target_resource["resource"]["ID"]
target_policy_rule_params = []
no_of_source_policy_rules = len(source_policy_rules)
no_of_target_policy_rules = len(target_policy_rules)
for i in range(no_of_source_policy_rules):
source_policy_rule = source_policy_rules[i]
if i < no_of_target_policy_rules:
target_policy_rule = target_policy_rules[i]
if (
source_policy_rule["ruleExpression"]
== target_policy_rule["ruleExpression"]
):
continue
else:
temp_rule_param = {
"ID": target_policy_rule["ID"],
"name": source_policy_rule["name"],
"ruleExpression": source_policy_rule["ruleExpression"],
}
ruleParams = source_policy_rule
actions: list[str] = ruleParams["actions"]
rule_param_actions = [
action.split(".")[1].upper() for action in actions
]
resources: list[str] = ruleParams["resources"]
resourceType = source_policy_rule["resourceType"]
ruleParams["vaultID"] = target_vault_id
ruleParams["actions"] = rule_param_actions
ruleParams["action"] = rule_param_actions[0]
else:
temp_rule_param = {
"name": source_policy_rule["name"],
"ruleExpression": source_policy_rule["ruleExpression"],
}
ruleParams = source_policy_rule
actions: list[str] = ruleParams["actions"]
rule_param_actions = [action.split(".")[1].upper() for action in actions]
resources: list[str] = ruleParams["resources"]
resourceType = source_policy_rule["resourceType"]
ruleParams["vaultID"] = target_vault_id
ruleParams["actions"] = rule_param_actions
ruleParams["action"] = rule_param_actions[0]
del ruleParams["ID"]
del ruleParams["resources"]
del ruleParams["dlpFormat"]
del ruleParams["resourceType"]
del ruleParams["ruleExpression"]
if resourceType == "COLUMN":
ruleParams["columns"] = [
f"{resource.split('/')[1].split(':')[1]}.{resource.split('/')[2].split(':')[1]}"
for resource in resources
]
temp_rule_param["columnRuleParams"] = ruleParams
elif resourceType == "TABLE":
ruleParams["tableName"] = resources[0].split("table:")[1]
temp_rule_param["tableRuleParams"] = ruleParams
elif resourceType == "COLUMN_GROUP":
ruleParams["columnGroups"] = [
resource.split("columngroup:")[1] for resource in resources
]
temp_rule_param["columnGroupRuleParams"] = ruleParams
target_policy_rule_params.append(temp_rule_param)
update_payload["ruleParams"] = target_policy_rule_params
return update_payload
def main():
try:
source_policy_id = SOURCE_POLICY_ID
target_policy_id = TARGET_POLICY_ID
if source_policy_id and target_policy_id:
source_policy = get_source_policy(source_policy_id)
target_policy = get_target_policy(target_policy_id)
policy_payload = transform_policy_payload(source_policy, target_policy)
update_policy(policy_payload)
print(f"-- Policy {TARGET_POLICY_ID} updated successfully. --")
else:
print("-- Please provide valid input. Missing input paramaters. --")
except requests.exceptions.HTTPError as http_err:
print(f"-- update_policy HTTP error: {http_err.response.content.decode()} --")
exit(1)
except Exception as err:
print(f"-- update_policy error: {err} --")
exit(1)
if __name__ == "__main__":
main()