Python SDK for the Blacksands Bursar API

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for npawl from gravatar.com npawl

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Requires: Python >=3.9
  • Provides-Extra: dev
Report project as malware

Project description

Blacksands Bursar Python SDK

Python client for the Blacksands Bursar API -- zero-trust network security provisioning, certificate management, compliance, and posture verification.

Installation

pip install blacksands-shield

For development:

pip install -e ".[dev]"

Quickstart

from blacksands_shield import ShieldClient

client = ShieldClient(
    client_cert="/path/to/client.crt",
    client_key="/path/to/client.key",
    ca_cert="/path/to/blacksands-ca.crt",  # optional
)

# Create an organisation
org = client.orgs.create("Acme Corp", "admin@acme.com", tier="professional")
org_id = org["data"]["id"]

# Register an application
app = client.apps.register(org_id, "web-frontend", framework="react")
app_id = app["data"]["id"]

# Generate a certificate
cert = client.certs.generate(app_id)

# Provision an endpoint
ep = client.endpoints.provision(app_id, "ingress", "api.acme.com", 443)

# Run a verification scan and wait for results
scan = client.verify.scan(app_id)
result = client.operations.poll_until_complete(scan["data"]["operationId"])

Authentication

The Shield SDK uses mTLS client certificates exclusively. API-key authentication is not supported. An mTLS certificate bundle is issued by a Blacksands administrator through Overwatch or SysAdmin and delivered to the caller out-of-band.

client = ShieldClient(
    client_cert="/path/to/client.crt",
    client_key="/path/to/client.key",
)

The cert and key are attached to the underlying requests session via session.cert.

Configuration

client = ShieldClient(
    client_cert="/path/to/client.crt",
    client_key="/path/to/client.key",
    ca_cert="/path/to/blacksands-ca.crt",       # optional: pin the server cert
    base_url="https://shield.blacksands.io/v1",  # default
    timeout=30,       # seconds, default
    max_retries=3,    # retries on 5xx / connection errors, default
)

API Reference

Organisations -- client.orgs

Method Description
create(name, contact_email, tier="essentials") Create a new organisation
get(org_id) Get organisation by ID
list(limit=20, offset=0) List organisations
update(org_id, **kwargs) Update organisation fields

Applications -- client.apps

Method Description
register(org_id, name, version=None, framework=None, runtime=None) Register a new app
get(app_id) Get application by ID
list(org_id, limit=20, offset=0) List apps for an org
decommission(app_id) Decommission an app

Certificates -- client.certs

Method Description
generate(app_id, algorithm="RSA-2048") Generate a new certificate
rotate(app_id, cert_id) Rotate a certificate
revoke(app_id, cert_id) Revoke a certificate
list(app_id, limit=20, offset=0) List certificates for an app

Endpoints -- client.endpoints

Method Description
provision(app_id, type, hostname, port, protocol="https") Provision an endpoint
list(app_id, limit=20, offset=0) List endpoints
verify(app_id, endpoint_id) Verify an endpoint
deprovision(app_id, endpoint_id) Deprovision an endpoint

Policies -- client.policies

Method Description
create(app_id, type, name, rules, priority=1) Create a policy
update(app_id, policy_id, **kwargs) Update a policy
apply(app_id) Apply all policies for an app
list(app_id, limit=20, offset=0) List policies

DNS -- client.dns

Method Description
allow(app_id, domain, reason=None) Allow a domain
block(app_id, domain, reason=None) Block a domain
scan(app_id) Trigger a DNS scan
report(app_id) Get DNS report

Manifests -- client.manifests

Method Description
submit(org_id, manifest) Submit a deployment manifest
get(manifest_id) Get manifest by ID
provision(manifest_id) Provision from manifest
diff(manifest_id, compare_version) Diff against a version

Verify -- client.verify

Method Description
scan(app_id) Trigger a posture scan
get_result(operation_id) Get scan result
get_latest(app_id) Get latest posture

Compliance -- client.compliance

Method Description
get_status(app_id) Get compliance status
generate_report(app_id, framework="SOC2") Generate a report
get_controls(framework) List controls for a framework
get_history(app_id) Get compliance history

Operations -- client.operations

Method Description
get_status(operation_id) Get operation status
poll_until_complete(operation_id, timeout=120, interval=3) Block until done

Sessions -- client.sessions

Method Description
list(app_id) List active sessions
get(session_id) Get session details
terminate(session_id) Terminate a session

Error Handling

from blacksands_shield.exceptions import (
    ShieldAPIError,
    AuthenticationError,
    RateLimitError,
    NotFoundError,
    ValidationError,
)

try:
    client.orgs.get("nonexistent")
except NotFoundError as e:
    print(f"Not found: {e} (HTTP {e.status_code})")
except AuthenticationError:
    print("Check your API key")
except RateLimitError:
    print("Slow down -- rate limit hit")
except ShieldAPIError as e:
    print(f"API error: {e}")

All exceptions carry status_code and response attributes.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for npawl from gravatar.com npawl

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Requires: Python >=3.9
  • Provides-Extra: dev

Release history Release notifications | RSS feed

This version

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

blacksands_bursar-0.2.0.tar.gz (11.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

blacksands_bursar-0.2.0-py3-none-any.whl (12.6 kB view details)

Uploaded Python 3

File details

Details for the file blacksands_bursar-0.2.0.tar.gz.

File metadata

  • Download URL: blacksands_bursar-0.2.0.tar.gz
  • Upload date:
  • Size: 11.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for blacksands_bursar-0.2.0.tar.gz
Algorithm Hash digest
SHA256 6ece3e802e78fd2bc0a5b70b28732ecb17abe62ef8b3969dbfc7605d20b17e21
MD5 ee065c52516f03addfc8712d0d0fa0a7
BLAKE2b-256 7fa47a51e8140daed6f61e808e2729a73435c7f52a59fbf15e11499d3446963c

See more details on using hashes here.

File details

Details for the file blacksands_bursar-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for blacksands_bursar-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9ea200e0e47e9baae44772149d96793ba257e8a01126f43b110fe6681a27c4a3
MD5 1b274d31d9de0c90732dc9c0c22f3edc
BLAKE2b-256 8acfaa0497e14f1f91ca0cda03571e6a673c85ae5b2767d441663d7bc322d7f0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page