britive 3.1.0

A pure Python SDK for the Britive API

Britive Python SDK

Pure Python implementation for interacting with the Britive API.

This package aims to wrap the Britive API for usage in Python development. For the most part it is a simple wrapper (sending potentially bad parameters to the API) but there are a couple of places where liberties were taken to enhance the developer/end user experience. Some APIs may also be combined into one Python method with a parameter if and where it makes more sense to present the API that way.

This package supports Python versions >= 3.8.

Installation

pip install britive

Or execute one of the following commands if you wish to pull directly from the Github repo instead of PyPi. Or navigate to Releases and use the URL of the tarball release that is needed, if not the lastest.

pip install $(curl -s https://api.github.com/repos/britive/python-sdk/releases/latest \
    | jq -r '.assets[] | select(.content_type == "application/x-gzip") | .browser_download_url')

OR

pip install $(curl -s https://api.github.com/repos/britive/python-sdk/releases/latest \
    | grep "browser_download_url.*.tar.gz" | cut -d : -f 2,3 | tr -d \")

Documentation

Each public method is documented with a docstring which provides details on what the method does, the parameters the method accepts, and details about what is returned from the method.

Official API documentation can be found here: Overview of Britive APIs.

Authentication

Authentication is handled solely via API tokens. The token must be provided in one of two methods.

1. Passed directly into the class constructor.
2. Injected as an environment variable into the execution context where this package is being run.
   1. The environment variable name must be BRITIVE_API_TOKEN.

As of v2.5.0 a Bearer token can be provided as well. A Bearer token is generated as part of an interactive login process and is temporary in nature. This is to support the Britive Python CLI.

All Britive API tokens are authenticated against a specific Britive tenant. The name of the tenant must be presented in one of two methods.

1. Passed directly into the Britive class constructor.
2. Injected as an environment variable into the execution context where this package is being run.
   1. The environment variable name must be BRITIVE_TENANT.

In order to obtain the tenant name, reference the Britive URL used to log into the UI. If the URL is https://example.britive-app.com then the tenant name will be example.

Pagination

All pagination is handled by the package. The caller will never have to deal with paginated responses.

Assumptions

• The caller has access to an active Britive tenant.
• The caller has been granted an API token and/or has the ability to generate an API token.
  • This can be either for a User or Service Identity.
• No assumptions are made about the operating system or file system.
  • Nothing is persisted to disk.
    • The end user must persist responses to disk if and when that is required.

Resource Coverage

The following Britive resources are supported with full CRUDL operations where appropriate, and additional actions where they exist.

• Access Broker
• Access Builder
• Accounts
• Accounts (associated with an application/environment)
• API Tokens (for Users)
• Applications
• Audit Logs
• Environment
• Environment Groups
• Groups (associated with an application/environment)
• Identity Attributes
• Identity Providers
• My Access (access granted to the given identity (user or service))
• My Resources (access granted to the given identity (user or service))
• My Secrets (access granted to the given identity (user or service))
• Notifications
• Permissions (associated with an application/environment)
• Profiles
• Reports
• SAML Settings
• Scans
• Security Policies
• Service Identities
• Service Identity Tokens
• System Announcement (aka banner)
• Tags (aka User Tags)
• Task Services
• Tasks
• Users

Proxies

Under the covers, python requests is being used to communicate with the Britive API. As such, any functionality of requests can be used, including setting an HTTP proxy.

• HTTP proxies will be set via environment variables.
  • HTTP_PROXY
  • HTTPS_PROXY
  • NO_PROXY
  • http_proxy
  • https_proxy
  • no_proxy

Standard HTTP proxy URLs should be utilized.

Examples:

• Unauthenticated Proxy: http://internalproxy.domain.com:8080
• Authenticated Proxy: http://user:pass@internalproxy.domain.com:8080

Custom TLS Certificates

Setting custom TLS certificates functionality of requests can also be used.

• Certificate bundles can be set via environment variables.
  • REQUESTS_CA_BUNDLE
  • CURL_CA_BUNDLE (used as a fallback)
  • PYBRITIVE_CA_BUNDLE (specific to the Britive Python SDK)

The values of these environment variables must be a path to a directory of certificates or a specific certificate.

Example: /path/to/certfile

Platform Examples

linux/macos

export REQUESTS_CA_BUNDLE="/usr/local/corp-proxy/cacert.pem"

windows

powershell:

$env:REQUESTS_CA_BUNDLE = "C:\Users\User\AppData\Local\corp-proxy\cacert.pem"

cmd:

set REQUESTS_CA_BUNDLE="C:\Users\User\AppData\Local\corp-proxy\cacert.pem"

Examples

Importing

This should be the only class that is required for import.

from britive.britive import Britive

Optionally, the various exceptions that this package raises can be imported as well, e.g.

from britive import exceptions

Then specific exception(s) could be referenced as demonstrated below:

try:
    something()
except exceptions.TokenMissingError():
    handle()

List All Users

from britive.britive import Britive
import json

britive = Britive()  # source needed data from environment variables

print(json.dumps(britive.users.list(), indent=2, default=str))

Provide Needed Authentication Information in the Script

from britive.britive import Britive
import json

britive = Britive(tenant='example', token='...') # source token and tenant locally (not from environment variables)

print(json.dumps(britive.users.list(), indent=2, default=str))

Create API Token for a Service Identity

from britive.britive import Britive
import json

britive = Britive()  # source needed data from environment variables

print(json.dumps(britive.service_identity_tokens.create(service_identity_id='abc123'), indent=2, default=str))

Run a Report (JSON and CSV output)

from britive.britive import Britive
import json

britive = Britive()  # source needed data from environment variables

print(json.dumps(britive.reports.run(report_id='abc123'), indent=2, default=str))

with open('file.csv', 'w') as f:
    f.write(britive.reports.run(report_id='abc123', csv=True))

Create a Profile Policy (profiles v2/enhanced profiles)

The commands below will create a policy on a profile that allows user@domain.com to check out the profile but only if approver@domain.com approves that request within 10 minutes.

from britive.britive import Britive

b = Britive()

policy = b.profiles.policies.build(
    name='example',
    users=['user@domain.com'],
    approval_notification_medium='Email',
    approver_users=['approver@domain.com'],
    time_to_approve=10
)

b.profiles.policies.create(profile_id='...', policy=policy)