Skip to content

Commit 6343e9e

Browse files
tjarrettveracodetjarrettveracode
committed
add jit defaults
1 parent c9896d8 commit 6343e9e

File tree

3 files changed

+73
-2
lines changed

3 files changed

+73
-2
lines changed

docs/docs.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,8 @@ See the topics below for more information on how to use this library.
2323
* [Teams](teams.md) - create, update, access, and delete teams.
2424
* [Business Units](businessunits.md) - create, update, access, and delete business units.
2525
* [API Credentials](apicreds.md) - create, access, renew, and revoke API credentials.
26-
* [Roles](roles.md) - access system roles and permissions; create, update, access, and delete custom roles.
26+
* [Roles and Permissions](roles.md) - access system roles and permissions; create, update, access, and delete custom roles.
27+
* [JIT Default Settings](jitdefaults.md) - create and update default Just-In-Time Provisioning settings.
2728

2829
## API Object
2930

docs/jitdefaults.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
# Just In Time Provisioning Default Settings
2+
3+
The following methods call Veracode REST APIs and return JSON. More information about the JIT settings is available in the [Veracode Docs](https://docs.veracode.com/r/Configure_SAML_Self_Registration).
4+
5+
- `JITDefaultSettings().get()` - retrieve the current Just In Time (JIT) default settings.
6+
- `JITDefaultSettings().create(ip_restricted(opt),prefer_veracode_data(opt), allowed_ip_addresses(opt), use_csv_for_roles_claim(opt), use_csv_for_teams_claim(opt), use_csv_for_teams_managed_claim(opt), use_csv_for_ip_address_claim(opt),teams(opt),roles(opt))` - create new Just In Time (JIT) default settings. Settings include:
7+
- `ip_restricted`: set to `True` to apply IP restrictions (defined in `allowed_ip_addresses`) for a JIT user.
8+
- `prefer_veracode_data`: set to `True` to allow an administrator to manage roles, teams, and other settings for users in the Veracode administrative console after user creation. If set to `False`, the SAML assertion sent from the customer's Identity Provider must contain these values.
9+
- `allowed_ip_addresses`: an array of IP addresses. See the [Veracode Docs](https://docs.veracode.com/r/admin_ip) for more information.
10+
- `use_csv_for_roles_claim`: set to `True` if your IDP will send a comma separated list of roles (instead of an array).
11+
- `use_csv_for_teams_claim`: set to `True` if your IDP will send a comma separated list of teams (instead of an array).
12+
- `use_csv_for_teams_managed_claim`: set to `True` if your IDP will send a comma separated list of teams managed by a team admin (instead of an array).
13+
- `use_csv_for_ip_address_claim`: set to `True` if your IDP will send a comma separated list of IP address restrictions (instead of an array).
14+
- `teams`: an array of team IDs (UUIDs) that should be assigned to a JIT user by default.
15+
- `roles`: an array of role IDs (UUIDs) that should be assigned to a JIT user by default.
16+
- `JITDefaultSettings().update(jit_default_id, ip_restricted(opt),prefer_veracode_data(opt), allowed_ip_addresses(opt), use_csv_for_roles_claim(opt), use_csv_for_teams_claim(opt), use_csv_for_teams_managed_claim(opt), use_csv_for_ip_address_claim(opt),teams(opt),roles(opt))` - update existing Just In Time (JIT) default settings identified by `jit_default_id`.
17+
- `JITDefaultSettings().delete(jit_default_id)` - delete the Just In Time (JIT) default settings identified by `jit_default_id`.
18+
19+
[All docs](docs.md)

veracode_api_py/identity.py

Lines changed: 52 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -307,4 +307,55 @@ def get_all(self):
307307
return APIHelper()._rest_paged_request( self.base_uri,"GET","permissions",{'page':0})
308308

309309
def get(self, permission_guid: UUID):
310-
return APIHelper()._rest_request("{}/{}".format(self.base_uri,permission_guid),"GET")
310+
return APIHelper()._rest_request("{}/{}".format(self.base_uri,permission_guid),"GET")
311+
312+
class JITDefaultSettings():
313+
base_uri = "api/authn/v2/jit_default_settings"
314+
315+
def get(self):
316+
return APIHelper()._rest_request( self.base_uri, "GET")
317+
318+
def create(self, ip_restricted=False,prefer_veracode_data=True, allowed_ip_addresses=[],
319+
use_csv_for_roles_claim=False, use_csv_for_teams_claim=False, use_csv_for_teams_managed_claim=False,
320+
use_csv_for_ip_address_claim=True,teams=[],roles=[]):
321+
return self._create_or_update("CREATE", ip_restricted=ip_restricted, prefer_veracode_data=prefer_veracode_data,
322+
allowed_ip_addresses=allowed_ip_addresses, use_csv_for_roles_claim=use_csv_for_roles_claim,
323+
use_csv_for_teams_claim=use_csv_for_teams_claim,
324+
use_csv_for_teams_managed_claim=use_csv_for_teams_managed_claim,
325+
use_csv_for_ip_address_claim=use_csv_for_ip_address_claim, teams=teams, roles=roles)
326+
327+
def update(self, jit_default_id: UUID, ip_restricted=False,prefer_veracode_data=True, allowed_ip_addresses=[],
328+
use_csv_for_roles_claim=False, use_csv_for_teams_claim=False, use_csv_for_teams_managed_claim=False,
329+
use_csv_for_ip_address_claim=True,teams=[],roles=[]):
330+
return self._create_or_update("UPDATE", jit_default_id = jit_default_id, ip_restricted=ip_restricted,
331+
prefer_veracode_data=prefer_veracode_data,allowed_ip_addresses=allowed_ip_addresses,
332+
use_csv_for_roles_claim=use_csv_for_roles_claim,
333+
use_csv_for_teams_claim=use_csv_for_teams_claim,
334+
use_csv_for_teams_managed_claim=use_csv_for_teams_managed_claim,
335+
use_csv_for_ip_address_claim=use_csv_for_ip_address_claim, teams=teams, roles=roles)
336+
337+
def _create_or_update(self, method, jit_default_id: UUID=None, ip_restricted=False,prefer_veracode_data=True, allowed_ip_addresses=[],
338+
use_csv_for_roles_claim=False, use_csv_for_teams_claim=False, use_csv_for_teams_managed_claim=False,
339+
use_csv_for_ip_address_claim=True,teams=[],roles=[]):
340+
341+
if method == "CREATE":
342+
uri = self.base_uri
343+
httpmethod = "POST"
344+
elif method == "UPDATE":
345+
uri = '{}/{}'.format(self.base_uri, jit_default_id)
346+
httpmethod = "PUT"
347+
else:
348+
return
349+
350+
params = { 'ip_restricted': ip_restricted, 'prefer_veracode_data': prefer_veracode_data, 'allowed_ip_addresses': allowed_ip_addresses,
351+
'use_csv_for_roles_claim': use_csv_for_roles_claim, 'use_csv_for_teams_claim': use_csv_for_teams_claim,
352+
'use_csv_for_teams_managed_claim': use_csv_for_teams_managed_claim, 'use_csv_for_ip_address_claim': use_csv_for_ip_address_claim,
353+
'teams': teams, 'roles': roles}
354+
355+
body = json.dumps(params)
356+
357+
return APIHelper()._rest_request(url=uri, method=httpmethod, params=body)
358+
359+
def delete(self, jit_default_id: UUID):
360+
uri = '{}/{}'.format(self.base_uri, jit_default_id)
361+
return APIHelper()._rest_request( uri, "DELETE")

0 commit comments

Comments
 (0)