Home¶
rlock.api¶
Interact with the RedLock API at Learn more at redlock.io
View code at: https://github.com/cloudcraeft/rlock
Installation:
pip install rlock
Client¶
-
class
rlock.api.
Client
(username, password, endpoint)¶ A RedLock API Client. Mainly used to interface to Policies and Alerts. It calls the APIs and keeps results in some properties.
Parameters: - username (str) – The RedLock login name. Typically an email address
- password (str) – As it says ;0
- endpoint (str) – This is the url for the api. App endpoint maps from e.g app -> https://api.redlock.io/
Example
Client usage is straightforward. Create the Client and then access the core properties (which will instantiate them by pulling from the API).
>>>from rlock.api import Client >>>c = Client("scott@oracle.com", "tiger", "https://api2.redlock.io/") >>>for p in c.policies.take(5): ... print(f"{p.policyId}: {p.name}") 43c42760-5283-4bc4-ac43-a80e58c4139f: AWS S3 bucket has global view ACL permissions enabled 472e08a2-c741-43eb-a3ca-e2f5cd275cf7: Azure Network Security Group allows FTP (TCP Port 21) 91c941aa-d110-4b33-9934-aadd86b1a4d9: AWS Redshift database does not have audit logging enabled f5b4b962-e053-4e73-94d2-c21bd2520a0d: AWS ElastiCache cluster not associated with VPC fe81b03a-c602-4b16-8ae9-973724c1adae: GCP Kubernetes Engine Clusters web UI/Dashboard is set to Enabled
-
alerts
¶ This is a lazy iterable of Alert.
Example
To see the full set of keys for all Alert instances across the service call:
>>>for key_name in c.alerts.unique_keys: ... print(key_name) ... alertTime anomalyDetail_accessKeyUsed anomalyDetail_accountName anomalyDetail_action anomalyDetail_customerId anomalyDetail_description anomalyDetail_dismissedUntil anomalyDetail_eventId anomalyDetail_features anomalyDetail_groupedAnomalyCount anomalyDetail_id anomalyDetail_reasonIds anomalyDetail_reasonValues anomalyDetail_resource anomalyDetail_severity anomalyDetail_status anomalyDetail_subject anomalyDetail_subjectType anomalyDetail_time anomalyDetail_title anomalyDetail_type dismissalNote dismissedBy eventOccurred firstSeen history id investigateOptions_alertId investigateOptions_endTs investigateOptions_searchId investigateOptions_startTs lastSeen policy_complianceMetadata policy_deleted policy_description policy_labels policy_lastModifiedBy policy_lastModifiedOn policy_name policy_policyId policy_policyType policy_recommendation policy_remediable policy_remediation_cliScriptTemplate policy_remediation_description policy_remediation_impact policy_severity policy_systemDefault reason resource_account resource_accountId resource_additionalInfo_accessKeyAge resource_additionalInfo_inactiveSinceTs resource_cloudType resource_data_AccessKeysPerUserQuota resource_data_AccountAccessKeysPresent resource_data_AccountMFAEnabled resource_data_AccountSigningCertificatesPresent ... <elided> ... status
Type: Alerts
-
criteria
¶ This is a lazy iterable of Criterion.
While this is lazy, it is also “heavy” in that it makes many calls to the API to pull this info. It can take some time.
These are RQL queries which are referenced from a Policy. For the most part there is a one to one from Policy to Criterion and this is that collection.
Example
To see the full list of keys across the service currently call:
>>>for key_name in c.criteria.unique_keys: ... print(key_name) cloudType description id name query saved searchType timeRange_type timeRange_value_amount timeRange_value_unit
Type: Criteria
-
policies
¶ This a lazy iterable of Policy.
Example
To see the full set of keys for all Policy instances across the service call.
>>>for key_name in c.policies.unique_keys: ... print(key_name) ... alerts cloudType complianceMetadata createdBy createdOn deleted description enabled labels lastModifiedBy lastModifiedOn name openAlertsCount owner policyId policyMode policyType recommendation remediable remediation_cliScriptTemplate remediation_description remediation_impact ruleLastModifiedOn rule_apiName rule_cloudType rule_criteria rule_criteria_$schema rule_criteria_properties_name_not_enum rule_criteria_properties_name_type rule_criteria_properties_trailARN_not_enum rule_criteria_properties_trailARN_type rule_criteria_properties_vpcId_type rule_criteria_required rule_criteria_title rule_criteria_type rule_filter_apiName rule_filter_cloudType rule_filter_condition rule_filter_criteria rule_filter_name rule_filter_resourceIdPath rule_filter_resourceType rule_filter_type rule_name rule_operator rule_parameters_savedSearch rule_resourceIdPath rule_resourceType rule_type severity systemDefault
Type: Policies
Policies¶
-
class
rlock.api.
Policies
(endpoint, headers)¶ An iterable of Policy built up from the RedLock API.
Parameters: - endpoint (str) – the api endpoint without path e.g. https://api.redlock.io/
- headers (dict) – http headers with auth for redlock
These represent the current set of metadata that the system has available for monitoring. See Policy
-
append
(item)¶ add item to end of list
-
drop
(n)¶ drop the items from before n and return what is left
-
head
()¶ get the first item from the list like (car list)
-
tail
()¶ get the rest of the list like (cdr list)
-
unique_keys
¶ the set of flattened keys from across all of these items
Policy¶
-
class
rlock.api.
Policy
(args)¶ The metadata for what is watched by Redlock.
Ultimately, this is implemented by a Criterion and it’s RQL. When violated it will create an Alert. See Item.
-
hash
¶ This is a fingerprint of all of the data for this entity.
Useful for comparing Items over time. Mainly implemented for rlock.sql.SQLCache.
-
keys
¶ These are composite keys which have been flattened from the json API response.
e.g policy.rule.criteriaId -> policy_rule_criteriaId
-
values
¶ These are the leaves from the json API response since everything is flattened.
-
Criteria¶
-
class
rlock.api.
Criteria
(endpoint, headers, policies)¶ An iterable built up from the RedLock API. This is heavy on API calls.
Parameters: - endpoint (str) – the api endpoint without path e.g. https://api.redlock.io/
- headers (dict) – http headers with auth for redlock
- policies – the iterable of Policy to check each for Criterion
-
append
(item)¶ add item to end of list
-
drop
(n)¶ drop the items from before n and return what is left
-
head
()¶ get the first item from the list like (car list)
-
tail
()¶ get the rest of the list like (cdr list)
-
unique_keys
¶ the set of flattened keys from across all of these items
Criterion¶
-
class
rlock.api.
Criterion
(args)¶ The RQL and associated info.
See Item
-
hash
¶ This is a fingerprint of all of the data for this entity.
Useful for comparing Items over time. Mainly implemented for rlock.sql.SQLCache.
-
keys
¶ These are composite keys which have been flattened from the json API response.
e.g policy.rule.criteriaId -> policy_rule_criteriaId
-
values
¶ These are the leaves from the json API response since everything is flattened.
-
Alerts¶
-
class
rlock.api.
Alerts
(endpoint, headers)¶ An iterable of Alert built up from the RedLock API.
Parameters: - endpoint (str) – the api endpoint without path e.g. https://api.redlock.io/
- headers – http headers with auth for RedLock
-
append
(item)¶ add item to end of list
-
drop
(n)¶ drop the items from before n and return what is left
-
head
()¶ get the first item from the list like (car list)
-
tail
()¶ get the rest of the list like (cdr list)
-
unique_keys
¶ the set of flattened keys from across all of these items
Alert¶
-
class
rlock.api.
Alert
(args)¶ The notification that something is amiss.
This represents a Policy violation which is ultimately triggered by a Criterion which is RQL.
-
hash
¶ This is a fingerprint of all of the data for this entity.
Useful for comparing Items over time. Mainly implemented for rlock.sql.SQLCache.
-
keys
¶ These are composite keys which have been flattened from the json API response.
e.g policy.rule.criteriaId -> policy_rule_criteriaId
-
values
¶ These are the leaves from the json API response since everything is flattened.
-