# -*- coding: utf-8 -*-
"""Lacework VulnerabilityPolicies API wrapper."""
from laceworksdk.api.crud_endpoint import CrudEndpoint
[docs]
class VulnerabilityPoliciesAPI(CrudEndpoint):
"""A class used to represent the `Vulnerabilities Policies API endpoint <https://docs.lacework.net/api/v2/docs/#tag/VulnerabilityPolicies>`_ .
Lacework provides the ability to create container vulnerability policies to assess your container images at build
and/or runtime based on your own unique requirements. For example, a policy can be created for any critical
vulnerability with a fix available or a policy to target a specific CVE.
"""
def __init__(self, session):
"""Initializes the VulnerabilityPoliciesAPI object.
Args:
session (HttpSession): An instance of the HttpSession class
Returns:
VulnerabilityPoliciesAPI: An instance of this class
"""
super().__init__(session, "VulnerabilityPolicies")
[docs]
def create(
self,
policy_type,
policy_name,
severity,
state,
filter,
props,
policy_eval_type=None,
fail_on_violation=False,
alert_on_violation=False,
**request_params,
):
"""A method to create a new vulnerability policy.
Args:
policy_type (str): The type of the policy. See `API documentation <https://docs.lacework.net/api/v2/docs/#tag/VulnerabilityPolicies/paths/~1api~1v2~1VulnerabilityPolicies/post>`_ for valid values
policy_name (str): The name of the policy.
severity (str): The severity of the policy. Valid values: "Info", "Low", "Medium", "High", "Critical"
state (bool|int): A boolean representing the state of the policy.
filter (dict): The filter data for the policy type specified in the "policyType" field. See \
`API documentation <https://docs.lacework.net/api/v2/docs/#tag/VulnerabilityPolicies/paths/~1api~1v2~1VulnerabilityPolicies/post>`_ for fields.
props (dict): The vulnerability policy's properties. Fields are:\n
- description (str): The property description.
- createdBy (str): The creator of the property.
- updatedBy (str): The updater of the property.
policy_eval_type (str, optional): The policy evaluation type. Valid values: "local"
fail_on_violation (bool|int, optional): Whether the policy should fail on violations. (Default = False)
alert_on_violation: (bool|int, optional): Whether the policy should alert on violations. (Default = False)
request_params (dict, optional): Use to pass any additional parameters the API
Returns:
dict: The newly created vulnerability policy
"""
return super().create(
policy_type=policy_type,
policy_name=policy_name,
severity=severity,
state=int(bool(state)),
filter=filter,
props=props,
policy_eval_type=policy_eval_type,
fail_on_violation=int(bool(fail_on_violation)),
alert_on_violation=int(bool(alert_on_violation)),
**request_params,
)
[docs]
def get(self, guid=None):
"""A method to get vulnerability policies. Using no args will get all vulnerability policies.
Args:
guid (str, optional): The GUID of the vulnerability policy to get
Returns:
dict: The requested vulnerability policie(s)
"""
return super().get(id=guid)
[docs]
def get_by_guid(self, guid):
"""A method to get a vulnerability policy by GUID.
Args:
guid (str): The GUID of the vulnerability policy to get
Returns:
dict: The requested vulnerability policie(s)
"""
return self.get(guid=guid)
[docs]
def update(
self,
guid,
policy_type=None,
policy_name=None,
severity=None,
state=None,
filter=None,
props=None,
policy_eval_type=None,
fail_on_violation=None,
alert_on_violation=None,
**request_params,
):
"""A method to update a VulnerabilityPolicies object.
Args:
guid (str): The GUID of the policy to update
policy_type (str, optional): The type of the policy. See `API documentation <https://docs.lacework.net/api/v2/docs/#tag/VulnerabilityPolicies/paths/~1api~1v2~1VulnerabilityPolicies/post>`_ for valid values
policy_name (str, optional): The name of the policy.
severity (str, optional): The severity of the policy. Valid values: "Info", "Low", "Medium", "High", "Critical"
state (bool|int, optional): A boolean representing the state of the policy.
filter (dict, optional): The filter data for the policy type specified in the "policyType" field. See \
`API documentation <https://docs.lacework.net/api/v2/docs/#tag/VulnerabilityPolicies/paths/~1api~1v2~1VulnerabilityPolicies/post>`_ for fields.
props (dict): The vulnerability policy's properties. Fields are:\n
- description (str): The property description.
- createdBy (str): The creator of the property.
- updatedBy (str): The updater of the property.
policy_eval_type (str, optional): The policy evaluation type. Valid values: "local"
fail_on_violation (bool|int, optional): Whether the policy should fail on violations. (Default = False)
alert_on_violation: (bool|int, optional): Whether the policy should alert on violations. (Default = False)
request_params (dict, optional): Use to pass any additional parameters the API
Returns:
dict: updated vulnerability policy
"""
if state is not None:
state = int(bool(state))
if fail_on_violation is not None:
fail_on_violation = int(bool(fail_on_violation))
if alert_on_violation is not None:
alert_on_violation = int(bool(alert_on_violation))
return super().update(
guid,
policy_type=policy_type,
policy_name=policy_name,
severity=severity,
state=state,
filter=filter,
props=props,
policy_eval_type=policy_eval_type,
fail_on_violation=fail_on_violation,
alert_on_violation=alert_on_violation,
**request_params,
)
[docs]
def delete(self, guid):
"""A method to delete a vulnerability policy.
Args:
guid (str): The GUID of the vulnerability policy to delete
Returns:
requests.models.Response: a Requests response object containing the response code
"""
return super().delete(id=guid)