Updates for Lacework v3.90 (#17)

* fix: 'CloudTrail' endpoint was renamed to 'CloudActivities'
* fix: 'REMOTE_SCANNER' registry type changed to 'INLINE_SCANNER'
* docs: Updated README.md for newer APIv2 endpoints
* feat: Implemented the 'account' endpoint

Author: alannix-lw

README.md

@@ -77,6 +77,7 @@ Are you looking for some sample scripts? Check out the [examples](examples/) fol
 
 ### API v1
 
+- [x] Account API
 - [x] Compliance API
 - [x] Custom Compliance Config API
 - [x] Download File API
@@ -93,8 +94,12 @@ Are you looking for some sample scripts? Check out the [examples](examples/) fol
 - [x] Alert Channels
 - [x] Alert Rules
 - [x] Audit Logs
-- [x] CloudTrail
+- [x] Cloud Accounts
+- [x] Cloud Activities
+- [x] Container Registries
 - [x] Contract Info
 - [x] Report Rules
 - [x] Resource Groups
+- [x] Schemas
 - [x] Team Members
+- [x] User Profile

laceworksdk/api/__init__.py

@@ -7,12 +7,13 @@
 
 from dotenv import load_dotenv
 from laceworksdk.http_session import HttpSession
+from .account import AccountAPI
 from .agent_access_tokens import AgentAccessTokensAPI
 from .alert_channels import AlertChannelsAPI
 from .alert_rules import AlertRulesAPI
 from .audit_logs import AuditLogsAPI
 from .cloud_accounts import CloudAccountsAPI
-from .cloudtrail import CloudTrailAPI
+from .cloud_activities import CloudActivitiesAPI
 from .compliance import ComplianceAPI
 from .container_registries import ContainerRegistriesAPI
 from .contract_info import ContractInfoAPI
@@ -75,12 +76,13 @@ def __init__(self,
         )
 
         # API Wrappers
+        self.account = AccountAPI(self._session)
         self.agent_access_tokens = AgentAccessTokensAPI(self._session)
         self.alert_channels = AlertChannelsAPI(self._session)
         self.alert_rules = AlertRulesAPI(self._session)
         self.audit_logs = AuditLogsAPI(self._session)
         self.cloud_accounts = CloudAccountsAPI(self._session)
-        self.cloudtrail = CloudTrailAPI(self._session)
+        self.cloud_activities = CloudActivitiesAPI(self._session)
         self.compliance = ComplianceAPI(self._session)
         self.compliance.config = CustomComplianceConfigAPI(self._session)
         self.container_registries = ContainerRegistriesAPI(self._session)

laceworksdk/api/account.py

@@ -0,0 +1,43 @@
+# -*- coding: utf-8 -*-
+"""
+Lacework Account API wrapper.
+"""
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class AccountAPI(object):
+    """
+    Lacework Account API.
+    """
+
+    def __init__(self, session):
+        """
+        Initializes the AccountAPI object.
+
+        :param session: An instance of the HttpSession class.
+
+        :return AccountAPI object
+        """
+
+        super(AccountAPI, self).__init__()
+
+        self._session = session
+
+    def get_org_info(self):
+        """
+        A method to get Account's organization info
+
+        :return response json
+        """
+
+        logger.info("Getting Account information from Lacework...")
+
+        # Build the Account request URI
+        api_uri = "/api/v1/external/account/organizationInfo"
+
+        response = self._session.get(api_uri)
+
+        return response.json()

laceworksdk/api/cloudtrail.py renamed to laceworksdk/api/cloud_activities.py

@@ -1,28 +1,28 @@
 # -*- coding: utf-8 -*-
 """
-Lacework CloudTrail API wrapper.
+Lacework CloudActivities API wrapper.
 """
 
 import logging
 
 logger = logging.getLogger(__name__)
 
 
-class CloudTrailAPI(object):
+class CloudActivitiesAPI(object):
     """
-    Lacework CloudTrail API.
+    Lacework CloudActivities API.
     """
 
     def __init__(self, session):
         """
-        Initializes the CloudTrailAPI object.
+        Initializes the CloudActivitiesAPI object.
 
         :param session: An instance of the HttpSession class
 
-        :return CloudTrailAPI object.
+        :return CloudActivitiesAPI object.
         """
 
-        super(CloudTrailAPI, self).__init__()
+        super(CloudActivitiesAPI, self).__init__()
 
         self._session = session
 
@@ -31,7 +31,7 @@ def get(self,
             end_time=None,
             org=False):
         """
-        A method to get CloudTrail details.
+        A method to get CloudActivities details.
 
         :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from.
         :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at.
@@ -41,10 +41,10 @@ def get(self,
         :return response json
         """
 
-        logger.info("Getting CloudTrail details from Lacework...")
+        logger.info("Getting CloudActivities details from Lacework...")
 
-        # Build the CloudTrail request URI
-        api_uri = "/api/v2/CloudTrail"
+        # Build the CloudActivities request URI
+        api_uri = "/api/v2/CloudActivities"
 
         if start_time and end_time:
             api_uri += f"?startTime={start_time}&endTime={end_time}"
@@ -57,7 +57,7 @@ def search(self,
                query_data=None,
                org=False):
         """
-        A method to search CloudTrail details.
+        A method to search CloudActivities details.
 
         :param query_data: A dictionary containing the necessary search parameters
             (timeFilter, filters, returns)
@@ -67,10 +67,10 @@ def search(self,
         :return response json
         """
 
-        logger.info("Searching CloudTrail details from Lacework...")
+        logger.info("Searching CloudActivities details from Lacework...")
 
-        # Build the CloudTrail request URI
-        api_uri = "/api/v2/CloudTrail/search"
+        # Build the CloudActivities request URI
+        api_uri = "/api/v2/CloudActivities/search"
 
         response = self._session.post(api_uri, data=query_data, org=org)
 

tests/api/test_account.py

@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+"""
+Test suite for the community-developed Python SDK for interacting with Lacework APIs.
+"""
+
+from laceworksdk.api.account import AccountAPI
+
+
+# Tests
+
+def test_account_api_object_creation(api):
+    assert isinstance(api.account, AccountAPI)
+
+
+def test_account_api_env_object_creation(api_env):
+    assert isinstance(api_env.account, AccountAPI)
+
+
+def test_account_api_get_org_info(api):
+    response = api.account.get_org_info()
+    assert "orgAccount" in response.keys()
+    assert "orgAccountName" in response.keys()

tests/api/test_cloudtrail.py renamed to tests/api/test_cloud_activities.py

@@ -5,7 +5,7 @@
 
 from datetime import datetime, timedelta, timezone
 
-from laceworksdk.api.cloudtrail import CloudTrailAPI
+from laceworksdk.api.cloud_activities import CloudActivitiesAPI
 
 # Build start/end times
 current_time = datetime.now(timezone.utc)
@@ -16,26 +16,26 @@
 
 # Tests
 
-def test_cloud_trail_api_object_creation(api):
-    assert isinstance(api.cloudtrail, CloudTrailAPI)
+def test_cloud_activities_api_object_creation(api):
+    assert isinstance(api.cloud_activities, CloudActivitiesAPI)
 
 
-def test_cloud_trail_api_env_object_creation(api_env):
-    assert isinstance(api_env.cloudtrail, CloudTrailAPI)
+def test_cloud_activities_api_env_object_creation(api_env):
+    assert isinstance(api_env.cloud_activities, CloudActivitiesAPI)
 
 
-def test_cloud_trail_api_get(api):
-    response = api.cloudtrail.get()
+def test_cloud_activities_api_get(api):
+    response = api.cloud_activities.get()
     assert "data" in response.keys()
 
 
-def test_cloud_trail_api_get_by_date(api):
-    response = api.cloudtrail.get(start_time=start_time, end_time=end_time)
+def test_cloud_activities_api_get_by_date(api):
+    response = api.cloud_activities.get(start_time=start_time, end_time=end_time)
     assert "data" in response.keys()
 
 
-def test_cloud_trail_api_search(api):
-    response = api.cloudtrail.search(query_data={
+def test_cloud_activities_api_search(api):
+    response = api.cloud_activities.search(query_data={
         "timeFilter": {
             "startTime": start_time,
             "endTime": end_time

tests/api/test_container_registries.py

@@ -44,7 +44,7 @@ def test_container_registries_api_create(api):
         type="ContVulnCfg",
         enabled=1,
         data={
-            "registryType": "REMOTE_SCANNER"
+            "registryType": "INLINE_SCANNER"
         }
     )
 

tests/conftest.py

@@ -6,12 +6,13 @@
 pytest_plugins = [
     "tests.test_laceworksdk",
     "tests.api",
+    "tests.api.test_account",
     "tests.api.test_agent_access_tokens",
     "tests.api.test_alert_channels",
     "tests.api.test_alert_rules",
     "tests.api.test_audit_logs",
     "tests.api.test_cloud_accounts",
-    "tests.api.test_cloudtrail",
+    "tests.api.test_cloud_activities",
     "tests.api.test_compliance",
     "tests.api.test_container_registries",
     "tests.api.test_contract_info",