Pure Python implementation for interacting with the Britive API.
This package aims to wrap the Britive API for use in Python. For the most part it is a simple wrapper (sending potentially bad parameters to the API) but there are a couple of places where liberties were taken to enhance the developer/end user experience. Some APIs may also be combined into one Python method with a parameter if and where it makes more sense to present the API that way.
This package supports Python 3.7 and higher.
pip install britive
Or execute one of the following commands if you wish to pull directly from the Github repo instead of PyPi. Or navigate to Releases and use the URL of the tarball release that is needed, if not the lastest.
pip install $(curl -s https://api.github.com/repos/britive/python-sdk/releases/latest | jq -r '.assets[] | select(.content_type == "application/x-gzip") | .browser_download_url')
OR
pip install $(curl -s https://api.github.com/repos/britive/python-sdk/releases/latest | grep "browser_download_url.*.tar.gz" | cut -d : -f 2,3 | tr -d \")
Each public method is documented with a docstring which provides details on what the method does, the parameters the method accepts, and details about what is returned from the method.
Official API documentation can be found at https://docs.britive.com/v1/docs/en/overview-britive-apis.
Authentication is handled solely via API tokens. The token must be provided in one of two methods.
- Passed directly into the class constructor.
- Injected as an environment variable into the execution context where this package is being run. The environment variable name must be BRITIVE_API_TOKEN.
As of v2.5.0 a Bearer
token can be provided as well. A Bearer
token is generated as part of an interactive
login process and is temporary in nature. This change is to allow for an upcoming Python CLI application.
All Britive API tokens are authenticated against a specific Britive tenant. The name of the tenant must be presented in one of two methods.
- Passed directly into the
Britive
class constructor. - Injected as an environment variable into the execution context where this package is being run. The
environment variable name must be
BRITIVE_TENANT
.
In order to obtain the tenant name, reference the Britive URL used to log into the UI. If the URL is
https://example.britive-app.com then the tenant name will be example
.
All pagination is handled by the package. The caller will never have to deal with paginated responses.
- The caller has access to an active Britive tenant.
- The caller has been granted an API token and/or has the ability to generate an API token. This can be either for a User or Service Identity.
- No assumptions are made about the operating system or file system. Nothing is persisted to disk. The end user must persist responses to disk if and when that is required.
The following Britive resources are supported with full CRUDL operations where appropriate, and additional actions where they exist.
- Accounts
- API Tokens (for Users)
- Applications
- Audit Logs
- Environment Groups
- Environment
- Groups (associated with an application/environment)
- Accounts (associated with an application/environment)
- Permissions (associated with an application/environment)
- Identity Attributes
- Identity Providers
- My Access (access granted to the given identity (user or service))
- My Secrets (access granted to the given identity (user or service))
- Notifications
- Profiles
- Reports
- SAML Settings
- Scans
- Security Policies
- Service Identities
- Service Identity Tokens
- Tags (aka User Tags)
- Task Services
- Tasks
- Users
Under the covers, python requests
is being used to communicate with the Britive API. As such, any functionality
of requests
can be used, including setting an HTTP proxy. HTTP proxies will be set via environment variables.
- HTTP_PROXY
- HTTPS_PROXY
- NO_PROXY
- http_proxy
- https_proxy
- no_proxy
Standard HTTP proxy URLs should be utilized. Examples below.
- Unauthenticated Proxy:
http://internalproxy.domain.com:8080
- Authenticated Proxy:
http://user:[email protected]:8080
Under the covers, python requests
is being used to communicate with the Britive API. As such, any functionality
of requests
can be used, including setting custom TLS certificates. Certificate bundles will be set via environment variables.
- REQUESTS_CA_BUNDLE
- CURL_CA_BUNDLE (used as a fallback)
The values of these environment variables must be a path to a directory of certificates or a specific certificate. Example...
/path/to/certfile
This should be the only class that is required for import.
from britive.britive import Britive
Optionally the various exceptions that this package raises can be imported as well.
from britive import exceptions
Then a specific exception could be referenced as
try:
something()
except exceptions.TokenMissingError():
handle()
from britive.britive import Britive
import json
britive = Britive() # source needed data from environment variables
print(json.dumps(britive.users.list(), indent=2, default=str))
from britive.britive import Britive
import json
britive = Britive(tenant='example', token='...') # source token and tenant locally (not from environment variables)
print(json.dumps(britive.users.list(), indent=2, default=str))
from britive.britive import Britive
import json
britive = Britive() # source needed data from environment variables
print(json.dumps(britive.service_identity_tokens.create(service_identity_id='abc123'), indent=2, default=str))
from britive.britive import Britive
import json
britive = Britive() # source needed data from environment variables
print(json.dumps(britive.reports.run(report_id='abc123'), indent=2, default=str))
with open('file.csv', 'w') as f:
f.write(britive.reports.run(report_id='abc123', csv=True))
The commands below will create a policy on a profile that allows [email protected]
to check out the profile but only
if [email protected]
approves that request within 10 minutes.
from britive.britive import Britive
b = Britive()
policy = b.profiles.policies.build(
name='example',
users=['[email protected]'],
approval_notification_medium='Email',
approver_users=['[email protected]'],
time_to_approve=10
)
b.profiles.policies.create(profile_id='...', policy=policy)