用于榕树安全的API库和命令行接口
pybanyan的Python项目详细描述
用于榕树安全的API库和命令行接口
先决条件
必须安装Python3.7或3.8。在
安装
安装简易方法
$ pip install pybanyan
安装硬通道
^{pr2}$使用
此包包含一个API客户端和一个CLI工具。 要使用其中一个,您需要从Banyan命令中心generate一个API令牌。在
API库
下面是一个示例脚本,它使用库打印在榕树中注册的每个服务的名称:
frombanyan.apiimportBanyanApiClientc=BanyanApiClient()forserviceinc.services.list():print(service.name)
输出:
$ python examples/list_services.py jirajupyterkubemysqlrds-mysqlrds-pgsql
BanyanApiClient类接受可选参数来指定API服务器和刷新令牌。如果没有提供,
它从名为BANYAN_API_URL和BANYAN_REFRESH_TOKEN的环境变量中获取它们。在
完整的API文档将很快提供。在
榕树CLI工具
在使用CLI之前,请在主目录中创建一个名为~/.banyan.conf的文件,并粘贴到API令牌中:
[banyan]api_url=https://net.banyanops.comrefresh_token=MY_API_TOKEN
使用banyan工具调用CLI。它包含许多命令和子命令来帮助您工作
使用榕树中的策略、角色、服务、用户和其他对象。在
单独运行banyan工具以查看可用的命令。在
$ banyan usage: banyan [options] <command> <subcommand> [<subcommand> ...] [parameters]API library and command-line interface for Banyan Securityoptional arguments: -h, --help show this help message and exit -d, --debug full application debug mode -q, --quiet suppress all console output -v, --version show program's version number and exit --api-url API_URL URL for the Banyan API server. Can also be configured via the BANYAN_API_URL environment variable. --refresh-token REFRESH_TOKEN API token used for the initial authentication to the Banyan API server. Can also be configured via the BANYAN_REFRESH_TOKEN environment variable. --output-format {table,json,yaml}, -o {table,json,yaml} desired output format (table, json, yaml)Commands: {event,admin,device,user,netagent,shield,policy,role,service} event report on security and audit events admin manage administrator accounts device manage devices user manage user accounts netagent manage netagents (AccessTiers and HostAgents) shield manage Banyan Shield clusters policy manage authorization policies for users and workloads role manage user and workload roles service manage web and TCP services and workloads
每个命令都有多个子命令。例如,banyan service允许您列出服务,
创建/删除、启用/禁用等。运行不带任何子命令的命令以查看选项:
$ banyan service usage: banyan service [-h] {attach-policy,create,delete,detach-policy,disable,enable,get,list,test,update} ...optional arguments: -h, --help show this help message and exitsub-commands: {attach-policy,create,delete,detach-policy,disable,enable,get,list,test,update} attach-policy attach a policy to a service create create a new service from a JSON specification delete delete a service detach-policy detach the active policy from a service disable disable a service enable enable a service get show the definition of a registered service list list registered services test run sanity checks on a service update update an existing service from a JSON specification
要查看任何命令的完整帮助,只需在命令的末尾添加-h或--help选项。
例如:
$ banyan service attach-policy --help usage: banyan service attach-policy [-h] [--permissive] [--enforcing] service_name_or_id policy_name_or_idpositional arguments: service_name_or_id Name or ID of the service to attach a policy to. policy_name_or_id Name or ID of the policy to attach to the service.optional arguments: -h, --help show this help message and exit --permissive Set the policy to permissive mode (allow all traffic and log any unauthorized access). --enforcing Set the policy to enforcing mode (deny unauthorized access).
发展
要处理pybanyan代码,请按照documentation中的说明操作。在
支持
此API库及其附带的CLI实用程序是免费提供的,不提供支持。报告 库出现问题,请创建新的issue in Github。在
捐款
我们欢迎您以拉式请求的形式作出贡献!请遵循标准Github pull request workflow。在
- 项目
标签:
欢迎加入QQ群-->: 979659372
