tufin / pytos Goto Github PK

ERROR: Could not find a version that satisfies the requirement pyinotify (from versions: 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6)
ERROR: No matching distribution found for pyinotify

Hello TUFIN Team, please fix your dependencies.

sudo python3.4 -m pip install pytos
DEPRECATION: Python 3.4 support has been deprecated. pip 19.1 will be the last one supporting it. Please upgrade your Python as Python 3.4 won't be maintained after March 2019 (cf PEP 429).
Collecting pytos

Running setup.py install for netifaces ... error
Complete output from command /bin/python3.4 -u -c "import setuptools, tokenize;file='/tmp/pip-install-vfg8ye7g/netifaces/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-fqn5fdid/install-record.txt --single-version-externally-managed --compile:
running install
running build
running build_ext
checking for getifaddrs...found.
checking for getnameinfo...found.
checking for IPv6 socket IOCTLs...not found.
checking for optional header files...netash/ash.h netatalk/at.h netax25/ax25.h neteconet/ec.h netipx/ipx.h netpacket/packet.h linux/irda.h linux/atm.h linux/llc.h linux/tipc.h linux/dn.h.
checking whether struct sockaddr has a length field...no.
checking which sockaddr_xxx structs are defined...at ax25 in in6 ipx un ash ec ll atmpvc atmsvc dn irda llc.
checking for routing socket support...no.
checking for sysctl(CTL_NET...) support...no.
checking for netlink support...yes.
will use netlink to read routing table
building 'netifaces' extension
gcc -pthread -Wno-unused-result -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -DNETIFACES_VERSION=0.10.5 -DHAVE_GETIFADDRS=1 -DHAVE_GETNAMEINFO=1 -DHAVE_NETASH_ASH_H=1 -DHAVE_NETATALK_AT_H=1 -DHAVE_NETAX25_AX25_H=1 -DHAVE_NETECONET_EC_H=1 -DHAVE_NETIPX_IPX_H=1 -DHAVE_NETPACKET_PACKET_H=1 -DHAVE_LINUX_IRDA_H=1 -DHAVE_LINUX_ATM_H=1 -DHAVE_LINUX_LLC_H=1 -DHAVE_LINUX_TIPC_H=1 -DHAVE_LINUX_DN_H=1 -DHAVE_SOCKADDR_AT=1 -DHAVE_SOCKADDR_AX25=1 -DHAVE_SOCKADDR_IN=1 -DHAVE_SOCKADDR_IN6=1 -DHAVE_SOCKADDR_IPX=1 -DHAVE_SOCKADDR_UN=1 -DHAVE_SOCKADDR_ASH=1 -DHAVE_SOCKADDR_EC=1 -DHAVE_SOCKADDR_LL=1 -DHAVE_SOCKADDR_ATMPVC=1 -DHAVE_SOCKADDR_ATMSVC=1 -DHAVE_SOCKADDR_DN=1 -DHAVE_SOCKADDR_IRDA=1 -DHAVE_SOCKADDR_LLC=1 -DHAVE_PF_NETLINK=1 -I/usr/include/python3.4m -c netifaces.c -o build/temp.linux-x86_64-3.4/netifaces.o
netifaces.c:1:20: fatal error: Python.h: No such file or directory
#include <Python.h>
^
compilation terminated.
error: command 'gcc' failed with exit status 1

As of the new python release 3.10.x some modules which are used as a dependency are not working for pytos.
It would be great if the dependencies can be updated to work also with python 3.10.

https://bugs.python.org/issue25988

$ python -m tufin.pytos.module
Traceback (most recent call last):
    from pytos.secureapp.helpers import Secure_App_Helper
  File "/home/cellebyte/git/tools/cli/infoblox-sync/.venv/lib/python3.10/site-packages/pytos/secureapp/helpers.py", line 16, in <module>
    from pytos.securechange.helpers import Secure_Change_Helper
  File "/home/cellebyte/git/tools/cli/infoblox-sync/.venv/lib/python3.10/site-packages/pytos/securechange/helpers.py", line 19, in <module>
    from pytos.common.helpers import Secure_API_Helper
  File "/home/cellebyte/git/tools/cli/infoblox-sync/.venv/lib/python3.10/site-packages/pytos/common/helpers.py", line 7, in <module>
    from pytos.common import rest_requests
  File "/home/cellebyte/git/tools/cli/infoblox-sync/.venv/lib/python3.10/site-packages/pytos/common/rest_requests.py", line 16, in <module>
    import requests_toolbelt
  File "/home/cellebyte/git/tools/cli/infoblox-sync/.venv/lib/python3.10/site-packages/requests_toolbelt/__init__.py", line 12, in <module>
    from .adapters import SSLAdapter, SourceAddressAdapter
  File "/home/cellebyte/git/tools/cli/infoblox-sync/.venv/lib/python3.10/site-packages/requests_toolbelt/adapters/__init__.py", line 12, in <module>
    from .ssl import SSLAdapter
  File "/home/cellebyte/git/tools/cli/infoblox-sync/.venv/lib/python3.10/site-packages/requests_toolbelt/adapters/ssl.py", line 16, in <module>
    from .._compat import poolmanager
  File "/home/cellebyte/git/tools/cli/infoblox-sync/.venv/lib/python3.10/site-packages/requests_toolbelt/_compat.py", line 11, in <module>
    from collections import Mapping, MutableMapping
ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py)

i can't install the pyinotify package requirement. Surely Pytos works on windows?
I get this error each time:
inotify is not available on win-amd64

• On windows pyinotify and fcntl are not implemented.
• Remove this direct dependencies where not needed.
• Basic functionality and tests should work across plattforms.

I'm working on Tufin automation integration and I have the following error when trying to simple list Secure Application:

ERROR - xml - TUFIN_PS_XML - Line 91 - Could not find XML element using XPath expression 'owner' under XML node '<Element 'application' at 0x7f57805e1b88>'
ERROR - test1 - TUFIN_PS_COMMON - Line 29 - Could not find XML element using XPath expression 'owner' under XML node '<Element 'application' at 0x7f57805e1b88>'

The code:

(...)
sa = Secure_App_Helper(HOST, (USER, PASSWD))
datalist = sa.get_application_list()
(...)

Tufin version I'm working on is: SecureChange Version: 19.2 HF3

The documentation specifies uppercase examples such as these:

"from pytos.securechange.Helpers"

But the namespace instead appears to be lowercase such as this:

"from pytos.securechange.helpers"

as seen in source:

https://github.com/Tufin/pytos/blob/master/pytos/secureapp/helpers.py#L16

Hi,

We are facing an issue with pytos with it dependencies requirements on our project:
it needs to have a specific old version of requests-toolbelt installed (0.7.1, released in 2017) from setup.py and the latest is 0.9.1 (out on Jan 2019).

Would it be possible to put the needed version to the latest and/or deprecate the use of this stalled module (no release in 3 years)?

Thanks

Hi All,

I am using the this script: https://pastebin.com/K9KBeqYL to get device list and trying to print device name and id but I am not able to manage print it. can some one through some light on how to print device name and id like below:

devicename1 10
devicename2 11
devicename3 12

We miss the function to delete/remove a network object from a app.

A simple implementation could delete a unused network object in SecureApp.

A more advanced implementaion would resolve all dependencies first and then delete the network object itself. Dependecies are e.g. object is in a connection, interface connection, group or used in another app. Like in the Server Decommissioning. But Server Decommissioning we cannot find either.

In the Securetrack section of the readme the import statement reads:

from pytos.securechange.Helpers import Secure_Track_Helper

Should read:

from pytos.securetrack.Helpers import Secure_Track_Helper

Hello,

Are there plans to support PUT /securetrack/api/generic_devices/{id}
I saw there is no code for adding multi_part_form with the put_uri function.

I wanted to make the script to upload the configuration to generic_devices.

Kind Regards,

Sander Zumbrink

For importing network objects into SecureApp usinf API the helper classes should support the comment field as it is in the DTO in the API:

NetworkObjectListDTO (Root Element = network_objects ) {
network_object (array[sa_network_object], optional)
}
sa_network_object {
type (string, optional): The type of the network object. Allowable Values: basic, host, range, subnet, group, user, user-group, virtual-server, vm_instance,
comment (string, optional): The comment of the object,
name (string): The name of the object,
}

This is missing in the /pytos/secureapp/helpers.py functions.

From the REST api you can see this ipv6 address with a mask of /64:

/securetrack/api/zones/42/entries
<zone_entry><domain><id>1</id><name>Default</name></domain><id>607</id><ip>2600:5000:2811:9::</ip><prefix>64</prefix><zoneId>42</zoneId>

From pytos zone_entry.__dict__ the netmask is listed as "none":

from pytos.securetrack.helpers import Secure_Track_Helper
from pytos.securetrack.xml_objects.rest.zones import Zone_List, Zone, Zone_Entry, ZoneDescendantsList

zone_entries = st_helper.get_entries_for_zone_id(zone.id)

{'id': 607, 'comment': None, 'ip': '2600:5000:2811:9::', 'netmask': None, 'zoneId': 42, '_ip_network_cache': None, '_xml_tag': 'zone_entry', '_attribs': {}, '_parent_node': None}

It would be highly useful to have the parent_id available when using the SecureTrackHelper.get_device_by_(name|id|.*) methods.

As it is the REST API returns:

{
    "device": {
        "id": "1111",
        "name": "Name",
        "vendor": "VMware",
        "model": "nsx_fw",
        "domain_id": "11",
        "domain_name": "Domain X",
        "offline": false,
        "topology": true,
        "module_uid": "",
        "ip": "192.168.23.5",
        "latest_revision": "1408",
        "parent_id": 1110,
        "virtual_type": "context"
    }
}

However the Device.from_xml_node and Device.init methods both completely ignore this field, though xml_tags.Elements.PARENT_ID exists. Given the nature of the Device.get_parents_recursive method it appears that the Device._parent attribute is intended to be another rich object rather than the simple id.

Have tried it in python 2.7 as well as 3.6.. same issue

Collecting pytos
Using cached https://files.pythonhosted.org/packages/57/33/0b7c43fe2b6d7dc9afd7a2f4dfd526f6bd1122605ab9dc89a66a9d8f083e/pytos-0.0.3.tar.gz
Requirement already satisfied: netaddr>=0.7.14 in /usr/lib/python2.7/site-packages (from pytos) (0.7.19)
Collecting paramiko>=1.15.2 (from pytos)
Using cached https://files.pythonhosted.org/packages/3e/db/cb7b6656e0e7387637ce850689084dc0b94b44df31cc52e5fc5c2c4fd2c1/paramiko-2.4.1-py2.py3-none-any.whl
Requirement already satisfied: requests>=2.6.0 in /usr/lib/python2.7/site-packages (from pytos) (2.14.2)
Collecting requests_toolbelt==0.7.1 (from pytos)
Using cached https://files.pythonhosted.org/packages/dd/85/519354e995d8a926ce3121034dc2144a5ae70435dad3e1155a19bbde8011/requests_toolbelt-0.7.1-py2.py3-none-any.whl
Collecting pyinotify==0.9.6 (from pytos)
Using cached https://files.pythonhosted.org/packages/e3/c0/fd5b18dde17c1249658521f69598f3252f11d9d7a980c5be8619970646e1/pyinotify-0.9.6.tar.gz
Collecting netifaces==0.10.5 (from pytos)
Using cached https://files.pythonhosted.org/packages/a7/4c/8e0771a59fd6e55aac993a7cc1b6a0db993f299514c464ae6a1ecf83b31d/netifaces-0.10.5.tar.gz
Collecting dnspython3==1.15.0 (from pytos)
Using cached https://files.pythonhosted.org/packages/f0/bb/f41cbc8eaa807afb9d44418f092aa3e4acf0e4f42b439c49824348f1f45c/dnspython3-1.15.0.zip
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-install-kXzltC/dnspython3/setup.py", line 25
"""+"="*78, file=sys.stdout)
^
SyntaxError: invalid syntax

----------------------------------------

Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-kXzltC/dnspython3/

I am running into Bad Request when posting a new USP zone entry with a Umlaut in the comment.

z1 = Zone_Entry(None, "test ", "10.2.7.0", None, "255.255.255.0", 272)
st_helper.post_zone_entry(zone_id, z1)
1261
z1 = Zone_Entry(None, "test äöü", "10.2.8.0", None, "255.255.255.0", 272)
st_helper.post_zone_entry(zone_id, z1)

pytos.common.exceptions.REST_Bad_Request_Error: 
Status code: 400
Status: 'Bad Request'
Expected status code: 201
Message: 'None'

On server side it results in
Caused by: com.ctc.wstx.exc.WstxIOException: Invalid UTF-8 start byte 0xfc (at char #29, byte #-1)

This happens with pytos 1.2.8 and TOS 20.1 HF1 build 178277.
It does not happen with ps_lib 5.9.1.

Is there a workaround for that?

The Tufin API will return group members along with the group, so the logic in the function:

network_object = Network_Objects_List.from_xml_string(response_string)[0]

is not valid. The list needs to be searched for the requested ID and then returned instead. For example:

for n in Network_Objects_List.from_xml_string(response_string): if n.id == network_object_id: network_object = n break

Background: tufin is placed behind a corporate SSO portal that only allows PKI card based authentication.
PKI card is not properly usable in context of the cmd.exe or linux shell.

Question is if it is possible to reuse a browser based established session in pytox. The idea I have in mind is to export the cookie from browser and extract session information to create a pytox session object.

The Tufin API returns a list of applications by name, if you call https:///securechangeworkflow/api/secureapp/repository/applications?name=.
The corresponding function in pytos.secureapp.helpers.get_app_by_name() will only return the first item of that list.
Say we got applications "amapp" and "map app" and one wants to obtain "map app" from SecureApp by calling get_app_by_name("map app") and verify the result.
Calling https:///securechangeworkflow/api/secureapp/repository/applications?name=map%20app will return a list of applications including "amapp" and "map app" in that order.
Since get_app_by_name will only return the first item, the returned application is "amapp" which leads to the assumption that "map app" does not exist in SecureApp yet which is not correct.

This issue consequently occurrs when calling functions using get_app_by_name implicitly like get_network_obejcts_list_for_app_name.

Hello,

Is this package still maintained?
I see there are multiple issues and PR opened with no reaction from maintainers.
Also, it should be refactored to use the JSON endpoints.

Can you update us on that?

Thanks,

I haven t been able to submit a SC ticket with a predefined service like ESP using the Access_Request_Generator class to create ARs, neither with the "naked" class instantiation method nor with the from_list_of_tuples method.

Reading thru the source code it appears that using predefined services is not supported (apparently _detect_service_type does not support it unless I am wrong) though it s working via Postman using

<predefined_name>ESP</predefined_name>

So please amend the Access_Request_Generator class to support predefined services as well.
Thank you.

I am adding one observation: Apparently the _detect_service_type code tries to check against predefined services coming via get_iana_services() from /etc/services however it seems to me that /etc/protocol is not read in get_iana_services(). And ESP is in /etc/protocols.

You are using inotify for some log handling actions. However, inotify is not available on MacOS, it is Linux only. I would like to use pytos directly on my workstation for some presentations and basic development. Is it possible to replace inotify as a dependency and replace it with something that is available on more platforms?

Best regards,
Paul