Bugfixes for QA gold release SA-3419 #225
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
lifehackjim
commented
Mar 9, 2023
lifehackjim
commented
- axonshell asset-type saved-query add
- axonshell asset-type saved-query copy
- axonshell asset-type saved-query add - axonshell asset-type saved-query copy
lifehackjim
changed the title
atav-ax
approved these changes
Mar 9, 2023
atav-ax
approved these changes
Mar 9, 2023
added 2 commits
March 9, 2023 19:32
## Feature: Add ability to use username and password for credentials
### Axonshell changes
A new option is available to be used at the beginning of the command line:
```text
-creds, --credentials / -keys, --keys
Treat key as Username and secret as password
[env var: AX_CREDENTIALS; default: keys]
````
This option, when used like:
```
axonshell -creds devices count
```
Will treat the value stored in --key or AX_KEY as username, and the value stored in --secret or AX_SECRET as the password.
### API changes
Connect has a new argument:
```python
credentials: bool = False
```
If this is True, key is treated as username and secret is treated as password and instead of using the Auth module ApiKey, it will use the new Auth module Credentials.
Credentials logs in with username and password, then fetches the api key and secret and uses that for the duration of the session.
## Feature: Get the API keys from an Axonius instance and write them to a file
A new command group has been added to Axonshell:
```text
Usage: axonshell account [OPTIONS] COMMAND [ARGS]...
Group: Account commands.
Options:
--help Show this message and exit.
Commands:
get-api-keys Get the API keys for the current user.
signup Perform the initial signup to an instance.
use-password-reset-token Use a password reset token.
write-config Create/Update a '.env' file with url, key,...
```
The signup, use-password-reset-token, and write-config commands are just copied over from axonshell tools.
The get-api-key command is a new command altogether:
```text
Usage: axonshell account get-api-keys [OPTIONS]
Get the API keys for the current user.
Options:
-u, --url URL URL of an Axonius instance [env var:
AX_URL; required]
-k, --key KEY API Key of user in an Axonius instance [env
var: AX_KEY; required]
-s, --secret SECRET API Secret of user in an Axonius instance
[env var: AX_SECRET; required]
-xf, --export-format [json|str|env]
Format of to export data in [env var:
AX_EXPORT_FORMAT; default: str]
-e, --env TEXT Path to .env file when --export-format==env
[env var: AX_ENV; default: .env]
--help Show this message and exit.
```
You can use this with thew new --credentials option and have it prompt you for key (provide username), prompt you for secret (provide password) then create your .env file for you:
```
axonshell -creds account get-api-keys --url 1.1.1.1 --export-format env
```
## Feature: Add log filtering to hide potential credential storage
Created a logging formatter in axonius_api_client.logs:
```python
class HideFormatter(logging.Formatter):
"""Hide the rest of the line for any lines against :attr:`HIDE_REGEX`."""
HIDE_ENABLED: bool = True
"""Enable hiding of matches to HIDE_REGEX."""
HIDE_REGEX: t.Pattern = re.compile(r"(password|secret).*", re.I)
"""Pattern of sensitive info to hide."""
HIDE_REPLACE: str = r"\1 ...REST OF LINE HIDDEN..."
"""Value to replace matches to HIDE_REGEX with."""
```
If any line in the logging output contains the word password or secret, the rest of the line after those words will be hidden from the logging system.
More features for 4.60.0
nate-axonius
approved these changes
Mar 10, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.