In [1]:
# Set the variables
V_ORG_ID: int = 32045
V_PROJECT_TAG_RISK: list = ["risk"]
V_PROJECT_TAG_CONTROL: list = ["control"]

In [2]:
# ENVIRONMENT SETTINGS
import requests, pandas, json

pandas.options.display.max_rows = 10
pandas.options.display.max_columns = None
pandas.options.display.max_colwidth = 50

# Debugging mode on/off
debug = True

"""
# Checking user input variables. If they're not provided, raise exception and terminate script.
if len(hcl.secret["v_hb_token"].unmask()) == 0:
    raise KeyError("HighBond token not provided.")
"""

# Highbond url
org_base_url: str = "https://apis-eu.highbond.com/v1/orgs/" + str(V_ORG_ID)
    
# Request headers for Highbond
highbond_request_headers: dict = {
    "Authorization": "Bearer ee93272f8f8e718d9e7ad027f2f13e0eb345c938709d9ac759821b152ee709cc",
#    "Authorization": "Bearer {}".format(hcl.secret["v_hb_token"].unmask()),
    "Content-Type": "application/vnd.api+json",
    "Accept-encoding": ""
}

In [3]:
# DEFINE HELPER FUNCTIONS
##################################################################

# Function 1 - Helper function to grab all Highbond resources (pagination)
def highbond_api_get_all(resource_url_body: str) -> list:
    """
    Importing Highbond data and creating a list (taking care of pagination if necessary)
    Args:
        resource_url_body: URL body of the request
    Returns:
        List of resources
    """

    try:
        response = requests.request("GET", org_base_url + resource_url_body, headers=highbond_request_headers)
        response.raise_for_status()
        if debug:
            print("GET response: ", response, "\n")
    except requests.exceptions.RequestException as err:
        raise requests.exceptions.RequestException(err)
    
    # Grab the response as a JSON
    response_json = response.json()
    list_of_result_dicts = response_json["data"]

    # If endpoint is paginated, let's do the job. If not, return the original dictionary
    if "links" in response_json:
        while response.status_code == 200:
            if response_json['links']['next'] and len(response_json['links']['next']) > 0:
                next_url = response_json['links']['next']
                
                try:
                    response = requests.request("GET", org_base_url + next_url, headers=highbond_request_headers)
                    response.raise_for_status()
                    if debug:
                        print("GET loop response: ", response, "\n")
                except requests.exceptions.RequestException as err:
                    raise requests.exceptions.RequestException(err)
            
                response_json = response.json()
                list_of_result_dicts.extend(response_json["data"])
            
            else:
                break
    
    return list_of_result_dicts



##################################################################
# Function 2 - Helper function to flatten all custom attributes
def flatten_custom_attributes(custom_attribute_field_value) -> dict:
    """
    Flattening the custom attributes in the dataframe
    Args:
        custom_attribute_field_value: custom attributes
    Returns:
        Dictionary with flattened custom attributes 
    """

    custom_attribute_dict = {} # Initialize empty dictionary
    for attribute in custom_attribute_field_value:           # There can be multiple custom attributes, so we need to loop through each one to parse it
        if isinstance(attribute["value"], list) and len(attribute["value"]) == 1:   # If the custom attribute value is a list itself and only having one value, "de-listify it"
            attribute["value"] = attribute["value"][0] # De listifies the value list
        elif isinstance(attribute["value"], list) and not attribute["value"]:
            attribute["value"] = None # De listifies the value list
        custom_attribute_dict[attribute["term"]] = attribute["value"] # Create the dictionary tuple with the custom attribute term and value
    return custom_attribute_dict # Return the completed dictionary



##################################################################
# Function 3 - Helper function to handle control update
def highbond_control_get_update(resource_url_body, de_conclusion, oe_conclusion, overall_conclusion) -> None:
    try:
        get_response = requests.get(org_base_url + resource_url_body, headers=highbond_request_headers)
        get_response.raise_for_status()
        print("\nGet specific control response: ", get_response, "\n")
    except requests.exceptions.RequestException as get_err:
        raise requests.exceptions.RequestException(get_err)
    
    rcsa_controls_dict = get_response.json()

    # Create the payload
    print("\nOld values:")
    print(rcsa_controls_dict["data"]["attributes"]["control_design"])
    print(rcsa_controls_dict["data"]["attributes"]["custom_attributes"][0]["value"])
    print(rcsa_controls_dict["data"]["attributes"]["custom_attributes"][1]["value"])
    rcsa_controls_dict["data"]["attributes"]["control_design"] = overall_conclusion
    rcsa_controls_dict["data"]["attributes"]["custom_attributes"][0]["value"] = [de_conclusion]
    rcsa_controls_dict["data"]["attributes"]["custom_attributes"][1]["value"] = [oe_conclusion]

    print("\nNew values:")
    print(rcsa_controls_dict["data"]["attributes"]["control_design"])
    print(rcsa_controls_dict["data"]["attributes"]["custom_attributes"][0]["value"])
    print(rcsa_controls_dict["data"]["attributes"]["custom_attributes"][1]["value"])
    
    # Update the value in Highbond asset
    try:
        patch_response = requests.patch(url=org_base_url + resource_url_body, data=json.dumps(rcsa_controls_dict), headers=highbond_request_headers)
        patch_response.raise_for_status()
        print("\nPatch specific asset response: ", patch_response)
    except requests.exceptions.RequestException as patch_err:
        raise requests.exceptions.RequestException(patch_err)
    
    return

In [9]:
# MAIN LOGIC 1
# Logic to get controls assessment controls

# GET all projects
control_projects_fields = "name,state,tag_list"
control_projects_list = highbond_api_get_all("/projects/?fields[projects]=" + control_projects_fields)
control_projects_list = [project for project in control_projects_list if project["attributes"]["state"] == "active" and project["attributes"]["tag_list"] == V_PROJECT_TAG_CONTROL]
control_projects_list
try:
    print("First project ID:" , control_projects_list[0]["id"])
except IndexError as err:
    print("Warning: No project found. Task run terminated.")
    raise IndexError(err)
except:
    raise SystemExit("Error in getting the projects. Task run terminated.")

# Create projects dataframe
control_projects_df = pandas.json_normalize(control_projects_list)
control_projects_df



# GET all objectives
control_objectives_fields = "title"
control_objectives_list = []
for project in control_projects_list:
    control_objectives_list_current = highbond_api_get_all("/projects/" + project["id"] + "/objectives?fields[objectives]=" + control_objectives_fields)
    control_objectives_list.extend(control_objectives_list_current)

try:
    print("First objective ID:" , control_objectives_list[0]["id"])
except IndexError as err:
    print("Warning: No objective found for projects. Task run terminated.")
    raise IndexError(err)
except:
    raise SystemExit("Error in getting the objectives. Task run terminated.")

# Create Objectives Dataframe
control_objectives_df = pandas.json_normalize(control_objectives_list)
control_objectives_df

# If custom attributes exist, then convert them to columns in the dataframe
if "attributes.custom_attributes" in control_objectives_df.columns: 
    custom_attribute_df = pandas.json_normalize(control_objectives_df["attributes.custom_attributes"].apply(flatten_custom_attributes)) # Convert the custom attributes into a dataframe using the above function
    control_objectives_df = control_objectives_df.join(custom_attribute_df) # Join the custom attribute dataframe to our risks dataframe
control_objectives_df



# GET all controls
control_controls_fields = "title,control_id,owner,walkthrough,objective"
control_controls_list = []
for objective in control_objectives_list:
    control_controls_list_current = highbond_api_get_all("/objectives/" + objective["id"] + "/controls?fields[controls]=" + control_controls_fields)
    control_controls_list.extend(control_controls_list_current)

try:
    print("First control ID:" , control_controls_list[0]["id"])
except IndexError as err:
    print("Warning: No control found for projects. Task run terminated.")
    raise IndexError(err)
except:
    raise SystemExit("Error in getting the controls. Task run terminated.")

# Create Controls Dataframe
control_controls_df = pandas.json_normalize(control_controls_list)
control_controls_df

# If custom attributes exist, then convert them to columns in the dataframe
if "attributes.custom_attributes" in control_controls_df.columns: 
    custom_attribute_df = pandas.json_normalize(control_controls_df["attributes.custom_attributes"].apply(flatten_custom_attributes)) # Convert the custom attributes into a dataframe using the above function
    control_controls_df = control_controls_df.join(custom_attribute_df) # Join the custom attribute dataframe to our risks dataframe
control_controls_df



# GET all walkthroughs
control_wt_list = []
for control in control_controls_list:
    try:
        get_response = requests.request("GET", org_base_url + "/walkthroughs/" + control["relationships"]["walkthrough"]["data"]["id"], headers=highbond_request_headers)
        get_response.raise_for_status()
        print("GET response: ", get_response, "\n")
    except requests.exceptions.RequestException as get_err:
        raise requests.exceptions.RequestException(get_err)
    
    response_json = get_response.json()
    list_of_result_dicts = response_json["data"]
    control_wt_list.append(list_of_result_dicts)

# Create Walkthroughs Dataframe
control_wt_df = pandas.json_normalize(control_wt_list)
control_wt_df

# If custom attributes exist, then convert them to columns in the dataframe
if "attributes.custom_attributes" in control_wt_df.columns: 
    custom_attribute_df = pandas.json_normalize(control_wt_df["attributes.custom_attributes"].apply(flatten_custom_attributes)) # Convert the custom attributes into a dataframe using the above function
    control_wt_df = control_wt_df.join(custom_attribute_df) # Join the custom attribute dataframe to our risks dataframe
control_wt_df


# Creating the final dataset
control_df = pandas.merge(control_controls_df, control_wt_df[["relationships.control.data.id","attributes.control_design","Design effectiveness assessment","Operating effectiveness assessment"]], how="inner", left_on="id", right_on="relationships.control.data.id")
control_df



# Add fields to the dataframe
control_df["key"] = control_df["attributes.control_id"] + control_df["attributes.owner"]
control_df

[{'id': '74350',
  'type': 'projects',
  'attributes': {'name': 'RCSA - Example Project TG - Control side',
   'state': 'active',
   'tag_list': ['control']},
  'relationships': {},
  'links': {'ui': 'https://daiwa-capital-markets-europe-ltd.projects-eu.highbond.com/audits/74350/dashboard'}},
 {'id': '74967',
  'type': 'projects',
  'attributes': {'name': 'Control owner assessment 1',
   'state': 'active',
   'tag_list': ['control']},
  'relationships': {},
  'links': {'ui': 'https://daiwa-capital-markets-europe-ltd.projects-eu.highbond.com/audits/74967/dashboard'}},
 {'id': '74969',
  'type': 'projects',
  'attributes': {'name': 'Control owner assessment 2',
   'state': 'active',
   'tag_list': ['control']},
  'relationships': {},
  'links': {'ui': 'https://daiwa-capital-markets-europe-ltd.projects-eu.highbond.com/audits/74969/dashboard'}}]

In [5]:
# MAIN LOGIC 2
# Logic to get risk assessment controls

# GET all projects
risk_projects_fields = "name,state,tag_list"
risk_projects_list = highbond_api_get_all("/projects/?fields[projects]=" + risk_projects_fields)
risk_projects_list = [project for project in risk_projects_list if project["attributes"]["state"] == "active" and project["attributes"]["tag_list"] == V_PROJECT_TAG_RISK]

try:
    print("First project ID:" , risk_projects_list[0]["id"])
except IndexError as err:
    print("Warning: No project found. Task run terminated.")
    raise IndexError(err)
except:
    raise SystemExit("Error in getting the projects. Task run terminated.")

# Create projects dataframe
risk_projects_df = pandas.json_normalize(risk_projects_list)
risk_projects_df



# GET all objectives
risk_objectives_fields = "title"
risk_objectives_list = []
for project in risk_projects_list:
    risk_objectives_list_current = highbond_api_get_all("/projects/" + project["id"] + "/objectives?fields[objectives]=" + risk_objectives_fields)
    risk_objectives_list.extend(risk_objectives_list_current)

try:
    print("First objective ID:" , risk_objectives_list[0]["id"])
except IndexError as err:
    print("Warning: No objective found for projects. Task run terminated.")
    raise IndexError(err)
except:
    raise SystemExit("Error in getting the objectives. Task run terminated.")

# Create Objectives Dataframe
risk_objectives_df = pandas.json_normalize(risk_objectives_list)
risk_objectives_df

# If custom attributes exist, then convert them to columns in the dataframe
if "attributes.custom_attributes" in risk_objectives_df.columns: 
    custom_attribute_df = pandas.json_normalize(risk_objectives_df["attributes.custom_attributes"].apply(flatten_custom_attributes)) # Convert the custom attributes into a dataframe using the above function
    risk_objectives_df = risk_objectives_df.join(custom_attribute_df) # Join the custom attribute dataframe to our risks dataframe
risk_objectives_df


# GET all controls
risk_controls_fields = "title,control_id,owner,walkthrough,objective"
risk_controls_list = []
for objective in risk_objectives_list:
    risk_controls_list_current = highbond_api_get_all("/objectives/" + objective["id"] + "/controls?fields[controls]=" + risk_controls_fields)
    risk_controls_list.extend(risk_controls_list_current)

try:
    print("First control ID:" , risk_controls_list[0]["id"])
except IndexError as err:
    print("Warning: No control found for projects. Task run terminated.")
    raise IndexError(err)
except:
    raise SystemExit("Error in getting the controls. Task run terminated.")

# Create Controls Dataframe
risk_controls_df = pandas.json_normalize(risk_controls_list)
risk_controls_df

# If custom attributes exist, then convert them to columns in the dataframe
if "attributes.custom_attributes" in risk_controls_df.columns: 
    custom_attribute_df = pandas.json_normalize(risk_controls_df["attributes.custom_attributes"].apply(flatten_custom_attributes)) # Convert the custom attributes into a dataframe using the above function
    risk_controls_df = risk_controls_df.join(custom_attribute_df) # Join the custom attribute dataframe to our risks dataframe
risk_controls_df



# GET all walkthroughs
risk_wt_list = []
for control in risk_controls_list:
    try:
        get_response = requests.request("GET", org_base_url + "/walkthroughs/" + control["relationships"]["walkthrough"]["data"]["id"], headers=highbond_request_headers)
        get_response.raise_for_status()
        print("GET response: ", get_response, "\n")
    except requests.exceptions.RequestException as get_err:
        raise requests.exceptions.RequestException(get_err)
    
    response_json = get_response.json()
    list_of_result_dicts = response_json["data"]
    risk_wt_list.append(list_of_result_dicts)

# Create Walkthroughs Dataframe
risk_wt_df = pandas.json_normalize(risk_wt_list)
risk_wt_df

# If custom attributes exist, then convert them to columns in the dataframe
if "attributes.custom_attributes" in risk_wt_df.columns: 
    custom_attribute_df = pandas.json_normalize(risk_wt_df["attributes.custom_attributes"].apply(flatten_custom_attributes)) # Convert the custom attributes into a dataframe using the above function
    risk_wt_df = risk_wt_df.join(custom_attribute_df) # Join the custom attribute dataframe to our risks dataframe
risk_wt_df


# Creating the final dataset
risk_df = pandas.merge(risk_controls_df, risk_wt_df[["relationships.control.data.id"]], how="inner", left_on="id", right_on="relationships.control.data.id")
risk_df



# Add fields to the dataframe
risk_df["key"] = risk_df["attributes.control_id"] + risk_df["attributes.owner"]
risk_df

First project ID: 69620
First objective ID: 256104
First control ID: 1300495
GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 

GET response:  <Response [200]> 



Unnamed: 0,id,type,attributes.title,attributes.control_id,attributes.owner,relationships.walkthrough.data.id,relationships.walkthrough.data.type,relationships.objective.data.id,relationships.objective.data.type,links.ui,relationships.control.data.id,key
0,1300495,controls,New Control,C99,Tracy Gardiner,1154986,walkthroughs,256104,objectives,https://daiwa-capital-markets-europe-ltd.proje...,1300495,C99Tracy Gardiner
1,1300542,controls,FOBO Reconciliation,FPC1.1,Tracy Gardiner,1154995,walkthroughs,256104,objectives,https://daiwa-capital-markets-europe-ltd.proje...,1300542,FPC1.1Tracy Gardiner
2,1300543,controls,P&L Sign Off,FPC1.2,Tracy Gardiner,1154996,walkthroughs,256104,objectives,https://daiwa-capital-markets-europe-ltd.proje...,1300543,FPC1.2Tracy Gardiner
3,1300544,controls,Independent Price Verification,FPC1.3,Loic Saidou,1154997,walkthroughs,256104,objectives,https://daiwa-capital-markets-europe-ltd.proje...,1300544,FPC1.3Loic Saidou
4,1355514,controls,PEP screening,C C 1.3,Loic Saidou,1203755,walkthroughs,256104,objectives,https://daiwa-capital-markets-europe-ltd.proje...,1355514,C C 1.3Loic Saidou
...,...,...,...,...,...,...,...,...,...,...,...,...
9,1439744,controls,PEP screening,C C 1.3,Loic Saidou,1270746,walkthroughs,275821,objectives,https://daiwa-capital-markets-europe-ltd.proje...,1439744,C C 1.3Loic Saidou
10,1439745,controls,Independent Price Verification,FPC1.3,Loic Saidou,1270747,walkthroughs,275821,objectives,https://daiwa-capital-markets-europe-ltd.proje...,1439745,FPC1.3Loic Saidou
11,1439747,controls,Overnight Screening,C C 1.4,Loic Saidou,1270749,walkthroughs,275822,objectives,https://daiwa-capital-markets-europe-ltd.proje...,1439747,C C 1.4Loic Saidou
12,1439748,controls,FOBO Reconciliation,FPC1.1,Tracy Gardiner,1270750,walkthroughs,275822,objectives,https://daiwa-capital-markets-europe-ltd.proje...,1439748,FPC1.1Tracy Gardiner


In [6]:
# MAIN LOGIC 3 
# Logic to update controls in the risk assessment projects

# Check which controls are found in the control assessment projects
risk_df["control_to_update"] = risk_df.key.isin(control_df.key)
risk_df

# Join the control assessment results to the risk_df dataframe
risk_df_with_control_results_df = pandas.merge(risk_df, control_df[["key","attributes.control_design","Design effectiveness assessment","Operating effectiveness assessment"]], how="left", on="key")
risk_df_with_control_results_df

# Update the relevant controls in the risk assessment project
for index, control in risk_df_with_control_results_df.iterrows():
    
    control_id = control["id"]
    control_number = control["attributes.control_id"]
    walkthrough_id = control["relationships.walkthrough.data.id"]
    de_conclusion = control["Design effectiveness assessment"]
    oe_conclusion = control["Operating effectiveness assessment"]
    overall_conclusion = control["attributes.control_design"]

    if control["control_to_update"]:
        print("\n")
        print("-"*100)
        print("\nControl ID to update: ", control_id, "(", control_number, ")")
        highbond_control_get_update("/walkthroughs/" + walkthrough_id, de_conclusion, oe_conclusion, overall_conclusion)
        print("\nControl ID updated: ", control_id)
        print("-"*100)
        print("-"*100)
        print("\n")
    else:
        print(f"Control ({control_id}) is not updated as it is not found in control assessment projects.")
        continue

print("Robot Task Run Successfully")



----------------------------------------------------------------------------------------------------

Control ID to update:  1300495 ( C99 )

Get specific control response:  <Response [200]> 


Old values:
False
['Improvement required']
['Ineffective']

New values:
False
['Improvement required']
['Ineffective']

Patch specific asset response:  <Response [200]>

Control ID updated:  1300495
----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------




----------------------------------------------------------------------------------------------------

Control ID to update:  1300542 ( FPC1.1 )

Get specific control response:  <Response [200]> 


Old values:
None
['Ineffective']
['Ineffective']

New values:
True
['Ineffective']
['Effective']

Patch specific asset response:  <Response [200]>

Control ID updated:  1300542
-------------------------