[client] Add administrative entities and functionality #816
Conversation
marieflorescontact
left a comment
marieflorescontact
left a comment
There was a problem hiding this comment.
Hi @peritz,
I've started to review your code. I've made some comments. I'll go further next week 🙂
thank you for your submission!!!
pycti/entities/opencti_group.py
Outdated
| orderMode = kwargs.get("orderMode", None) | ||
| search = kwargs.get("search", None) | ||
| filters = kwargs.get("filters", None) | ||
| customAttributes = kwargs.get("customAttributes", None) |
There was a problem hiding this comment.
| customAttributes = kwargs.get("customAttributes", None) | |
| custom_attributes = kwargs.get("customAttributes", None) |
we prefer to use snake_case for variable name
pycti/entities/opencti_group.py
Outdated
| ) | ||
| query = ( | ||
| """ | ||
| mutation MarkingForbid($groupId: ID!, $markingId: StixRef!) { |
There was a problem hiding this comment.
| mutation MarkingForbid($groupId: ID!, $markingId: StixRef!) { | |
| mutation GroupEditMarkingRemove($groupId: ID!, $markingId: StixRef!) { |
There was a problem hiding this comment.
or GroupEditRemoveRelation=> something staring w/ GroupEdit
There was a problem hiding this comment.
Updated query names to include Edit for each relevant query
|
|
||
| entity_class.base_class().delete(id=test_indicator["id"]) | ||
| finally: | ||
| entity_class.base_class().delete(id=test_indicator["id"]) |
There was a problem hiding this comment.
Using finally can be a problem:
The finally block is always executed, whether or not the assertion fails.
The solution would be to add a check before accessing test_indicator[‘id’] in finally :
finally:
if test_indicator and "id" in test_indicator:
entity_class.base_class().delete(id=test_indicator["id"])
There was a problem hiding this comment.
Updated to check existence of entities before deletions in entity crud tests
|
@marieflorescontact I've updated the PR with changes you suggested, looking forward to the rest of the review :) |
marieflorescontact
left a comment
marieflorescontact
left a comment
There was a problem hiding this comment.
last "snake_case" comments :)
functionnaly tested ok User / Group / Role APIs
I will test the Setting part during the next days 🙂
| entity_type | ||
| parent_types | ||
| created_at | ||
| updated_at |
There was a problem hiding this comment.
created_at and updated_at should be removed (there are User properties but not on Me type)
| first = kwargs.get("first", 500) | ||
| after = kwargs.get("after", None) | ||
| orderBy = kwargs.get("orderBy", None) | ||
| orderMode = kwargs.get("orderMode", None) |
There was a problem hiding this comment.
| orderMode = kwargs.get("orderMode", None) | |
| order_mode = kwargs.get("orderMode", None) |
| search = kwargs.get("search", None) | ||
| first = kwargs.get("first", 500) | ||
| after = kwargs.get("after", None) | ||
| orderBy = kwargs.get("orderBy", None) |
There was a problem hiding this comment.
| orderBy = kwargs.get("orderBy", None) | |
| order_by = kwargs.get("orderBy", None) |
| """ | ||
| first = kwargs.get("first", 500) | ||
| after = kwargs.get("after", None) | ||
| orderBy = kwargs.get("orderBy", None) |
There was a problem hiding this comment.
| orderBy = kwargs.get("orderBy", None) | |
| order_by = kwargs.get("orderBy", None) |
| first = kwargs.get("first", 500) | ||
| after = kwargs.get("after", None) | ||
| orderBy = kwargs.get("orderBy", None) | ||
| orderMode = kwargs.get("orderMode", None) |
There was a problem hiding this comment.
| orderMode = kwargs.get("orderMode", None) | |
| order_mode = kwargs.get("orderMode", None) |
| filters = kwargs.get("filters", None) | ||
| custom_attributes = kwargs.get("customAttributes", None) | ||
| getAll = kwargs.get("getAll", False) | ||
| withPagination = kwargs.get("withPagination", False) |
There was a problem hiding this comment.
| withPagination = kwargs.get("withPagination", False) | |
| with_pagination = kwargs.get("withPagination", False) |
| orderBy = kwargs.get("orderBy", None) | ||
| orderMode = kwargs.get("orderMode", None) | ||
| custom_attributes = kwargs.get("customAttributes", None) | ||
| getAll = kwargs.get("getAll", False) |
There was a problem hiding this comment.
| getAll = kwargs.get("getAll", False) | |
| get_all = kwargs.get("getAll", False) |
| """ | ||
| first = kwargs.get("first", 500) | ||
| after = kwargs.get("after", None) | ||
| orderBy = kwargs.get("orderBy", "name") |
There was a problem hiding this comment.
| orderBy = kwargs.get("orderBy", "name") | |
| order_by = kwargs.get("orderBy", "name") |
| first = kwargs.get("first", 500) | ||
| after = kwargs.get("after", None) | ||
| orderBy = kwargs.get("orderBy", "name") | ||
| orderMode = kwargs.get("orderMode", "asc") |
There was a problem hiding this comment.
| orderMode = kwargs.get("orderMode", "asc") | |
| order_mode = kwargs.get("orderMode", "asc") |
| search = kwargs.get("search", None) | ||
| include_sessions = kwargs.get("include_sessions", False) | ||
| custom_attributes = kwargs.get("customAttributes", None) | ||
| getAll = kwargs.get("getAll", False) |
There was a problem hiding this comment.
| getAll = kwargs.get("getAll", False) | |
| get_all = kwargs.get("getAll", False) |
| self.opencti = opencti | ||
| self.properties = """ | ||
| id | ||
| entity_type |
| standard_id | ||
| name | ||
| description | ||
There was a problem hiding this comment.
Not a big deal but for queries prefer to group all properties without empty line
| } | ||
| } | ||
| fragment GroupEditionMarkings_group on Group { |
There was a problem hiding this comment.
we can remove the fragment and use same thing that in add_member API
| created_at | ||
| updated_at | ||
| enterprise_edition |
There was a problem hiding this comment.
enterprise_edition has been removed in OpenCTI 6.5 freshly released, replaced by platform_enterprise_edition
|
Will merge that in a branch and fix the latest comments. |
|
Apologies I was out of office there for a time, thanks @richard-julien for the fixes and @marieflorescontact for the review |
|
Thanks for your contribution @peritz !!!! 🙂👌 |
8 participants
Proposed changes
Related issues
None that I'm aware of
Checklist
Further comments
The rationale behind adding administrative functionality is to allow scripts to be more easily created which manage the platform in a programatic fashion, such as to create users for connectors as part of a Terraform module, or automatic rotation of user API tokens for service accounts.
This can be achieved through the GraphQL queries, but by including these in the library we reduce the code overhead and can take advantage of existing session management code in the API client. It also reduces the barrier to entry for those looking to create administrative tooling.
Addition of all administrative functionality is not complete. Currently, only user, group, role, and settings management has been included.
In the future I'd also like to include entities for managing vocabularies, entity settings, etc.