File: create_integration_in_child_account.py

package info (click to toggle)
python-duo-client 5.5.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 768 kB
  • sloc: python: 7,105; sh: 6; makefile: 4
file content (74 lines) | stat: -rw-r--r-- 3,172 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
"""
Example of creating an integration in a child account using parent account credentials

The key to successfully interacting with child accounts via the parent account APIs is
pairing the parent account API IKEY/SKEY combination with the api-host of the child account.
Once that connection is established, the child account ID must be passed along with all API interactions.
The duo_client SDK makes that easy by allowing the setting of the child account ID as an instance variable.
"""

import sys
import getpass
import duo_client

# Create an interator to be used by the interactive terminal prompt
argv_iter = iter(sys.argv[1:])


def _get_next_arg(prompt, secure=False):
    """Read information from STDIN, using getpass when sensitive information should not be echoed to tty"""
    try:
        return next(argv_iter)
    except StopIteration:
        if secure is True:
            return getpass.getpass(prompt)
        else:
            return input(prompt)


def prompt_for_credentials() -> dict:
    """Collect required API credentials from command line prompts

    :return: dictionary containing Duo Accounts API ikey, skey and hostname strings
    """
    answers = {'ikey':       _get_next_arg('Duo Accounts API integration key ("DI..."): '),
               'skey':       _get_next_arg('Duo Accounts API integration secret key: ', secure=True),
               'host':       _get_next_arg('Duo API hostname of child account ("api-....duosecurity.com"): '),
               'account_id': _get_next_arg('Child account ID: '), 
               'app_name': _get_next_arg('New application name: '),
               'app_type':   _get_next_arg('New application type: ')}
    return answers


def create_child_integration(inputs: dict):
    """Create new application integration in child account via the parent account API"""

    # First create a duo_client.Admin instance using the parent account ikey/sky along with the child account api-host
    account_client = duo_client.Admin(ikey=inputs['ikey'], skey=inputs['skey'], host=inputs['host'])
    # Next assign the child account ID to the duo_client.Admin instance variable.
    account_client.account_id = inputs['account_id']
    # Now all API calls made via this instance will contain all of the minimum requirements to interact with the
    # child account.

    # Here only the two required arguments (name and type) are passed.
    # Normally, much more information would be provided. The type of additional information
    # varies by the type of application integration.
    try:
        new_app = account_client.create_integration(
                name=inputs['app_name'],
                integration_type=inputs['app_type'],
        )
        print(f"New application {inputs['app_name']} (ID: {new_app['integration_key']}) was created successfully.")
    except RuntimeError as e_str:
        # Any failure of the API call results in a generic Runtime Error
        print(f"An error occurred while creating the new application: {e_str}")


def main():
    """Main program entry point"""
    inputs = prompt_for_credentials()
    create_child_integration(inputs)


if __name__ == '__main__':
    main()