1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
"""
Example of Duo Admin API policies operations
"""
import json
import duo_client
from getpass import getpass
class DuoPolicy():
"""Base class for Duo Policy object properties and methods"""
def __init__(self):
"""Initialize Duo Policy"""
...
def get_next_user_input(prompt: str, secure: bool = False) -> str:
"""Collect input from user via standard input device"""
return getpass(prompt) if secure is True else input(prompt)
admin_api = duo_client.Admin(
ikey=get_next_user_input('Admin API integration key ("DI..."): '),
skey=get_next_user_input("Admin API integration secret key: ", secure=True),
host=get_next_user_input('API hostname ("api-....duosecurity.com"): '),
)
def create_empty_policy(name, print_response=False):
"""
Create an empty policy with a specified name.
"""
json_request = {
"policy_name": name,
}
response = admin_api.create_policy_v2(json_request)
if print_response:
pretty = json.dumps(response, indent=4, sort_keys=True, default=str)
print(pretty)
return response.get("policy_key")
def create_policy_browsers(name, print_response=False):
"""
Create a policy that blocks internet explorer browsers. Requires
Access or Beyond editions.
"""
json_request = {
"policy_name": name,
"sections": {
"browsers": {
"blocked_browsers_list": [
"ie",
],
},
},
}
response = admin_api.create_policy_v2(json_request)
if print_response:
pretty = json.dumps(response, indent=4, sort_keys=True, default=str)
print(pretty)
return response.get("policy_key")
def copy_policy(name1, name2, copy_from, print_response=False):
"""
Copy the policy `copy_from` to two new policies.
"""
response = admin_api.copy_policy_v2(copy_from, [name1, name2])
if print_response:
pretty = json.dumps(response, indent=4, sort_keys=True, default=str)
print(pretty)
policies = response.get("policies")
return (policies[0].get("policy_key"), policies[1].get("policy_key"))
def bulk_delete_section(policy_keys, print_response=False):
"""
Delete the section "browsers" from the provided policies.
"""
response = admin_api.update_policies_v2("", ["browsers"], policy_keys)
if print_response:
pretty = json.dumps(response, indent=4, sort_keys=True, default=str)
print(pretty)
def update_policy_with_device_health_app(policy_key, print_response=False):
"""
Update a given policy to include Duo Device Health App policy
settings. Requires Access or Beyond editions.
NOTE: this function is deprecated, please use update_policy_with_duo_desktop
"""
return update_policy_with_duo_desktop(policy_key, print_response)
def update_policy_with_duo_desktop(policy_key, print_response=False):
"""
Update a given policy to include Duo Desktop policy
settings. Requires Access or Beyond editions.
"""
json_request = {
"sections": {
"duo_desktop": {
"enforce_encryption": ["windows"],
"enforce_firewall": ["windows"],
"requires_duo_desktop": ["windows"],
"windows_endpoint_security_list": ["cisco-amp"],
"windows_remediation_note": "Please install Windows agent",
},
},
}
response = admin_api.update_policy_v2(policy_key, json_request)
if print_response:
pretty = json.dumps(response, indent=4, sort_keys=True, default=str)
print(pretty)
return response.get("policy_key")
def get_policy(policy_key):
"""
Fetch a given policy.
"""
response = admin_api.get_policy_v2(policy_key)
pretty = json.dumps(response, indent=4, sort_keys=True, default=str)
print(pretty)
def iterate_all_policies():
"""
Loop over each policy.
"""
print("#####################")
print("Iterating over all policies...")
print("#####################")
iter = sorted(
admin_api.get_policies_v2_iterator(), key=lambda x: x.get("policy_name")
)
for policy in iter:
print(
"##################### {} {}".format(
policy.get("policy_name"), policy.get("policy_key")
)
)
pretty = json.dumps(policy, indent=4, sort_keys=True, default=str)
print(pretty)
def main():
"""Primary program entry point"""
# Create two empty policies
policy_key_a = create_empty_policy("Test New Policy - a")
policy_key_b = create_empty_policy("Test New Policy - b")
# Update policy with Duo Desktop settings.
update_policy_with_duo_desktop(policy_key_b)
# Create an empty policy and delete it.
policy_key_c = create_empty_policy("Test New Policy - c")
admin_api.delete_policy_v2(policy_key_c)
# Create a policy with browser restriction settings.
policy_key_d = create_policy_browsers("Test New Policy - d")
# Copy a policy to 2 new policies.
policy_key_e, policy_key_f = copy_policy("Test New Policy - e", "Test New Policy - f", policy_key_d)
# Delete the browser restriction settings from 2 policies.
bulk_delete_section([policy_key_e, policy_key_f])
# Fetch the global and other custom policy.
get_policy("global")
get_policy(policy_key_b)
# Loop over each policy.
iterate_all_policies()
if __name__ == "__main__":
main()
|
