Latest revision as of 21:13, 17 April 2024

Platform->API->Integrations

Python

vcli.py

#!/usr/bin/python3

import argparse
import base64
import os
from pprint import pprint
import requests


class BearerAuth(requests.auth.AuthBase):
    def __init__(self, token):
        self.token = token

    def __call__(self, r):
        r.headers["authorization"] = "Bearer " + self.token
        return r


class EnvDefault(argparse.Action):
    def __init__(self, envvar, required=True, default=None, **kwargs):
        if not default and envvar:
            if envvar in os.environ:
                default = os.environ[envvar]
        if required and default:
            required = False
        super(EnvDefault, self).__init__(default=default, required=required,
                                         **kwargs)

    def __call__(self, parser, namespace, values, option_string=None):
        setattr(namespace, self.dest, values)


parser = argparse.ArgumentParser(
    description='Create Zabbix screen from all of a host Items or Graphs.')
parser.add_argument('-H', '--api-host', required=True, type=str,
                    default=os.environ.get('API_HOST'),
                    help='API host fqdn.')
parser.add_argument('-c', '--client_id', required=True, type=str,
                    default=os.environ.get('CLIENT_ID'),
                    help='API Integration Name/Client ID.')
parser.add_argument('-u', '--username', required=True, type=str,
                    default=os.environ.get('USERNAME'),
                    help='API Username.')
parser.add_argument('-p', '--password', required=True, type=str,
                    action=EnvDefault, envvar='PASSWORD',
                    help='API password.')
parser.add_argument('-s', '--scope', required=False, type=str,
                    default="certificate:manage",
                    help='API password.')
parser.add_argument('-d', '--cert-dn', required=True, type=str,
                    help='Certificate folder file path.')
parser.add_argument('-v', '--verbose',
                    action='store_true')  # on/off flag
args = parser.parse_args()


def get_auth_token():
    auth_json = {
        "client_id": args.client_id,
        "username": args.username,
        "password": args.password,
        "scope": args.scope
    }
    url = f'https://{args.api_host}/vedauth/authorize/oauth'
    rsp = requests.post(url, json=auth_json)
    token = rsp.json()['access_token']
    return token


def get_crt_via_guid(token, cert_guid):
    url = f"https://{args.api_host}/vedsdk/certificates/{{guid}}"
    rsp = requests.get(url, auth=BearerAuth(token))
    pprint(rsp.json())
    return rsp.json()


def search_crt(token, limit, offset=0):
    url1 = f"https://{args.api_host}/vedsdk/certificates/"
    url2 = f"?parentdnrecursive=%5CVED%5CPolicy&limit={limit}&offset={offset}"
    url = f"{url1}{url2}"
    rsp = requests.get(url, auth=BearerAuth(token))
    pprint(rsp.json())
    return rsp.json()


def get_crt_via_dn(token, cert_dn):
    cert_dn = cert_dn.replace("\\", "\\\\")
    dn_json = {
        "CertificateDN": cert_dn,
        "Format": "Base64",
        "IncludeChain": "true",
        "RootFirstOrder": "true"
    }
    headers = {}
    headers["authorization"] = "Bearer " + token
    url = f"https://{args.api_host}/vedsdk/Certificates/Retrieve"
    rsp = requests.post(url, json=dn_json, auth=BearerAuth(token))
    crt_pem = base64.b64decode(rsp.json()['CertificateData'])
    return crt_pem.decode('utf-8')


def main():
    token = get_auth_token()
    # search_crt(token, 2)
    cert_pem = get_crt_via_dn(args.cert_dn)
    print(cert_pem)


if __name__ == '__main__':
    main()

Bash

Get Cert

Platform -> API -> Integrations and add one

{
  "username": "<your_name>",
  "password": "<your_password>",
  "client_id": "CustomAdmin",
  "scope": "certificate:manage;configuration:manage"
}

.env

set -a
API_HOST=venafi.example.com
USERNAME=foo
PASSWORD=bar
CLIENT_ID=apiIntergrationName
SCOPE="certificate:manage"

. .env

Get cert example via path

#!/bin/bash
set -eu
if [ "$#" -ne 1 ]; then
  echo "Usage: $0 <cert path>"
  echo "Example: $0 \"MyFolder\Subfolder\mycert1\""
  exit
fi
cert_path=$1

shopt -s expand_aliases
alias scurl="curl -sS -b cookies.txt -c cookies.txt -H 'Content-type: application/json' -H 'Accept: application/json'"

json=$(cat <<-EOF
  {
    "client_id":"$CLIENT_ID",
    "username":"${USERNAME}",
    "password":"${PASSWORD}",
    "scope":"${SCOPE}"
  }
EOF
)
rsp=$(scurl -X POST https://$API_HOST/vedauth/authorize/oauth -d "${json}")
token=$(echo "$rsp" | jq -r .access_token)

get_crt_via_guid(){
  url="https://${API_HOST}/vedsdk/certificates/{${guid}}"
  rsp=$(scurl -H "Authorization:Bearer ${token}" "$url" | jq)
  echo "$rsp"
}

search_crt(){
  # GET https://test.venafi.example/vedsdk/certificates/?parentdnrecursive=%5CVED%5CPolicy&limit=2&offset=0
  # Authorization:Bearer 4MyGeneratedBearerTknz==
  url="https://${API_HOST}/vedsdk/certificates/?parentdnrecursive=%5CVED%5CPolicy&limit=2&offset=0"
  rsp=$(scurl -H "Authorization:Bearer ${token}" "$url" | jq)
  echo "$rsp"
}


get_crt_via_dn(){
  url="https://$API_HOST/vedsdk/Certificates/Retrieve"

  # folder is cert path in all properties
  cert_path=$(echo $cert_path | sed 's/\\/\\\\/g')
  cert_prefix="\VED\Policy\Certificates\\"
  cert_prefix=$(echo $cert_prefix | sed 's/\\/\\\\/g')
  cert_dn="${cert_prefix}${cert_path}"

  json=$(cat <<-EOF
    {
      "CertificateDN":"${cert_dn}",
      "Format":"Base64",
      "IncludeChain":"true",
      "RootFirstOrder":"true"
    }
EOF
)

  rsp=$(scurl -H "Authorization:Bearer ${token}" -d "$json" "$url")

  echo "$rsp" | jq -r .CertificateData | base64 -d
}

get_crt_via_dn

Difference between revisions of "Venafi api"

Latest revision as of 21:13, 17 April 2024

Python

Bash

Get Cert

Navigation menu

Search