<!-- MarkdownTOC -->
- [Breaking change: You can no longer remove queries from Enforcement Set](breaking-change-you-can-no-longer-remove-querys-from-enforcement-set)
- [Feature: Folder support](feature-folder-support)
- [Axonshell changes](axonshell-changes)
- [API Changes](api-changes)
- [Feature: Add ability to use username and password for credentials](feature-add-ability-to-use-username-and-password-for-credentials)
- [Axonshell changes](axonshell-changes-1)
- [API changes](api-changes-1)
- [Feature: Get the API keys from an Axonius instance and write them to a file](feature-get-the-api-keys-from-an-axonius-instance-and-write-them-to-a-file)
- [Feature: Add log filtering to avoid potential credential storage](feature-add-log-filtering-to-avoid-potential-credential-storage)
<!-- /MarkdownTOC -->
Breaking change: You can no longer remove queries from Enforcement Set
Trying to do so will now give an error.
Feature: Folder support
This release marks the addition of support for folders for Queries and Enforcements.
Axonshell changes
Added new optional arguments --folder and --create to the following:
- axonshell devices saved-query add
- axonshell devices saved-query copy
- axonshell enforcements copy
- axonshell enforcements create
- axonshell users saved-query add
- axonshell users saved-query copy
- axonshell vulnerabilities saved-query add
- axonshell vulnerabilities saved-query copy
Added new commands:
- axonshell devices saved-query update-folder
- axonshell enforcements update-description
- axonshell enforcements update-folder
- axonshell users saved-query update-folder
- axonshell vulnerabilities saved-query update-folder
Added new command group:
- axonshell folders
- axonshell folders queries
- axonshell folders enforcements
Each command group under folders exposes the same set of commands for working with folders for their respective object types:
- create: Create a folder.
- delete: Delete a folder.
- find: Find a folder.
- get-tree: Get a tree view of all subfolders and their...
- move: Move a folder.
- rename: Rename a folder.
- search-objects: Search for objects in a folder.
- search-objects-copy: Search for objects in a folder and make copies...
- search-objects-delete: Search for objects in a folder and delete them.
- search-objects-move: Search for objects in a folder and move them.
API Changes
New API module under client:
- client.folders -> axonius_api_client.api.folders.Folders
- client.folders.queries -> axonius_api_client.api.folders.FoldersQueries
- client.folders.enforcements -> axonius_api_client.api.folders.FoldersEnforcements
Each API module exposes the same set of methods for working with folders for their respective object types:
- api_endpoint_group: Endpoint group to use for this folders object type
- get: Get the root for this folders object type
- get_cached: Get the root for this folders object type
- get_tree: Get a tree view of all subfolders and their objects
- find: Get a folder by path, id, or folder model for this folders object type
- find_cached: Get a folder by path, id, or folder model for this folders object type
- search_objects: Search for objects in a folder
- search_objects_copy: Search for objects in a folder and copy them, optionally to a different folder
- search_objects_move: Search for objects in a folder and move themto a different folder.
- search_objects_delete: Search for objects in a folder and move themto a different folder.
- create: Create a folder
- rename: Rename a folder
- move: Move a folder
- delete: Delete a folder
- `_get`: direct api method to get root folders
- `_rename`: direct api method to rename a folder
- `_move`: direct api method to move a folder
- `_create`: direct api method to create a folder
- `_delete`: direct api method to delete a folder
Feature: Add ability to use username and password for credentials
Axonshell changes
A new option is available to be used at the beginning of the command line:
text
-creds, --credentials / -keys, --keys
Treat key as Username and secret as password
[env var: AX_CREDENTIALS; default: keys]
`
This option, when used like:
axonshell -creds devices count
Will treat the value stored in --key or AX_KEY as username, and the value stored in --secret or AX_SECRET as the password.
API changes
Connect has a new argument:
python
credentials: bool = False
If this is True, key is treated as username and secret is treated as password and instead of using the Auth module ApiKey, it will use the new Auth module Credentials.
Credentials logs in with username and password, then fetches the api key and secret and uses that for the duration of the session.
Feature: Get the API keys from an Axonius instance and write them to a file
A new command group has been added to Axonshell:
text
Usage: axonshell account [OPTIONS] COMMAND [ARGS]...
Group: Account commands.
Options:
--help Show this message and exit.
Commands:
get-api-keys Get the API keys for the current user.
signup Perform the initial signup to an instance.
use-password-reset-token Use a password reset token.
write-config Create/Update a '.env' file with url, key,...
The signup, use-password-reset-token, and write-config commands are just copied over from axonshell tools.
The get-api-key command is a new command altogether:
text
Usage: axonshell account get-api-keys [OPTIONS]
Get the API keys for the current user.
Options:
-u, --url URL URL of an Axonius instance [env var:
AX_URL; required]
-k, --key KEY API Key of user in an Axonius instance [env
var: AX_KEY; required]
-s, --secret SECRET API Secret of user in an Axonius instance
[env var: AX_SECRET; required]
-xf, --export-format [json|str|env]
Format of to export data in [env var:
AX_EXPORT_FORMAT; default: str]
-e, --env TEXT Path to .env file when --export-format==env
[env var: AX_ENV; default: .env]
--help Show this message and exit.
You can use this with the new --credentials option and have it prompt you for key (provide username), prompt you for secret (provide password) then create your .env file for you:
axonshell -creds account get-api-keys --url 1.1.1.1 --export-format env
Feature: Add log filtering to avoid potential credential storage
Created a logging formatter in axonius_api_client.logs:
python
class HideFormatter(logging.Formatter):
"""Hide the rest of the line for any lines against :attr:`HIDE_REGEX`."""
HIDE_ENABLED: bool = True
"""Enable hiding of matches to HIDE_REGEX."""
HIDE_REGEX: t.Pattern = re.compile(r"(password|secret).*", re.I)
"""Pattern of sensitive info to hide."""
HIDE_REPLACE: str = r"\1 ...REST OF LINE HIDDEN..."
"""Value to replace matches to HIDE_REGEX with."""
If any line in the logging output contains the word password or secret, the rest of the line after those words will be hidden from the logging system.
What's Changed
* backmerge 4.50.3 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/222
* 4.60.0 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/223
* 4.60.0 SA-3545 SA-3419 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/224
* More features for 4.60.0 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/226
* Bugfixes for QA gold release SA-3419 by lifehackjim in https://github.com/Axonius/axonius_api_client/pull/225
**Full Changelog**: https://github.com/Axonius/axonius_api_client/compare/4.50.3...4.60.0