v4.0.0

CHANGELOG.md

@@ -1,5 +1,75 @@
 # Change Log (v2.8.1+)
 
+## v4.0.0 [2025-01-17]
+
+__What's New:__
+
+* Reorganized codebase to align with UI orginizational structure.
+* Decoupled `my_requests` and `my_approvals` from `my_access`.
+* Added `brokers` and `pools` functionality for `access_broker`.
+* Added `firewall` settings functionality.
+* Added Britive `managed_permissions` functionality.
+* Britive exceptions by type and error code.
+* `my_resources` improvements.
+
+__Enhancements:__
+
+* Added `add_favorite` and `delete_favorite` to `my_resources`.
+* Added checkout approvals to `my_resources`.
+* Added ITSM to checkout approvals.
+* Added `(create|list|update|delete)_filter`) to `my_access`.
+* Added `response_templates` functionality for `access_broker` credentials.
+* Added `request_approval[_by_name]|withdraw_approval_request[_by_name]` to `my_resources`.
+* Added `my_access.list` to retrieve access details with new `type=sdk` option.
+
+__Bug Fixes:__
+
+* Fixed missing `param_values` option for resource creation.
+* `my_approvals.list` now includes `my_resources` requests.
+* Make `get` call in helper method instead `list_approvals`.
+* Catch `requests.exceptions.JSONDecodeError` in `handle_response`.
+
+__Dependencies:__
+
+* `requests >= 2.32.0`
+
+__Other:__
+
+* Python 3.8 is EOL, so support is dropped.
+* Method assignments dropped:
+
+| Dropped                                | New location                                  |
+| -------------------------------------- | --------------------------------------------- |
+| `access_builder`                       | `application_management.access_builder`       |
+| `accounts`                             | `application_management.accounts`             |
+| `applications`                         | `application_management.applications`         |
+| `audit_logs`                           | `audit_logs.logs`                             |
+| `environment_groups`                   | `application_management.environment_groups`   |
+| `environments`                         | `application_management.environments`         |
+| `groups`                               | `application_management.groups`               |
+| `identity_attributes`                  | `identity_management.identity_attributes`     |
+| `identity_providers`                   | `identity_management.identity_providers`      |
+| `notification_mediums`                 | `global_settings.notification_mediums`        |
+| `notifications`                        | `workflows.notifications`                     |
+| `permissions`                          | `application_management.permissions`          |
+| `profiles`                             | `application_management.profiles`             |
+| `saml`                                 | `security.saml`                               |
+| `scans`                                | `application_management.scans`                |
+| `security_policies`                    | `security.security_policies`                  |
+| `service_identities`                   | `identity_management.service_identities`      |
+| `service_identity_tokens`              | `identity_management.service_identity_tokens` |
+| `settings`                             | `global_settings`                             |
+| `step_up`                              | `security.step_up_auth`                       |
+| `tags`                                 | `identity_management.tags`                    |
+| `task_services`                        | `workflows.task_services`                     |
+| `tasks`                                | `workflows.tasks`                             |
+| `users`                                | `identity_management.users`                   |
+| `workload`                             | `identity_management.workload`                |
+| `my_access.approval_request_status`    | `my_requests.approval_request_status`         |
+| `my_access.approve_request`            | `my_approvals.approve_request`                |
+| `my_access.list_approvals`             | `my_approvals.list`                           |
+| `my_access.reject_request`             | `my_approvals.reject_request`                 |
+
 ## v3.1.0 [2024-10-07]
 
 __What's New:__

CONTRIBUTING.md

@@ -7,7 +7,7 @@ can consume a native Python library.
 
 ## Python Version Support
 
-_CURRENT SUPPORTED VERSION(S):_ `>= 3.8`
+_CURRENT SUPPORTED VERSION(S):_ `>= 3.9`
 
 We use [typing](https://docs.python.org/3/library/typing.html) and dictionary unpacking, e.g. `{**dict1, **dict2}`,
 which requires Python 3.5 or greater.
@@ -117,48 +117,52 @@ to an internal end-to-end process vs. integrating with a cloud service provider.
 Then run these in order or as required.
 
 ```sh
-pytest tests/test_005-identity_attributes.py -v
-pytest tests/test_010-users.py -v
-pytest tests/test_020-tags.py -v
-pytest tests/test_030-service_identities.py -v
-pytest tests/test_040-service_identity_tokens.py -v
-pytest tests/test_050-applications.py -v
-pytest tests/test_060-environment_groups.py -v
-pytest tests/test_070-environments.py -v
-pytest tests/test_080-scans.py -v  # WARNING - this one will take a while since it initiates a real scan
-pytest tests/test_090-accounts.py -v  # NOTE - a scan must first be completed
-pytest tests/test_100-permissions.py -v  # NOTE - a scan must first be completed
-pytest tests/test_110-groups.py -v  # NOTE - a scan must first be completed
-pytest tests/test_130-profiles.py -v
-pytest tests/test_140-task_services.py -v
-pytest tests/test_150-tasks.py -v
-pytest tests/test_160-security_policies.py -v
-pytest tests/test_170-saml.py -v
-pytest tests/test_180-api_tokens.py -v
-pytest tests/test_190-audit_logs.py -v
-pytest tests/test_200-reports.py -v
-pytest tests/test_210-identity_providers.py -v
-pytest tests/test_215-workload.py -v
-pytest tests/test_220-my_access.py -v
-pytest tests/test_230-notifications.py -v
-pytest tests/test_240-secrets_manager.py -v
-pytest tests/test_250-my_secrets.py -v
-pytest tests/test_260-notification_mediums.py -v
-pytest tests/test_270-system_policies.py -v
-pytest tests/test_280_system_actions.py -v
-pytest tests/test_290_system_consumers.py -v
-pytest tests/test_300-system_roles.py -v
-pytest tests/test_310-system_permissions.py -v
-pytest tests/test_320-settings_banner.py -v
-pytest tests/test_330-response_templates.py -v
-pytest tests/test_340-resource_types.py -v
-pytest tests/test_350-resource_labels.py -v
-pytest tests/test_360-resource.py -v
-pytest tests/test_370-resource_permissions.py -v
-pytest tests/test_380-access_broker_profiles.py -v
-pytest tests/test_390-access_broker_profiles_policies.py -v
-pytest tests/test_400-access_broker_permissions.py -v
-pytest tests/test_990-delete_all_resources.py -v
+pytest tests/000-global_settings-01-identity_attributes.py -v
+pytest tests/000-global_settings-02-notification_mediums.py -v
+pytest tests/000-global_settings-03-banner.py -v
+pytest tests/100-identity_management-01-users.py -v
+pytest tests/100-identity_management-02-tags.py -v
+pytest tests/100-identity_management-03-service_identities.py -v
+pytest tests/100-identity_management-04-service_identity_tokens.py -v
+pytest tests/100-identity_management-05-identity_providers.py -v
+pytest tests/100-identity_management-06-workload.py -v
+pytest tests/150-secrets_manager-01-secrets_manager.py -v
+pytest tests/200-application_management-01-applications.py -v
+pytest tests/200-application_management-02-environment_groups.py -v
+pytest tests/200-application_management-03-environments.py -v
+pytest tests/200-application_management-04-scans.py -v  # WARNING - this one will take a while since it initiates a real scan
+pytest tests/200-application_management-05-accounts.py -v  # NOTE - a scan must first be completed
+pytest tests/200-application_management-06-permissions.py -v  # NOTE - a scan must first be completed
+pytest tests/200-application_management-07-groups.py -v  # NOTE - a scan must first be completed
+pytest tests/200-application_management-08-profiles.py -v
+pytest tests/200-application_management-09-access_builder.py -v
+pytest tests/250-system-01-policies.py -v
+pytest tests/250-system-02-actions.py -v
+pytest tests/250-system-03-consumers.py -v
+pytest tests/250-system-04-roles.py -v
+pytest tests/250-system-05-permissions.py -v
+pytest tests/300-workflows-01-task_services.py -v
+pytest tests/300-workflows-02-tasks.py -v
+pytest tests/300-workflows-03-notifications.py -v
+pytest tests/350-access_broker-01-response_templates.py -v
+pytest tests/350-access_broker-02-resource_types.py -v
+pytest tests/350-access_broker-03-resource_labels.py -v
+pytest tests/350-access_broker-04-resource.py -v
+pytest tests/350-access_broker-05-resource_permissions.py -v
+pytest tests/350-access_broker-06-profiles.py -v
+pytest tests/350-access_broker-07-profiles_policies.py -v
+pytest tests/350-access_broker-08-permissions.py -v
+pytest tests/400-security-01-policies.py -v
+pytest tests/400-security-02-saml.py -v
+pytest tests/400-security-03-api_tokens.py -v
+pytest tests/500-audit_logs-01-logs.py -v
+pytest tests/500-audit_logs-02-webhooks.py -v
+pytest tests/550-reports-01-reports.py -v
+pytest tests/600-britive-01-my_access.py -v
+pytest tests/600-britive-02-my_secrets.py -v
+pytest tests/600-britive-03-my_requests.py -v
+pytest tests/600-britive-04-my_approvals.py -v
+pytest tests/999-cleanup-01-delete_all_resources.py -v
 ```
 
 Or you can simply run `pytest -v` to test everything all at once. The above commands however allow you to halt testing

DEPRECATION.md

@@ -1,6 +1,48 @@
 # Deprecation Notices
 
-This document holds the items which are deprecated and will be retired in the next major release.
+This document holds the items which are deprecated and/or warrant specific call out with each major release.
+
+
+## Moved methods in `v4.0.0`
+
+### `my_access` methods have moved:
+
+| Old location                           | New location                                  |
+| -------------------------------------- | --------------------------------------------- |
+| `my_access.approval_request_status`    | `my_requests.approval_request_status`         |
+| `my_access.approve_request`            | `my_approvals.approve_request`                |
+| `my_access.list_approvals`             | `my_approvals.list`                           |
+| `my_access.reject_request`             | `my_approvals.reject_request`                 |
+
+### `britive` methods have moved:
+
+| Old location                           | New location                                  |
+| -------------------------------------- | --------------------------------------------- |
+| `access_builder`                       | `application_management.access_builder`       |
+| `accounts`                             | `application_management.accounts`             |
+| `applications`                         | `application_management.applications`         |
+| `audit_logs`                           | `audit_logs.logs`                             |
+| `environment_groups`                   | `application_management.environment_groups`   |
+| `environments`                         | `application_management.environments`         |
+| `groups`                               | `application_management.groups`               |
+| `identity_attributes`                  | `identity_management.identity_attributes`     |
+| `identity_providers`                   | `identity_management.identity_providers`      |
+| `notification_mediums`                 | `global_settings.notification_mediums`        |
+| `notifications`                        | `workflows.notifications`                     |
+| `permissions`                          | `application_management.permissions`          |
+| `profiles`                             | `application_management.profiles`             |
+| `saml`                                 | `security.saml`                               |
+| `scans`                                | `application_management.scans`                |
+| `security_policies`                    | `security.security_policies`                  |
+| `service_identities`                   | `identity_management.service_identities`      |
+| `service_identity_tokens`              | `identity_management.service_identity_tokens` |
+| `settings`                             | `global_settings`                             |
+| `step_up`                              | `security.step_up_auth`                       |
+| `tags`                                 | `identity_management.tags`                    |
+| `task_services`                        | `workflows.task_services`                     |
+| `tasks`                                | `workflows.tasks`                             |
+| `users`                                | `identity_management.users`                   |
+| `workload`                             | `identity_management.workload`                |
 
 ## Removed in Major Release 3.0.0
 

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 Britive, Inc
+Copyright (c) 2025 Britive, Inc
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -7,7 +7,7 @@ This package aims to wrap the Britive API for usage in Python development. For t
 the developer/end user experience. Some APIs may also be combined into one Python method with a parameter if and where
 it makes more sense to present the API that way.
 
-This package supports Python versions `>= 3.8`.
+This package supports Python versions `>= 3.9`.
 
 ## Installation
 
@@ -88,6 +88,8 @@ they exist.
 * Identity Attributes
 * Identity Providers
 * My Access (access granted to the given identity (user or service))
+* My Approvals
+* My Requests
 * My Resources (access granted to the given identity (user or service))
 * My Secrets (access granted to the given identity (user or service))
 * Notifications
@@ -194,7 +196,7 @@ import json
 
 britive = Britive()  # source needed data from environment variables
 
-print(json.dumps(britive.users.list(), indent=2, default=str))
+print(json.dumps(britive.identity_management.users.list(), indent=2, default=str))
 ```
 
 ### Provide Needed Authentication Information in the Script
@@ -205,7 +207,7 @@ import json
 
 britive = Britive(tenant='example', token='...') # source token and tenant locally (not from environment variables)
 
-print(json.dumps(britive.users.list(), indent=2, default=str))
+print(json.dumps(britive.identity_management.users.list(), indent=2, default=str))
 ```
 
 ### Create API Token for a Service Identity
@@ -216,7 +218,7 @@ import json
 
 britive = Britive()  # source needed data from environment variables
 
-print(json.dumps(britive.service_identity_tokens.create(service_identity_id='abc123'), indent=2, default=str))
+print(json.dumps(britive.identity_management.service_identity_tokens.create(service_identity_id='abc123'), indent=2, default=str))
 ```
 
 ### Run a Report (JSON and CSV output)
@@ -243,13 +245,13 @@ from britive.britive import Britive
 
 b = Britive()
 
-policy = b.profiles.policies.build(
+policy = b.application_management.profiles.policies.build(
     name='example',
     users=['user@domain.com'],
     approval_notification_medium='Email',
     approver_users=['approver@domain.com'],
     time_to_approve=10
 )
 
-b.profiles.policies.create(profile_id='...', policy=policy)
+b.application_management.profiles.policies.create(profile_id='...', policy=policy)
 ```

pyproject.toml

@@ -14,22 +14,25 @@ classifiers = [
     "License :: OSI Approved :: MIT License",
     "Operating System :: OS Independent",
     "Programming Language :: Python",
-    "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
     "Topic :: Internet",
     "Topic :: Security",
 ]
 license = {file = "LICENSE"}
-requires-python = ">=3.8"
+requires-python = ">=3.9"
 dependencies = [
-    "requests>=2.31.0"
+    "requests>=2.32.0"
 ]
 dynamic = ["version"]
 keywords = ["britive", "cpam", "identity", "jit"]
 
+[project.optional-dependencies]
+azure = ["azure-identity"]
+
 [project.urls]
 Homepage = "https://www.britive.com"
 Documentation = "https://docs.britive.com/v1/docs/en/overview-britive-apis"
@@ -92,7 +95,7 @@ select = [
 
 [tool.ruff.lint.pylint]
 allow-magic-value-types = ["int", "str"]
-max-args = 10
+max-args = 12
 max-branches = 30
 max-returns = 8
 max-statements = 72

requirements/common.txt

@@ -1,3 +1,3 @@
 # can likely change this to earlier versions - will deal with that later
 jmespath
-requests>=2.31.0
+requests>=2.32.0

src/britive/__init__.py

@@ -1 +1 @@
-__version__ = '3.1.0'
+__version__ = '4.0.0'

src/britive/access_broker/__init__.py

@@ -0,0 +1,14 @@
+from .brokers import Brokers
+from .pools import Pools
+from .profiles import Profiles
+from .resources import Resources
+from .response_templates import ResponseTemplates
+
+
+class AccessBroker:
+    def __init__(self, britive) -> None:
+        self.profiles = Profiles(britive)
+        self.resources = Resources(britive)
+        self.response_templates = ResponseTemplates(britive)
+        self.brokers = Brokers(britive)
+        self.pools = Pools(britive)

src/britive/access_broker/brokers.py

@@ -0,0 +1,21 @@
+class Brokers:
+    def __init__(self, britive) -> None:
+        self.britive = britive
+        self.base_url = f'{self.britive.base_url}/resource-manager/remote-broker/brokers'
+
+    def list(self, status: str = '') -> list:
+        """
+        List brokers with ability to filter by status.
+
+        :param status: Filter brokers by a list of statuses, combining the statuses using an OR condition.
+            The statuses are case-sensitive.
+            Possible values are `active`, `inactive`, and `disconnected`.
+            Provide values as a comma-separated list to apply an OR filter (e.g., `status=active,inactive`).
+        :return: List of brokers.
+        """
+
+        params = {
+            'status': status,
+        }
+
+        return self.britive.get(self.base_url, params=params)['data']