| Health Check | Pass | Score | More Info | | ------------ | ---- | ----- | --------- | | Contains a meaningful README.md file | :white_check_mark: | 20 / 20 | More info | SUPPORT.md file exists | :white_check_mark: | 20 / 20 | More info | Repo has a description | :white_check_mark: | 15 / 15 | More info | Has a recognized open source license | :white_check_mark: | 15 / 15 | More info | Has a descriptive repo name | :white_check_mark: | 15 / 15 | More info | Required topics attached to repo | :white_check_mark: | 15 / 15 | More info | CONTRIBUTING.md file with contribution guidelines | :white_check_mark: | 5 / 5 | More info | Has custom issue and pull request templates | :x: | 0 / 5 | More info

Current score: 105 Target threshold: 100 Total possible: 110

Description

add a cspm version check and improve config mapping between cli and api

Motivation and Context

Question on Slack

How Has This Been Tested?

Manual, Flake8

Types of changes

• New feature (non-breaking change which adds functionality)

Checklist

• [x] I have updated the documentation accordingly.
• [x] I have read the CONTRIBUTING document.
• [x] I have added tests to cover my changes if appropriate.
• [x] All new and existing tests passed.

Describe the bug

I'd like to use the cli tool to export container audits

Expected behavior

I would expect pc -v audits container to return back the audits from the container runtime.

Current behavior

But it is returning nothing, and when reviewing the source code, I see audits/firewall/app/container the following API being called which is for WAAS and not container runtime.

Possible solution

I would suggest we update this endpoint or create a new option for this result.

Steps to reproduce

Screenshots

Context

Your Environment

• Version used:
• Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3):
• Operating System and version (desktop or mobile):
• Link to your project:

Describe the bug

When first running the cli tool after installing, it asks for API urls. However, if I paste a URL with https:// in it, it will be stored to config as such, but subsequent requests to the API fail.

Expected behavior

The setup flow should sanitise the url to such a form that it works regardless if the value contains the protocol or not. Alternatively, URL's read from the config json should be sanitised to the expected form before the calls to the API.

Current behavior

Requests fail because the URL stored in the config is in the wrong format. Log output:

Traceback (most recent call last):
  File "/Users/xyz/Library/Python/3.9/lib/python/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/Users/xyz/Library/Python/3.9/lib/python/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/Users/xyz/Library/Python/3.9/lib/python/site-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='https', port=443): Max retries exceeded with url: //api.eu.prismacloud.io/login (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x125250b20>: Failed to establish a new connection: [Errno 8] nodename nor servname provided, or not known'))

Steps to reproduce

starting from a fresh install

1. pip3 install prismacloud-cli
2. pc version
3. follow steps to setup tool, but set API urls including https, e.g. https://api.eu.prismacloud.io
4. Once done, requests fail

Alteratively just change the URL's in ~/.prismacloud/credentials.json to include https:// and try to call pc version. Request will fail.

Your Environment

• Version used: prismacloud_cli-0.4.35
• Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): python 3.9
• Operating System and version (desktop or mobile): MacOS 12.4

Describe the bug

When I run pc version and try to answer yes to the #Community Supported verbage, I get a Traceback error. (pcclitest) ➜ pcclitest pc version zsh: correct 'pc' to 'cp' [nyae]? n

Community Supported

This template/solution is released under an as-is, best effort, support policy. These scripts should be seen as community supported and Palo Alto Networks will contribute our expertise as and when possible. We do not provide technical support or help in using or troubleshooting the components of the project through our normal support options such as Palo Alto Networks support teams, or ASC (Authorized Support Centers) partners and backline support options. The underlying product used (Prisma Cloud) by the scripts or templates are still supported, but the support is only for the product functionality and not for help in deploying or using the template or script itself.

Unless explicitly tagged, all projects or work posted in our GitHub repository (at https://github.com/PaloAltoNetworks) or sites other than our official Downloads page on https://support.paloaltonetworks.com are provided under the best effort policy.

Type yes to confirm you have read the message above: yes Message accepted. Traceback (most recent call last): File "/Users/[someuser]/Projects/pcclitest/bin/pc", line 8, in sys.exit(cli()) File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/click/core.py", line 1130, in call return self.main(*args, **kwargs) File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/click/core.py", line 1055, in main rv = self.invoke(ctx) File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/click/core.py", line 1651, in invoke cmd_name, cmd, args = self.resolve_command(ctx, args) File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/click_help_colors/core.py", line 101, in resolve_command cmd_name, cmd, args[1:] = super(HelpColorsMultiCommand, self).resolve_command(ctx, args) File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/click/core.py", line 1698, in resolve_command cmd = self.get_command(ctx, cmd_name) File "/Users[someuser]/Projects/pcclitest/lib/python3.9/site-packages/prismacloud/cli/init.py", line 135, in get_command mod = import(f"prismacloud.cli.{module_type}.cmd_{cmd_name}", None, None, ["cli"]) File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/prismacloud/cli/cwpp/cmd_version.py", line 4, in from prismacloud.cli.api import pc_api File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/prismacloud/cli/api.py", line 264, in pc_api.configure(map_cli_config_to_api_config()) File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/prismacloud/cli/api.py", line 33, in map_cli_config_to_api_config settings = get_cli_config() File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/prismacloud/cli/api.py", line 100, in get_cli_config community_supported() # Check if support message has been shown and accepted File "/Users/[someuser]/Projects/pcclitest/lib/python3.9/site-packages/prismacloud/cli/api.py", line 78, in community_supported with open(community_support_accepted, "w") as _accepted: FileNotFoundError: [Errno 2] No such file or directory: '/Users/[someuser]/.prismacloud/.community_supported_accepted'

Expected behavior

Should create .prismacloud hidden folder in my home folder with a .community_supported_accepted file in it.

Current behavior

It errors as above

Possible solution

I created the hidden folder and the hidden file and pc version worked

Steps to reproduce

1. on Mac OSX 12.6 running python 3.10.7 pip3 install prismacloud-cli
2. run pc version
3. see it fail

Screenshots

Context

Cannot try/test prismacloud-cli

Your Environment

• Version used: prismacloud-cli 0.4.45 , prismacloud-api 4.0.8
• Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): iterm 3.4.16 SHELL: zsh python 3.10.7
• Operating System and version (desktop or mobile): desktop OSX Monterey 10.6 (21G115)
• Link to your project:

Describe the bug

initial acceptance of support policy requires /Users/$USER/.prismacloud to pre-exist

Expected behavior

Expected that initial install will create /Users/$USER/.prismacloud

Current behavior

❯ pc version
# Community Supported
This template/solution is released under an as-is, best effort,
support policy. These scripts should be seen as community
supported and Palo Alto Networks will contribute our expertise as
and when possible. We do not provide technical support or help in
using or troubleshooting the components of the project through our
normal support options such as Palo Alto Networks support teams,
or ASC (Authorized Support Centers) partners and backline support
options. The underlying product used (Prisma Cloud) by the scripts
or templates are still supported, but the support is only for the
product functionality and not for help in deploying or using the
template or script itself.

Unless explicitly tagged, all projects or work posted in our
GitHub repository (at https://github.com/PaloAltoNetworks) or
sites other than our official Downloads page on
https://support.paloaltonetworks.com are provided under the best
effort policy.

Type yes to confirm you have read the message above: yes
Message accepted.
Traceback (most recent call last):
  File "/usr/local/bin/pc", line 8, in <module>
    sys.exit(cli())
  File "/Users/lkaut/Library/Python/3.10/lib/python/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/Users/lkaut/Library/Python/3.10/lib/python/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/Users/lkaut/Library/Python/3.10/lib/python/site-packages/click/core.py", line 1651, in invoke
    cmd_name, cmd, args = self.resolve_command(ctx, args)
  File "/usr/local/lib/python3.10/site-packages/click_help_colors/core.py", line 101, in resolve_command
    cmd_name, cmd, args[1:] = super(HelpColorsMultiCommand, self).resolve_command(ctx, args)
  File "/Users/lkaut/Library/Python/3.10/lib/python/site-packages/click/core.py", line 1698, in resolve_command
    cmd = self.get_command(ctx, cmd_name)
  File "/usr/local/lib/python3.10/site-packages/prismacloud/cli/__init__.py", line 135, in get_command
    mod = __import__(f"prismacloud.cli.{module_type}.cmd_{cmd_name}", None, None, ["cli"])
  File "/usr/local/lib/python3.10/site-packages/prismacloud/cli/cwpp/cmd_version.py", line 4, in <module>
    from prismacloud.cli.api import pc_api
  File "/usr/local/lib/python3.10/site-packages/prismacloud/cli/api.py", line 264, in <module>
    pc_api.configure(map_cli_config_to_api_config())
  File "/usr/local/lib/python3.10/site-packages/prismacloud/cli/api.py", line 33, in map_cli_config_to_api_config
    settings = get_cli_config()
  File "/usr/local/lib/python3.10/site-packages/prismacloud/cli/api.py", line 100, in get_cli_config
    community_supported()  # Check if support message has been shown and accepted
  File "/usr/local/lib/python3.10/site-packages/prismacloud/cli/api.py", line 78, in community_supported
    with open(community_support_accepted, "w") as _accepted:
FileNotFoundError: [Errno 2] No such file or directory: '/Users/lkaut/.prismacloud/.community_supported_accepted'

Possible solution

programmatically create ~/.prismacloud/ directory workaround --> `mkdir /Users/$USER/.prismacloud

Steps to reproduce

New install per user

Screenshots

Context

Your Environment

Using MacOS Python3.10

Description

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist

• [x] I have updated the documentation accordingly.
• [x] I have read the CONTRIBUTING document.
• [x] I have added tests to cover my changes if appropriate.
• [x] All new and existing tests passed.

Documentation link

https://prisma.pan.dev/api/cloud/cwpp/registry#operation/get-registry-download

Describe the problem

accuracy? request for improvement

Given above documentation, how would / do I specify the search criteria for this API invocation? https://github.com/PaloAltoNetworks/prismacloud-cli/blob/39b60c85882919f1d12115c29f0b5123622e8f88/prismacloud/cli/cwpp/cmd_scans.py#L12

Suggested fix

Why don't someone create a tutorial / examples of the CWPP API query parameters? fields, search and offset + limit are good to know.

Description

This adds a couple of lines to fix an error at first run:

A test condition to see if the config directory "~/.prismacloud" exists during first run. Then mkdir said directory.

Motivation and Context

Documented issue here. Issue is reproducible when the ~/.prismacloud does not exist

How Has This Been Tested?

Yes. This was tested by removing the ~/.prismacloud directory structure and re-running pc version

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist

• [X] I have updated the documentation accordingly. Commit message only
• [X] I have read the CONTRIBUTING document.
• [X] I have added tests to cover my changes if appropriate.
• [X] All new and existing tests passed.

Description

Addresses https://github.com/PaloAltoNetworks/prismacloud-cli/issues/68

Motivation and Context

Use existing code to sanitize.

How Has This Been Tested?

Manual testing.

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist

• [x] I have updated the documentation accordingly.
• [x] I have read the CONTRIBUTING document.
• [ ] I have added tests to cover my changes if appropriate.
• [ ] All new and existing tests passed.

With this change the CLI will work on windows environments as the only problem was the use of the HOME variable.

Description

Changes how the config directory is retrieved to make the tool available to windows users.

Motivation and Context

I wanted to use the CLI in a windows host.

How Has This Been Tested?

I've use it with my tenant.

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist

• [ ] I have updated the documentation accordingly.
• [ ] I have read the CONTRIBUTING document.
• [ ] I have added tests to cover my changes if appropriate.
• [x] All new and existing tests passed.

Description

add agentless log download (undocumented api)

Motivation and Context

provide simple download

How Has This Been Tested?

manual, pylint

Types of changes

• New feature (non-breaking change which adds functionality)

Checklist

• [ ] I have updated the documentation accordingly.
• [ ] I have read the CONTRIBUTING document.
• [ ] I have added tests to cover my changes if appropriate.
• [ ] All new and existing tests passed.

Description

Bug fix for issues #88

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist

• [ ] I have updated the documentation accordingly.
• [ ] I have read the CONTRIBUTING document.
• [ ] I have added tests to cover my changes if appropriate.
• [ ] All new and existing tests passed.

Describe the bug

pc defenders list produces duplicate output of each defender

Expected behavior

I would expect to see a single entry for each defender.

Current behavior

When using pc defenders list and any output format, each defender is listed double.

Possible solution

Discover why this duplicate output happens.
During debug I noticed that the data stored from the api call, is singular and doesn't seem to become duplicate until formatting or output occurs.

Steps to reproduce

pc defenders list

Screenshots

Output from command showing double:

Debug showing single data store:

Context

None needed

Your Environment

• Version used: Python 3.10.6
• Operating System and version (desktop or mobile): MacOS