Aqua API Endpoint Class¶
The Aqua class can be found in the aqua module: aqua.aqua.Aqua. This class will be your main interaction with the aqua-py SDK. Most of Aqua’s CSP REST calls are/will be abstracted through this class..
Please see below for auto documentation generated for this class.
-
class
aqua.aqua.
Aqua
¶ -
__init__
(id: str = None, password: str = None, host: str = None, port: str = '443', api_version: str = 'v1', using_tls=True, verify_tls: bool = False, cacert_file: str = None, proxy=None, remember: bool = False, token: str = None)¶ Currently both v1 and v2 calls are abstracted in this client. You currently do not need to specify API version to make v2 calls.
- Parameters
id – username
password – password
host – CSP console/API server IP address
port – CSP console/API server port
api_version – optional. currently at v1
using_ssl – optional. used to hit https urls
verify_tls – optional. Whether to validate certificate. Set to false for self signed certs.
cacert_file – optional CA certificates to trust for certificate verification
proxy – optional http/https proxy dictionary
remember – whether to create an extended 30 day session; if false session token will be valid for 9 hours
- Returns
an Aqua object that represents API endpoint and used for all subsequent calls.
-
attach_profile
(registry_name: str, repository: str, policy_name: str)¶ Attach an image runtime profile to a repository
- Parameters
registry_name –
repository –
policy_name –
- Returns
Upon success, this route will return a 204 No Content response.
-
consoles
()¶ Retrieve the configured consoles information
- Returns
Produces a JSON array of all consoles configured in the system
-
create_enforcer_group
(type, id, logicalname, host_os, service_account, namespace, runtime, token, enforcer_image, enforce, gateways, orchestrator, runtime_options)¶ Create an enforcer group.
- Parameters
type – which enforcer (agent, micro-enforcer, nano-enforcer, vm-enforcer)
id – name of the enforcer group
logicalname – prefix for the enforcer names
host_os – Linux or Windows
service_account – Kubernetes service account
namespace – Namespace Aqua deployed too
runtime – docker, crio, containerd
token – Installation token to identify group
enforcer_image – image to pull and deploy
enforce – bool - audit = False, enforce = True
gateways – string array of gateways
orchestrator – type of orchestrator (docker, kubernetes, openshift, pas)
runtime_options – map of policy options
- Returns
A successful creation of the new enforcer group will result in a json response with the profile
-
create_image_registry
(reg_type: str, name: str, description: str, username: str, password: str, url: str = None, prefixes: str = None, auto_pull: bool = False)¶ Create a new image registry
- Parameters
reg_type – the type of the registry. i.e HUB (Docker Hub), AWS, GCR, ENGINE (direct connect to docker engine), V1/V2 (General Docker registries)
name – the name of the registry; string, required - this will be treated as the registry’s ID, so choose a simple alphanumerical name without special signs and spaces
description –
username – the username for registry authentication; string, optional
password – the password for registry authentication; string, optional
url – the URL, address or region of the registry; string, optional
prefixes – See https://docs.aquasec.com/reference#section-image-registry-prefixes
auto_pull – whether to automatically pull images from the registry on creation and daily; boolean, defaults to false
- Returns
If successful, a 204 No Content response will be returned. Note that if auto_pull is enabled, the server will immediately begin pulling images from the registry.
-
create_profile
(profile: str)¶ Create a new image runtime profile
- Parameters
profile – json object i.e. returned from get_suggested_profile
- Returns
A successful creation of the new profile will result in a 204 No Content response.
-
create_secret_keystore
(name: str, url: str, token: str, user: str, type: str = 'vault', enabled: bool = True)¶ This method expects the request structure described at https://docs.aquasec.com/reference#section-secret-key-store-structure
- Parameters
name – reference name of the secret key store to create; string, required
url – for vault type this is the URL of the vault service, for KMS this is the access ID; string; required only for vault type
token – the vault token, and for KMS, this is the secret key; string, required only for vault type
user – for vault this is the secret back-end, for KMS this is the region; string, required
type – the type of the secret key store; string, required [vault, kms]
enabled – true when the secret key store is enabled; boolean
- Returns
If successful, a {} will be returned
-
delete_registry
(name: str)¶ Remove an existing image registry
- Parameters
name – registry friendly name within Aqua
- Returns
Upon successful removal, a 204 No Content response will be returned
-
delete_secret_keystore
(name: str)¶ Deletes a secret key store
- Parameters
name – the reference name of the secret key store.
- Returns
If successful, a {} will be returned.
-
end_profiling_session
(registry_name: str, repository: str)¶ End a profiling session There are two ways to end the profiling session: stopping the containers that were started in the previous stage, or issuing an API call. Using the API call will cause the server to cease monitoring the containers’ activity, but the containers will continue to live, so only use it if you still need them.
- Parameters
registry_name –
repository –
- Returns
If the session is successfully terminated, an empty successful response is returned.
-
enforcer_details
(id: str)¶ Get Enforcer details
- Parameters
id – host/enforcer id
- Returns
The return structure is described in Enforcer Structure. https://docs.aquasec.com/reference#section-enforcer-structure
-
export_settings
(settings: List = None, key: str = None)¶ export settings and policies
- Parameters
settings – list of string representing settings to export. default is all settings
key – 32-character key if default key not to be used
- Returns
settings dict
-
get_asset_details_by_id
(id: str = 1)¶ Retrieve details of identified host or cluster in system by id.
- Parameters
id – host or cluster id
- Returns
details of asset
-
get_image_assurance
(policy_name: str, policy_type: str)¶ Return the structure of an image runtime profile
- Parameters
profile_name – name of profile to retrieve
policy_type – the type of assurance policy (image | host | function | cf_application)
- Returns
the structure of an image runtime profile
NOTE:
-
get_profile
(profile_name: str)¶ Return the structure of an image runtime profile
- Parameters
profile_name – name of profile to retrieve
- Returns
the structure of an image runtime profile
-
get_runtime_policies
(policy_name: str)¶ Return the structure of a runtime policy
- Parameters
profile_name – name of policy to retrieve
- Returns
the structure of a runtime policy
-
get_suggested_profile
(registry_name: str, repository: str)¶ Get suggested profile generated in a profiling session
- Parameters
registry_name –
repository –
- Returns
the suggested image runtime profile in the standard image runtime profile structure.
-
hosts
()¶ Get list of all Enforcers (hosts) on the Aqua Server
- Returns
The response format will be a JSON array of enforcer structures. See enforcer structure for description. https://docs.aquasec.com/reference#section-enforcer-structure
-
import_settings
(settings: Dict, key: str = None)¶ import settings and policies
- Parameters
settings – dict representing aqua settings
key – 32-character key if default key not to be used
- Returns
{} if successful
-
list_assets
(page: str = 1, page_size: str = 50, type: str = None, search: str = None)¶ Retrieve details of hosts and clusters configured in system.
- Parameters
page – list from provided page of results
page_size – list at most the provided number
type – node or cluster
- Returns
list of nodes and clusters
-
list_batch_install_tokens
()¶ List batch install tokens :return:Successful response will include a JSON array of objects. https://docs.aquasec.com/reference#section–list-batch-install-tokens-
-
list_image_assurance
()¶ Lists of all image assurance policies in the system
- Returns
a list of all assurance policies in a json
-
list_profiles
()¶ Lists of all image runtime profiles in the system
- Returns
a list of all image runtime profiles in the system
-
list_runtime_policies
()¶ Lists of all runtime policies in the system
- Returns
a list of all runtime policies in a json
-
list_secret_keystores
()¶ List all existing secret key stores
- Returns
If successful, a 200 OK response status returned. A JSON list of all existing secret key stores will be returned
-
list_services
()¶ Returns a list of all Aqua services in the system
- Returns
Return structure is a JSON array of service objects
-
modify_image_assurance
(policy_name: str, policy_file: str, policy_type: str)¶ Update an existing image assurance policy
- Parameters
policy_name – name of policy to update
policy_file – json object i.e. returned from list_image_assurance or get_image_assurance
policy_type – the type of assurance policy (image | host | function | cf_application)
- Returns
A successful creation of the new profile will result in a 204 No Content response.
-
modify_profile
(profile_name: str, profile: str)¶ Update an existing image runtime profile
- Parameters
profile_name – name of profile to update
profile – json object i.e. returned from get_suggested_profile
- Returns
A successful creation of the new profile will result in a 204 No Content response.
-
modify_runtime_policies
(policy_name: str, policy_file: str)¶ Update an existing image assurance policy
- Parameters
policy_name – name of policy to update
policy_file – json object i.e. returned from list_runtime_policies or get_runtime_policies
- Returns
A successful creation of the new policy will result in a 204 No Content response.
-
notifications
()¶ Get information of the last notification sent by the environment
- Returns
notifications as dict
-
scan_history
(registry: str, repo: str, tag: str = 'latest', order_by: str = '-date')¶ Retrieve scan history for a container image
- Parameters
registry – name of the registry
repo – name of the repo
tag – image tag
order_by – date (ASC) or -date (DESC)
- Returns
scan history object
-
scan_status
(registry_name: str, image_name: str, image_tag: str = 'latest') → Dict¶ Get status of an image vulnerability scan.
- Parameters
registry_name – name of the registry
image_name – name of container image
image_tag – optional. image tag. defaults to latest
- Returns
scan status results as Dict
-
start_image_scan
(registry_name: str, image_name: str, image_tag: str = 'latest') → Dict¶ Get status of an image vulnerability scan.
- Parameters
registry_name – name of the registry
image_name – name of container image
image_tag – optional. image tag. defaults to latest
- Returns
scan status as Dict
-