NEW FEATURES
- add PolicyComputeEngine.set_tls_settings function to update verify and cert values for PCE requests session
- add PolicyComputeEngine.must_connect function to complement check_connection, raising the exception on failure rather than suppressing it
BUG FIXES
- fix issue where PCE request could throw NoneType exception if incorrectly configured
BUG FIXES
- fix check_connection call to avoid 404s on some PCEs
NEW FEATURES
- add default timeout to PolicyComputeEngine requests session
- add PolicyComputeEngine.set_timeout function to update timeout
- add _PCEAPIObject.get_by_name function as a convenience method for finding an exact name match
BUG FIXES
- fix check_connection call to work with SaaS PCEs
NEW FEATURES
- readthedocs documentation generated with Sphinx
- API documentation
- install guide
- user guide
- common use-cases
- advanced usage
- add illumio.events module
- adds /events PCE API endpoint
- add PolicyComputeEngine.get_default_service function
- added constant values to illumio.util.constants
- ALL_SERVICES_NAME - default All Services Service object name
- RESOLVE_AS_WORKLOADS - rule label resolution as workloads
- RESOLVE_AS_VIRTUAL_SERVICES - rule label resolution as virtual services
- ICMP_CODE_MAX - ICMP Code max value
- ICMP_TYPE_MAX - ICMP Type max value
- add enumerations to illumio.util.constants
- ApplyTo - enum in place of Virtual Service module constants
- VENType - enum for VEN.ven_type field
- ChangeType - enum for ResourceEvent.change_type field
- EventSeverity - enum for BaseEvent.severity field
- EventStatus - enum for BaseEvent.status field
- add illumio.util.jsonutils.Error dataclass to capture API error responses
IMPROVEMENTS
- update illumio.rules.Rule.build function to use ['workloads'] as consumer/provider label resolution default
- broad improvements to pydoc
- add __all__ to all modules
- bug fixes and type hint improvements
BUG FIXES
- add FirewallCoexistence object to fix decoded Workload.firewall_coexistence data type
DEPRECATIONS
- PolicyComputeEngine.base_url is DEPRECATED and will be removed in version 2.0.0. The URL is built on each request instead for more flexibility
NEW FEATURES
- add PORT_MAX constant to illumio.util.constants
- add IllumioIntegerValidationException class
- add int validation helper function
IMPROVEMENTS
- validate PolicyComputeEngine org_id and port values on init
- build URL for each request PolicyComputeEngine
- add private member vars for scheme/hostname/port/version
- update PolicyComputeEngine.check_connection to make a second call to validate org_id
IMPROVEMENTS
- illumio.workloads.pairingprofile.PairingProfile - add custom encoder to enforce strict type checking for key_lifespan and allowed_uses_per_key fields
- improve unit and integration tests
- illumio.policyobjects.service.Service - add unit test suite for /services API
- illumio.policyobjects.label.LabelSet - add custom equality function that ignores labels list ordering
NEW FEATURES
- illumio.infrastructure.containercluster.ContainerWorkloadProfiles - add container clusters workload profiles API
- add stub for /users api
- make the include_org default configurable as a PolicyComputeEngine class attribute
IMPROVEMENTS
- flesh out and document /container_clusters API
- move flatten_ref and resolve_enum functions to JSON encoding to avoid side-effects when creating JsonObject instances
- add sweeper module for integration test teardown
- add unit and integration tests for container clusters and workload profiles
- add unit tests to validate different request paths and include_org values
MAJOR CHANGES
- change PolicyComputeEngine CRUD interfaces from static functions to a generic internal class (illumio.pce._PCEObjectAPI) that checks against dynamically registered endpoints
NEW FEATURES
- CRUD operations for new model
- illumio.pce._PCEObjectAPI::create
- illumio.pce._PCEObjectAPI::get
- illumio.pce._PCEObjectAPI::update
- illumio.pce._PCEObjectAPI::delete
- illumio.pce._PCEObjectAPI::get_by_reference - given a type that can be decomposed in an HREF, get the single object it represents
- illumio.pce._PCEObjectAPI::get_async - async collection get
- illumio.pce._PCEObjectAPI::get_all - fetch all objects of the specified type by checking X-Total-Count
- add bulk operation functions
- illumio.pce._PCEObjectAPI::bulk_create - can be used with workloads, virtual services, and security principals
- illumio.pce._PCEObjectAPI::bulk_update - can be used with workloads and virtual services
- illumio.pce._PCEObjectAPI::bulk_delete - can be used with workloads
REMOVED
- illumio.util.constants.Mode - deprecated in PCE . replaced by illumio.util.constants.EnforcementMode in later versions of the PCE
- illumio.rules.Ruleset - renamed illumio.rules.RuleSet for internal consistency
- illumio.pce.PolicyComputeEngine functions
- _get_policy_objects - change /sec_policy request behaviour for new functions to only return draft or active objects based on policy_version parameter
- get_virtual_service - replaced by PolicyComputeEngine.virtual_services::get_by_reference
- get_virtual_services - replaced by PolicyComputeEngine.virtual_services::get
- get_virtual_services_by_name - deprecated in v0.8.0
- create_virtual_service - replaced by PolicyComputeEngine.virtual_services::create
- create_service_binding - deprecated in v0.8.2
- create_service_bindings - replaced by PolicyComputeEngine.service_bindings::create
- get_ip_list - replaced by PolicyComputeEngine.ip_lists::get_by_reference
- get_ip_lists - replaced by PolicyComputeEngine.ip_lists::get
- get_ip_lists_by_name - deprecated in v0.8.0
- create_ip_list - replaced by PolicyComputeEngine.ip_lists::create
- get_ruleset - replaced by PolicyComputeEngine.rule_sets::get_by_reference
- get_rulesets - replaced by PolicyComputeEngine.rule_sets::get
- get_rulesets_by_name - deprecated in v0.8.0
- create_ruleset - replaced by PolicyComputeEngine.rule_sets::create
- create_rule - replaced by PolicyComputeEngine.rules::create
- get_enforcement_boundary - replaced by PolicyComputeEngine.enforcement_boundaries::get_by_reference
- get_enforcement_boundaries - replaced by PolicyComputeEngine.enforcement_boundaries::get
- get_enforcement_boundaries_by_name - deprecated in v0.8.0
- create_enforcement_boundary - replaced by PolicyComputeEngine.enforcement_boundaries::create
- get_pairing_profile - replaced by PolicyComputeEngine.pairing_profiles::get_by_reference
- get_pairing_profiles - replaced by PolicyComputeEngine.pairing_profiles::get
- get_pairing_profiles_by_name - deprecated in v0.8.0
- create_pairing_profile - replaced by PolicyComputeEngine.pairing_profiles::create
- update_pairing_profile - replaced by PolicyComputeEngine.pairing_profiles::update
- delete_pairing_profile - replaced by PolicyComputeEngine.pairing_profiles::delete
- get_workload - replaced by PolicyComputeEngine.workloads::get_by_reference
- get_workloads - replaced by PolicyComputeEngine.workloads::get
- update_workload_enforcement_modes - replaced with a more generic bulk_update
- illumio.util.jsonutils.ModifiableObject - changed name to MutableObject
- illumio.util.jsonutils.UnmodifiableObject - changed name to ImmutableObject
IMPROVEMENTS
- update core JsonObject logic to perform type-based validation
- improve handling of reference types for JSON encoding
- improve URL building to be less strict
- improve tests and add integration test suite
NOTES
- remove deprecation warning from illumio.util.functions::convert_protocol
- add CRUD operation functions for pairing profile objects to the PCE interface
- add pairing profile tests
- improve mock test scaffolding
- change IllumioEnum to metaclass and replace has_value with contains builtin
- add retry logic to PCE requests session
- add tests for PCE URL parsing
- improve documentation
- add README and CONTRIBUTING docs
- add copyright and license header to all modules
- add docstrings for PolicyComputeEngine functions, improve URL parsing
- add UnmodifiableObject class for PolicyVersion (create only)
- change IllumioObject to inherit from Reference
- update parsing in traffic query blocks to simplify builder
- raise IllumioException if invalid protocol name is passed to BaseService subclass
- deprecate convert_protocol function in favour of baking proto conversion into service post_init
- add PolicyObjectType enum
- add parse_url function to improve handling of PCE url arg
- default to draft version of rulesets when creating rules
- overhaul complex type decoding by centralizing logic in JsonObject
- update test cases
- add changelog
- add deprecation decorator
- deprecate get_by_name in favor of broader collection get logic
- add get_ruleset function
- add create_ip_list function
- add ip list tests
- overhaul tests to improve mock logic
- remove duplication in async job calls
- fix get_workloads to correctly use max_results
- update_workload_enforcement_modes can now batch process any number of requested workloads
- fix LabelSet internal type as workload repr can use full Label objects
- improve logic for traffic analysis timestamp conversion
- add classifiers to setup config
- fix license copyright
- update dependencies to remove dataclass req for python versions above 3.6
- fix exception thrown when HTTP error responses don't contain content-type header
- update core json decode functionality to allow for arbitrary parameters not represented in the dataclass definitions for forward compatibility
- change builder function to properly represent traffic query blocks for src/dst/services
- fix representation of selectively_enforced_services param and add num_enforcement_boundaries
- add basic test shells for rules/rulesets
- fix type of service binding workload param
- change json encode default behaviour to improve recursive encoding in cases with complex nested objects
- change connection check to use /health endpoint
- improve get_workloads logic and add check_connection function
- fix traffic flow state error message and incorrect value for timeout state
- add get_workloads function and refactor how default header/params are set
- update Rule builder to allow multiple ingress_service input types
- add set_proxies function to set request session proxies
- allow unix timestamps as valid inputs for start/end dates in traffic analysis queries
- fix x_by reference nesting
- add Rule object builder function and improve HREF regex
- add helper function to convert draft href to active
- move base classes to jsonutils module to avoid circular refs
- fix get_by_name function and improve request error logic
- ignore DS_Store files on mac
- remove get_by_name duplication and simplify calls by working around active/draft duplicate results
- add submodule shortcuts back to root imports
- add update_workload_enforcement_modes function
- add enforcement boundary PCE functions and fix issues with get_by_name and create_service_binding functions
- update rule ingress_services decoding to correctly identify between Service/ServicePort
- add draft and active policy version constants
- improve create_service_binding logic and add create_service_bindings function for batch creation
- separate out base rule class for use with enforcement boundaries
- flesh out Service object structure
- fix IP list convenience functions
- move caps property to ModifiableObject class; add missing type decoding to Rules
- add Reference class for simple href representations in more complex objects
- add IP list convenience methods and create_rule PCE function
- add actor submodule to rules module exports
- fix test imports
- move secpolicy to package root and remove root shortcuts for submodule imports; clean up project imports
- flesh out rules and rulesets and add create_ruleset PCE function
- add SecurityPrincipal policy object skeleton
- remove UserObject in favour of the more generic ModifiableObject as workloads and other objects can be created/modified by non-user entities (e.g. agents)
- add missing fields needed to decode workload objects; implement get_workload PCE function
- remove custom fields for workload open_service_ports objects in favour of new class
- change Network class to IllumioObject subtype
- add VisibilityLevel enum
- fix policy provisioning and add PolicyVersion object
- flesh out IPList class and add get_ip_list PCE function
- move common external_data_set and external_data_reference params into IllumioObject base class
- move modification params to UserObject
- add missing fields for ServiceBinding and PortOverride classes
- add create_service_binding function and dependent objects
- fix PCE functions to send objects rather than JSON strings
- provide more detailed error messages in case of API exceptions
- remove name requirement for virtual service init; change apply_to default to None
- fix broken build function and add error case
- add policy provision API call and dependent objects
- add LabelSet object type
- move enums to constants util module and improve validation logic
- create more descriptive modules and move submodules from policyobjects
- change core object structure to use IllumioObject base class
- move JsonObject class to jsonutils
- standardize formatting for complex type decoding
- use IllumioEncoder rather than directly calling to_json
- add async traffic flow function and builder function for traffic queries
- flesh out traffic analysis flow objects and add decode test
- flesh out workload object definition and subclasses
- add containercluster and vulnerabilityreport module stubs
- define extendable base enum class for package-wide use
- add Network and Vulnerability stubs for workloads
- add params to Service to accommodate Workload open_service_ports object definition
- add delete_type param to base PolicyObject
- add _validate function called from post_init in base JsonObject class
- add virtualserver stub module
- shift date validation to the API so we don't have to worry about ISO format conversion (fromisoformat isn't introduced until 3.9) or timezones
- simplify creation of query objects
- add validation for start and end dates
- add query_name field for async queries
- add traffic analysis query structure dataclasses
- add workload and iplist module stubs
- use UserObject base class and simplify init logic for simple reference cases
- combine service objects into single module and simplify class structures
- add User object and separate UserObject base class for user-created policy objects
- use socket lib function rather than custom protocol enum for conversion to int
- move JsonObject base class into policyobject module
- add pytest cache to gitignore
- improve virtual service tests
- overhaul policy object structures and improve json encoding/decoding
- remove api module
- initial commit