IBM-Security · tombosmansibm · Jun 2, 2025 · Apr 1, 2025 · Apr 2, 2025 · Apr 2, 2025
diff --git a/.config/requirements-docs.in b/.config/requirements-docs.in
@@ -0,0 +1,6 @@
+mkdocs
+mkdocs-material
+markdown-exec
+mkdocstrings
+pymdown-extensions
+markdown_include
diff --git a/.config/requirements-test.in b/.config/requirements-test.in
@@ -0,0 +1,22 @@
+black # IDE support
+coverage-enable-subprocess # see https://github.com/nedbat/coveragepy/issues/1341#issuecomment-1228942657
+coverage[toml] >= 6.4.4
+jmespath
+license-expression >= 30.3.0 # Apache 2.0
+mypy # IDE support
+netaddr # needed by ipwrap filter
+pip # tox command
+psutil # soft-dep of pytest-xdist
+pylint # IDE support
+pytest >= 7.2.2
+pytest-instafail >= 0.5.0 # only for local development, via PYTEST_ADDOPTS=-edit
+pytest-mock
+pytest-dotenv
+pytest-sugar  # shows failures immediately, even with xdist
+pytest-xdist[psutil,setproctitle] >= 2.1.0
+tox >= 4.0.0
+tox-extra>=2.1
+tox-uv>=1.25
+tox>=4.24.2
+types-jsonschema # IDE support
+types-pyyaml # IDE support
diff --git a/.config/requirements.in b/.config/requirements.in
@@ -0,0 +1,11 @@
+# alphabetically sorted:
+black>=24.3.0 # MIT (security)
+filelock>=3.8.2 # The Unlicense
+importlib-metadata # Apache
+jsonschema>=4.10.0 # MIT, version needed for improved errors
+packaging>=22.0 # Apache-2.0,BSD-2-Clause
+pathspec>=0.10.3 # Mozilla Public License 2.0 (MPL 2.0)
+pyyaml>=6.0.2 # MIT (compilation probles with older versions)
+requests
+jmespath>=1.0.0
+PyYAML
diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.8", "3.9", "3.10"]
+        python-version: ["3.11"]
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
@@ -20,4 +20,4 @@ jobs:
         pip install pylint
     - name: Analysing the code with pylint
       run: |
-        pylint $(git ls-files '*.py')
+        pylint $(git ls-files 'ibmsecurity/isam/*.py') --exit-zero
diff --git a/.gitignore b/.gitignore
@@ -44,6 +44,8 @@ nosetests.xml
 coverage.xml
 *,cover
 .hypothesis/
+report.txt
+report_.*.txt
 
 # Translations
 *.mo

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -12,16 +12,18 @@ repos:
     hooks:
       - id: black
         stages: [pre-push]
-  - repo: https://github.com/PyCQA/flake8
-    rev: 7.1.1
-    hooks:
-      - id: flake8
-        args: ["--ignore=E501"]
+  #- repo: https://github.com/PyCQA/flake8
+  #  rev: 7.1.1
+  #  hooks:
+  #    - id: flake8
+  #      args: ["--ignore=E501"]
   - repo: https://github.com/PyCQA/pylint
-    rev: v3.3.2
+    rev: v3.3.7
     hooks:
       - id: pylint
         args: [
-           "-ry",
-           "--exit-zero"
+           "--recursive=y",
+           "--exit-zero",
+           "--rcfile=pylintrc",
+           "--output-format=github:report.txt"
         ]
diff --git a/conftest.py b/conftest.py
@@ -0,0 +1,61 @@
+"""PyTest fixtures for testing the project."""
+from __future__ import annotations
+
+import os
+
+import pytest
+
+from ibmsecurity.appliance.isamappliance import ISAMAppliance
+from ibmsecurity.user.applianceuser import ApplianceUser
+import ibmsecurity.isam.appliance
+
+@pytest.fixture(scope="session")
+def iviaServer():
+    """Initiate an ISAMAppliance."""
+    # s = IviaLogin()
+    _username = os.getenv('IVIA_ADMIN')
+    _pw = os.getenv('IVIA_PW')
+    _host = os.getenv('IVIA_HOST')
+    _port = os.getenv('IVIA_PORT') or 443
+    # Create a user credential for ISAM appliance
+    u = ApplianceUser(username=_username, password=_pw)
+    # Create an ISAM appliance with above credential
+    isam_server = ISAMAppliance(hostname=_host, user=u, lmi_port=_port)
+    yield isam_server
+    returnValue = ibmsecurity.isam.appliance.commit(isamAppliance=isam_server)
+    print('\nCommit result')
+    print( returnValue )
+    print('\n')
+    return returnValue
+
+# ibmsecurity
+def pytest_runtest_setup(item):
+    print("setting up function:", item.name)
+    yield
+
+
+# @pytest.fixture(autouse=True)
+# def pytest_configure(config: Config) -> None:
+#   """Register custom markers."""
+#    print('configure')
+
+#@pytest.fixture(scope="session", autouse=True)
+#def ivia_commit(iviaServer):
+#   """Commit the changes"""
+#   print('TEST')
+#   # caplog.set_level(logging.INFO)
+
+#   returnValue = ibmsecurity.isam.appliance.commit(isamAppliance=iviaServer)
+#   # logging.log(logging.DEBUG, returnValue)
+#   print(returnValue)
+
+#@pytest.hookimpl(hookwrapper=True)
+#def pytest_sessionfinish(session, iviaServer):
+#   """Commit the changes"""
+#   # caplog.set_level(logging.INFO)
+#
+#   returnValue = ibmsecurity.isam.appliance.commit(isamAppliance=iviaServer)
+#   yield returnValue
+#        # logging.log(logging.DEBUG, returnValue)
+#   print(returnValue)
+#   print("\nTest session finished!")
diff --git a/changelog.md → docs/changelog.md b/changelog.md → docs/changelog.md
@@ -2,6 +2,14 @@
 
 ## Latest
 
+- feature: base/management_authentication.py - type federation
+- build: test setup
+- feature: web/reverse_proxy/oauth_configuration.py - add new parameters in 10.0.8
+- feature: web/reverse_proxy/oauth2_configuration.py - OAuth2 IBM Security Verify OIDC Provider configuration (new in 10.0.4)
+- feature: aac/server_connections/sms.py - SMS Server Connection (new in 10.0.8)
+- fix: base/admin_ssh_keys.py - Ignore error when same ssh key exists under different name
+- pylint: change format() to f-strings
+- feature: base/tracing.py - Get tracing configuration (new in 10.0.8)
 
 ## 2025.3.28.0
 

diff --git a/docs/contributing.md b/docs/contributing.md
@@ -0,0 +1,64 @@
+# Contributing to ibmsecurity WIP
+
+To contribute to ibmsecurity, please use pull requests on a branch of your own
+fork.
+
+After [creating your fork on GitHub], you can do:
+
+```shell-session
+$ git clone --recursive [email protected]:your-name/ibmsecurity
+$ cd ibmsecurity
+$ # Recommended: Initialize and activate a Python virtual environment
+$ pip install --upgrade pip
+$ pip install -e '.[test]'       # Install testing dependencies
+$ tox run -e lint
+$ git checkout -b your-branch-name
+# DO SOME CODING HERE
+# Add tests under `test/`
+$ tox run -e lint,py
+$ git add your new files
+$ git commit -v
+$ git push origin your-branch-name
+```
+
+You will then be able to create a pull request from your commit.
+
+## Setup
+
+### Local appliance
+
+There is no mock code for testing, unfortunately.
+So you need a running IBM Verify Access/IBM Identity Verify Access appliance or container to be able to run the tests.
+
+### Env
+
+Create a .env file in the root directory of the project, with the details to connect to your IVIA appliance, for instance :
+
+````properties
+IVIA_ADMIN=admin@local
+IVIA_PW=admin
+IVIA_HOST=<ip address of lmi>
+# IVIA_PORT = 80
+````
+
+## Standards
+
+Automated tests will be run against all PRs, to run checks locally before
+pushing commits, just use [tox](https://tox.wiki/en/latest/).
+
+## Talk to us
+
+
+
+## Code of Conduct
+
+
+
+## Module dependency graph
+
+
+
+## Documentation changes
+
+To build the docs, run `tox -e docs`. At the end of the build, you will see the
+local location of your built docs.
diff --git a/docs/index.md b/docs/index.md
@@ -0,0 +1,10 @@
+# IBMSecurity Documentation
+
+## About ibmsecurity
+
+This repository contains Python code to manage IBM Security Appliances using their respective REST APIs.
+ISAM appliance has the most mature code.
+
+Code for ISDS appliance is under development.
+
+Code for ISVG appliance is brand new (tested with 10.0.1.0 and higher only).
diff --git a/ibmsecurity/appliance/isamappliance.py b/ibmsecurity/appliance/isamappliance.py
@@ -52,19 +52,19 @@ def _set_ssl_verification(self, requests_verify_param):
         if self.verify is None or self.verify is False:
             self.disable_urllib_warnings = True
             self.logger.warning("""
-Certificate verification has been disabled. Python is NOT verifying the SSL 
-certificate of the host appliance and InsecureRequestWarning messages are 
+Certificate verification has been disabled. Python is NOT verifying the SSL
+certificate of the host appliance and InsecureRequestWarning messages are
 being suppressed for the following host:
   https://{0}:{1}
 
 To use certificate verification:
   1. When the certificate is trusted by your Python environment:
-        Instantiate all instances of ISAMAppliance with verify=True or set 
+        Instantiate all instances of ISAMAppliance with verify=True or set
         the environment variable IBMSECLIB_VERIFY_CONNECTION=True.
   2. When the certificate is not already trusted in your Python environment:
         Instantiate all instances of ISAMAppliance with the verify parameter
         set to the fully qualified path to a CA bundle.
-        
+
 See the following URL for more details:
   https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification
 """.format(self.hostname, self.lmi_port))

diff --git a/ibmsecurity/appliance/isdsappliance.py b/ibmsecurity/appliance/isdsappliance.py
@@ -50,19 +50,19 @@ def _set_ssl_verification(self, requests_verify_param):
         if self.verify is None or self.verify is False:
             self.disable_urllib_warnings = True
             self.logger.warning("""
-Certificate verification has been disabled. Python is NOT verifying the SSL 
-certificate of the host appliance and InsecureRequestWarning messages are 
+Certificate verification has been disabled. Python is NOT verifying the SSL
+certificate of the host appliance and InsecureRequestWarning messages are
 being suppressed for the following host:
   https://{0}:{1}
 
 To use certificate verification:
   1. When the certificate is trusted by your Python environment:
-        Instantiate all instances of ISDSAppliance with verify=True or set 
+        Instantiate all instances of ISDSAppliance with verify=True or set
         the environment variable IBMSECLIB_VERIFY_CONNECTION=True.
   2. When the certificate is not already trusted in your Python environment:
         Instantiate all instances of ISAMAppliance with the verify parameter
         set to the fully qualified path to a CA bundle.
-        
+
 See the following URL for more details:
   https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification
 """.format(self.hostname, self.lmi_port))

diff --git a/ibmsecurity/appliance/isvgappliance.py b/ibmsecurity/appliance/isvgappliance.py
@@ -50,19 +50,19 @@ def _set_ssl_verification(self, requests_verify_param):
         if self.verify is None or self.verify is False:
             self.disable_urllib_warnings = True
             self.logger.warning("""
-Certificate verification has been disabled. Python is NOT verifying the SSL 
-certificate of the host appliance and InsecureRequestWarning messages are 
+Certificate verification has been disabled. Python is NOT verifying the SSL
+certificate of the host appliance and InsecureRequestWarning messages are
 being suppressed for the following host:
   https://{0}:{1}
 
 To use certificate verification:
   1. When the certificate is trusted by your Python environment:
-        Instantiate all instances of ISVGAppliance with verify=True or set 
+        Instantiate all instances of ISVGAppliance with verify=True or set
         the environment variable IBMSECLIB_VERIFY_CONNECTION=True.
   2. When the certificate is not already trusted in your Python environment:
         Instantiate all instances of ISAMAppliance with the verify parameter
         set to the fully qualified path to a CA bundle.
-        
+
 See the following URL for more details:
   https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification
 """.format(self.hostname, self.lmi_port))