Folder

Note

Refer to Authentication for ways to authenticate to the TPP WebSDK.

Creating And Deleting A Folder

Warning

Deleting a folder will also remove all objects from its associated secrets, such as private key information stored in the database. While the opbject is removed from the secret, the secret is not removed from the vault until the secret has no other associations to it, in which case the secret will be removed. If you wish to preserve the object’s association to it secrets use the WebSDK API POST Config/Delete instead.

from pytpp import Authenticate, Features

api = Authenticate(...)
features = Features(api)

#### CREATE ####
folder = features.folder.create(
    name='Awesome Folder',
    parent_folder=r'\VED\Policy\Certificates\Awesome Team',
    description='Folder description here.',
    contacts=['LocalUser', 'DomainUser'],
    engines=['Awesome Engine-1', 'Awesome Engine-2'],
    log_server='Awesome Engine-1 Log Server',
)

#### DELETE ####
features.folder.delete(folder=folder, recursive=True)

Getting, Adding And Removing Engines

from pytpp import Authenticate, Features

api = Authenticate(...)
features = Features(api)

#### SET PROCESSING ENGINES ####

# Add these two engines as the processing engines for this folder. All other
# engines will be removed.
features.folder.set_engines(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    engines=['Awesome Engine-1', 'Awesome Engine-2'],
    append_engines=False  # Set to "True" to preserve existing engines.
)

#### GET PROCESSING ENGINES ####
engines = features.folder.get_engines(folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder')
print([e.engine_name for e in engines])  # prints "['Awesome Engine-1', 'Awesome Engine-2']"

#### REMOVE PROCESSING ENGINES ####

# Remove all engines from the folder. Now all engines will be able to process work from
# this folder.
features.folder.delete_engines(folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder')

Applying And Removing Workflows

Managing Applied Workflows

from pytpp import Authenticate, Features

api = Authenticate(...)
features = Features(api)

#### APPLY WORKFLOW ####
features.folder.apply_workflow(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    workflow=r'\VED\Policy\Administration\Workflow\Awesome Workflow'
)

#### REMOVE WORKFLOW ####
features.folder.remove_workflow(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    workflow=r'\VED\Policy\Administration\Workflow\Awesome Workflow'
)

Managing Blocked Workflows

from pytpp import Authenticate, Features

api = Authenticate(...)
features = Features(api)

#### ADD BLOCKING WORKFLOW ####
features.folder.block_workflow(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    workflow=r'\VED\Policy\Administration\Workflow\Awesome Workflow'
)

#### REMOVE BLOCKING WORKFLOW ####
features.folder.remove_blocked_workflow(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    workflow=r'\VED\Policy\Administration\Workflow\Awesome Workflow'
)

Searching Objects

from pytpp import Authenticate, Features, Attributes

api = Authenticate(...)
features = Features(api)

#### SEARCH FOLDER ####
items = features.folder.search(
    object_name_pattern='*awesome-domain?.com',
    object_types=[Attributes.certificate.__config_class__, Attributes.device.__config_class__],
    starting_dn=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    recursive=True
)

# prints the DN of all "X509 Certificate" and "Device" items found recursively under
# the "starting_dn".
print([i.dn for i in items])

Managing Policies

Reading Policy Attributes

Note

Reading policy values on a folder only returns the policy values set on that folder and not the effective value (that may be inherited by a parent policy). To read the effective policy value use Reading Attributes.

from pytpp import Authenticate, Features, Attributes

api = Authenticate(...)
features = Features(api)

#### READ POLICY VALUES ####
values, locked = features.folder.read_policy(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    class_name=Attributes.certificate.__config_class__,
    attribute_name=Attributes.certificate.certificate_authority
)

Writing Policy Attributes

Note

When writing policy values (as opposed to updating them) the current value(s) will be overwritten. To simply update the value(s) refer to Updating Policy Attributes.

from pytpp import Authenticate, Features, Attributes

api = Authenticate(...)
features = Features(api)

#### WRITE POLICY VALUES ####
features.folder.write_policy(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    class_name=Attributes.certificate.__config_class__,
    attributes={
        Attributes.certificate.approver: ['local:AwesomeUser', 'AD+AwesomeAD:user123']
    },
    locked=True
)

Updating Policy Attributes

Note

When updating policy values (as opposed to writing them) the current value(s) will not be overwritten, but will be appended by the requested value(s). To overwrite the existing value(s) refer to Writing Policy Attributes.

from pytpp import Authenticate, Features, Attributes

api = Authenticate(...)
features = Features(api)

#### UPDATE POLICY VALUES ####
features.folder.update_policy(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    class_name=Attributes.certificate.__config_class__,
    attributes={
        Attributes.certificate.approver: ['local:AwesomeUser', 'AD+AwesomeAD:user123']
    },
    locked=True
)

Clearing Policy Attributes

Note

There are two options when clearing a policy attribute, determined by the type of the attributes parameter.

  • Dictionary: The key is the attribute name and the value is a list of values to be removed. If no values remain for the attribute then the attribute is removed.

  • List: All items are attribute names that are to be removed from the object entirely.

from pytpp import Authenticate, Features, Attributes

api = Authenticate(...)
features = Features(api)

#### CLEAR WITH DICTIONARY ####

# Clear only one approver on the policy, but preserve the rest that may exist.
features.folder.clear_policy(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    class_name=Attributes.certificate.__config_class__,
    attributes={
        Attributes.certificate.approver: ['local:AwesomeUser']
    }
)

#### CLEAR WITH LIST ####

# Clear all approvers on the policy.
features.folder.clear_policy(
    folder=r'\VED\Policy\Certificates\Awesome Team\Awesome Folder',
    class_name=Attributes.certificate.__config_class__,
    attributes=[
        Attributes.certificate.approver
    ]
)