zanshin-sdk-python

Zanshin Python SDK

This Python package contains an SDK to interact with the API of the Zanshin SaaS service from Tenchi Security.

This SDK is used to implement a command-line utility, which is available on Github and on PyPI.

Setting up Credentials

There are three ways that the SDK handles credentials. The order of evaluation is:

• 1st Client Parameters
• 2nd Environment Variables
• 3rd Config File

Client Parameters

When calling the Client class, you can pass the values API Key, API URL, Proxy URL and User Agent you want to use as below:

from zanshinsdk import Client

client = Client(api_key="my_zanshin_api_key")

print(client.get_me())

:warning: These values will overwrite anything you set as Environment Variables or in the Config File.

Environment Variables

You can use the following Environment Variables to configure Zanshin SDK:

• ZANSHIN_API_KEY: Will setup your Zanshin credentials
• ZANSHIN_API_URL: Will define the API URL. Default is https://api.zanshin.tenchisecurity.com
• ZANSHIN_USER_AGENT: If you want to overwrite the User Agent when calling Zanshin API
• HTTP_PROXY | HTTPS_PROXY: Zanshin SDK uses HTTPX under the hood, checkout the Environment Variables section of their documentation for more use cases

Usage

export ZANSHIN_API_KEY="eyJhbGciOiJIU..."

:warning: These Environment Variables will overwrite anything you set on the Config File.

Config File

Second is by using a configuration file in the format created by the Python RawConfigParser class.

The file is located at ~/.tenchi/config, where ~ is the current user's home directory.

Each section is treated as a configuration profile, and the SDK will look for a section called default if another is not explicitly selected.

These are the supported options:

• api_key (required) which contains the Zanshin API key obtained at the Zanshin web portal.
• user_agent (optional) allows you to override the default user-agent header used by the SDK when making API requests.
• api_url (optional) directs the SDK to use a different API endpoint than the default (https://api.zanshin.tenchisecurity.com).

This is what a minimal configuration file looks like:

[default]
api_key = abcdefghijklmnopqrstuvxyz

The SDK

The SDK uses Python 3 type hints extensively. It attempts to abstract API artifacts such as pagination by using Python generators, thus making the service easier to interact with.

The network connections are done using the wonderful httpx library.

Currently it focuses on returning the parsed JSON values instead of converting them into native classes for higher level abstractions.

The zanshinsdk.Client class is the main entry point of the SDK. Here is a quick example that shows information about the owner of the API key in use:

from zanshinsdk import Client
from json import dumps

client = Client()   # loads API key from the "default" profile in ~/.tenchi/config
me = client.get_me()    # calls /me API endpoint
print(dumps(me, indent=4))

For more examples, checkout the docs.

All operations call raise_for_status on the httpx Response object internally, so any 4xx or 5xx will raise exceptions.

Installing

To install the SDK, you can use pip. You have two options to install ZanshinSDK:

• Essentials

Using pip install zanshinsdk will install the SDK with all features exception ability to perform onboarding of new Scan Targets. For this, you'll need to install boto3.

• With Boto3

With pip install zanshinsdk[with_boto3] you'll automatically install boto3 along with ZanshinSDK. This will enable you to perform Onboard of new Scan Targets via SDK.

Testing

To run all tests call make test on the project root directory. Make sure there's a [default] profile configured, else some tests will fail. Also, be sure to install boto3 and moto[all] or some integration tests will fail.

Support

If you are a Zanshin customer and have any questions regarding the use of the service, its API or this SDK package, please get in touch via e-mail at support {at} tenchisecurity {dot} com or via the support widget on the Zanshin Portal.