in cli/srecli/group/job.py [0:0]
def submit(ctx: ContextObj, tenant_name: str,
ruleset: tuple[str, ...], region: tuple[str, ...],
customer_id: str | None, rules_to_scan: tuple[str, ...],
license_key: str, aws_access_key_id: str | None,
aws_secret_access_key: str | None, aws_session_token: str | None,
azure_subscription_id: str | None, azure_tenant_id: str | None,
azure_client_id: str | None, azure_client_secret: str | None,
google_application_credentials_path: str | None,
only_preconfigured_credentials: bool):
"""
Submits a job to scan either AWS, AZURE or GOOGLE account
"""
resp = ctx['api_client'].tenant_get(tenant_name, customer_id=customer_id)
# todo cache in temp files
if not resp.was_sent or not resp.ok:
return resp
tenant: TenantModel = next(resp.iter_items())
match tenant['cloud']:
case 'AWS': resolver = AWSCredentialsResolver(tenant)
case 'AZURE': resolver = AZURECredentialsResolver(tenant)
case 'GOOGLE' | 'GCP': resolver = GOOGLECredentialsResolver(tenant)
case _: return response('Not supported tenant cloud') # newer happen
if only_preconfigured_credentials:
creds = {}
else:
try:
creds = resolver.resolve(
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
azure_subscription_id=azure_subscription_id,
azure_tenant_id=azure_tenant_id,
azure_client_id=azure_client_id,
azure_client_secret=azure_client_secret,
google_application_credentials_path=google_application_credentials_path
)
except CredentialsLookupError as e:
_LOG.warning(f'Could not find credentials: {e}')
creds = {}
return ctx['api_client'].job_post(
tenant_name=tenant_name,
target_rulesets=ruleset,
target_regions=region,
credentials=creds,
customer_id=customer_id,
rules_to_scan=load_rules_to_scan(rules_to_scan),
license_key=license_key
)