Skip to content

Commit 11d306a

Browse files
authored
feat: Add policy types support (#186)
* feat: Add policy types support * ci: Ignore assert order
1 parent 6d31a92 commit 11d306a

File tree

5 files changed

+370
-293
lines changed

5 files changed

+370
-293
lines changed

sdcclient/_secure.py

Lines changed: 2 additions & 278 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,13 @@
22
import time
33

44
from sdcclient._common import _SdcCommon
5-
from sdcclient.secure import FalcoRulesFilesClientOld, PolicyEventsClientV1, PolicyEventsClientOld
5+
from sdcclient.secure import FalcoRulesFilesClientOld, PolicyEventsClientV1, PolicyEventsClientOld, PolicyClientV2
66

77

88
class SdSecureClient(FalcoRulesFilesClientOld,
99
PolicyEventsClientV1,
1010
PolicyEventsClientOld,
11+
PolicyClientV2,
1112
_SdcCommon):
1213
def __init__(self, token="", sdc_url='https://secure.sysdig.com', ssl_verify=True, custom_headers=None):
1314
super(SdSecureClient, self).__init__(token, sdc_url, ssl_verify, custom_headers)
@@ -25,283 +26,6 @@ def policy_v2(self):
2526
self._policy_v2 = res.status_code != 404
2627
return self._policy_v2
2728

28-
def create_default_policies(self):
29-
'''**Description**
30-
Create new policies based on the currently available set of rules. For now, this only covers Falco rules, but we might extend
31-
the endpoint later. The backend should use the defaultPolicies property of a previously provided FalcoRulesFiles model as
32-
guidance on the set of policies to create. The backend should only create new policies (not delete or modify), and should only
33-
create new policies if there is not an existing policy with the same name.
34-
35-
**Arguments**
36-
- None
37-
38-
**Success Return Value**
39-
JSON containing details on any new policies that were added.
40-
41-
**Example**
42-
`examples/create_default_policies.py <https://github.com/draios/python-sdc-client/blob/master/examples/create_default_policies.py>`_
43-
44-
'''
45-
res = self.http.post(self.url + '/api/v2/policies/default', headers=self.hdrs, verify=self.ssl_verify)
46-
return self._request_result(res)
47-
48-
def delete_all_policies(self):
49-
'''**Description**
50-
Delete all existing policies. The falco rules file is unchanged.
51-
52-
**Arguments**
53-
- None
54-
55-
**Success Return Value**
56-
The string "Policies Deleted"
57-
58-
**Example**
59-
`examples/delete_all_policies.py <https://github.com/draios/python-sdc-client/blob/master/examples/delete_all_policies.py>`_
60-
61-
'''
62-
ok, res = self.list_policies()
63-
if not ok:
64-
return False, res
65-
66-
for policy in res:
67-
ok, res = self.delete_policy_id(policy["id"])
68-
if not ok:
69-
return False, res
70-
71-
return True, "Policies Deleted"
72-
73-
def list_policies(self):
74-
'''**Description**
75-
List the current set of policies.
76-
77-
**Arguments**
78-
- None
79-
80-
**Success Return Value**
81-
A JSON object containing the number and details of each policy.
82-
83-
**Example**
84-
`examples/list_policies.py <https://github.com/draios/python-sdc-client/blob/master/examples/list_policies.py>`_
85-
86-
'''
87-
res = self.http.get(self.url + '/api/v2/policies', headers=self.hdrs, verify=self.ssl_verify)
88-
return self._request_result(res)
89-
90-
def get_policy(self, name):
91-
'''**Description**
92-
Find the policy with name <name> and return its json description.
93-
94-
**Arguments**
95-
- name: the name of the policy to fetch
96-
97-
**Success Return Value**
98-
A JSON object containing the description of the policy. If there is no policy with
99-
the given name, returns False.
100-
101-
**Example**
102-
`examples/get_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/get_policy.py>`_
103-
104-
'''
105-
ok, res = self.list_policies()
106-
if not ok:
107-
return [False, res]
108-
policies = res
109-
110-
# Find the policy with the given name and return it.
111-
for policy in policies:
112-
if policy["name"] == name:
113-
return [True, policy]
114-
115-
return [False, "No policy with name {}".format(name)]
116-
117-
def get_policy_id(self, id):
118-
'''**Description**
119-
Find the policy with id <id> and return its json description.
120-
121-
**Arguments**
122-
- id: the id of the policy to fetch
123-
124-
**Success Return Value**
125-
A JSON object containing the description of the policy. If there is no policy with
126-
the given name, returns False.
127-
'''
128-
res = self.http.get(self.url + '/api/v2/policies/{}'.format(id), headers=self.hdrs, verify=self.ssl_verify)
129-
return self._request_result(res)
130-
131-
def add_policy(self, name, description, rule_names=[], actions=[], scope=None, severity=0, enabled=True,
132-
notification_channels=[]):
133-
'''**Description**
134-
Add a new policy.
135-
136-
**Arguments**
137-
- name: A short name for the policy
138-
- description: Description of policy
139-
- rule_names: Array of rule names. (They must be names instead of ids, as the rules list view is by name, to account for multiple rules having the same name).
140-
- actions: It can be a stop, pause and/or capture action
141-
- scope: Where the policy is being applied- Container, Host etc.. (example: "container.image.repository = sysdig/agent")
142-
- enabled: True if the policy should be considered
143-
- severity: How severe is this policy when violated. Range from 0 to 7 included.
144-
- notification_channels: ids of the notification channels to subscribe to the policy
145-
146-
**Success Return Value**
147-
The string "OK"
148-
'''
149-
policy = {
150-
"name": name,
151-
"description": description,
152-
"ruleNames": rule_names,
153-
"actions": actions,
154-
"scope": scope,
155-
"severity": severity,
156-
"enabled": enabled,
157-
"notificationChannelIds": notification_channels
158-
}
159-
res = self.http.post(self.url + '/api/v2/policies', headers=self.hdrs, data=json.dumps(policy),
160-
verify=self.ssl_verify)
161-
return self._request_result(res)
162-
163-
def add_policy_json(self, policy_json):
164-
'''**Description**
165-
Add a new policy using the provided json.
166-
167-
**Arguments**
168-
- policy_json: a description of the new policy
169-
170-
**Success Return Value**
171-
The string "OK"
172-
173-
**Example**
174-
`examples/add_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/add_policy.py>`_
175-
176-
'''
177-
178-
try:
179-
policy_obj = json.loads(policy_json)
180-
if "origin" in policy_obj:
181-
del policy_obj["origin"]
182-
except Exception as e:
183-
return [False, "policy json is not valid json: {}".format(str(e))]
184-
185-
res = self.http.post(self.url + '/api/v2/policies', headers=self.hdrs, data=json.dumps(policy_obj),
186-
verify=self.ssl_verify)
187-
return self._request_result(res)
188-
189-
def update_policy(self, id, name=None, description=None, rule_names=None, actions=None, scope=None,
190-
severity=None, enabled=None, notification_channels=None):
191-
'''**Description**
192-
Update policy with the provided values.
193-
194-
**Arguments**
195-
- id: the id of the policy to update
196-
- name: A short name for the policy
197-
- description: Description of policy
198-
- rule_names: Array of rule names. (They must be names instead of ids, as the rules list view is by name, to account for multiple rules having the same name).
199-
- actions: It can be a stop, pause and/or capture action
200-
- scope: Where the policy is being applied- Container, Host etc.. (example: "container.image.repository = sysdig/agent")
201-
- enabled: True if the policy should be considered
202-
- severity: How severe is this policy when violated. Range from 0 to 7 included.
203-
- notification_channels: ids of the notification channels to subscribe to the policy
204-
205-
**Success Return Value**
206-
The string "OK"
207-
'''
208-
ok, res = self.get_policy_id(id)
209-
if not ok:
210-
return [False, res]
211-
policy = res
212-
213-
if name is not None:
214-
policy["name"] = name
215-
if description is not None:
216-
policy["description"] = description
217-
if rule_names is not None:
218-
policy["ruleNames"] = rule_names
219-
if actions is not None:
220-
policy["actions"] = actions
221-
if scope is not None:
222-
policy["scope"] = scope
223-
if severity is not None:
224-
policy["severity"] = severity
225-
if enabled is not None:
226-
policy["enabled"] = enabled
227-
if notification_channels is not None:
228-
policy["notificationChannelIds"] = notification_channels
229-
230-
res = self.http.put(self.url + '/api/v2/policies/{}'.format(id), headers=self.hdrs, data=json.dumps(policy),
231-
verify=self.ssl_verify)
232-
return self._request_result(res)
233-
234-
def update_policy_json(self, policy_json):
235-
'''**Description**
236-
Update an existing policy using the provided json. The 'id' field from the policy is
237-
used to determine which policy to update.
238-
239-
**Arguments**
240-
- policy_json: a description of the new policy
241-
242-
**Success Return Value**
243-
The string "OK"
244-
245-
**Example**
246-
`examples/update_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/update_policy.py>`_
247-
248-
'''
249-
try:
250-
policy_obj = json.loads(policy_json)
251-
if "origin" in policy_obj:
252-
del policy_obj["origin"]
253-
except Exception as e:
254-
return [False, "policy json is not valid json: {}".format(str(e))]
255-
256-
if "id" not in policy_obj:
257-
return [False, "Policy Json does not have an 'id' field"]
258-
259-
res = self.http.put(self.url + '/api/v2/policies/{}'.format(policy_obj["id"]), headers=self.hdrs,
260-
data=json.dumps(policy_obj), verify=self.ssl_verify)
261-
return self._request_result(res)
262-
263-
def delete_policy_name(self, name):
264-
'''**Description**
265-
Delete the policy with the given name.
266-
267-
**Arguments**
268-
- name: the name of the policy to delete
269-
270-
**Success Return Value**
271-
The JSON object representing the now-deleted policy.
272-
273-
**Example**
274-
`examples/delete_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/delete_policy.py>`_
275-
276-
'''
277-
ok, res = self.list_policies()
278-
if not ok:
279-
return [False, res]
280-
281-
# Find the policy with the given name and delete it
282-
for policy in res:
283-
if policy["name"] == name:
284-
return self.delete_policy_id(policy["id"])
285-
286-
return [False, "No policy with name {}".format(name)]
287-
288-
def delete_policy_id(self, id):
289-
'''**Description**
290-
Delete the policy with the given id
291-
292-
**Arguments**
293-
- id: the id of the policy to delete
294-
295-
**Success Return Value**
296-
The JSON object representing the now-deleted policy.
297-
298-
**Example**
299-
`examples/delete_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/delete_policy.py>`_
300-
301-
'''
302-
res = self.http.delete(self.url + '/api/v2/policies/{}'.format(id), headers=self.hdrs, verify=self.ssl_verify)
303-
return self._request_result(res)
304-
30529
def list_rules(self):
30630
'''**Description**
30731
Returns the list of rules in the system. These are grouped by name

sdcclient/secure/__init__.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
from ._falco_rules_files_old import FalcoRulesFilesClientOld
22
from ._policy_events_old import PolicyEventsClientOld
33
from ._policy_events_v1 import PolicyEventsClientV1
4+
from ._policy_v2 import PolicyClientV2, policy_action_pause, policy_action_stop, policy_action_kill, \
5+
policy_action_capture
46

5-
__all__ = ["PolicyEventsClientOld", "PolicyEventsClientV1", "FalcoRulesFilesClientOld"]
7+
__all__ = ["PolicyEventsClientOld", "PolicyEventsClientV1", "FalcoRulesFilesClientOld",
8+
"PolicyClientV2", "policy_action_pause", "policy_action_stop", "policy_action_kill", "policy_action_capture"]

0 commit comments

Comments
 (0)