2
2
import time
3
3
4
4
from sdcclient ._common import _SdcCommon
5
- from sdcclient .secure import FalcoRulesFilesClientOld , PolicyEventsClientV1 , PolicyEventsClientOld
5
+ from sdcclient .secure import FalcoRulesFilesClientOld , PolicyEventsClientV1 , PolicyEventsClientOld , PolicyClientV2
6
6
7
7
8
8
class SdSecureClient (FalcoRulesFilesClientOld ,
9
9
PolicyEventsClientV1 ,
10
10
PolicyEventsClientOld ,
11
+ PolicyClientV2 ,
11
12
_SdcCommon ):
12
13
def __init__ (self , token = "" , sdc_url = 'https://secure.sysdig.com' , ssl_verify = True , custom_headers = None ):
13
14
super (SdSecureClient , self ).__init__ (token , sdc_url , ssl_verify , custom_headers )
@@ -25,283 +26,6 @@ def policy_v2(self):
25
26
self ._policy_v2 = res .status_code != 404
26
27
return self ._policy_v2
27
28
28
- def create_default_policies (self ):
29
- '''**Description**
30
- Create new policies based on the currently available set of rules. For now, this only covers Falco rules, but we might extend
31
- the endpoint later. The backend should use the defaultPolicies property of a previously provided FalcoRulesFiles model as
32
- guidance on the set of policies to create. The backend should only create new policies (not delete or modify), and should only
33
- create new policies if there is not an existing policy with the same name.
34
-
35
- **Arguments**
36
- - None
37
-
38
- **Success Return Value**
39
- JSON containing details on any new policies that were added.
40
-
41
- **Example**
42
- `examples/create_default_policies.py <https://github.com/draios/python-sdc-client/blob/master/examples/create_default_policies.py>`_
43
-
44
- '''
45
- res = self .http .post (self .url + '/api/v2/policies/default' , headers = self .hdrs , verify = self .ssl_verify )
46
- return self ._request_result (res )
47
-
48
- def delete_all_policies (self ):
49
- '''**Description**
50
- Delete all existing policies. The falco rules file is unchanged.
51
-
52
- **Arguments**
53
- - None
54
-
55
- **Success Return Value**
56
- The string "Policies Deleted"
57
-
58
- **Example**
59
- `examples/delete_all_policies.py <https://github.com/draios/python-sdc-client/blob/master/examples/delete_all_policies.py>`_
60
-
61
- '''
62
- ok , res = self .list_policies ()
63
- if not ok :
64
- return False , res
65
-
66
- for policy in res :
67
- ok , res = self .delete_policy_id (policy ["id" ])
68
- if not ok :
69
- return False , res
70
-
71
- return True , "Policies Deleted"
72
-
73
- def list_policies (self ):
74
- '''**Description**
75
- List the current set of policies.
76
-
77
- **Arguments**
78
- - None
79
-
80
- **Success Return Value**
81
- A JSON object containing the number and details of each policy.
82
-
83
- **Example**
84
- `examples/list_policies.py <https://github.com/draios/python-sdc-client/blob/master/examples/list_policies.py>`_
85
-
86
- '''
87
- res = self .http .get (self .url + '/api/v2/policies' , headers = self .hdrs , verify = self .ssl_verify )
88
- return self ._request_result (res )
89
-
90
- def get_policy (self , name ):
91
- '''**Description**
92
- Find the policy with name <name> and return its json description.
93
-
94
- **Arguments**
95
- - name: the name of the policy to fetch
96
-
97
- **Success Return Value**
98
- A JSON object containing the description of the policy. If there is no policy with
99
- the given name, returns False.
100
-
101
- **Example**
102
- `examples/get_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/get_policy.py>`_
103
-
104
- '''
105
- ok , res = self .list_policies ()
106
- if not ok :
107
- return [False , res ]
108
- policies = res
109
-
110
- # Find the policy with the given name and return it.
111
- for policy in policies :
112
- if policy ["name" ] == name :
113
- return [True , policy ]
114
-
115
- return [False , "No policy with name {}" .format (name )]
116
-
117
- def get_policy_id (self , id ):
118
- '''**Description**
119
- Find the policy with id <id> and return its json description.
120
-
121
- **Arguments**
122
- - id: the id of the policy to fetch
123
-
124
- **Success Return Value**
125
- A JSON object containing the description of the policy. If there is no policy with
126
- the given name, returns False.
127
- '''
128
- res = self .http .get (self .url + '/api/v2/policies/{}' .format (id ), headers = self .hdrs , verify = self .ssl_verify )
129
- return self ._request_result (res )
130
-
131
- def add_policy (self , name , description , rule_names = [], actions = [], scope = None , severity = 0 , enabled = True ,
132
- notification_channels = []):
133
- '''**Description**
134
- Add a new policy.
135
-
136
- **Arguments**
137
- - name: A short name for the policy
138
- - description: Description of policy
139
- - rule_names: Array of rule names. (They must be names instead of ids, as the rules list view is by name, to account for multiple rules having the same name).
140
- - actions: It can be a stop, pause and/or capture action
141
- - scope: Where the policy is being applied- Container, Host etc.. (example: "container.image.repository = sysdig/agent")
142
- - enabled: True if the policy should be considered
143
- - severity: How severe is this policy when violated. Range from 0 to 7 included.
144
- - notification_channels: ids of the notification channels to subscribe to the policy
145
-
146
- **Success Return Value**
147
- The string "OK"
148
- '''
149
- policy = {
150
- "name" : name ,
151
- "description" : description ,
152
- "ruleNames" : rule_names ,
153
- "actions" : actions ,
154
- "scope" : scope ,
155
- "severity" : severity ,
156
- "enabled" : enabled ,
157
- "notificationChannelIds" : notification_channels
158
- }
159
- res = self .http .post (self .url + '/api/v2/policies' , headers = self .hdrs , data = json .dumps (policy ),
160
- verify = self .ssl_verify )
161
- return self ._request_result (res )
162
-
163
- def add_policy_json (self , policy_json ):
164
- '''**Description**
165
- Add a new policy using the provided json.
166
-
167
- **Arguments**
168
- - policy_json: a description of the new policy
169
-
170
- **Success Return Value**
171
- The string "OK"
172
-
173
- **Example**
174
- `examples/add_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/add_policy.py>`_
175
-
176
- '''
177
-
178
- try :
179
- policy_obj = json .loads (policy_json )
180
- if "origin" in policy_obj :
181
- del policy_obj ["origin" ]
182
- except Exception as e :
183
- return [False , "policy json is not valid json: {}" .format (str (e ))]
184
-
185
- res = self .http .post (self .url + '/api/v2/policies' , headers = self .hdrs , data = json .dumps (policy_obj ),
186
- verify = self .ssl_verify )
187
- return self ._request_result (res )
188
-
189
- def update_policy (self , id , name = None , description = None , rule_names = None , actions = None , scope = None ,
190
- severity = None , enabled = None , notification_channels = None ):
191
- '''**Description**
192
- Update policy with the provided values.
193
-
194
- **Arguments**
195
- - id: the id of the policy to update
196
- - name: A short name for the policy
197
- - description: Description of policy
198
- - rule_names: Array of rule names. (They must be names instead of ids, as the rules list view is by name, to account for multiple rules having the same name).
199
- - actions: It can be a stop, pause and/or capture action
200
- - scope: Where the policy is being applied- Container, Host etc.. (example: "container.image.repository = sysdig/agent")
201
- - enabled: True if the policy should be considered
202
- - severity: How severe is this policy when violated. Range from 0 to 7 included.
203
- - notification_channels: ids of the notification channels to subscribe to the policy
204
-
205
- **Success Return Value**
206
- The string "OK"
207
- '''
208
- ok , res = self .get_policy_id (id )
209
- if not ok :
210
- return [False , res ]
211
- policy = res
212
-
213
- if name is not None :
214
- policy ["name" ] = name
215
- if description is not None :
216
- policy ["description" ] = description
217
- if rule_names is not None :
218
- policy ["ruleNames" ] = rule_names
219
- if actions is not None :
220
- policy ["actions" ] = actions
221
- if scope is not None :
222
- policy ["scope" ] = scope
223
- if severity is not None :
224
- policy ["severity" ] = severity
225
- if enabled is not None :
226
- policy ["enabled" ] = enabled
227
- if notification_channels is not None :
228
- policy ["notificationChannelIds" ] = notification_channels
229
-
230
- res = self .http .put (self .url + '/api/v2/policies/{}' .format (id ), headers = self .hdrs , data = json .dumps (policy ),
231
- verify = self .ssl_verify )
232
- return self ._request_result (res )
233
-
234
- def update_policy_json (self , policy_json ):
235
- '''**Description**
236
- Update an existing policy using the provided json. The 'id' field from the policy is
237
- used to determine which policy to update.
238
-
239
- **Arguments**
240
- - policy_json: a description of the new policy
241
-
242
- **Success Return Value**
243
- The string "OK"
244
-
245
- **Example**
246
- `examples/update_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/update_policy.py>`_
247
-
248
- '''
249
- try :
250
- policy_obj = json .loads (policy_json )
251
- if "origin" in policy_obj :
252
- del policy_obj ["origin" ]
253
- except Exception as e :
254
- return [False , "policy json is not valid json: {}" .format (str (e ))]
255
-
256
- if "id" not in policy_obj :
257
- return [False , "Policy Json does not have an 'id' field" ]
258
-
259
- res = self .http .put (self .url + '/api/v2/policies/{}' .format (policy_obj ["id" ]), headers = self .hdrs ,
260
- data = json .dumps (policy_obj ), verify = self .ssl_verify )
261
- return self ._request_result (res )
262
-
263
- def delete_policy_name (self , name ):
264
- '''**Description**
265
- Delete the policy with the given name.
266
-
267
- **Arguments**
268
- - name: the name of the policy to delete
269
-
270
- **Success Return Value**
271
- The JSON object representing the now-deleted policy.
272
-
273
- **Example**
274
- `examples/delete_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/delete_policy.py>`_
275
-
276
- '''
277
- ok , res = self .list_policies ()
278
- if not ok :
279
- return [False , res ]
280
-
281
- # Find the policy with the given name and delete it
282
- for policy in res :
283
- if policy ["name" ] == name :
284
- return self .delete_policy_id (policy ["id" ])
285
-
286
- return [False , "No policy with name {}" .format (name )]
287
-
288
- def delete_policy_id (self , id ):
289
- '''**Description**
290
- Delete the policy with the given id
291
-
292
- **Arguments**
293
- - id: the id of the policy to delete
294
-
295
- **Success Return Value**
296
- The JSON object representing the now-deleted policy.
297
-
298
- **Example**
299
- `examples/delete_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/delete_policy.py>`_
300
-
301
- '''
302
- res = self .http .delete (self .url + '/api/v2/policies/{}' .format (id ), headers = self .hdrs , verify = self .ssl_verify )
303
- return self ._request_result (res )
304
-
305
29
def list_rules (self ):
306
30
'''**Description**
307
31
Returns the list of rules in the system. These are grouped by name
0 commit comments