Exemplo n.º 1
0
 def testClientFormatTaskStatusShortReport(self, _, __, ___):
     """Tests format_task_status() has valid output with short report."""
     client = TurbiniaClient()
     client.get_task_data = mock.MagicMock()
     client.get_task_data.return_value = self.task_data
     result = client.format_task_status('inst', 'proj', 'reg')
     self.assertEqual(result.strip(), SHORT_REPORT.strip())
Exemplo n.º 2
0
    def run(self, evidence, result):
        """Main entry point for Task.

    This generates a final report.

    Args:
        evidence (EvidenceCollection): All Evidence that has been generated as
            part of this request.
        result (TurbiniaTaskResult): The result to place task output into.

    Returns:
        TurbiniaTaskResult: Task execution results.
    """
        # Doing a delayed import to avoid circular dependencies.
        from turbinia.client import TurbiniaClient
        report = FinalReport()
        client = TurbiniaClient()

        report_file = os.path.join(
            self.tmp_dir, 'final_turbinia_report_{0:s}.md'.format(self.id))
        report.local_path = report_file
        report_data = client.format_task_status(config.INSTANCE_ID,
                                                config.TURBINIA_PROJECT,
                                                config.TURBINIA_REGION,
                                                request_id=evidence.request_id,
                                                full_report=True)

        result.log('Writing report data to [{0:s}]'.format(report.local_path))
        with open(report.local_path, 'wb') as file_handle:
            file_handle.write(report_data.encode('utf-8'))

        result.add_evidence(report, evidence.config)
        result.close(self, True)
        return result
Exemplo n.º 3
0
    def testClientGetTaskStatistics(self, _, __, ___):
        """Tests get_task_statistics() basic functionality."""
        client = TurbiniaClient()
        client.get_task_data = mock.MagicMock()
        client.get_task_data.return_value = self.task_data
        task_stats = client.get_task_statistics('inst', 'proj', 'reg')

        # Make sure we have the right number of tasks for all sections
        self.assertEqual(task_stats['all_tasks'].count, 3)
        self.assertEqual(task_stats['successful_tasks'].count, 2)
        self.assertEqual(task_stats['failed_tasks'].count, 1)
        self.assertEqual(task_stats['requests'].count, 2)
        self.assertEqual(len(task_stats['tasks_per_user']), 2)
        self.assertEqual(len(task_stats['tasks_per_worker']), 2)
        self.assertEqual(len(task_stats['tasks_per_type']), 3)

        # Checking min/mean/max
        self.assertEqual(task_stats['all_tasks'].min, timedelta(minutes=1))
        self.assertEqual(task_stats['all_tasks'].mean, timedelta(minutes=3))
        self.assertEqual(task_stats['all_tasks'].max, timedelta(minutes=5))
        # Delta for this is 21 minutes because the last_update for 0xfakeTaskId2 is
        # 20 minutes later than the first task, and the first task ran for 1 minute.
        self.assertEqual(task_stats['requests'].max, timedelta(minutes=21))
        self.assertEqual(task_stats['tasks_per_user']['myuser'].max,
                         timedelta(minutes=5))
        self.assertEqual(task_stats['tasks_per_worker']['fake_worker'].max,
                         timedelta(minutes=3))
        self.assertEqual(task_stats['tasks_per_type']['TaskName2'].mean,
                         timedelta(minutes=5))
Exemplo n.º 4
0
 def testTurbiniaClientGetTaskData(self, _, mock_cloud_function):
   """Basic test for client.get_task_data"""
   # ExecuteFunction returns a dict with a 'result' key that has a json-encoded
   # list.
   function_return = {'result': '["bar", "baz"]'}
   mock_cloud_function.return_value = function_return
   client = TurbiniaClient()
   self.assertEqual(client.get_task_data("inst", "proj", "reg"), "bar")
Exemplo n.º 5
0
 def testClientFormatTaskStatistics(self, _, __, ___):
     """Tests format_task_statistics() report output."""
     client = TurbiniaClient()
     client.get_task_data = mock.MagicMock()
     client.get_task_data.return_value = self.task_data
     stats_report = client.format_task_statistics('inst', 'proj', 'reg')
     self.maxDiff = None
     self.assertEqual(stats_report, STATISTICS_REPORT)
Exemplo n.º 6
0
 def testClientFormatTaskStatusFiles(self, _, __, ___):
   """Tests format_task_status() has valid output with report and files."""
   client = TurbiniaClient()
   client.get_task_data = mock.MagicMock()
   client.get_task_data.return_value = self.task_data
   result = client.format_task_status(
       'inst', 'proj', 'reg', all_fields=True, full_report=True)
   self.assertEqual(result.strip(), LONG_REPORT_FILES.strip())
Exemplo n.º 7
0
 def testClientFormatTaskStatus(self, _, __, ___):
     """Tests format_task_status() with empty report_priority."""
     client = TurbiniaClient()
     client.get_task_data = mock.MagicMock()
     self.task_data[0]['report_priority'] = None
     self.task_data[1]['report_priority'] = ''
     self.task_data[2].pop('report_priority')
     client.get_task_data.return_value = self.task_data
     result = client.format_task_status('inst', 'proj', 'reg')
     self.assertIn('Processed 3 Tasks', result.strip())
Exemplo n.º 8
0
 def testTurbiniaClientGetTaskDataInvalidJson(self, _, __,
                                              mock_cloud_function):
     """Test for exception after bad json results from cloud functions."""
     mock_cloud_function.return_value = {'result': None}
     client = TurbiniaClient()
     self.assertRaises(TurbiniaException, client.get_task_data, "inst",
                       "proj", "reg")
Exemplo n.º 9
0
 def testTurbiniaClientGetTaskDataNoResults(self, _, __,
                                            mock_cloud_function):
     """Test for exception after empty results from cloud functions."""
     mock_cloud_function.return_value = {}
     client = TurbiniaClient()
     self.assertRaises(TurbiniaException, client.get_task_data, "inst",
                       "proj", "reg")
Exemplo n.º 10
0
 def testTurbiniaClientGetTaskData(self, _, __, mock_cloud_function):
     """Basic test for client.get_task_data"""
     # ExecuteFunction returns a dict with a 'result' key that has a json-encoded
     # list.  This contains our task data, which is a list of dicts.
     run_time = timedelta(seconds=3)
     test_task_data = [{
         'bar': 'bar2',
         'run_time': run_time.total_seconds()
     }]
     gcf_result = [test_task_data, 'Unused GCF data']
     gcf_result = json.dumps(gcf_result)
     function_return = {'result': gcf_result}
     mock_cloud_function.return_value = function_return
     client = TurbiniaClient()
     task_data = client.get_task_data('inst', 'proj', 'reg')
     # get_task_data() converts this back into a timedelta(). We returned it
     # seconds from the GCF function call because that is what it is stored in
     # Datastore as.
     test_task_data[0]['run_time'] = run_time
     self.assertEqual(task_data, test_task_data)
Exemplo n.º 11
0
def main():
  # TODO(aarontp): Allow for single run mode when
  # by specifying evidence which will also terminate the task manager after
  # evidence has been processed.
  parser = argparse.ArgumentParser()
  parser.add_argument(
      '-q', '--quiet', action='store_true', help='Show minimal output')
  parser.add_argument(
      '-v', '--verbose', action='store_true', help='Show verbose output')
  # TODO(aarontp): Turn off debug by default
  parser.add_argument(
      '-d',
      '--debug',
      action='store_true',
      help='Show debug output',
      default=True)
  parser.add_argument(
      '-a',
      '--all_fields',
      action='store_true',
      help='Show all task status fields in output',
      required=False)
  parser.add_argument(
      '-f',
      '--force_evidence',
      action='store_true',
      help='Force evidence processing request in potentially unsafe conditions',
      required=False)
  parser.add_argument('-o', '--output_dir', help='Directory path for output')
  parser.add_argument('-L', '--log_file', help='Log file')
  parser.add_argument(
      '-r',
      '--request_id',
      help='Create new requests with this Request ID',
      required=False)
  parser.add_argument(
      '-S',
      '--server',
      action='store_true',
      help='Run Turbinia Server indefinitely')
  parser.add_argument(
      '-C',
      '--use_celery',
      action='store_true',
      help='Pass this flag when using Celery/Kombu for task queuing and '
      'messaging (instead of Google PSQ/pubsub)')
  parser.add_argument(
      '-V',
      '--version',
      action='version',
      version=__version__,
      help='Show the version')
  parser.add_argument(
      '-D',
      '--dump_json',
      action='store_true',
      help='Dump JSON output of Turbinia Request instead of sending it')
  parser.add_argument(
      '-F',
      '--filter_patterns_file',
      help='A file containing newline separated string patterns to filter '
      'text based evidence files with (in extended grep regex format). '
      'This filtered output will be in addition to the complete output')
  parser.add_argument(
      '-j',
      '--jobs_whitelist',
      help='A whitelist for Jobs that we will allow to run (note that it '
      'will not force them to run).')
  parser.add_argument(
      '-J',
      '--jobs_blacklist',
      help='A blacklist for Jobs we will not allow to run')
  parser.add_argument(
      '-p',
      '--poll_interval',
      default=60,
      type=int,
      help='Number of seconds to wait between polling for task state info')
  parser.add_argument(
      '-w',
      '--wait',
      action='store_true',
      help='Wait to exit until all tasks for the given request have completed')

  subparsers = parser.add_subparsers(
      dest='command', title='Commands', metavar='<command>')

  # TODO(aarontp): Find better way to specify these that allows for multiple
  # pieces of evidence to be submitted. Maybe automagically create different
  # commands based on introspection of evidence objects?
  # RawDisk
  parser_rawdisk = subparsers.add_parser(
      'rawdisk', help='Process RawDisk as Evidence')
  parser_rawdisk.add_argument(
      '-l', '--local_path', help='Local path to the evidence', required=True)
  parser_rawdisk.add_argument(
      '-P',
      '--mount_partition',
      default=1,
      type=int,
      help='The partition number to use when mounting this disk.  Defaults to '
      'the entire raw disk.  Only affects mounting, and not what gets '
      'processed.')
  parser_rawdisk.add_argument(
      '-s',
      '--source',
      help='Description of the source of the evidence',
      required=False)
  parser_rawdisk.add_argument(
      '-n', '--name', help='Descriptive name of the evidence', required=False)

  # Parser options for Google Cloud Disk Evidence type
  parser_googleclouddisk = subparsers.add_parser(
      'googleclouddisk',
      help='Process Google Cloud Persistent Disk as Evidence')
  parser_googleclouddisk.add_argument(
      '-d', '--disk_name', help='Google Cloud name for disk', required=True)
  parser_googleclouddisk.add_argument(
      '-p',
      '--project',
      help='Project that the disk is associated with',
      required=True)
  parser_googleclouddisk.add_argument(
      '-P',
      '--mount_partition',
      default=0,
      type=int,
      help='The partition number to use when mounting this disk.  Defaults to '
      'the entire raw disk.  Only affects mounting, and not what gets '
      'processed.')
  parser_googleclouddisk.add_argument(
      '-z', '--zone', help='Geographic zone the disk exists in', required=True)
  parser_googleclouddisk.add_argument(
      '-s',
      '--source',
      help='Description of the source of the evidence',
      required=False)
  parser_googleclouddisk.add_argument(
      '-n', '--name', help='Descriptive name of the evidence', required=False)

  # Parser options for Google Cloud Persistent Disk Embedded Raw Image
  parser_googleclouddiskembedded = subparsers.add_parser(
      'googleclouddiskembedded',
      help='Process Google Cloud Persistent Disk with an embedded raw disk '
      'image as Evidence')
  parser_googleclouddiskembedded.add_argument(
      '-e',
      '--embedded_path',
      help='Path within the Persistent Disk that points to the raw image file',
      required=True)
  parser_googleclouddiskembedded.add_argument(
      '-d', '--disk_name', help='Google Cloud name for disk', required=True)
  parser_googleclouddiskembedded.add_argument(
      '-p',
      '--project',
      help='Project that the disk is associated with',
      required=True)
  parser_googleclouddiskembedded.add_argument(
      '-P',
      '--mount_partition',
      default=0,
      type=int,
      help='The partition number to use when mounting this disk.  Defaults to '
      'the entire raw disk.  Only affects mounting, and not what gets '
      'processed.')
  parser_googleclouddiskembedded.add_argument(
      '-z', '--zone', help='Geographic zone the disk exists in', required=True)
  parser_googleclouddiskembedded.add_argument(
      '-s',
      '--source',
      help='Description of the source of the evidence',
      required=False)
  parser_googleclouddiskembedded.add_argument(
      '-n', '--name', help='Descriptive name of the evidence', required=False)

  # Parser options for Directory evidence type
  parser_directory = subparsers.add_parser(
      'directory', help='Process a directory as Evidence')
  parser_directory.add_argument(
      '-l', '--local_path', help='Local path to the evidence', required=True)
  parser_directory.add_argument(
      '-s',
      '--source',
      help='Description of the source of the evidence',
      required=False)
  parser_directory.add_argument(
      '-n', '--name', help='Descriptive name of the evidence', required=False)

  # List Jobs
  subparsers.add_parser('listjobs', help='List all available jobs')

  # PSQ Worker
  parser_psqworker = subparsers.add_parser('psqworker', help='Run PSQ worker')
  parser_psqworker.add_argument(
      '-S',
      '--single_threaded',
      action='store_true',
      help='Run PSQ Worker in a single thread',
      required=False)

  # Celery Worker
  subparsers.add_parser('celeryworker', help='Run Celery worker')

  # Parser options for Turbinia status command
  parser_status = subparsers.add_parser(
      'status', help='Get Turbinia Task status')
  parser_status.add_argument(
      '-c',
      '--close_tasks',
      action='store_true',
      help='Close tasks based on Request ID or Task ID',
      required=False)
  parser_status.add_argument(
      '-d',
      '--days_history',
      default=0,
      type=int,
      help='Number of days of history to show',
      required=False)
  parser_status.add_argument(
      '-f',
      '--force',
      help='Gatekeeper for --close_tasks',
      action='store_true',
      required=False)
  parser_status.add_argument(
      '-r',
      '--request_id',
      help='Show tasks with this Request ID',
      required=False)
  parser_status.add_argument(
      '-t', '--task_id', help='Show task for given Task ID', required=False)
  parser_status.add_argument(
      '-u', '--user', help='Show task for given user', required=False)

  # Server
  subparsers.add_parser('server', help='Run Turbinia Server')

  args = parser.parse_args()
  if args.quiet:
    log.setLevel(logging.ERROR)
  elif args.verbose:
    log.setLevel(logging.INFO)
  elif args.debug:
    log.setLevel(logging.DEBUG)
  else:
    log.setLevel(logging.WARNING)

  if args.jobs_whitelist and args.jobs_blacklist:
    log.warning('A Job filter whitelist and blacklist cannot be specified '
                'at the same time')
    sys.exit(1)

  filter_patterns = None
  if (args.filter_patterns_file and
      not os.path.exists(args.filter_patterns_file)):
    log.warning('Filter patterns file {0:s} does not exist.')
    sys.exit(1)
  elif args.filter_patterns_file:
    try:
      filter_patterns = open(args.filter_patterns_file).read().splitlines()
    except IOError as e:
      log.warning('Cannot open file {0:s} [{1!s}]'.format(
          args.filter_patterns_file, e))

  # Client
  config.LoadConfig()
  if args.command not in ('psqworker', 'server'):
    if args.use_celery:
      client = TurbiniaCeleryClient()
    else:
      client = TurbiniaClient()
  else:
    client = None

  if args.output_dir:
    config.OUTPUT_DIR = args.output_dir
  if args.log_file:
    config.LOG_FILE = args.log_file

  evidence_ = None
  is_cloud_disk = False
  if args.command == 'rawdisk':
    args.name = args.name if args.name else args.local_path
    local_path = os.path.abspath(args.local_path)
    evidence_ = evidence.RawDisk(
        name=args.name,
        local_path=local_path,
        mount_partition=args.mount_partition,
        source=args.source)
  elif args.command == 'directory':
    args.name = args.name if args.name else args.local_path
    local_path = os.path.abspath(args.local_path)
    evidence_ = evidence.Directory(
        name=args.name, local_path=local_path, source=args.source)
  elif args.command == 'googleclouddisk':
    is_cloud_disk = True
    args.name = args.name if args.name else args.disk_name
    evidence_ = evidence.GoogleCloudDisk(
        name=args.name,
        disk_name=args.disk_name,
        project=args.project,
        mount_partition=args.mount_partition,
        zone=args.zone,
        source=args.source)
  elif args.command == 'googleclouddiskembedded':
    is_cloud_disk = True
    args.name = args.name if args.name else args.disk_name
    evidence_ = evidence.GoogleCloudDiskRawEmbedded(
        name=args.name,
        disk_name=args.disk_name,
        embedded_path=args.embedded_path,
        mount_partition=args.mount_partition,
        project=args.project,
        zone=args.zone,
        source=args.source)
  elif args.command == 'psqworker':
    # Set up root logger level which is normally set by the psqworker command
    # which we are bypassing.
    logger.setup()
    worker = TurbiniaPsqWorker()
    worker.start()
  elif args.command == 'celeryworker':
    logger.setup()
    worker = TurbiniaCeleryWorker()
    worker.start()
  elif args.command == 'server':
    server = TurbiniaServer()
    server.start()
  elif args.command == 'status':
    region = config.TURBINIA_REGION
    if args.close_tasks:
      if args.user or args.request_id or args.task_id:
        print(client.close_tasks(
            instance=config.INSTANCE_ID,
            project=config.PROJECT,
            region=region,
            request_id=args.request_id,
            task_id=args.task_id,
            user=args.user,
            requester=getpass.getuser()))
        sys.exit(0)
      else:
        log.info(
            '--close_tasks (-c) requires --user, --request_id, or/and --task_id'
        )
        sys.exit(1)

    if args.wait and args.request_id:
      client.wait_for_request(
          instance=config.INSTANCE_ID,
          project=config.PROJECT,
          region=region,
          request_id=args.request_id,
          user=args.user,
          poll_interval=args.poll_interval)
    elif args.wait and not args.request_id:
      log.info('--wait requires --request_id, which is not specified. '
               'turbiniactl will exit without waiting.')

    print(client.format_task_status(
        instance=config.INSTANCE_ID,
        project=config.PROJECT,
        region=region,
        days=args.days_history,
        task_id=args.task_id,
        request_id=args.request_id,
        user=args.user,
        all_fields=args.all_fields))
  elif args.command == 'listjobs':
    log.info('Available Jobs:')
    client.list_jobs()
  else:
    log.warning('Command {0:s} not implemented.'.format(args.command))

  if evidence_ and not args.force_evidence:
    if config.SHARED_FILESYSTEM and evidence_.cloud_only:
      log.error('The evidence type {0:s} is Cloud only, and this instance of '
                'Turbinia is not a cloud instance.'.format(evidence_.type))
      sys.exit(1)
    elif not config.SHARED_FILESYSTEM and not evidence_.cloud_only:
      log.error('The evidence type {0:s} cannot run on Cloud instances of '
                'Turbinia. Consider wrapping it in a '
                'GoogleCloudDiskRawEmbedded or other Cloud compatible '
                'object'.format(evidence_.type))
      sys.exit(1)

  if is_cloud_disk and evidence_.project != config.PROJECT:
    msg = ('Turbinia project {0:s} is different from evidence project {1:s}. '
           'This processing request will fail unless the Turbinia service '
           'account has permissions to this project.'.format(
               config.PROJECT, evidence_.project))
    if args.force_evidence:
      log.warning(msg)
    else:
      msg += ' Use --force_evidence if you are sure you want to do this.'
      log.warning(msg)
      sys.exit(1)

  # If we have evidence to process and we also want to run as a server, then
  # we'll just process the evidence directly rather than send it through the
  # PubSub frontend interface.  If we're not running as a server then we will
  # create a new TurbiniaRequest and send it over PubSub.
  if evidence_ and args.server:
    server = TurbiniaServer()
    server.add_evidence(evidence_)
    server.start()
  elif evidence_:
    request = TurbiniaRequest(request_id=args.request_id)
    request.evidence.append(evidence_)
    if filter_patterns:
      request.recipe['filter_patterns'] = filter_patterns
    if args.dump_json:
      print(request.to_json().encode('utf-8'))
    else:
      log.info('Creating request {0:s} with evidence {1:s}'.format(
          request.request_id, evidence_.name))
      client.send_request(request)

    if args.wait:
      log.info('Waiting for request {0:s} to complete'.format(
          request.request_id))
      region = config.TURBINIA_REGION
      client.wait_for_request(
          instance=config.INSTANCE_ID,
          project=config.PROJECT,
          region=region,
          request_id=request.request_id,
          poll_interval=args.poll_interval)
      print(client.format_task_status(
          instance=config.INSTANCE_ID,
          project=config.PROJECT,
          region=region,
          request_id=request.request_id,
          all_fields=args.all_fields))

  log.info('Done.')
  sys.exit(0)
Exemplo n.º 12
0
 def testTurbiniaClientInit(self, _, __):
     """Basic test for client."""
     config.LoadConfig()
     client = TurbiniaClient()
     self.assertTrue(hasattr(client, 'task_manager'))
Exemplo n.º 13
0
def main():
    """Main function for turbiniactl"""
    # TODO(aarontp): Allow for single run mode when
    # by specifying evidence which will also terminate the task manager after
    # evidence has been processed.
    parser = argparse.ArgumentParser()
    parser.add_argument('-q',
                        '--quiet',
                        action='store_true',
                        help='Show minimal output')
    parser.add_argument('-v',
                        '--verbose',
                        action='store_true',
                        help='Show verbose output',
                        default=True)
    parser.add_argument('-d',
                        '--debug',
                        action='store_true',
                        help='Show debug output',
                        default=False)
    parser.add_argument('-a',
                        '--all_fields',
                        action='store_true',
                        help='Show all task status fields in output',
                        required=False)
    parser.add_argument(
        '-c',
        '--config_file',
        help='Load explicit config file. If specified it '
        'will ignore config files in other default locations '
        '(/etc/turbinia.conf, ~/.turbiniarc, or in paths referenced in '
        'environment variable TURBINIA_CONFIG_PATH)',
        required=False)
    parser.add_argument(
        '-C',
        '--recipe_config',
        help='Recipe configuration data passed in as '
        'comma separated key=value pairs (e.g. '
        '"-C key=value,otherkey=othervalue").  These will get passed to tasks '
        'as evidence config, and will also be written to the metadata.json file '
        'for Evidence types that write it',
        default=[],
        type=csv_list)
    parser.add_argument(
        '-f',
        '--force_evidence',
        action='store_true',
        help=
        'Force evidence processing request in potentially unsafe conditions',
        required=False)
    parser.add_argument('-o', '--output_dir', help='Directory path for output')
    parser.add_argument('-L', '--log_file', help='Log file')
    parser.add_argument('-r',
                        '--request_id',
                        help='Create new requests with this Request ID',
                        required=False)
    parser.add_argument(
        '-R',
        '--run_local',
        action='store_true',
        help=
        'Run completely locally without any server or other infrastructure. '
        'This can be used to run one-off Tasks to process data locally.')
    parser.add_argument('-S',
                        '--server',
                        action='store_true',
                        help='Run Turbinia Server indefinitely')
    parser.add_argument('-V',
                        '--version',
                        action='version',
                        version=__version__,
                        help='Show the version')
    parser.add_argument(
        '-D',
        '--dump_json',
        action='store_true',
        help='Dump JSON output of Turbinia Request instead of sending it')
    parser.add_argument(
        '-F',
        '--filter_patterns_file',
        help='A file containing newline separated string patterns to filter '
        'text based evidence files with (in extended grep regex format). '
        'This filtered output will be in addition to the complete output')
    parser.add_argument(
        '-j',
        '--jobs_whitelist',
        default=[],
        type=csv_list,
        help='A whitelist for Jobs that will be allowed to run (in CSV format, '
        'no spaces). This will not force them to run if they are not configured '
        'to. This is applied both at server start time and when the client makes '
        'a processing request. When applied at server start time the change is '
        'persistent while the server is running.  When applied by the client, it '
        'will only affect that processing request.')
    parser.add_argument(
        '-J',
        '--jobs_blacklist',
        default=[],
        type=csv_list,
        help='A blacklist for Jobs we will not allow to run.  See '
        '--jobs_whitelist help for details on format and when it is applied.')
    parser.add_argument(
        '-p',
        '--poll_interval',
        default=60,
        type=int,
        help='Number of seconds to wait between polling for task state info')
    parser.add_argument(
        '-t',
        '--task',
        help='The name of a single Task to run locally (must be used with '
        '--run_local.')
    parser.add_argument(
        '-w',
        '--wait',
        action='store_true',
        help='Wait to exit until all tasks for the given request have completed'
    )

    subparsers = parser.add_subparsers(dest='command',
                                       title='Commands',
                                       metavar='<command>')

    # Action for printing config
    parser_config = subparsers.add_parser('config',
                                          help='Print out config file')
    parser_config.add_argument('-f',
                               '--file_only',
                               action='store_true',
                               help='Print out file path only')

    # TODO(aarontp): Find better way to specify these that allows for multiple
    # pieces of evidence to be submitted. Maybe automagically create different
    # commands based on introspection of evidence objects?
    # RawDisk
    parser_rawdisk = subparsers.add_parser('rawdisk',
                                           help='Process RawDisk as Evidence')
    parser_rawdisk.add_argument('-l',
                                '--local_path',
                                help='Local path to the evidence',
                                required=True)
    parser_rawdisk.add_argument(
        '-P',
        '--mount_partition',
        default=1,
        type=int,
        help='The partition number to use when mounting this disk.  Defaults to '
        'the entire raw disk.  Only affects mounting, and not what gets '
        'processed.')
    parser_rawdisk.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_rawdisk.add_argument('-n',
                                '--name',
                                help='Descriptive name of the evidence',
                                required=False)

    # Parser options for APFS Disk Evidence type
    parser_apfs = subparsers.add_parser(
        'apfs', help='Process APFSEncryptedDisk as Evidence')
    parser_apfs.add_argument('-l',
                             '--local_path',
                             help='Local path to the encrypted APFS evidence',
                             required=True)
    parser_apfs.add_argument(
        '-r',
        '--recovery_key',
        help='Recovery key for the APFS evidence.  '
        'Either recovery key or password must be specified.',
        required=False)
    parser_apfs.add_argument(
        '-p',
        '--password',
        help='Password for the APFS evidence.  '
        'If a recovery key is specified concurrently, password will be ignored.',
        required=False)
    parser_apfs.add_argument('-s',
                             '--source',
                             help='Description of the source of the evidence',
                             required=False)
    parser_apfs.add_argument('-n',
                             '--name',
                             help='Descriptive name of the evidence',
                             required=False)

    # Parser options for Bitlocker Disk Evidence type
    parser_bitlocker = subparsers.add_parser(
        'bitlocker', help='Process Bitlocker Disk as Evidence')
    parser_bitlocker.add_argument(
        '-l',
        '--local_path',
        help='Local path to the encrypted Bitlocker evidence',
        required=True)
    parser_bitlocker.add_argument(
        '-r',
        '--recovery_key',
        help='Recovery key for the Bitlocker evidence.  '
        'Either recovery key or password must be specified.',
        required=False)
    parser_bitlocker.add_argument(
        '-p',
        '--password',
        help='Password for the Bitlocker evidence.  '
        'If a recovery key is specified concurrently, password will be ignored.',
        required=False)
    parser_bitlocker.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_bitlocker.add_argument('-n',
                                  '--name',
                                  help='Descriptive name of the evidence',
                                  required=False)

    # Parser options for Google Cloud Disk Evidence type
    parser_googleclouddisk = subparsers.add_parser(
        'googleclouddisk',
        help='Process Google Cloud Persistent Disk as Evidence')
    parser_googleclouddisk.add_argument(
        '-C',
        '--copy_only',
        help='Only copy disk and do not process with '
        'Turbinia. This only takes effect when a source --project is defined '
        'and can be run without any Turbinia server or workers configured.')
    parser_googleclouddisk.add_argument('-d',
                                        '--disk_name',
                                        help='Google Cloud name for disk',
                                        required=True)
    parser_googleclouddisk.add_argument(
        '-p',
        '--project',
        help='Project that the disk to process is associated '
        'with. If this is different from the project that Turbinia is running '
        'in, it will be copied to the Turbinia project.')
    parser_googleclouddisk.add_argument(
        '-P',
        '--mount_partition',
        default=0,
        type=int,
        help='The partition number to use when mounting this disk.  Defaults to '
        'the entire raw disk.  Only affects mounting, and not what gets '
        'processed.')
    parser_googleclouddisk.add_argument(
        '-z', '--zone', help='Geographic zone the disk exists in')
    parser_googleclouddisk.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_googleclouddisk.add_argument(
        '-n',
        '--name',
        help='Descriptive name of the evidence',
        required=False)

    # Parser options for Google Cloud Persistent Disk Embedded Raw Image
    parser_googleclouddiskembedded = subparsers.add_parser(
        'googleclouddiskembedded',
        help='Process Google Cloud Persistent Disk with an embedded raw disk '
        'image as Evidence')
    parser_googleclouddiskembedded.add_argument(
        '-C',
        '--copy_only',
        help='Only copy disk and do not process with '
        'Turbinia. This only takes effect when a source --project is defined '
        'and can be run without any Turbinia server or workers configured.')
    parser_googleclouddiskembedded.add_argument(
        '-e',
        '--embedded_path',
        help=
        'Path within the Persistent Disk that points to the raw image file',
        required=True)
    parser_googleclouddiskembedded.add_argument(
        '-d', '--disk_name', help='Google Cloud name for disk', required=True)
    parser_googleclouddiskembedded.add_argument(
        '-p',
        '--project',
        help='Project that the disk to process is associated '
        'with. If this is different from the project that Turbinia is running '
        'in, it will be copied to the Turbinia project.')
    parser_googleclouddiskembedded.add_argument(
        '-P',
        '--mount_partition',
        default=0,
        type=int,
        help='The partition number to use when mounting this disk.  Defaults to '
        'the entire raw disk.  Only affects mounting, and not what gets '
        'processed.')
    parser_googleclouddiskembedded.add_argument(
        '-z', '--zone', help='Geographic zone the disk exists in')
    parser_googleclouddiskembedded.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_googleclouddiskembedded.add_argument(
        '-n',
        '--name',
        help='Descriptive name of the evidence',
        required=False)

    # RawMemory
    parser_rawmemory = subparsers.add_parser(
        'rawmemory', help='Process RawMemory as Evidence')
    parser_rawmemory.add_argument('-l',
                                  '--local_path',
                                  help='Local path to the evidence',
                                  required=True)
    parser_rawmemory.add_argument('-P',
                                  '--profile',
                                  help='Profile to use with Volatility',
                                  required=True)
    parser_rawmemory.add_argument('-n',
                                  '--name',
                                  help='Descriptive name of the evidence',
                                  required=False)
    parser_rawmemory.add_argument('-m',
                                  '--module_list',
                                  type=csv_list,
                                  help='Volatility module(s) to execute',
                                  required=True)

    # Parser options for Directory evidence type
    parser_directory = subparsers.add_parser(
        'directory', help='Process a directory as Evidence')
    parser_directory.add_argument('-l',
                                  '--local_path',
                                  help='Local path to the evidence',
                                  required=True)
    parser_directory.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_directory.add_argument('-n',
                                  '--name',
                                  help='Descriptive name of the evidence',
                                  required=False)

    # Parser options for ChromiumProfile evidence type
    parser_hindsight = subparsers.add_parser(
        'hindsight', help='Process ChromiumProfile as Evidence')
    parser_hindsight.add_argument('-l',
                                  '--local_path',
                                  help='Local path to the evidence',
                                  required=True)
    parser_hindsight.add_argument('-f',
                                  '--format',
                                  help='Output format (supported types are '
                                  'xlsx, sqlite, jsonl)',
                                  default='sqlite')
    parser_hindsight.add_argument(
        '-b',
        '--browser_type',
        help='The type of browser the input files belong'
        'to (supported types are Chrome, Brave)',
        default='Chrome')
    parser_hindsight.add_argument('-n',
                                  '--name',
                                  help='Descriptive name of the evidence',
                                  required=False)

    # List Jobs
    subparsers.add_parser(
        'listjobs',
        help='List all available Jobs. These Job names can be used by '
        '--jobs_whitelist and --jobs_blacklist')

    # PSQ Worker
    parser_psqworker = subparsers.add_parser('psqworker',
                                             help='Run PSQ worker')
    parser_psqworker.add_argument('-S',
                                  '--single_threaded',
                                  action='store_true',
                                  help='Run PSQ Worker in a single thread',
                                  required=False)

    # Celery Worker
    subparsers.add_parser('celeryworker', help='Run Celery worker')

    # Parser options for Turbinia status command
    parser_status = subparsers.add_parser('status',
                                          help='Get Turbinia Task status')
    parser_status.add_argument(
        '-c',
        '--close_tasks',
        action='store_true',
        help='Close tasks based on Request ID or Task ID',
        required=False)
    parser_status.add_argument(
        '-C',
        '--csv',
        action='store_true',
        help='When used with --statistics, the output will be in CSV format',
        required=False)
    parser_status.add_argument('-d',
                               '--days_history',
                               default=0,
                               type=int,
                               help='Number of days of history to show',
                               required=False)
    parser_status.add_argument('-f',
                               '--force',
                               help='Gatekeeper for --close_tasks',
                               action='store_true',
                               required=False)
    parser_status.add_argument('-r',
                               '--request_id',
                               help='Show tasks with this Request ID',
                               required=False)
    # 20 == Priority.High. We are setting this manually here because we don't want
    # to load the worker module yet in order to access this Enum.
    parser_status.add_argument(
        '-p',
        '--priority_filter',
        default=20,
        type=int,
        required=False,
        help='This sets what report sections are shown in full detail in '
        'report output.  Any tasks that have set a report_priority value '
        'equal to or lower than this setting will be shown in full detail, and '
        'tasks with a higher value will only have a summary shown.  To see all '
        'tasks report output in full detail, set --priority_filter=100')
    parser_status.add_argument(
        '-R',
        '--full_report',
        help='Generate full markdown report instead of just a summary',
        action='store_true',
        required=False)
    parser_status.add_argument('-s',
                               '--statistics',
                               help='Generate statistics only',
                               action='store_true',
                               required=False)
    parser_status.add_argument('-t',
                               '--task_id',
                               help='Show task for given Task ID',
                               required=False)
    parser_status.add_argument('-u',
                               '--user',
                               help='Show task for given user',
                               required=False)

    # Server
    subparsers.add_parser('server', help='Run Turbinia Server')

    args = parser.parse_args()

    # Load the config before final logger setup so we can the find the path to the
    # log file.
    try:
        if args.config_file:
            config.LoadConfig(config_file=args.config_file)
        else:
            config.LoadConfig()
    except TurbiniaException as exception:
        print('Could not load config file ({0:s}).\n{1:s}'.format(
            exception, config.CONFIG_MSG))
        sys.exit(1)

    if args.log_file:
        config.LOG_FILE = args.log_file
    if args.output_dir:
        config.OUTPUT_DIR = args.output_dir

    # Run logger setup again to get file-handler now that we have the logfile path
    # from the config.
    logger.setup()
    if args.quiet:
        log.setLevel(logging.ERROR)
    elif args.debug:
        log.setLevel(logging.DEBUG)
    else:
        log.setLevel(logging.INFO)

    log.info('Turbinia version: {0:s}'.format(__version__))

    # Do late import of other needed Turbinia modules.  This is needed because the
    # config is loaded by these modules at load time, and we want to wait to load
    # the config until after we parse the args so that we can use those arguments
    # to point to config paths.
    from turbinia.client import TurbiniaClient
    from turbinia.client import TurbiniaCeleryClient
    from turbinia.client import TurbiniaServer
    from turbinia.client import TurbiniaCeleryWorker
    from turbinia.client import TurbiniaPsqWorker
    from turbinia import evidence
    from turbinia.message import TurbiniaRequest

    # Print out config if requested
    if args.command == 'config':
        if args.file_only:
            log.info('Config file path is {0:s}\n'.format(config.configSource))
            sys.exit(0)

        try:
            with open(config.configSource, "r") as f:
                print(f.read())
                sys.exit(0)
        except IOError as exception:
            log.info("Failed to read config file {0:s}: {1!s}".format(
                config.configSource, exception))
            sys.exit(1)

    if args.jobs_whitelist and args.jobs_blacklist:
        log.error(
            'A Job filter whitelist and blacklist cannot be specified at the same '
            'time')
        sys.exit(1)

    # Read set set filter_patterns
    filter_patterns = None
    if (args.filter_patterns_file
            and not os.path.exists(args.filter_patterns_file)):
        log.error('Filter patterns file {0:s} does not exist.')
        sys.exit(1)
    elif args.filter_patterns_file:
        try:
            filter_patterns = open(
                args.filter_patterns_file).read().splitlines()
        except IOError as e:
            log.warning('Cannot open file {0:s} [{1!s}]'.format(
                args.filter_patterns_file, e))

    # Create Client object
    if args.command not in ('psqworker', 'server'):
        if config.TASK_MANAGER.lower() == 'celery':
            client = TurbiniaCeleryClient()
        elif args.run_local:
            client = TurbiniaClient(run_local=True)
        else:
            client = TurbiniaClient()
    else:
        client = None

    # Make sure run_local flags aren't conflicting with other server/client flags
    server_flags_set = args.server or args.command == 'server'
    worker_flags_set = args.command in ('psqworker', 'celeryworker')
    if args.run_local and (server_flags_set or worker_flags_set):
        log.error(
            '--run_local flag is not compatible with server/worker flags')
        sys.exit(1)

    if args.run_local and not args.task:
        log.error('--run_local flag requires --task flag')
        sys.exit(1)

    # Set zone/project to defaults if flags are not set, and also copy remote
    # disk if needed.
    if args.command in ('googleclouddisk', 'googleclouddiskrawembedded'):
        if not args.zone and config.TURBINIA_ZONE:
            args.zone = config.TURBINIA_ZONE
        elif not args.zone and not config.TURBINIA_ZONE:
            log.error('Turbinia zone must be set by --zone or in config')
            sys.exit(1)

        if not args.project and config.TURBINIA_PROJECT:
            args.project = config.TURBINIA_PROJECT
        elif not args.project and not config.TURBINIA_PROJECT:
            log.error('Turbinia project must be set by --project or in config')
            sys.exit(1)

        if args.project and args.project != config.TURBINIA_PROJECT:
            new_disk = libcloudforensics.create_disk_copy(
                args.project, config.TURBINIA_PROJECT, None,
                config.TURBINIA_ZONE, args.disk_name)
            args.disk_name = new_disk.name
            if args.copy_only:
                log.info(
                    '--copy_only specified, so not processing with Turbinia')
                sys.exit(0)

    # Start Evidence configuration
    evidence_ = None
    if args.command == 'rawdisk':
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.RawDisk(name=args.name,
                                     local_path=local_path,
                                     mount_partition=args.mount_partition,
                                     source=args.source)
    elif args.command == 'apfs':
        if not args.password and not args.recovery_key:
            log.error('Neither recovery key nor password is specified.')
            sys.exit(1)
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.APFSEncryptedDisk(name=args.name,
                                               local_path=local_path,
                                               recovery_key=args.recovery_key,
                                               password=args.password,
                                               source=args.source)
    elif args.command == 'bitlocker':
        if not args.password and not args.recovery_key:
            log.error('Neither recovery key nor password is specified.')
            sys.exit(1)
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.BitlockerDisk(name=args.name,
                                           local_path=local_path,
                                           recovery_key=args.recovery_key,
                                           password=args.password,
                                           source=args.source)
    elif args.command == 'directory':
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.Directory(name=args.name,
                                       local_path=local_path,
                                       source=args.source)
    elif args.command == 'googleclouddisk':
        args.name = args.name if args.name else args.disk_name
        evidence_ = evidence.GoogleCloudDisk(
            name=args.name,
            disk_name=args.disk_name,
            project=args.project,
            mount_partition=args.mount_partition,
            zone=args.zone,
            source=args.source)
    elif args.command == 'googleclouddiskembedded':
        args.name = args.name if args.name else args.disk_name
        evidence_ = evidence.GoogleCloudDiskRawEmbedded(
            name=args.name,
            disk_name=args.disk_name,
            embedded_path=args.embedded_path,
            mount_partition=args.mount_partition,
            project=args.project,
            zone=args.zone,
            source=args.source)
    elif args.command == 'hindsight':
        if args.format not in ['xlsx', 'sqlite', 'jsonl']:
            log.error('Invalid output format.')
            sys.exit(1)
        if args.browser_type not in ['Chrome', 'Brave']:
            log.error('Browser type not supported.')
            sys.exit(1)
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.ChromiumProfile(name=args.name,
                                             local_path=local_path,
                                             output_format=args.format,
                                             browser_type=args.browser_type)
    elif args.command == 'rawmemory':
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.RawMemory(name=args.name,
                                       local_path=local_path,
                                       profile=args.profile,
                                       module_list=args.module_list)
    elif args.command == 'psqworker':
        # Set up root logger level which is normally set by the psqworker command
        # which we are bypassing.
        logger.setup()
        worker = TurbiniaPsqWorker()
        worker.start()
    elif args.command == 'celeryworker':
        logger.setup()
        worker = TurbiniaCeleryWorker()
        worker.start()
    elif args.command == 'server':
        server = TurbiniaServer(jobs_blacklist=args.jobs_blacklist,
                                jobs_whitelist=args.jobs_whitelist)
        server.start()
    elif args.command == 'status':
        region = config.TURBINIA_REGION
        if args.close_tasks:
            if args.user or args.request_id or args.task_id:
                print(
                    client.close_tasks(instance=config.INSTANCE_ID,
                                       project=config.TURBINIA_PROJECT,
                                       region=region,
                                       request_id=args.request_id,
                                       task_id=args.task_id,
                                       user=args.user,
                                       requester=getpass.getuser()))
                sys.exit(0)
            else:
                log.info(
                    '--close_tasks (-c) requires --user, --request_id, or/and --task_id'
                )
                sys.exit(1)

        if args.statistics:
            print(
                client.format_task_statistics(instance=config.INSTANCE_ID,
                                              project=config.TURBINIA_PROJECT,
                                              region=region,
                                              days=args.days_history,
                                              task_id=args.task_id,
                                              request_id=args.request_id,
                                              user=args.user,
                                              csv=args.csv))
            sys.exit(0)

        if args.wait and args.request_id:
            client.wait_for_request(instance=config.INSTANCE_ID,
                                    project=config.TURBINIA_PROJECT,
                                    region=region,
                                    request_id=args.request_id,
                                    user=args.user,
                                    poll_interval=args.poll_interval)
        elif args.wait and not args.request_id:
            log.info('--wait requires --request_id, which is not specified. '
                     'turbiniactl will exit without waiting.')

        print(
            client.format_task_status(instance=config.INSTANCE_ID,
                                      project=config.TURBINIA_PROJECT,
                                      region=region,
                                      days=args.days_history,
                                      task_id=args.task_id,
                                      request_id=args.request_id,
                                      user=args.user,
                                      all_fields=args.all_fields,
                                      full_report=args.full_report,
                                      priority_filter=args.priority_filter))
    elif args.command == 'listjobs':
        log.info('Available Jobs:')
        client.list_jobs()
    else:
        log.warning('Command {0:s} not implemented.'.format(args.command))

    if evidence_ and not args.force_evidence:
        if config.SHARED_FILESYSTEM and evidence_.cloud_only:
            log.error(
                'The evidence type {0:s} is Cloud only, and this instance of '
                'Turbinia is not a cloud instance.'.format(evidence_.type))
            sys.exit(1)
        elif not config.SHARED_FILESYSTEM and not evidence_.cloud_only:
            log.error(
                'The evidence type {0:s} cannot run on Cloud instances of '
                'Turbinia. Consider wrapping it in a '
                'GoogleCloudDiskRawEmbedded or other Cloud compatible '
                'object'.format(evidence_.type))
            sys.exit(1)

    # If we have evidence to process and we also want to run as a server, then
    # we'll just process the evidence directly rather than send it through the
    # PubSub frontend interface.  If we're not running as a server then we will
    # create a new TurbiniaRequest and send it over PubSub.
    request = None
    if evidence_ and args.server:
        server = TurbiniaServer()
        server.add_evidence(evidence_)
        server.start()
    elif evidence_:
        request = TurbiniaRequest(request_id=args.request_id,
                                  requester=getpass.getuser())
        request.evidence.append(evidence_)
        if filter_patterns:
            request.recipe['filter_patterns'] = filter_patterns
        if args.jobs_blacklist:
            request.recipe['jobs_blacklist'] = args.jobs_blacklist
        if args.jobs_whitelist:
            request.recipe['jobs_whitelist'] = args.jobs_whitelist
        if args.recipe_config:
            for pair in args.recipe_config:
                try:
                    key, value = pair.split('=')
                except ValueError as exception:
                    log.error(
                        'Could not parse key=value pair [{0:s}] from recipe config '
                        '{1:s}: {2!s}'.format(pair, args.recipe_config,
                                              exception))
                    sys.exit(1)
                request.recipe[key] = value
        if args.dump_json:
            print(request.to_json().encode('utf-8'))
            sys.exit(0)
        else:
            log.info('Creating request {0:s} with evidence {1:s}'.format(
                request.request_id, evidence_.name))
            log.info(
                'Run command "turbiniactl status -r {0:s}" to see the status of'
                ' this request and associated tasks'.format(
                    request.request_id))
            if not args.run_local:
                client.send_request(request)
            else:
                log.debug(
                    '--run_local specified so not sending request to server')

        if args.wait:
            log.info('Waiting for request {0:s} to complete'.format(
                request.request_id))
            region = config.TURBINIA_REGION
            client.wait_for_request(instance=config.INSTANCE_ID,
                                    project=config.TURBINIA_PROJECT,
                                    region=region,
                                    request_id=request.request_id,
                                    poll_interval=args.poll_interval)
            print(
                client.format_task_status(instance=config.INSTANCE_ID,
                                          project=config.TURBINIA_PROJECT,
                                          region=region,
                                          request_id=request.request_id,
                                          all_fields=args.all_fields))

    if args.run_local and not evidence_:
        log.error('Evidence must be specified if using --run_local')
        sys.exit(1)
    if args.run_local and evidence_.cloud_only:
        log.error('--run_local cannot be used with Cloud only Evidence types')
        sys.exit(1)
    if args.run_local and evidence_:
        result = client.run_local_task(args.task, request)
        log.info('Task execution result: {0:s}'.format(result))

    log.info('Done.')
    sys.exit(0)
Exemplo n.º 14
0
def main():
    """Main function for turbiniactl"""
    # TODO(aarontp): Allow for single run mode when
    # by specifying evidence which will also terminate the task manager after
    # evidence has been processed.
    parser = argparse.ArgumentParser()
    parser.add_argument('-q',
                        '--quiet',
                        action='store_true',
                        help='Show minimal output')
    parser.add_argument('-v',
                        '--verbose',
                        action='store_true',
                        help='Show verbose output',
                        default=True)
    parser.add_argument('-d',
                        '--debug',
                        action='store_true',
                        help='Show debug output',
                        default=False)
    parser.add_argument('-a',
                        '--all_fields',
                        action='store_true',
                        help='Show all task status fields in output',
                        required=False)
    parser.add_argument(
        '-f',
        '--force_evidence',
        action='store_true',
        help=
        'Force evidence processing request in potentially unsafe conditions',
        required=False)
    parser.add_argument('-o', '--output_dir', help='Directory path for output')
    parser.add_argument('-L', '--log_file', help='Log file')
    parser.add_argument('-r',
                        '--request_id',
                        help='Create new requests with this Request ID',
                        required=False)
    parser.add_argument(
        '-R',
        '--run_local',
        action='store_true',
        help=
        'Run completely locally without any server or other infrastructure. '
        'This can be used to run one-off Tasks to process data locally.')
    parser.add_argument('-S',
                        '--server',
                        action='store_true',
                        help='Run Turbinia Server indefinitely')
    parser.add_argument('-V',
                        '--version',
                        action='version',
                        version=__version__,
                        help='Show the version')
    parser.add_argument(
        '-D',
        '--dump_json',
        action='store_true',
        help='Dump JSON output of Turbinia Request instead of sending it')
    parser.add_argument(
        '-F',
        '--filter_patterns_file',
        help='A file containing newline separated string patterns to filter '
        'text based evidence files with (in extended grep regex format). '
        'This filtered output will be in addition to the complete output')
    parser.add_argument(
        '-j',
        '--jobs_whitelist',
        default=[],
        type=csv_list,
        help='A whitelist for Jobs that will be allowed to run (in CSV format, '
        'no spaces). This will not force them to run if they are not configured '
        'to. This is applied both at server start time and when the client makes '
        'a processing request. When applied at server start time the change is '
        'persistent while the server is running.  When applied by the client, it '
        'will only affect that processing request.')
    parser.add_argument(
        '-J',
        '--jobs_blacklist',
        default=[],
        type=csv_list,
        help='A blacklist for Jobs we will not allow to run.  See '
        '--jobs_whitelist help for details on format and when it is applied.')
    parser.add_argument(
        '-p',
        '--poll_interval',
        default=60,
        type=int,
        help='Number of seconds to wait between polling for task state info')
    parser.add_argument(
        '-t',
        '--task',
        help='The name of a single Task to run locally (must be used with '
        '--run_local.')
    parser.add_argument(
        '-w',
        '--wait',
        action='store_true',
        help='Wait to exit until all tasks for the given request have completed'
    )

    subparsers = parser.add_subparsers(dest='command',
                                       title='Commands',
                                       metavar='<command>')

    # TODO(aarontp): Find better way to specify these that allows for multiple
    # pieces of evidence to be submitted. Maybe automagically create different
    # commands based on introspection of evidence objects?
    # RawDisk
    parser_rawdisk = subparsers.add_parser('rawdisk',
                                           help='Process RawDisk as Evidence')
    parser_rawdisk.add_argument('-l',
                                '--local_path',
                                help='Local path to the evidence',
                                required=True)
    parser_rawdisk.add_argument(
        '-P',
        '--mount_partition',
        default=1,
        type=int,
        help='The partition number to use when mounting this disk.  Defaults to '
        'the entire raw disk.  Only affects mounting, and not what gets '
        'processed.')
    parser_rawdisk.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_rawdisk.add_argument('-n',
                                '--name',
                                help='Descriptive name of the evidence',
                                required=False)

    # Parser options for APFS Disk Evidence type
    parser_apfs = subparsers.add_parser(
        'apfs', help='Process APFSEncryptedDisk as Evidence')
    parser_apfs.add_argument('-l',
                             '--local_path',
                             help='Local path to the encrypted APFS evidence',
                             required=True)
    parser_apfs.add_argument(
        '-r',
        '--recovery_key',
        help='Recovery key for the APFS evidence.  '
        'Either recovery key or password must be specified.',
        required=False)
    parser_apfs.add_argument(
        '-p',
        '--password',
        help='Password for the APFS evidence.  '
        'If a recovery key is specified concurrently, password will be ignored.',
        required=False)
    parser_apfs.add_argument('-s',
                             '--source',
                             help='Description of the source of the evidence',
                             required=False)
    parser_apfs.add_argument('-n',
                             '--name',
                             help='Descriptive name of the evidence',
                             required=False)

    # Parser options for Bitlocker Disk Evidence type
    parser_bitlocker = subparsers.add_parser(
        'bitlocker', help='Process Bitlocker Disk as Evidence')
    parser_bitlocker.add_argument(
        '-l',
        '--local_path',
        help='Local path to the encrypted Bitlocker evidence',
        required=True)
    parser_bitlocker.add_argument(
        '-r',
        '--recovery_key',
        help='Recovery key for the Bitlocker evidence.  '
        'Either recovery key or password must be specified.',
        required=False)
    parser_bitlocker.add_argument(
        '-p',
        '--password',
        help='Password for the Bitlocker evidence.  '
        'If a recovery key is specified concurrently, password will be ignored.',
        required=False)
    parser_bitlocker.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_bitlocker.add_argument('-n',
                                  '--name',
                                  help='Descriptive name of the evidence',
                                  required=False)

    # Parser options for Google Cloud Disk Evidence type
    parser_googleclouddisk = subparsers.add_parser(
        'googleclouddisk',
        help='Process Google Cloud Persistent Disk as Evidence')
    parser_googleclouddisk.add_argument('-d',
                                        '--disk_name',
                                        help='Google Cloud name for disk',
                                        required=True)
    parser_googleclouddisk.add_argument(
        '-p',
        '--project',
        help='Project that the disk is associated with',
        required=True)
    parser_googleclouddisk.add_argument(
        '-P',
        '--mount_partition',
        default=0,
        type=int,
        help='The partition number to use when mounting this disk.  Defaults to '
        'the entire raw disk.  Only affects mounting, and not what gets '
        'processed.')
    parser_googleclouddisk.add_argument(
        '-z',
        '--zone',
        help='Geographic zone the disk exists in',
        required=True)
    parser_googleclouddisk.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_googleclouddisk.add_argument(
        '-n',
        '--name',
        help='Descriptive name of the evidence',
        required=False)

    # Parser options for Google Cloud Persistent Disk Embedded Raw Image
    parser_googleclouddiskembedded = subparsers.add_parser(
        'googleclouddiskembedded',
        help='Process Google Cloud Persistent Disk with an embedded raw disk '
        'image as Evidence')
    parser_googleclouddiskembedded.add_argument(
        '-e',
        '--embedded_path',
        help=
        'Path within the Persistent Disk that points to the raw image file',
        required=True)
    parser_googleclouddiskembedded.add_argument(
        '-d', '--disk_name', help='Google Cloud name for disk', required=True)
    parser_googleclouddiskembedded.add_argument(
        '-p',
        '--project',
        help='Project that the disk is associated with',
        required=True)
    parser_googleclouddiskembedded.add_argument(
        '-P',
        '--mount_partition',
        default=0,
        type=int,
        help='The partition number to use when mounting this disk.  Defaults to '
        'the entire raw disk.  Only affects mounting, and not what gets '
        'processed.')
    parser_googleclouddiskembedded.add_argument(
        '-z',
        '--zone',
        help='Geographic zone the disk exists in',
        required=True)
    parser_googleclouddiskembedded.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_googleclouddiskembedded.add_argument(
        '-n',
        '--name',
        help='Descriptive name of the evidence',
        required=False)

    # Parser options for Directory evidence type
    parser_directory = subparsers.add_parser(
        'directory', help='Process a directory as Evidence')
    parser_directory.add_argument('-l',
                                  '--local_path',
                                  help='Local path to the evidence',
                                  required=True)
    parser_directory.add_argument(
        '-s',
        '--source',
        help='Description of the source of the evidence',
        required=False)
    parser_directory.add_argument('-n',
                                  '--name',
                                  help='Descriptive name of the evidence',
                                  required=False)

    # List Jobs
    subparsers.add_parser(
        'listjobs',
        help='List all available Jobs. These Job names can be used by '
        '--jobs_whitelist and --jobs_blacklist')

    # PSQ Worker
    parser_psqworker = subparsers.add_parser('psqworker',
                                             help='Run PSQ worker')
    parser_psqworker.add_argument('-S',
                                  '--single_threaded',
                                  action='store_true',
                                  help='Run PSQ Worker in a single thread',
                                  required=False)

    # Celery Worker
    subparsers.add_parser('celeryworker', help='Run Celery worker')

    # Parser options for Turbinia status command
    parser_status = subparsers.add_parser('status',
                                          help='Get Turbinia Task status')
    parser_status.add_argument(
        '-c',
        '--close_tasks',
        action='store_true',
        help='Close tasks based on Request ID or Task ID',
        required=False)
    parser_status.add_argument('-d',
                               '--days_history',
                               default=0,
                               type=int,
                               help='Number of days of history to show',
                               required=False)
    parser_status.add_argument('-f',
                               '--force',
                               help='Gatekeeper for --close_tasks',
                               action='store_true',
                               required=False)
    parser_status.add_argument('-r',
                               '--request_id',
                               help='Show tasks with this Request ID',
                               required=False)
    parser_status.add_argument(
        '-p',
        '--priority_filter',
        default=Priority.HIGH,
        type=int,
        required=False,
        help='This sets what report sections are shown in full detail in '
        'report output.  Any tasks that have set a report_priority value '
        'equal to or lower than this setting will be shown in full detail, and '
        'tasks with a higher value will only have a summary shown.  To see all '
        'tasks report output in full detail, set --priority_filter=100')
    parser_status.add_argument(
        '-R',
        '--full_report',
        help='Generate full markdown report instead of just a summary',
        action='store_true',
        required=False)
    parser_status.add_argument('-t',
                               '--task_id',
                               help='Show task for given Task ID',
                               required=False)
    parser_status.add_argument('-u',
                               '--user',
                               help='Show task for given user',
                               required=False)

    # Server
    subparsers.add_parser('server', help='Run Turbinia Server')

    args = parser.parse_args()
    if args.quiet:
        log.setLevel(logging.ERROR)
    elif args.debug:
        log.setLevel(logging.DEBUG)
    else:
        log.setLevel(logging.INFO)

    log.info('Turbinia version: {0:s}'.format(__version__))

    if args.jobs_whitelist and args.jobs_blacklist:
        log.error(
            'A Job filter whitelist and blacklist cannot be specified at the same '
            'time')
        sys.exit(1)

    filter_patterns = None
    if (args.filter_patterns_file
            and not os.path.exists(args.filter_patterns_file)):
        log.error('Filter patterns file {0:s} does not exist.')
        sys.exit(1)
    elif args.filter_patterns_file:
        try:
            filter_patterns = open(
                args.filter_patterns_file).read().splitlines()
        except IOError as e:
            log.warning('Cannot open file {0:s} [{1!s}]'.format(
                args.filter_patterns_file, e))

    # Client
    config.LoadConfig()
    if args.command not in ('psqworker', 'server'):
        if config.TASK_MANAGER.lower() == 'celery':
            client = TurbiniaCeleryClient()
        elif args.run_local:
            client = TurbiniaClient(run_local=True)
        else:
            client = TurbiniaClient()
    else:
        client = None

    server_flags_set = args.server or args.command == 'server'
    worker_flags_set = args.command in ('psqworker', 'celeryworker')
    if args.run_local and (server_flags_set or worker_flags_set):
        log.error(
            '--run_local flag is not compatible with server/worker flags')
        sys.exit(1)

    if args.run_local and not args.task:
        log.error('--run_local flag requires --task flag')
        sys.exit(1)

    if args.output_dir:
        config.OUTPUT_DIR = args.output_dir
    if args.log_file:
        config.LOG_FILE = args.log_file

    evidence_ = None
    is_cloud_disk = False
    if args.command == 'rawdisk':
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.RawDisk(name=args.name,
                                     local_path=local_path,
                                     mount_partition=args.mount_partition,
                                     source=args.source)
    elif args.command == 'apfs':
        if not args.password and not args.recovery_key:
            log.error('Neither recovery key nor password is specified.')
            sys.exit(1)
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.APFSEncryptedDisk(name=args.name,
                                               local_path=local_path,
                                               recovery_key=args.recovery_key,
                                               password=args.password,
                                               source=args.source)
    elif args.command == 'bitlocker':
        if not args.password and not args.recovery_key:
            log.error('Neither recovery key nor password is specified.')
            sys.exit(1)
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.BitlockerDisk(name=args.name,
                                           local_path=local_path,
                                           recovery_key=args.recovery_key,
                                           password=args.password,
                                           source=args.source)
    elif args.command == 'directory':
        args.name = args.name if args.name else args.local_path
        local_path = os.path.abspath(args.local_path)
        evidence_ = evidence.Directory(name=args.name,
                                       local_path=local_path,
                                       source=args.source)
    elif args.command == 'googleclouddisk':
        is_cloud_disk = True
        args.name = args.name if args.name else args.disk_name
        evidence_ = evidence.GoogleCloudDisk(
            name=args.name,
            disk_name=args.disk_name,
            project=args.project,
            mount_partition=args.mount_partition,
            zone=args.zone,
            source=args.source)
    elif args.command == 'googleclouddiskembedded':
        is_cloud_disk = True
        args.name = args.name if args.name else args.disk_name
        evidence_ = evidence.GoogleCloudDiskRawEmbedded(
            name=args.name,
            disk_name=args.disk_name,
            embedded_path=args.embedded_path,
            mount_partition=args.mount_partition,
            project=args.project,
            zone=args.zone,
            source=args.source)
    elif args.command == 'psqworker':
        # Set up root logger level which is normally set by the psqworker command
        # which we are bypassing.
        logger.setup()
        worker = TurbiniaPsqWorker()
        worker.start()
    elif args.command == 'celeryworker':
        logger.setup()
        worker = TurbiniaCeleryWorker()
        worker.start()
    elif args.command == 'server':
        server = TurbiniaServer(jobs_blacklist=args.jobs_blacklist,
                                jobs_whitelist=args.jobs_whitelist)
        server.start()
    elif args.command == 'status':
        region = config.TURBINIA_REGION
        if args.close_tasks:
            if args.user or args.request_id or args.task_id:
                print(
                    client.close_tasks(instance=config.INSTANCE_ID,
                                       project=config.TURBINIA_PROJECT,
                                       region=region,
                                       request_id=args.request_id,
                                       task_id=args.task_id,
                                       user=args.user,
                                       requester=getpass.getuser()))
                sys.exit(0)
            else:
                log.info(
                    '--close_tasks (-c) requires --user, --request_id, or/and --task_id'
                )
                sys.exit(1)

        if args.wait and args.request_id:
            client.wait_for_request(instance=config.INSTANCE_ID,
                                    project=config.TURBINIA_PROJECT,
                                    region=region,
                                    request_id=args.request_id,
                                    user=args.user,
                                    poll_interval=args.poll_interval)
        elif args.wait and not args.request_id:
            log.info('--wait requires --request_id, which is not specified. '
                     'turbiniactl will exit without waiting.')

        print(
            client.format_task_status(instance=config.INSTANCE_ID,
                                      project=config.TURBINIA_PROJECT,
                                      region=region,
                                      days=args.days_history,
                                      task_id=args.task_id,
                                      request_id=args.request_id,
                                      user=args.user,
                                      all_fields=args.all_fields,
                                      full_report=args.full_report,
                                      priority_filter=args.priority_filter))
    elif args.command == 'listjobs':
        log.info('Available Jobs:')
        client.list_jobs()
    else:
        log.warning('Command {0:s} not implemented.'.format(args.command))

    if evidence_ and not args.force_evidence:
        if config.SHARED_FILESYSTEM and evidence_.cloud_only:
            log.error(
                'The evidence type {0:s} is Cloud only, and this instance of '
                'Turbinia is not a cloud instance.'.format(evidence_.type))
            sys.exit(1)
        elif not config.SHARED_FILESYSTEM and not evidence_.cloud_only:
            log.error(
                'The evidence type {0:s} cannot run on Cloud instances of '
                'Turbinia. Consider wrapping it in a '
                'GoogleCloudDiskRawEmbedded or other Cloud compatible '
                'object'.format(evidence_.type))
            sys.exit(1)

    if is_cloud_disk and evidence_.project != config.TURBINIA_PROJECT:
        msg = (
            'Turbinia project {0:s} is different from evidence project {1:s}. '
            'This processing request will fail unless the Turbinia service '
            'account has permissions to this project.'.format(
                config.TURBINIA_PROJECT, evidence_.project))
        if args.force_evidence:
            log.warning(msg)
        else:
            msg += ' Use --force_evidence if you are sure you want to do this.'
            log.error(msg)
            sys.exit(1)

    # If we have evidence to process and we also want to run as a server, then
    # we'll just process the evidence directly rather than send it through the
    # PubSub frontend interface.  If we're not running as a server then we will
    # create a new TurbiniaRequest and send it over PubSub.
    request = None
    if evidence_ and args.server:
        server = TurbiniaServer()
        server.add_evidence(evidence_)
        server.start()
    elif evidence_:
        request = TurbiniaRequest(request_id=args.request_id)
        request.evidence.append(evidence_)
        if filter_patterns:
            request.recipe['filter_patterns'] = filter_patterns
        if args.jobs_blacklist:
            request.recipe['jobs_blacklist'] = args.jobs_blacklist
        if args.jobs_whitelist:
            request.recipe['jobs_whitelist'] = args.jobs_whitelist
        if args.dump_json:
            print(request.to_json().encode('utf-8'))
        else:
            log.info('Creating request {0:s} with evidence {1:s}'.format(
                request.request_id, evidence_.name))
            log.info(
                'Run command "turbiniactl status -r {0:s}" to see the status of'
                ' this request and associated tasks'.format(
                    request.request_id))
            if not args.run_local:
                client.send_request(request)
            else:
                log.debug(
                    '--run_local specified so not sending request to server')

        if args.wait:
            log.info('Waiting for request {0:s} to complete'.format(
                request.request_id))
            region = config.TURBINIA_REGION
            client.wait_for_request(instance=config.INSTANCE_ID,
                                    project=config.TURBINIA_PROJECT,
                                    region=region,
                                    request_id=request.request_id,
                                    poll_interval=args.poll_interval)
            print(
                client.format_task_status(instance=config.INSTANCE_ID,
                                          project=config.TURBINIA_PROJECT,
                                          region=region,
                                          request_id=request.request_id,
                                          all_fields=args.all_fields))

    if args.run_local and not evidence_:
        log.error('Evidence must be specified if using --run_local')
        sys.exit(1)
    if args.run_local and evidence_.cloud_only:
        log.error('--run_local cannot be used with Cloud only Evidence types')
        sys.exit(1)
    if args.run_local and evidence_:
        result = client.run_local_task(args.task, request)
        log.info('Task execution result: {0:s}'.format(result))

    log.info('Done.')
    sys.exit(0)