def clone(args): config = load_config_env(args.file, args.env) target = load_config_env(args.file, args.target) if config["token"] is None or config["token"] == "": raise Exception( "Token not provided, cannot retrieve information from the origin to clone" ) if target["token"] is None or target["token"] == "": raise Exception( "Token not provided, cannot retrieve information of the destination to override" ) if config["kind"] != target["kind"]: raise Exception("Origin and destination env types are not compatible") if config["kind"] == "monitor": origin = SdMonitorClient(config["token"], config["url"]) destination = SdMonitorClient(target["token"], target["url"]) ok = clone_all_monitor(origin, destination) if ok: print("Clone complete") if config["kind"] == "secure": origin = SdSecureClient(config["token"], config["url"]) origin = SdSecureClient(target["token"], target["url"]) ok = clone_all_secure(origin, destination)
def check(args): if not os.path.isdir(args.path): raise NotADirectoryError(f"{args.path} is not a correct directory") print("Checking if there are remote changes...") config = load_config_env(args.file, args.env) token = config["token"] kind = config["kind"] url = config["url"] if token is None or token == "": raise Exception("Token not provided, can't perform check") if kind == "monitor": something_changed = check_monitor(SdMonitorClient(token, url), args.path) exit(0 if not something_changed else 1) if kind == "secure": something_changed = check_secure(SdSecureClient(token, url), args.path) exit(0 if not something_changed else 1) print(f"unknown kind of remote environment: {kind}") exit(2)
def policy(args): config = load_config_env(args.file, args.env) if config["token"] is None or config["token"] == "": raise Exception("Token was not provided") if config["kind"] != "secure": raise Exception("Selected environment is not Sysdig Secure") sdsecure = SdSecureClient(config["token"], config["url"]) show_policies(sdsecure)
def restore_secure(sdsecure: SdSecureClient, path: AnyStr): sdsecure.drop_policies() ok, res = sdsecure.restore_policies_from( os.path.join(path, BACKUP_RESTORE_FILES.POLICIES)) if not ok: print('Error restoring policies: ', res) return EXIT_CODES.ERR_RESTORING_POLICIES ok, res = sdsecure.restore_teams_from( os.path.join(path, BACKUP_RESTORE_FILES.TEAMS_SECURE)) if not ok: print('Error restoring monitor teams: ', res) return EXIT_CODES.ERR_RESTORING_TEAMS ok, res = sdsecure.restore_user_falco_rules_from( os.path.join(path, BACKUP_RESTORE_FILES.USER_FALCO_RULES)) if not ok: print('Error restoring user falco rules: ', res) return EXIT_CODES.ERR_RESTORING_FALCO_USER_RULES return EXIT_CODES.OK
def policies(args): config = load_config_env(args.file, args.env) if config["token"] is None or config["token"] == "": raise Exception("Token not provided, cannot delete policies") if config["kind"] != "secure": raise Exception("Selected environment is not Sysdig Secure") sdsecure = SdSecureClient(config["token"], config["url"]) res = delete_policies(sdsecure, ids=args.ids) if res == EXIT_CODES.OK: print(f"Deleted policies: {args.ids}")
def show_policies(sdsecure: SdSecureClient): ok, data = sdsecure.list_policies() if not ok: print(data) return EXIT_CODES.ERR_METHOD_NOT_FOUND print("%-6s %-100s %-8s %-15s %-7s" % ("ID", "NAME", "SEVERITY", "AUTOCREATED", "NOTIFICATION")) for policy in data['policies']: print("%-6d %-100s %-8s %-15s %-7s" % (policy['id'], policy['name'].strip(), policy['severity'], 'yes' if policy['isBuiltin'] else 'no', len(policy['notificationChannelIds']))) return EXIT_CODES.OK
def backup(args): if not os.path.isdir(args.path): raise NotADirectoryError(f"{args.path} is not a correct directory") config = load_config_env(args.file, args.env) if config["token"] is None or config["token"] == "": raise Exception("Token not provided, can't perform Backup") if config["kind"] == "monitor": sdmonitor = SdMonitorClient(config["token"], config["url"]) if backup_monitor(sdmonitor, args.path) != EXIT_CODES.OK: print("There has been an error creating the Monitor backup") return if config["kind"] == "secure": sdsecure = SdSecureClient(config["token"], config["url"]) if backup_secure(sdsecure, args.path) != EXIT_CODES.OK: print("There has been an error creating the Secure backup") return raise Exception(f"Unknown kind {config['kind']}")
def restore(args): if not os.path.isdir(args.path): raise NotADirectoryError(f"{args.path} is not a correct directory") config = load_config_env(args.file, args.env) if config["token"] is None: raise Exception("Token not provided, can't perform restore") if config["kind"] == "monitor": sdmonitor = SdMonitorClient(config["token"], config["url"]) if restore_monitor(sdmonitor, args.path, all_users=args.all_users) != EXIT_CODES.OK: print("There has been an error restoring Monitor") return if config["kind"] == "secure": sdsecure = SdSecureClient(config["token"], config["url"]) if restore_secure(sdsecure, args.path) != EXIT_CODES.OK: print("There has been an error restoring Secure") return raise Exception(f"Unknown kind {config['kind']}")