def clone(args):
config = load_config_env(args.file, args.env)
target = load_config_env(args.file, args.target)
if config["token"] is None or config["token"] == "":
raise Exception(
"Token not provided, cannot retrieve information from the origin to clone"
)
if target["token"] is None or target["token"] == "":
raise Exception(
"Token not provided, cannot retrieve information of the destination to override"
)
if config["kind"] != target["kind"]:
raise Exception("Origin and destination env types are not compatible")
if config["kind"] == "monitor":
origin = SdMonitorClient(config["token"], config["url"])
destination = SdMonitorClient(target["token"], target["url"])
ok = clone_all_monitor(origin, destination)
if ok:
print("Clone complete")
if config["kind"] == "secure":
origin = SdSecureClient(config["token"], config["url"])
origin = SdSecureClient(target["token"], target["url"])
ok = clone_all_secure(origin, destination)
def check(args):
if not os.path.isdir(args.path):
raise NotADirectoryError(f"{args.path} is not a correct directory")
print("Checking if there are remote changes...")
config = load_config_env(args.file, args.env)
token = config["token"]
kind = config["kind"]
url = config["url"]
if token is None or token == "":
raise Exception("Token not provided, can't perform check")
if kind == "monitor":
something_changed = check_monitor(SdMonitorClient(token, url),
args.path)
exit(0 if not something_changed else 1)
if kind == "secure":
something_changed = check_secure(SdSecureClient(token, url), args.path)
exit(0 if not something_changed else 1)
print(f"unknown kind of remote environment: {kind}")
exit(2)
def policy(args):
config = load_config_env(args.file, args.env)
if config["token"] is None or config["token"] == "":
raise Exception("Token was not provided")
if config["kind"] != "secure":
raise Exception("Selected environment is not Sysdig Secure")
sdsecure = SdSecureClient(config["token"], config["url"])
show_policies(sdsecure)
def restore_secure(sdsecure: SdSecureClient, path: AnyStr):
sdsecure.drop_policies()
ok, res = sdsecure.restore_policies_from(
os.path.join(path, BACKUP_RESTORE_FILES.POLICIES))
if not ok:
print('Error restoring policies: ', res)
return EXIT_CODES.ERR_RESTORING_POLICIES
ok, res = sdsecure.restore_teams_from(
os.path.join(path, BACKUP_RESTORE_FILES.TEAMS_SECURE))
if not ok:
print('Error restoring monitor teams: ', res)
return EXIT_CODES.ERR_RESTORING_TEAMS
ok, res = sdsecure.restore_user_falco_rules_from(
os.path.join(path, BACKUP_RESTORE_FILES.USER_FALCO_RULES))
if not ok:
print('Error restoring user falco rules: ', res)
return EXIT_CODES.ERR_RESTORING_FALCO_USER_RULES
return EXIT_CODES.OK
def policies(args):
config = load_config_env(args.file, args.env)
if config["token"] is None or config["token"] == "":
raise Exception("Token not provided, cannot delete policies")
if config["kind"] != "secure":
raise Exception("Selected environment is not Sysdig Secure")
sdsecure = SdSecureClient(config["token"], config["url"])
res = delete_policies(sdsecure, ids=args.ids)
if res == EXIT_CODES.OK:
print(f"Deleted policies: {args.ids}")
def show_policies(sdsecure: SdSecureClient):
ok, data = sdsecure.list_policies()
if not ok:
print(data)
return EXIT_CODES.ERR_METHOD_NOT_FOUND
print("%-6s %-100s %-8s %-15s %-7s" %
("ID", "NAME", "SEVERITY", "AUTOCREATED", "NOTIFICATION"))
for policy in data['policies']:
print("%-6d %-100s %-8s %-15s %-7s" %
(policy['id'], policy['name'].strip(), policy['severity'],
'yes' if policy['isBuiltin'] else 'no',
len(policy['notificationChannelIds'])))
return EXIT_CODES.OK
def backup(args):
if not os.path.isdir(args.path):
raise NotADirectoryError(f"{args.path} is not a correct directory")
config = load_config_env(args.file, args.env)
if config["token"] is None or config["token"] == "":
raise Exception("Token not provided, can't perform Backup")
if config["kind"] == "monitor":
sdmonitor = SdMonitorClient(config["token"], config["url"])
if backup_monitor(sdmonitor, args.path) != EXIT_CODES.OK:
print("There has been an error creating the Monitor backup")
return
if config["kind"] == "secure":
sdsecure = SdSecureClient(config["token"], config["url"])
if backup_secure(sdsecure, args.path) != EXIT_CODES.OK:
print("There has been an error creating the Secure backup")
return
raise Exception(f"Unknown kind {config['kind']}")
def restore(args):
if not os.path.isdir(args.path):
raise NotADirectoryError(f"{args.path} is not a correct directory")
config = load_config_env(args.file, args.env)
if config["token"] is None:
raise Exception("Token not provided, can't perform restore")
if config["kind"] == "monitor":
sdmonitor = SdMonitorClient(config["token"], config["url"])
if restore_monitor(sdmonitor, args.path,
all_users=args.all_users) != EXIT_CODES.OK:
print("There has been an error restoring Monitor")
return
if config["kind"] == "secure":
sdsecure = SdSecureClient(config["token"], config["url"])
if restore_secure(sdsecure, args.path) != EXIT_CODES.OK:
print("There has been an error restoring Secure")
return
raise Exception(f"Unknown kind {config['kind']}")