Merge pull request #10 from banyansecurity/events-v2-controller

Todd Radel · web-flow · commit 68735e789175 · 2020-11-02T14:37:22.000-05:00
[WIP] adding controller for events API v2
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,5 @@
 language: python
 python:
-- '3.6'
 - '3.7'
 - '3.8'
 install:
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
 
 ## Prerequisites
-Python 3.6, 3.7, or 3.8 must be installed.
+Python 3.7 or 3.8 must be installed.
 
 ## Installation 
 ### Installing the easy way
diff --git a/banyan/api/__init__.py b/banyan/api/__init__.py
@@ -12,6 +12,7 @@
 
 from banyan.api.attachment import AttachmentAPI
 from banyan.api.device import DeviceAPI
+from banyan.api.event_v2 import EventV2API
 from banyan.api.netagent import NetagentAPI
 from banyan.api.policy import PolicyAPI
 from banyan.api.role import RoleAPI
@@ -94,6 +95,7 @@ def __init__(self, api_server_url: str = None, refresh_token: str = None, debug:
         self._agents = NetagentAPI(self)
         self._users = UserAPI(self)
         self._devices = DeviceAPI(self)
+        self._events = EventV2API(self)
 
     # noinspection PyMethodMayBeStatic
     def _normalize_url(self, url: str) -> str:
@@ -138,6 +140,9 @@ def _request(self, method: str, url: str, params: Dict[str, str] = None, data: A
                 if 'Message' in content:
                     raise BanyanError(f'{response.status_code} Client Error: {response.reason} for '
                                       f'url: {response.url}: {content["Message"]}')
+                elif 'error' in content:
+                    raise BanyanError(f'{response.status_code} Client Error: {response.reason} for '
+                                      f'url: {response.url}: {content["error_code"]}: {content["error"]}')
             except ValueError:
                 raise BanyanError(f'{response.status_code} Client Error: {response.reason} for url: {response.url}')
         return response
@@ -295,6 +300,10 @@ def devices(self) -> DeviceAPI:
         """
         return self._devices
 
+    @property
+    def events(self) -> EventV2API:
+        return self._events
+
 
 if __name__ == '__main__':
     logging.basicConfig(level=logging.DEBUG)
diff --git a/banyan/api/event_v2.py b/banyan/api/event_v2.py
@@ -0,0 +1,58 @@
+import sys
+import logging
+from typing import List
+from datetime import datetime
+
+from banyan.api.base import ServiceBase, Resource
+from banyan.model import BanyanApiObject
+from banyan.model.event_v2 import EventV2, EventOrID
+
+
+class EventV2API(ServiceBase):
+    class Meta:
+        data_class = EventV2
+        info_class = EventV2
+        arg_type = EventOrID
+        list_uri = '/events'
+        uri_param = 'EventID'
+        obj_name = 'event'
+        supports_paging = False
+
+    def create(self, obj: BanyanApiObject) -> str:
+        raise NotImplementedError('The Banyan API does not support this operation')
+
+    def update(self, obj: BanyanApiObject) -> str:
+        raise NotImplementedError('The Banyan API does not support this operation')
+
+    def delete(self, obj: BanyanApiObject) -> str:
+        raise NotImplementedError('The Banyan API does not support this operation')
+
+    def list(self, before_dt: datetime = None, after_dt: datetime = None, order: str = None,
+             event_type: str = None, subtype: str = None, action: str = None,
+             email_address: str = None, device_id: str = None, device_serial: str = None,
+             container_id: str = None, service_name: str = None, event_id: str = None) -> list:
+        args = [
+            (before_dt, 'before', lambda: int(before_dt.timestamp() * 1000)),
+            (after_dt, 'after', lambda: int(after_dt.timestamp() * 1000)),
+            (order, 'order', order),
+            (event_type, 'type', event_type),
+            (subtype, 'sub_type', subtype),
+            (action, 'action', action),
+            (email_address, 'user_email', email_address),
+            (device_id, 'device_id', device_id),
+            (device_serial, 'serialnumber', device_serial),
+            (container_id, 'workload_container_id', container_id),
+            (service_name, 'service_name', service_name),
+            (event_id, 'id', event_id),
+        ]
+        params = dict()
+        for arg, key, val in args:
+            if arg:
+                params[key] = val
+
+        print(params, file=sys.stderr)
+        response_json = self._client.api_request('GET', self.Meta.list_uri, params=params)
+        response_json = response_json['data']
+        data: List[Resource] = self.Meta.info_class.Schema().load(response_json, many=True)
+        self._build_cache(data)
+        return data
diff --git a/banyan/controllers/event.py b/banyan/controllers/event.py
@@ -1,23 +1,90 @@
+from datetime import datetime
+from typing import List
+
 from cement import Controller, ex
 
+from banyan.api.event_v2 import EventV2API
+from banyan.model.event_v2 import EventV2, EventV2Type, EventV2Subtype
+
 
-class EventV1Controller(Controller):
+class EventV2Controller(Controller):
     class Meta:
         label = 'event'
         stacked_type = 'nested'
         stacked_on = 'base'
         help = 'report on security and audit events'
 
-    # @property
-    # def _client(self) -> RoleAPI:
-    #     return self.app.client.roles
+    @property
+    def _client(self) -> EventV2API:
+        return self.app.client.events
 
-    # TODO: implement /security_events
-    @ex(help='list events')
+    @ex(help='list events',
+        arguments=[
+            (['--type'],
+             {
+                 'help': 'Filters events of one event type.',
+                 'choices': EventV2Type.choices(),
+             }),
+            (['--subtype'],
+             {
+                 'help': 'Filters events of one subtype (conditionally depends on type).',
+                 'choices': EventV2Subtype.choices(),
+             }),
+            (['--action'],
+             {
+                 'help': 'Filters events by one of the possible event action values (e.g. "grant", "deny").',
+             }),
+            (['--email'],
+             {
+                 'help': 'Filters events associated with a single user, based on their email address.',
+             }),
+            (['--device-id'],
+             {
+                 'help': 'Filters events associated with a single device, based on its device ID.',
+             }),
+            (['--serial-number'],
+             {
+                 'help': 'Filters events associated with a single device, based on its serial number.',
+             }),
+            (['--container-id'],
+             {
+                 'help': 'Filters events associated with a single workload, based on its container ID.',
+             }),
+            (['--service-name'],
+             {
+                 'help': 'Filters events associated with a single service, based on its service name.',
+             }),
+            (['--event-id'],
+             {
+                 'help': 'Retrieve a single event based on its event ID.',
+             }),
+            (['--before'],
+             {
+                 'help': 'Filters events that occurred before a specific time.',
+                 'type': datetime.fromisoformat,
+             }),
+            (['--after'],
+             {
+                 'help': 'Filters events that occurred after a specific time.',
+                 'type': datetime.fromisoformat,
+             }),
+            (['--order'],
+             {
+                 'help': 'Sets the order for returned events based on created_at timestamp. Supported values '
+                         'ASC, DESC. Default is DESC.',
+                 'choices': ('ASC', 'DESC')
+             }),
+        ]
+        )
     def list(self):
-        pass
-
-    # TODO: implement /security_events_type_count
-    @ex(help='show summary of events in database')
-    def summary(self):
-        pass
+        events: List[EventV2] = self._client.list(before_dt=self.app.pargs.before, after_dt=self.app.pargs.after,
+                                                  order=self.app.pargs.order, event_type=self.app.pargs.type,
+                                                  subtype=self.app.pargs.subtype,
+                                                  action=self.app.pargs.action, email_address=self.app.pargs.email,
+                                                  device_id=self.app.pargs.device_id,
+                                                  device_serial=self.app.pargs.serial_number,
+                                                  container_id=self.app.pargs.container_id,
+                                                  service_name=self.app.pargs.service_name,
+                                                  event_id=self.app.pargs.event_id)
+        event_json = EventV2.Schema().dump(events, many=True)
+        self.app.render(event_json, handler='json', indent=2, sort_keys=True)
diff --git a/banyan/main.py b/banyan/main.py
@@ -1,11 +1,13 @@
+import logging
+
 from cement import App, TestApp, init_defaults
 from cement.core.exc import CaughtSignal
 
 from banyan.api import BanyanApiClient
 from banyan.controllers.admin import AdminController
 from banyan.controllers.base import Base
 from banyan.controllers.device import DeviceController
-from banyan.controllers.event import EventV1Controller
+from banyan.controllers.event import EventV2Controller
 from banyan.controllers.netagent import NetagentController
 from banyan.controllers.policy import PolicyController
 from banyan.controllers.role import RoleController
@@ -27,6 +29,11 @@ def extend_client(app: App) -> None:
     app.extend('client', client)
 
 
+def set_logging(app: App) -> None:
+    if app.debug:
+        logging.basicConfig(level=logging.DEBUG)
+
+
 class MyApp(App):
     """Banyan CLI primary application."""
 
@@ -51,7 +58,8 @@ class Meta:
         ]
 
         hooks = [
-            ('post_setup', extend_client)
+            ('post_setup', extend_client),
+            ('post_setup', set_logging)
         ]
 
         # configuration handler
@@ -77,7 +85,7 @@ class Meta:
             UserController,
             DeviceController,
             AdminController,
-            EventV1Controller
+            EventV2Controller
         ]
 
 
diff --git a/setup.py b/setup.py
@@ -21,7 +21,7 @@
     packages=find_packages(exclude=['ez_setup', 'tests*']),
     package_data={'banyan': ['templates/*']},
     include_package_data=True,
-    python_requires='~=3.6',
+    python_requires='~=3.7',
     install_requires=[
         'dnspython',
         'marshmallow',

-Original file line number
+Diff line change
@@ @@ -1,6 +1,5 @@ @@
 language: python
 python:
 -- '3.6'
 - '3.7'
 - '3.8'
 install: