22import time
33
44from sdcclient ._common import _SdcCommon
5- from sdcclient .secure import FalcoRulesFilesClientOld , PolicyEventsClientV1 , PolicyEventsClientOld
5+ from sdcclient .secure import FalcoRulesFilesClientOld , PolicyEventsClientV1 , PolicyEventsClientOld , PolicyClientV2
66
77
88class SdSecureClient (FalcoRulesFilesClientOld ,
99 PolicyEventsClientV1 ,
1010 PolicyEventsClientOld ,
11+ PolicyClientV2 ,
1112 _SdcCommon ):
1213 def __init__ (self , token = "" , sdc_url = 'https://secure.sysdig.com' , ssl_verify = True , custom_headers = None ):
1314 super (SdSecureClient , self ).__init__ (token , sdc_url , ssl_verify , custom_headers )
@@ -25,283 +26,6 @@ def policy_v2(self):
2526 self ._policy_v2 = res .status_code != 404
2627 return self ._policy_v2
2728
28- def create_default_policies (self ):
29- '''**Description**
30- Create new policies based on the currently available set of rules. For now, this only covers Falco rules, but we might extend
31- the endpoint later. The backend should use the defaultPolicies property of a previously provided FalcoRulesFiles model as
32- guidance on the set of policies to create. The backend should only create new policies (not delete or modify), and should only
33- create new policies if there is not an existing policy with the same name.
34-
35- **Arguments**
36- - None
37-
38- **Success Return Value**
39- JSON containing details on any new policies that were added.
40-
41- **Example**
42- `examples/create_default_policies.py <https://github.com/draios/python-sdc-client/blob/master/examples/create_default_policies.py>`_
43-
44- '''
45- res = self .http .post (self .url + '/api/v2/policies/default' , headers = self .hdrs , verify = self .ssl_verify )
46- return self ._request_result (res )
47-
48- def delete_all_policies (self ):
49- '''**Description**
50- Delete all existing policies. The falco rules file is unchanged.
51-
52- **Arguments**
53- - None
54-
55- **Success Return Value**
56- The string "Policies Deleted"
57-
58- **Example**
59- `examples/delete_all_policies.py <https://github.com/draios/python-sdc-client/blob/master/examples/delete_all_policies.py>`_
60-
61- '''
62- ok , res = self .list_policies ()
63- if not ok :
64- return False , res
65-
66- for policy in res :
67- ok , res = self .delete_policy_id (policy ["id" ])
68- if not ok :
69- return False , res
70-
71- return True , "Policies Deleted"
72-
73- def list_policies (self ):
74- '''**Description**
75- List the current set of policies.
76-
77- **Arguments**
78- - None
79-
80- **Success Return Value**
81- A JSON object containing the number and details of each policy.
82-
83- **Example**
84- `examples/list_policies.py <https://github.com/draios/python-sdc-client/blob/master/examples/list_policies.py>`_
85-
86- '''
87- res = self .http .get (self .url + '/api/v2/policies' , headers = self .hdrs , verify = self .ssl_verify )
88- return self ._request_result (res )
89-
90- def get_policy (self , name ):
91- '''**Description**
92- Find the policy with name <name> and return its json description.
93-
94- **Arguments**
95- - name: the name of the policy to fetch
96-
97- **Success Return Value**
98- A JSON object containing the description of the policy. If there is no policy with
99- the given name, returns False.
100-
101- **Example**
102- `examples/get_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/get_policy.py>`_
103-
104- '''
105- ok , res = self .list_policies ()
106- if not ok :
107- return [False , res ]
108- policies = res
109-
110- # Find the policy with the given name and return it.
111- for policy in policies :
112- if policy ["name" ] == name :
113- return [True , policy ]
114-
115- return [False , "No policy with name {}" .format (name )]
116-
117- def get_policy_id (self , id ):
118- '''**Description**
119- Find the policy with id <id> and return its json description.
120-
121- **Arguments**
122- - id: the id of the policy to fetch
123-
124- **Success Return Value**
125- A JSON object containing the description of the policy. If there is no policy with
126- the given name, returns False.
127- '''
128- res = self .http .get (self .url + '/api/v2/policies/{}' .format (id ), headers = self .hdrs , verify = self .ssl_verify )
129- return self ._request_result (res )
130-
131- def add_policy (self , name , description , rule_names = [], actions = [], scope = None , severity = 0 , enabled = True ,
132- notification_channels = []):
133- '''**Description**
134- Add a new policy.
135-
136- **Arguments**
137- - name: A short name for the policy
138- - description: Description of policy
139- - rule_names: Array of rule names. (They must be names instead of ids, as the rules list view is by name, to account for multiple rules having the same name).
140- - actions: It can be a stop, pause and/or capture action
141- - scope: Where the policy is being applied- Container, Host etc.. (example: "container.image.repository = sysdig/agent")
142- - enabled: True if the policy should be considered
143- - severity: How severe is this policy when violated. Range from 0 to 7 included.
144- - notification_channels: ids of the notification channels to subscribe to the policy
145-
146- **Success Return Value**
147- The string "OK"
148- '''
149- policy = {
150- "name" : name ,
151- "description" : description ,
152- "ruleNames" : rule_names ,
153- "actions" : actions ,
154- "scope" : scope ,
155- "severity" : severity ,
156- "enabled" : enabled ,
157- "notificationChannelIds" : notification_channels
158- }
159- res = self .http .post (self .url + '/api/v2/policies' , headers = self .hdrs , data = json .dumps (policy ),
160- verify = self .ssl_verify )
161- return self ._request_result (res )
162-
163- def add_policy_json (self , policy_json ):
164- '''**Description**
165- Add a new policy using the provided json.
166-
167- **Arguments**
168- - policy_json: a description of the new policy
169-
170- **Success Return Value**
171- The string "OK"
172-
173- **Example**
174- `examples/add_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/add_policy.py>`_
175-
176- '''
177-
178- try :
179- policy_obj = json .loads (policy_json )
180- if "origin" in policy_obj :
181- del policy_obj ["origin" ]
182- except Exception as e :
183- return [False , "policy json is not valid json: {}" .format (str (e ))]
184-
185- res = self .http .post (self .url + '/api/v2/policies' , headers = self .hdrs , data = json .dumps (policy_obj ),
186- verify = self .ssl_verify )
187- return self ._request_result (res )
188-
189- def update_policy (self , id , name = None , description = None , rule_names = None , actions = None , scope = None ,
190- severity = None , enabled = None , notification_channels = None ):
191- '''**Description**
192- Update policy with the provided values.
193-
194- **Arguments**
195- - id: the id of the policy to update
196- - name: A short name for the policy
197- - description: Description of policy
198- - rule_names: Array of rule names. (They must be names instead of ids, as the rules list view is by name, to account for multiple rules having the same name).
199- - actions: It can be a stop, pause and/or capture action
200- - scope: Where the policy is being applied- Container, Host etc.. (example: "container.image.repository = sysdig/agent")
201- - enabled: True if the policy should be considered
202- - severity: How severe is this policy when violated. Range from 0 to 7 included.
203- - notification_channels: ids of the notification channels to subscribe to the policy
204-
205- **Success Return Value**
206- The string "OK"
207- '''
208- ok , res = self .get_policy_id (id )
209- if not ok :
210- return [False , res ]
211- policy = res
212-
213- if name is not None :
214- policy ["name" ] = name
215- if description is not None :
216- policy ["description" ] = description
217- if rule_names is not None :
218- policy ["ruleNames" ] = rule_names
219- if actions is not None :
220- policy ["actions" ] = actions
221- if scope is not None :
222- policy ["scope" ] = scope
223- if severity is not None :
224- policy ["severity" ] = severity
225- if enabled is not None :
226- policy ["enabled" ] = enabled
227- if notification_channels is not None :
228- policy ["notificationChannelIds" ] = notification_channels
229-
230- res = self .http .put (self .url + '/api/v2/policies/{}' .format (id ), headers = self .hdrs , data = json .dumps (policy ),
231- verify = self .ssl_verify )
232- return self ._request_result (res )
233-
234- def update_policy_json (self , policy_json ):
235- '''**Description**
236- Update an existing policy using the provided json. The 'id' field from the policy is
237- used to determine which policy to update.
238-
239- **Arguments**
240- - policy_json: a description of the new policy
241-
242- **Success Return Value**
243- The string "OK"
244-
245- **Example**
246- `examples/update_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/update_policy.py>`_
247-
248- '''
249- try :
250- policy_obj = json .loads (policy_json )
251- if "origin" in policy_obj :
252- del policy_obj ["origin" ]
253- except Exception as e :
254- return [False , "policy json is not valid json: {}" .format (str (e ))]
255-
256- if "id" not in policy_obj :
257- return [False , "Policy Json does not have an 'id' field" ]
258-
259- res = self .http .put (self .url + '/api/v2/policies/{}' .format (policy_obj ["id" ]), headers = self .hdrs ,
260- data = json .dumps (policy_obj ), verify = self .ssl_verify )
261- return self ._request_result (res )
262-
263- def delete_policy_name (self , name ):
264- '''**Description**
265- Delete the policy with the given name.
266-
267- **Arguments**
268- - name: the name of the policy to delete
269-
270- **Success Return Value**
271- The JSON object representing the now-deleted policy.
272-
273- **Example**
274- `examples/delete_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/delete_policy.py>`_
275-
276- '''
277- ok , res = self .list_policies ()
278- if not ok :
279- return [False , res ]
280-
281- # Find the policy with the given name and delete it
282- for policy in res :
283- if policy ["name" ] == name :
284- return self .delete_policy_id (policy ["id" ])
285-
286- return [False , "No policy with name {}" .format (name )]
287-
288- def delete_policy_id (self , id ):
289- '''**Description**
290- Delete the policy with the given id
291-
292- **Arguments**
293- - id: the id of the policy to delete
294-
295- **Success Return Value**
296- The JSON object representing the now-deleted policy.
297-
298- **Example**
299- `examples/delete_policy.py <https://github.com/draios/python-sdc-client/blob/master/examples/delete_policy.py>`_
300-
301- '''
302- res = self .http .delete (self .url + '/api/v2/policies/{}' .format (id ), headers = self .hdrs , verify = self .ssl_verify )
303- return self ._request_result (res )
304-
30529 def list_rules (self ):
30630 '''**Description**
30731 Returns the list of rules in the system. These are grouped by name
0 commit comments