Methods/examples to set/get falco rules files

Add the following methods to the python client:

 - {get,set}_default_falco_rules_files: a wrapper around the api endpoint
   /api/settings/defaultRulesFiles, handling PUT and GET.
 - load_default_falco_rules_files: load a collection of files on disk
   with a documented structure, returning a dict suitable for use in
   set_default_falco_rules_files()
 - save_default_falco_rules_files: given a dict from
   get_default_falco_rules_files, save it to a collection of files on disk
   with a documented structure

Also add example programs
{set,get}_secure_default_falco_rules.py. get_... has the ability to
either print the returned set of files directly or save them using a
--save <root dir path> option. Similarly, set_ has a --load <root dir
path> option to load files from disk to a dict for the PUT
/api/settings/defaultRulesFiles.

set_ also has some easier-to-use command line options that allow
setting a single file and tag.

Author: mstemm

examples/get_secure_default_falco_rules_files.py

@@ -0,0 +1,70 @@
+#!/usr/bin/env python
+#
+# Get the sysdig secure default rules files.
+#
+# The _files programs and endpoints are a replacement for the
+# system_file endpoints and allow for publishing multiple files
+# instead of a single file as well as publishing multiple variants of
+# a given file that are compatible with different agent versions.
+#
+
+import os
+import sys
+import pprint
+import getopt
+import shutil
+sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(sys.argv[0])), '..'))
+from sdcclient import SdSecureClient
+
+#
+# Parse arguments
+#
+def usage():
+    print 'usage: %s [-s|--save <path>] <sysdig-token>' % sys.argv[0]
+    print '-s|--save: save the retrieved files to a set of files below <path> using save_default_rules_files().'
+    print 'You can find your token at https://secure.sysdig.com/#/settings/user'
+    sys.exit(1)
+
+try:
+    opts, args = getopt.getopt(sys.argv[1:],"s:",["save="])
+except getopt.GetoptError:
+    usage()
+
+save_dir = ""
+for opt, arg in opts:
+    if opt in ("-s", "--save"):
+        save_dir = arg
+
+#
+# Parse arguments
+#
+if len(args) != 1:
+    usage()
+
+sdc_token = args[0]
+
+#
+# Instantiate the SDC client
+#
+sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
+
+#
+# Get the configuration
+#
+res = sdclient.get_default_falco_rules_files()
+
+#
+# Return the result
+#
+if res[0]:
+    if save_dir == "":
+        pp = pprint.PrettyPrinter(indent=4)
+        pp.pprint(res[1])
+    else:
+        print "Saving falco rules files below {}...".format(save_dir)
+        sres = sdclient.save_default_falco_rules_files(res[1], save_dir)
+        if not sres[0]:
+            print sres[1]
+else:
+    print res[1]
+    sys.exit(1)

examples/set_secure_default_falco_rules_files.py

@@ -0,0 +1,104 @@
+#!/usr/bin/env python
+#
+# Set the sysdig secure default rules files.
+#
+# The _files programs and endpoints are a replacement for the
+# system_file endpoints and allow for publishing multiple files
+# instead of a single file as well as publishing multiple variants of
+# a given file that are compatible with different agent versions.
+#
+
+import os
+import sys
+import pprint
+import getopt
+import shutil
+import yaml
+sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(sys.argv[0])), '..'))
+from sdcclient import SdSecureClient
+
+#
+# Parse arguments
+#
+def usage():
+    print 'usage: %s [-l|--load <path>] [-t|--tag <tag>] [-c|--content <content>] <sysdig-token>' % sys.argv[0]
+    print '-l|--load: load the files to set from a set of files below <path> using load_default_rules_files().'
+    print '-t|--tag: Set a tag for the set of files'
+    print '-c|--content: the (single) file to set'
+    print 'if --load is specified, neither --tag nor --content can be specified'
+    print 'You can find your token at https://secure.sysdig.com/#/settings/user'
+    sys.exit(1)
+
+try:
+    opts, args = getopt.getopt(sys.argv[1:],"l:t:n:c:",["load=","tag=","name=","content="])
+except getopt.GetoptError:
+    usage()
+
+load_dir = ""
+tag = ""
+cpath = ""
+for opt, arg in opts:
+    if opt in ("-l", "--load"):
+        load_dir = arg
+    elif opt in ("-t", "--tag"):
+        tag = arg
+    elif opt in ("-c", "--content"):
+        cpath = arg
+
+if load_dir != "" and (tag != "" or cpath != ""):
+    usage()
+#
+# Parse arguments
+#
+if len(args) != 1:
+    usage()
+
+sdc_token = args[0]
+
+#
+# Instantiate the SDC client
+#
+sdclient = SdSecureClient(sdc_token, 'https://secure.sysdig.com')
+
+files_obj = {}
+if load_dir != "":
+    print "Loading falco rules files from {}...".format(load_dir)
+    res = sdclient.load_default_falco_rules_files(load_dir)
+    if res[0]:
+        files_obj = res[1]
+    else:
+        print res[1]
+        sys.exit(1)
+else:
+    with open(cpath, 'r') as content_file:
+        content = content_file.read()
+        required_engine_version = 0
+        cyaml = yaml.load(content)
+        for obj in cyaml:
+            if "required_engine_version" in obj:
+                try:
+                    required_engine_version = int(obj["required_engine_version"])
+                except ValueError:
+                    print("Required engine version \"{}\" in content {} must be a number".format(obj["required_engine_version"], cpath))
+                    sys.exit(1)
+        files_obj = {
+            "tag": tag,
+            "files": [{
+                "name": os.path.basename(cpath),
+                "variants": {
+                    "required_engine_version": required_engine_version,
+                    "content": content
+                }
+            }]
+        }
+
+res = sdclient.set_default_falco_rules_files(files_obj)
+
+#
+# Return the result
+#
+if res[0]:
+    print 'default falco rules files set successfully'
+else:
+    print res[1]
+    sys.exit(1)