lacework / go-sdk Goto Github PK
View Code? Open in Web Editor NEWA set of tools and libraries written in Go to interact with the Lacework platform.
License: Apache License 2.0
go-sdk's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
afiune divyang-soni satellite15 nogginn edwardt ryan-sheldrake ipcrm chi-dev-2021 lhasadreams andrewelizondo jefferyfry larryebaum-nz nathanawmk iancrichardson oluseyipaper jbonner7 aircraft-cerier th1983 hal-y nschmeller j-c-b credibleforce jamfish circlecigo-sdk's Issues
feat(cli): return error message when showing non-existing integration
As a Lacework CLI user,
I want consistency when trying to show the details of a non-existing integration,
So that I can use this tool to automate my workflows and pipelines.
Description
Today, if we try to show the details of an Integration GUID that doesn't exist,
the CLI will return a successful output similar to this:
$ lacework integrations show TECHALLY_8BB7B150A082E0A76D4C7354E04559474D104FD33FD7272
INTEGRATION GUID | NAME | TYPE | STATUS | STATE
-------------------+------+------+--------+--------
INTEGRATION DETAILS
-----------------------
Even if we try with a dummy GUID:
$ lacework integrations show EXAMPLEE_1
INTEGRATION GUID | NAME | TYPE | STATUS | STATE
-------------------+------+------+--------+--------
INTEGRATION DETAILS
-----------------------
Acceptance Criteria
We need to have the lacework integration show command return a helpful error message
saying that the provided integration doesn't exist, for example:
$ lacework integrations show EXAMPLEA_1
Usage:
lacework integration show <int_guid> [flags]
Flags:
-h, --help help for show
Global Flags:
-a, --account string account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
-k, --api_key string access key id
-s, --api_secret string secret access key
--debug turn on debug logging
--json switch commands output from human-readable to json format
--nocolor turn off colors
--noninteractive turn off interactive mode (disable spinners, prompts, etc.)
-p, --profile string switch between profiles configured at ~/.lacework.toml
ERROR the provided integration GUID was not found
To list the available integrations in your account run 'lacework integrations list'
Add User-Agent headers to projects
As a Lacework Engineer,
I would like to track the usage of the Go API abstraction
As well as the usage coming from the Lacework CLI,
So that I can understand how users interact with our tool via the Lacework API.
Proposal Solution
We need to add a default User-Agent header to the Go-API and make it configurable
so that other components from this repository, as well as external components, can
customize this field (e.i. our terraform provider). This will allow us to track the usage
of different components and make sense of how users interact with our tools and APIs.
JIRA: ALLY-135
Add `--details` flag to vulnerability command
Motivation
As a Lacework user that runs vulnerability scans via the Lacework CLI,
I would like to see deeper details about the CVE's from a vulnerability report,
So I don't have to go and login to the Lacework UI to get this information.
Acceptance Criteria
Have a new flag called --details into the lacework vulnerability commands,
this flag will display more details about the vulnerability report.
Jira: ALLY-93
Configure the Lacework CLI in non-interactive mode
As a Lacework CLI user that uses the tool in CI/CD Pipelines,
I want to have a non-interactive way to configure the Lacework CLI,
So I don't have to manually create the config file ~/.lacework.toml inside my pipeline.
Proposal Solution
When a user runs:
$ lacework configure -a foo -k bar -s bubu --noninteractive
The result should be the creation of the ~/.lacework.toml without asking the user
to validate the inputs. (non-interactive mode)
The command should load these settings from all sources, as usual, environment
variables, parameters (including --json_file), and the actual config file.
[cli] Rename cli binary to `lacework`
Motivation
From a marketing standpoint,
I would like my CLI binary to be sticky and memorable,
So that all Lacework users can type and run the tool fast and always remember the binary name.
Acceptance Criteria
- The package name should continue to be
lacework-cli - The binary name packaged inside should be just
lacework - The binary should be installed on users systems as
lacework
Jira Ticket: ALLY-46
Add integration tests to the Lacework CLI
We need to add some integration tests to the Lacework CLI (lacework),
my idea is to create a very lightweight framework that spawns new processes
to run the CLI with some test criteria, the framework should be able to return
things like STDOUT, STDERR, and the exit code.
JIRA: ALLY-61
Add Lacework CLI to Chocolatey
As a Lacework user that uses Chocolatey,
I would like to install the Lacework CLI via Chocolatey natively,
So I can use my favorite package manager.
Add additional fields to 'lacework integration list' plus sorting option (e.g. -sort state|status|update|etc.)
Would like to be able to use cli to also see last integration update and user in list mode and be able to sort output by field
Remove deprecated `Events.ListRange()` function
Typos in event show command for AWS event
- Has a typo of ACOUNTS, should be ACCOUNTS
JSON version has typo under ct_user
- Has a typo of accout_id, should be account_id
[cli] Create a 'configure' command
Motivation
As a Lacework CLI User,
I would like to have a simple way to set up my Lacework CLI,
So that I can configure it locally and can easily reconfigure on demand.
The proposal for this task it to create a command called configure that,
when run, it will prompt the user for information like; API Access keys and
Lacework Account, etc.
Acceptance Criteria
Have a command that helps users configure/set up the Lacework CLI.
After running the following command, a file at ~/.lacework.toml should be generated:
$ lacework-cli configure
Lacework Account: my.test.account
Lacework API Access Key: KEY
Lacework API Access Secret: SECRET
Add upgrade command to the Lacework CLI
As a Lacework user that consumes the CLI,
I want to have a command to upgrade the Lacework CLI automatically,
So that I can be on the latest version of this tool and use the newest features available.
[cli] Multiple configuration profiles
Motivation
As a Lacework CLI User with multiple Lacework Accounts,
I would like to be able to configure my Lacework CLI with multiple profiles,
So I can switch easily between accounts without having to reconfigure my configuration file.
By default, a user will manage a single profile named default but the user should be able to create additional profiles. To switch between profiles, the CLI should have a global --profile option.
Example, single profile:
$ lacework integraiton list
Example, multiple profiles, switching between dev and prod:
$ lacework integraiton list --profile dev
$ lacework integraiton list --profile prod
When the lacework-cli configure is run, it should be able to configure multiple profiles:
$ lacework configure --profile prod
Account: my.prod.account
Access Key ID: KEY
Secret Access Key: SECRET
[CLI] Events header "PINCIPAL" misspelled
One of the column headers in the events output is misspelled. It says "PINCIPAL" but should say "PRINCIPAL"
Line 300 in 6216358
Consistency with Image ID & Digest in vulnerability command
Revisit the vulnerability command functionality and documentation to have
consistency with the use of Image ID and Image Digest.
Jira: ALLY-83
Add unit tests for http.go code
We need to make sure the http.go code is being tested:
https://github.com/lacework/go-sdk/blob/master/api/http_test.go
Configure account should validate customer does not include lacework.net
We should ensure that the lacework configure subcommand validates the account does not include .lacework.net or handles it correctly if that is passed.
Ability to filter vulnerability results by CVSS score and fixability
for Usage: lacework vulnerability scan run <registry> <repository> <tag|digest> [flags]
It would be great to add two more flags:
- The ability to filter by CVSS score (e.g. --cvss 7 returns 7+)
- The ability to only return fixable vulns (e.g. --fixable)
Lastly as a possible stretch, it would be great to return a list of packages only that should be upgraded that can be via code
Auto-generate PDF filename for compliance report commands
A better user experience for the end-user that wants to download
a report in PDF format is to auto-generate the filename since we
already know the report type, accounts details, date and could
provider.
Here is an example of the auto-generated filename for the command:
$ lacework compliance aws get-report 123456789000 --pdf
The AWS compliance report was downloaded at 'AWS_[TYPE]_Report_[ACC]_[LW_ACC]_[DATE].pdf'.
This will deprecate the flag --pdf-file <name>.
Implement new endpoint to list reports/evaluations
User Story
As a Lacework User that interacts with the platform using the Lacework CLI,
I need to have a way to list all my vulnerability reports in my account,
So that I can navigate through my reports and avoid requesting new scans of existing images
that have already been scanned.
Feature Description
This feature is around matching the new API endpoint that lists all evaluations in the user's account:
/external/vulnerabilities/container/GetEvaluationsForDateRange
Additionally, we need to add a new command to the Lacework CLI.
Acceptance Criteria
- The new API endpoint should be abstracted into the Go Client
- A new command should be added to the Lacework CLI that lists all evaluations in an account
Add sub-cmds to `integrations` cmd to support CRUD operations
Today, the lacework integration command has only one the list sub-command,
this card is about adding additional sub-commands to create, delete, and perhaps
update external integration.
Jira: ALLY-91
Add CVSS score column to vulnerability report
feat: allow users to pass --start flag only for time range
➜ ~ lacework vulnerability container list-assessments --start 2020-08-18T00:00:00Z
Events show command should include severity and description
When using the lacework API you should see the same data that is provided in the triage card for the event.
Currently missing data as listed in the UI
- Description
- Severity
[cli] create a vulnerability command
Motivation
As a Developer using the Lacework Platform,
I want to be able to integrate the vulnerability scan/reports into my pipeline,
so I can detect early on of potential threads that could be introduced during development.
This work requires two major changes:
- An abstraction of the API endpoint into the Go
apipackage - The implementation of X number of commands to access the vulnerability endpoints
New Functionalities (API)
- Request an on-demand vulnerability scan
- Track progress of an on-demand vulnerability scan
- Access vulnerability reports from container images
New Commands (CLI)
$ lacework vulnerability scan run <registry> <repo> <tag/image_id>
$ lacework vulnerability scan show <request_id>
$ lacework vulnerability report <image_id>
Aliases
$ lacework vul scan
$ lacework vul report
# Also add one for integrations
$ lacework int list
test
a test
Remove deprecated `vulnerability report` command
feat: understand vuln reports with 0 vulnerabilities
The Lacework API is now returning vulnerability reports that contain
0 vulnerabilities, we need to make the Go API and the CLI to understand
those payloads and display a message to the user that explains that the
report has no vulnerabilities, if we visualize a report with 0 vulnerabilities
today, the output looks like this:
$ lacework vulnerability report sha256:d8a573f7ba9ea2c196f13b6e71ba0aeefe715f69bf8291c155ff7dfe9bc2ec2f --image_id
CONTAINER IMAGE DETAILS | VULNERABILITIES
--------------------------+---------------------------------
ID | SEVERITY COUNT FIXABLE
Digest | -----------+-------+----------
Registry | Critical 0 0
Repository | High 0 0
Size 0 B | Medium 0 0
Created At | Low 0 0
Tags | Info 0 0
|
Try using '--details' to increase details shown about the vulnerability report.
The proposal output to show to the end-user is:
$ lacework vulnerability report sha256:d8a573f7ba9ea2c196f13b6e71ba0aeefe715f69bf8291c155ff7dfe9bc2ec2f --image_id
Great news! This container image has no vulnerabilities.
The JSON output should match the following:
$ lacework vulnerability report sha256:d8a573f7ba9ea2c196f13b6e71ba0aeefe715f69bf8291c155ff7dfe9bc2ec2f --image_id --json
{
"critical_vulnerabilities": 0,
"fixable_vulnerabilities": 0,
"high_vulnerabilities": 0,
"info_vulnerabilities": 0,
"low_vulnerabilities": 0,
"medium_vulnerabilities": 0,
"scan_status": "Success",
"total_vulnerabilities": 0
}
Have debug logging for the Go API Client
Motivation
As a Lacework user,
I would like to have debug logging in the Go API Client,
So I can better troubleshoot HTTP requests.
Acceptance Criteria
- Introduce a logging mechanism. Recommendation: use
zapsince that is wha thelacework-cliis currently using - Have
INFOandDEBUGlogs level - By default, use
INFOlog level - Use the same environment variable
LW_DEBUGto activate debug messages
Jira Ticket: ALLY-36
Create and Read GCP Integration
Two new functions available on the api client side:
CreateGCPConfigIntegrationGetOneGCPConfigIntegration
CreateGCPConfigIntegration
calls /api/v2/external/integrations Lacework API to create a GCP integration
GetOneGCPConfigIntegration
calls /api/v2/external/integrations/<INTG_GUID> Lacework API to get a GCP integration with integration guid
Generate access-tokens via the CLI
As a Lacework user, I want to be able to generate temporal access
tokens, so that I can grant temporal access to other tools or subsystems
without giving away my API keys.
$ lacework access-token --profile foo --duration-seconds 900
Return code of 2nd DELETE request
Motivation
As a Lacework User that interacts with the RestfulAPI,
I need to have confirmation that I have deleted an integration,
So I don't have to double-check with a `Get()` request that the integration was deleted or not.
Display help command when unknown command is passed
As a user if I pass an unknown command the CLI should display the help...
Current Behavior
$ lacework foo
ERROR unknown command "foo" for "lacework"
Desired Behavior
$ lacework foo
ERROR unknown command "foo" for "lacework"
The Lacework Command Line Interface is a tool that helps you manage the
Lacework cloud security platform. Use it to manage compliance reports,
external integrations, vulnerability scans, and other operations.
Start by configuring the Lacework CLI with the command:
$ lacework configure
This will prompt you for your Lacework account and a set of API access keys.
Usage:
lacework [command]
Available Commands:
api helper to call Lacework's RestfulAPI
compliance manage compliance reports
configure configure the Lacework CLI
event inspect Lacework events
help Help about any command
integration manage external integrations
version print the Lacework CLI version
vulnerability view vulnerability reports and run on-demand scans
ERROR: unable to get status from vulnerability report
When visualizing a vulnerability report of an unsupported image, the
Lacework CLI displays the following error message:
$ lacework vul report sha256:c816d42b542e8a20144c1ca2777679bdc11cb51f4f0d215b4d0bc31d39406a4a
Usage:
lacework vulnerability report <sha256:hash> [flags]
Flags:
--details increase details about the vulnerability report
--digest tread the provided sha256 hash as image digest (DEPRECATED) (default true)
-h, --help help for report
--image_id tread the provided sha256 hash as image id
Global Flags:
-a, --account string account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
-k, --api_key string access key id
-s, --api_secret string secret access key
--debug turn on debug logging
--json switch commands output from human-readable to json format
--nocolor turn off colors
--noninteractive disable interactive progress bars (i.e. 'spinners')
-p, --profile string switch between profiles configured at ~/.lacework.toml
ERROR unable to get status from vulnerability report. Use '--debug' to troubleshoot.
The JSON blob returned is:
{
"data": {
"critical_vulnerabilities": 0,
"fixable_vulnerabilities": 0,
"high_vulnerabilities": 0,
"info_vulnerabilities": 0,
"low_vulnerabilities": 0,
"medium_vulnerabilities": 0,
"scan_status": "Unsupported",
"total_vulnerabilities": 0
},
"message": "SUCCESS",
"ok": true
}
We need to make the CLI to understand this new scan status and display a
message similar to:
$ lacework vul report sha256:c816d42b542e8a20144c1ca2777679bdc11cb51f4f0d215b4d0bc31d39406a4a
Unable to run assessment for the provided container image: Unsupported Distribution.
For more information about supported distributions, visit:
https://support.lacework.com/hc/en-us/articles/360035472393-Container-Vulnerability-Assessment-Overview
[cli] ERROR unable to get event details: json: cannot unmarshal string into Go struct field eventIpAddressEntity.data.entity_map.IpAddress.threat_tags of type []string
» lacework events show 34133 -p customerdemo --debug scottford@scott-fords-mbp
{"level":"debug","ts":"2020-05-12T09:06:33-07:00","caller":"cmd/root.go:168","msg":"using configuration file","path":"/Users/scottford/.lacework.toml"}
{"level":"debug","ts":"2020-05-12T09:06:33-07:00","caller":"cmd/cli_state.go:75","msg":"custom profile","profile":"customerdemo"}
{"level":"debug","ts":"2020-05-12T09:06:33-07:00","caller":"cmd/cli_state.go:105","msg":"state loaded","profile":"customerdemo","account":"customerdemo","api_key":"CUSTOMER_CDD0BEDB6ACF722C7D37542F079B23F6E45F1717A62A04B","api_secret":"_21ba2c69b73b309d76df59a9c12d7b52"}
2020-05-12T09:06:33-07:00 debug api/auth.go:45 setting up auth {"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "key": "CUSTOMER_CDD0BEDB6ACF722C7D37542F079B23F6E45F1717A62A04B", "secret": "_21ba2c69b73b309d76df59a9c12d7b52"}
2020-05-12T09:06:33-07:00 info api/client.go:101 api client created {"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "url": "https://customerdemo.lacework.net", "version": "v1", "log_level": "DEBUG", "timeout": 3600}
{"level":"info","ts":"2020-05-12T09:06:33-07:00","caller":"cmd/event.go:94","msg":"requesting event details","event_id":"34133"}
2020-05-12T09:06:33-07:00 debug api/http.go:78 request {"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "method": "POST", "url": "https://customerdemo.lacework.net", "endpoint": "/api/v1/access/tokens", "headers": {"Accept":"application/json","Content-Type":"application/json","Method":"POST","X-LW-UAKS":"_21ba2c69b73b309d76df59a9c12d7b52"}, "body": "{\"keyId\":\"CUSTOMER_CDD0BEDB6ACF722C7D37542F079B23F6E45F1717A62A04B\",\"expiryTime\":3600}\n"}
2020-05-12T09:06:34-07:00 info api/http.go:151 response {"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "from_req_url": "https://customerdemo.lacework.net/api/v1/access/tokens", "code": 201, "proto": "HTTP/1.1", "headers": {"Connection":["keep-alive"],"Content-Length":["118"],"Content-Security-Policy":["default-src 'self' *.aptrinsic.com www.googletagmanager.com www.google-analytics.com accounts.google.com; connect-src *.aptrinsic.com *.lacework.net; style-src *.aptrinsic.com 'unsafe-inline' 'self' fonts.googleapis.com; img-src *.aptrinsic.com storage.googleapis.com 'self' *.lacework.com api.lacework.net *.amazonaws.com www.google-analytics.com data:; script-src 'self' *.aptrinsic.com www.googletagmanager.com www.google-analytics.com www.whoisxmlapi.com apis.google.com 'nonce-EDNnf03nceIOfn39fn3e9h3sdfasadf'; object-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; font-src 'self' fonts.gstatic.com data:"],"Content-Type":["application/json"],"Date":["Tue, 12 May 2020 16:06:34 GMT"],"Feature-Policy":["geolocation 'self'"],"Referrer-Policy":["no-referrer"],"Server":["nginx/1.15.10"],"Strict-Transport-Security":["max-age=31536000; includeSubDomains;; preload"],"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["SAMEORIGIN"],"X-Xss-Protection":["1; mode=block"]}, "body": "{\"data\":[{\"expiresAt\":\"May 12 2020 17:06\",\"token\":\"_4d86b0f1e5484077e4dbd36bc9a0e1b9\"}],\"ok\":true,\"message\":\"SUCCESS\"}"}
2020-05-12T09:06:34-07:00 debug api/auth.go:106 storing token {"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "data": [{"expiresAt":"May 12 2020 17:06","token":"_4d86b0f1e5484077e4dbd36bc9a0e1b9"}]}
2020-05-12T09:06:34-07:00 debug api/http.go:78 request {"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "method": "GET", "url": "https://customerdemo.lacework.net", "endpoint": "/api/v1/external/events/GetEventDetails?EVENT_ID=34133", "headers": {"Accept":"application/json","Authorization":"_4d86b0f1e5484077e4dbd36bc9a0e1b9","Method":"GET"}, "body": ""}
2020-05-12T09:06:34-07:00 info api/http.go:151 response {"id": "3084ca5e4c0f1e9c", "account": "customerdemo", "from_req_url": "https://customerdemo.lacework.net/api/v1/external/events/GetEventDetails?EVENT_ID=34133", "code": 200, "proto": "HTTP/1.1", "headers": {"Connection":["keep-alive"],"Content-Disposition":["inline;"],"Content-Type":["application/json;charset=utf-8"],"Date":["Tue, 12 May 2020 16:06:34 GMT"],"Server":["nginx/1.15.10"],"Strict-Transport-Security":["max-age=31536000; includeSubDomains;; preload"],"Vary":["Accept-Encoding"]}, "body": "{\"data\":[{\"START_TIME\":\"2020-05-06T23:00:00Z\",\"END_TIME\":\"2020-05-07T00:00:00Z\",\"EVENT_TYPE\":\"NewExternalClientBadIpConn\",\"EVENT_ID\":\"34133\",\"EVENT_ACTOR\":\"App\",\"EVENT_MODEL\":\"PtypeConn\",\"ENTITY_MAP\":{\"User\":[{\"MACHINE_HOSTNAME\":\"sejenkins\",\"USERNAME\":\"www-data\"}],\"IpAddress\":[{\"THREAT_TAGS\":\"Poor Reputation IP\",\"COUNTRY\":\"Russian Federation\",\"THREAT_SOURCE\":[{\"DATE\":\"2020-04-09\",\"SOURCE\":\"https://isc.sans.edu/ipsascii.html\"}],\"IP_ADDRESS\":\"5.101.0.209\",\"TOTAL_OUT_BYTES\":12511,\"TOTAL_IN_BYTES\":2213,\"REGION\":\"Moskovskaya oblast'\",\"PORT_LIST\":[]}],\"Process\":[{\"HOSTNAME\":\"sejenkins\",\"CMDLINE\":\"nginx: worker process\",\"PROCESS_START_TIME\":\"2020-05-06T20:21:02Z\",\"CPU_PERCENTAGE\":0,\"PROCESS_ID\":8351}],\"FileExePath\":[{\"EXE_PATH\":\"/usr/sbin/nginx\",\"FIRST_SEEN_TIME\":\"2020-05-06T20:00:00Z\",\"LAST_FILEDATA_HASH\":\"8300a399809de50cb903399e6084b4f766919bce01f7fb7a589e7df9f6f984f1\"}],\"Machine\":[{\"EXTERNAL_IP\":\"3.15.31.113\",\"HOSTNAME\":\"sejenkins\",\"IS_EXTERNAL\":1,\"CPU_PERCENTAGE\":0.37,\"INTERNAL_IP_ADDR\":\"10.0.1.176\",\"INSTANCE_ID\":\"i-0b5b30d51d531c160\"}]}}]}"}
Usage:
lacework event show <event_id> [flags]
Flags:
-h, --help help for show
Global Flags:
-a, --account string account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
-k, --api_key string access key id
-s, --api_secret string secret access key
--debug turn on debug logging
--json switch commands output from human-readable to json format
--nocolor turn off colors
--noninteractive disable interactive progress bars (i.e. 'spinners')
-p, --profile string switch between profiles configured at ~/.lacework.toml
ERROR unable to get event details: json: cannot unmarshal string into Go struct field eventIpAddressEntity.data.entity_map.IpAddress.threat_tags of type []string
Update and Delete GCP CFG Integration
Two new functions available on the api client side:
- UpdateGCPConfigIntegration
- DeleteGCPConfigIntegration
Very similar to CreateGCPConfigIntegration and GetGCPConfigIntegration
UpdateGCPConfigIntegration
calls /api/v2/external/integrations/<INTG_GUID> Lacework API to update a GCP integration with integration guid
GetOneGCPConfigIntegration
calls /api/v2/external/integrations/<INTG_GUID> Lacework API to delete a GCP integration with integration guid
[cli] when running configure with --profile, account should be auto-populated
As a user of the Lacework CLI,
when I create a new profile and pass the --profile flag,
the name I pass should be auto-populated as the account name.
$ lacework configure --profile foo scottford@scott-fords-mbp
▸ Account: foo
Avoid displaying API key secret during cli configuration
As a Lacework CLI user,
I need the configure command to avoid showing my API key secret,
So that I can protect my access to my Lacework account.
Building and running Lacework CLI in Docker-less environments using podman and buildah
Hi,
Please find below how I build and run Lacework CLI containers in Docker-less environments using podman and buildah:
Buildah from scratch:
https://github.com/marcredhat/lacework/blob/master/demo4.sh
Buildah from Dockerfile:
https://github.com/marcredhat/lacework/blob/master/demo3.sh
Hope this helps,
Marc
Better API error check
As a Lacework User of the API Go client,
I would like to have better error messages other than "500 Internal Server Error",
So I have an understanding of the problem and I can better troubleshoot.
Support Terraform logging mechanism
As of this issue, I have detected that when you run:
$ LW_DEBUG=true TF_LOG=DEBUG terraform apply
The CLI or API logs do not bubble up. They do NOT work as expected.
Terraform is consuming the standard log library from go https://golang.org/src/log/log.go
and taking over the os. Stderr (https://golang.org/pkg/os/#pkg-variables) which
annulates our logger implementation.
Reference: https://github.com/hashicorp/terraform/blob/master/main.go#L43-L105
We need to fix this behavior inside the API and CLI clients, as a proposal solution
we should have an internal implementation of the logger at Lacework.
New 'event' CMD: Inspect Lacework events via CLI
Motivation
As a Lacework CLI user,
I would like to inspect Lacework Events via the CLI,
so I don't have to log in every day to the UI/Platform and I can automate internal integrations.
Proposal
Create a new event command inside the Lacework CLI with two main sub-commands.
lacework event list
Output the list of events from a time range, by default display the last 7 days.
lacework event show <EventID>
Show the details of a specific event.
Be able to create a load of integrations
Feedback: Brian
As a Lacework CLI user,
I want to be able to do a mass load of integrations (say 100) all at once,
So I don't have to do it manually.
Add Apache License 2.0
In preparation to open source this repository, we need to add Copyright as well
as a License, we will use Apache License v2.0 since there is no proprietary code
in this repository, it will include code and tools to work with our SaaS platform,
that is, anything that customers can use to facilitate the adoption of our platform,
things like, easily hit Lacework API to create integrations via Terraform, and other
similar tasks.
Add Lacework CLI Homebrew formula
As a Lacework user that uses Homebrew,
I would like to install the Lacework CLI via Homebrew natively,
So I can use my favorite package manager.
[docs] Add `--profile` documentation
The config has changed to handle profiles, we need to add documentation.
Ship Lacework CLI in Docker Containers
Motivation
The DevOps methodology is designed to encourage developers to integrate their
code into a shared repository early and often, and then, to deploy the code quickly
and efficiently.
By creating containers that have the Lacework CLI installed, we are making it
easy for developers, release engineers, and devops engineers to use our tool
anywhere, in a lightweight, portable, self-sufficient manner.
Another reason why we want to create these containers is to introduce them into
Continuous Integration/Continuous Deployment (CI/CD) tools. By using CI/CD
pipelines, software can be deployed more frequently and can be recovered faster,
and has lower rates of change failure.
Acceptance Criteria
After the competition of this issue, a user should be able to run the Lacework CLI
from a docker container.
$ docker run techallylw/lacework-cli
The Lacework Command Line Interface is a tool that helps you manage the
Lacework cloud security platform. Use it to manage compliance reports,
external integrations, vulnerability scans, and other operations.
Start by configuring the Lacework CLI with the command:
$ lacework configure
This will prompt you for your Lacework account and a set of API access keys.
Usage:
lacework [command]
Available Commands:
api helper to call Lacework's RestfulAPI
configure configure the Lacework CLI
event inspect Lacework events
integration manage external integrations
version print the Lacework CLI version
vulnerability view vulnerability reports and run on-demand scans
Flags:
-a, --account string account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
-k, --api_key string access key id
-s, --api_secret string secret access key
--debug turn on debug logging
--json switch commands output from human-readable to json format
--nocolor turn off colors
--noninteractive disable interactive progress bars (i.e. 'spinners')
-p, --profile string switch between profiles configured at ~/.lacework.toml
Use "lacework [command] --help" for more information about a command.
test
testing slack integration
Missing fields when showing integration details
There are fields not being displayed when showing the details of an integration using the command:
$ lacework integration show <INT_GUID>
The main problem is at the deepKeyValueExtract() function which doesn't cover primitives other than string
Error parsing event details `cpu_percentage`
The cpu_percentage field inside the entity_map looks like a float32
instead of an int32, the error shown on some events is:
ERROR unable to get event details: json: cannot unmarshal number 0.02 into Go struct field eventProcessEntity.data.entity_map.process.cpu_percentage of type int32
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.