Skip to content

Commit f78ff73

Browse files
temblekingtembleking
authored
fix: Use falco_rules_local.yaml as user rules file instead of the first (#165)
1 parent 952df02 commit f78ff73

File tree

1 file changed

+47
-30
lines changed

1 file changed

+47
-30
lines changed

sdcclient/_secure.py

Lines changed: 47 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ def policy_v2(self):
2929

3030
def _get_falco_rules(self, kind):
3131
res = self.http.get(self.url + '/api/settings/falco/{}RulesFile'.format(kind), headers=self.hdrs,
32-
verify=self.ssl_verify)
32+
verify=self.ssl_verify)
3333
if not self._checkResponse(res):
3434
return [False, self.lasterr]
3535
data = res.json()
@@ -65,10 +65,20 @@ def get_user_falco_rules(self):
6565
`examples/get_secure_user_falco_rules.py <https://github.com/draios/python-sdc-client/blob/master/examples/get_secure_user_falco_rules.py>`_
6666
'''
6767
ok, res = self._get_user_falco_rules()
68-
return [False, res] if not ok else [True, res["customFalcoRulesFiles"]["files"][0]["variants"][0]["content"]]
68+
if not ok:
69+
return [False, res]
70+
71+
local_rules_file = [file
72+
for file in res["customFalcoRulesFiles"]["files"]
73+
if file["name"] == "falco_rules_local.yaml"]
74+
if len(local_rules_file) == 0:
75+
return [False, "Expected falco_rules_local.yaml file, but no file found"]
76+
77+
return [True, local_rules_file[0]["variants"][0]["content"]]
6978

7079
def _get_user_falco_rules(self):
71-
res = self.http.get(self.url + '/api/settings/falco/customRulesFiles', headers=self.hdrs, verify=self.ssl_verify)
80+
res = self.http.get(self.url + '/api/settings/falco/customRulesFiles', headers=self.hdrs,
81+
verify=self.ssl_verify)
7282

7383
if not self._checkResponse(res):
7484
return [False, self.lasterr]
@@ -84,7 +94,7 @@ def _set_falco_rules(self, kind, rules_content):
8494
payload[1]["{}RulesFile".format(kind)]["content"] = rules_content # pylint: disable=unsubscriptable-object
8595

8696
res = self.http.put(self.url + '/api/settings/falco/{}RulesFile'.format(kind), headers=self.hdrs,
87-
data=json.dumps(payload[1]), verify=self.ssl_verify)
97+
data=json.dumps(payload[1]), verify=self.ssl_verify)
8898
if not self._checkResponse(res):
8999
return [False, self.lasterr]
90100
return [True, res.json()]
@@ -124,10 +134,16 @@ def set_user_falco_rules(self, rules_content):
124134
if not ok:
125135
return res
126136

127-
res["customFalcoRulesFiles"]["files"][0]["variants"][0]["content"] = rules_content
137+
local_rules_file = [file
138+
for file in res["customFalcoRulesFiles"]["files"]
139+
if file["name"] == "falco_rules_local.yaml"]
140+
if len(local_rules_file) == 0:
141+
return [False, "Expected falco_rules_local.yaml file, but no file found"]
142+
143+
local_rules_file[0]["variants"][0]["content"] = rules_content
128144

129145
res = self.http.put(self.url + '/api/settings/falco/customRulesFiles', headers=self.hdrs,
130-
data=json.dumps(res), verify=self.ssl_verify)
146+
data=json.dumps(res), verify=self.ssl_verify)
131147

132148
if not self._checkResponse(res):
133149
return [False, self.lasterr]
@@ -139,7 +155,7 @@ def set_user_falco_rules(self, rules_content):
139155
def _get_falco_rules_files(self, kind):
140156

141157
res = self.http.get(self.url + '/api/settings/falco/{}RulesFiles'.format(kind), headers=self.hdrs,
142-
verify=self.ssl_verify)
158+
verify=self.ssl_verify)
143159
if not self._checkResponse(res):
144160
return [False, self.lasterr]
145161
data = res.json()
@@ -302,7 +318,7 @@ def _set_falco_rules_files(self, kind, rules_files):
302318
obj["defaultPolicies"] = rules_files["defaultPolicies"]
303319

304320
res = self.http.put(self.url + '/api/settings/falco/{}RulesFiles'.format(kind), headers=self.hdrs,
305-
data=json.dumps(payload[1]), verify=self.ssl_verify)
321+
data=json.dumps(payload[1]), verify=self.ssl_verify)
306322
if not self._checkResponse(res):
307323
return [False, self.lasterr]
308324
return [True, res.json()]
@@ -530,7 +546,7 @@ def add_policy(self, name, description, rule_names=[], actions=[], scope=None, s
530546
"notificationChannelIds": notification_channels
531547
}
532548
res = self.http.post(self.url + '/api/v2/policies', headers=self.hdrs, data=json.dumps(policy),
533-
verify=self.ssl_verify)
549+
verify=self.ssl_verify)
534550
return self._request_result(res)
535551

536552
def add_policy_json(self, policy_json):
@@ -556,7 +572,7 @@ def add_policy_json(self, policy_json):
556572
return [False, "policy json is not valid json: {}".format(str(e))]
557573

558574
res = self.http.post(self.url + '/api/v2/policies', headers=self.hdrs, data=json.dumps(policy_obj),
559-
verify=self.ssl_verify)
575+
verify=self.ssl_verify)
560576
return self._request_result(res)
561577

562578
def update_policy(self, id, name=None, description=None, rule_names=None, actions=None, scope=None,
@@ -601,7 +617,7 @@ def update_policy(self, id, name=None, description=None, rule_names=None, action
601617
policy["notificationChannelIds"] = notification_channels
602618

603619
res = self.http.put(self.url + '/api/v2/policies/{}'.format(id), headers=self.hdrs, data=json.dumps(policy),
604-
verify=self.ssl_verify)
620+
verify=self.ssl_verify)
605621
return self._request_result(res)
606622

607623
def update_policy_json(self, policy_json):
@@ -630,7 +646,7 @@ def update_policy_json(self, policy_json):
630646
return [False, "Policy Json does not have an 'id' field"]
631647

632648
res = self.http.put(self.url + '/api/v2/policies/{}'.format(policy_obj["id"]), headers=self.hdrs,
633-
data=json.dumps(policy_obj), verify=self.ssl_verify)
649+
data=json.dumps(policy_obj), verify=self.ssl_verify)
634650
return self._request_result(res)
635651

636652
def delete_policy_name(self, name):
@@ -703,7 +719,7 @@ def get_rules_group(self, name):
703719
A JSON object representing the list of rules.
704720
'''
705721
res = self.http.get(self.url + '/api/secure/rules/groups?name={}'.format(name), headers=self.hdrs,
706-
verify=self.ssl_verify)
722+
verify=self.ssl_verify)
707723
return self._request_result(res)
708724

709725
def get_rule_id(self, id):
@@ -739,7 +755,7 @@ def add_rule(self, name, details={}, description="", tags=[]):
739755
"tags": tags
740756
}
741757
res = self.http.post(self.url + '/api/secure/rules', data=json.dumps(rule), headers=self.hdrs,
742-
verify=self.ssl_verify)
758+
verify=self.ssl_verify)
743759
return self._request_result(res)
744760

745761
def update_rule(self, id, details={}, description="", tags=[]):
@@ -767,7 +783,7 @@ def update_rule(self, id, details={}, description="", tags=[]):
767783
if tags:
768784
rule['tags'] = tags
769785
res = self.http.put(self.url + '/api/secure/rules/{}'.format(id), data=json.dumps(rule), headers=self.hdrs,
770-
verify=self.ssl_verify)
786+
verify=self.ssl_verify)
771787
return self._request_result(res)
772788

773789
def delete_rule(self, id):
@@ -811,7 +827,7 @@ def get_falco_macros_group(self, name):
811827
A JSON object representing the list of falco macros.
812828
'''
813829
res = self.http.get(self.url + '/api/secure/falco/macros/groups?name={}'.format(name), headers=self.hdrs,
814-
verify=self.ssl_verify)
830+
verify=self.ssl_verify)
815831
return self._request_result(res)
816832

817833
def get_falco_macro_id(self, id):
@@ -825,7 +841,7 @@ def get_falco_macro_id(self, id):
825841
A JSON object representing the falco macro.
826842
'''
827843
res = self.http.get(self.url + '/api/secure/falco/macros/{}'.format(id), headers=self.hdrs,
828-
verify=self.ssl_verify)
844+
verify=self.ssl_verify)
829845
return self._request_result(res)
830846

831847
def add_falco_macro(self, name, condition, append=False):
@@ -848,7 +864,7 @@ def add_falco_macro(self, name, condition, append=False):
848864
"append": append
849865
}
850866
res = self.http.post(self.url + '/api/secure/falco/macros', data=json.dumps(macro), headers=self.hdrs,
851-
verify=self.ssl_verify)
867+
verify=self.ssl_verify)
852868
return self._request_result(res)
853869

854870
def update_falco_macro(self, id, condition):
@@ -869,7 +885,7 @@ def update_falco_macro(self, id, condition):
869885
macro['condition']['condition'] = condition
870886

871887
res = self.http.put(self.url + '/api/secure/falco/macros/{}'.format(id), data=json.dumps(macro),
872-
headers=self.hdrs, verify=self.ssl_verify)
888+
headers=self.hdrs, verify=self.ssl_verify)
873889
return self._request_result(res)
874890

875891
def delete_falco_macro(self, id):
@@ -883,7 +899,7 @@ def delete_falco_macro(self, id):
883899
A JSON object representing the macro.
884900
'''
885901
res = self.http.delete(self.url + '/api/secure/falco/macros/{}'.format(id), headers=self.hdrs,
886-
verify=self.ssl_verify)
902+
verify=self.ssl_verify)
887903
return self._request_result(res)
888904

889905
def list_falco_lists(self):
@@ -914,7 +930,7 @@ def get_falco_lists_group(self, name):
914930
A JSON object representing the list of falco lists.
915931
'''
916932
res = self.http.get(self.url + '/api/secure/falco/lists/groups?name={}'.format(name), headers=self.hdrs,
917-
verify=self.ssl_verify)
933+
verify=self.ssl_verify)
918934
return self._request_result(res)
919935

920936
def get_falco_list_id(self, id):
@@ -928,7 +944,7 @@ def get_falco_list_id(self, id):
928944
A JSON object representing the falco list.
929945
'''
930946
res = self.http.get(self.url + '/api/secure/falco/lists/{}'.format(id), headers=self.hdrs,
931-
verify=self.ssl_verify)
947+
verify=self.ssl_verify)
932948
return self._request_result(res)
933949

934950
def add_falco_list(self, name, items, append=False):
@@ -950,7 +966,7 @@ def add_falco_list(self, name, items, append=False):
950966
"append": append
951967
}
952968
res = self.http.post(self.url + '/api/secure/falco/lists', data=json.dumps(flist), headers=self.hdrs,
953-
verify=self.ssl_verify)
969+
verify=self.ssl_verify)
954970
return self._request_result(res)
955971

956972
def update_falco_list(self, id, items):
@@ -971,7 +987,7 @@ def update_falco_list(self, id, items):
971987
flist['items']['items'] = items
972988

973989
res = self.http.put(self.url + '/api/secure/falco/lists/{}'.format(id), data=json.dumps(flist),
974-
headers=self.hdrs, verify=self.ssl_verify)
990+
headers=self.hdrs, verify=self.ssl_verify)
975991
return self._request_result(res)
976992

977993
def delete_falco_list(self, id):
@@ -985,7 +1001,7 @@ def delete_falco_list(self, id):
9851001
A JSON object representing the list.
9861002
'''
9871003
res = self.http.delete(self.url + '/api/secure/falco/lists/{}'.format(id), headers=self.hdrs,
988-
verify=self.ssl_verify)
1004+
verify=self.ssl_verify)
9891005
return self._request_result(res)
9901006

9911007
def add_compliance_task(self, name, module_name='docker-bench-security', schedule='06:00:00Z/PT12H', scope=None,
@@ -1012,7 +1028,7 @@ def add_compliance_task(self, name, module_name='docker-bench-security', schedul
10121028
"schedule": schedule
10131029
}
10141030
res = self.http.post(self.url + '/api/complianceTasks', data=json.dumps(task), headers=self.hdrs,
1015-
verify=self.ssl_verify)
1031+
verify=self.ssl_verify)
10161032
return self._request_result(res)
10171033

10181034
def list_compliance_tasks(self):
@@ -1070,7 +1086,7 @@ def update_compliance_task(self, id, name=None, module_name=None, schedule=None,
10701086
}
10711087
task.update({k: v for k, v in options.items() if v is not None})
10721088
res = self.http.put(self.url + '/api/complianceTasks/{}'.format(id), data=json.dumps(task), headers=self.hdrs,
1073-
verify=self.ssl_verify)
1089+
verify=self.ssl_verify)
10741090
return self._request_result(res)
10751091

10761092
def delete_compliance_task(self, id):
@@ -1081,7 +1097,7 @@ def delete_compliance_task(self, id):
10811097
- id: the id of the compliance task to delete
10821098
'''
10831099
res = self.http.delete(self.url + '/api/complianceTasks/{}'.format(id), headers=self.hdrs,
1084-
verify=self.ssl_verify)
1100+
verify=self.ssl_verify)
10851101
if not self._checkResponse(res):
10861102
return False, self.lasterr
10871103

@@ -1119,7 +1135,8 @@ def get_compliance_results(self, id):
11191135
**Success Return Value**
11201136
A JSON representation of the compliance task run result.
11211137
'''
1122-
res = self.http.get(self.url + '/api/complianceResults/{}'.format(id), headers=self.hdrs, verify=self.ssl_verify)
1138+
res = self.http.get(self.url + '/api/complianceResults/{}'.format(id), headers=self.hdrs,
1139+
verify=self.ssl_verify)
11231140
return self._request_result(res)
11241141

11251142
def get_compliance_results_csv(self, id):
@@ -1133,7 +1150,7 @@ def get_compliance_results_csv(self, id):
11331150
A CSV representation of the compliance task run result.
11341151
'''
11351152
res = self.http.get(self.url + '/api/complianceResults/{}/csv'.format(id), headers=self.hdrs,
1136-
verify=self.ssl_verify)
1153+
verify=self.ssl_verify)
11371154
if not self._checkResponse(res):
11381155
return False, self.lasterr
11391156

0 commit comments

Comments
 (0)