-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(cli): Installation scripts and documentation ⚡
Signed-off-by: Salim Afiune Maya <[email protected]>
- Loading branch information
Showing
5 changed files
with
423 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
<img src="https://techally-content.s3-us-west-1.amazonaws.com/public-content/lacework_logo_full.png" width="600"> | ||
|
||
# `lacework-cli` | ||
|
||
The Lacework Command Line Interface is a tool that helps you manage your | ||
Lacework cloud security platform. You can use it to manage compliance | ||
reports, external integrations, vulnerability scans, and other operations. | ||
|
||
## Install | ||
|
||
### Bash: | ||
``` | ||
$ curl https://raw.githubusercontent.com/lacework/go-sdk/master/cli/install.sh | sudo bash | ||
``` | ||
|
||
### Powershell: | ||
``` | ||
C:\> Set-ExecutionPolicy Bypass -Scope Process -Force | ||
C:\> iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/lacework/go-sdk/master/cli/install.ps1')) | ||
``` | ||
|
||
## Configuration File | ||
|
||
The `lacework-cli` looks for a file named `.lacework.toml` inside your home | ||
directory (`$HOME/.lacework.toml`) to access the following parameters: | ||
* `account`: Account subdomain of URL (i.e. `<ACCOUNT>.lacework.net`) | ||
* `api_key`: API Access Key ID | ||
* `api_secret`: API Access Secret Key | ||
|
||
|
||
An example of a Lacework configuration file: | ||
```toml | ||
account = "example" | ||
api_key = "EXAMPLE_1234567890ABC" | ||
api_secret = "_super_secret_key" | ||
``` | ||
|
||
You can provide a different configuration file with the option `--config`. | ||
|
||
## Basic Usage | ||
Once you have created your configuration file `$HOME/.lacework.toml`, | ||
you are ready to use the Lacework cli, a few basic commands are: | ||
|
||
1) List all integration in your account: | ||
```bash | ||
$ lacework-cli integration list | ||
``` | ||
1) Use the `api` command to access Lacework's ResfulAPI, for example, | ||
to get details about and specific event: | ||
```bash | ||
$ lacework-cli api get '/external/events/GetEventDetails?EVENT_ID=16700' | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
<# | ||
.SYNOPSIS | ||
Installs the 'lacework-cli' tool. | ||
.DESCRIPTION | ||
This script builds habitat components and ensures that all necesary prerequisites are installed. | ||
.Parameter Version | ||
Specifies a version (ex: 0.1.0) | ||
#> | ||
|
||
$ErrorActionPreference="stop" | ||
|
||
Set-Variable GithubReleasesRootUrl -Option ReadOnly -value "https://github.com/lacework/go-sdk/releases" | ||
|
||
Write-Host "Comming soon! (Installatiohn of the 'lacework-cli' tool)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,230 @@ | ||
#!/bin/bash | ||
# | ||
set -eou pipefail | ||
|
||
# If the variable $LW_DEBUG is set, print all shell commands executed | ||
if [ -n "${LW_DEBUG:-}" ]; then set -x; fi | ||
|
||
readonly github_releases="https://github.com/lacework/go-sdk/releases" | ||
|
||
usage() { | ||
local _cmd | ||
_cmd="$(basename "${0}")" | ||
cat <<USAGE | ||
${_cmd}: Installs the 'lacework-cli' tool. | ||
USAGE: | ||
${_cmd} [FLAGS] | ||
FLAGS: | ||
-h Prints help information | ||
-v Specifies a version (ex: 0.1.0) | ||
-t Specifies the target of the program to download (default: linux-amd64) | ||
USAGE | ||
} | ||
|
||
main() { | ||
version="" | ||
|
||
# Parse command line flags and options. | ||
while getopts "c:hv:t:" opt; do | ||
case "${opt}" in | ||
h) | ||
usage | ||
exit 0 | ||
;; | ||
v) | ||
version="${OPTARG}" | ||
;; | ||
t) | ||
target="${OPTARG}" | ||
;; | ||
\?) | ||
echo "" >&2 | ||
usage >&2 | ||
exit_with "Invalid option" 1 | ||
;; | ||
esac | ||
done | ||
|
||
log "Installing the 'lacewor-cli' tool" | ||
create_workdir | ||
check_platform | ||
download_archive "$version" "$target" | ||
verify_archive | ||
extract_archive | ||
install_cli | ||
print_cli_version | ||
log "The 'lacework-cli' tool has been successfully installed." | ||
} | ||
|
||
create_workdir() { | ||
if [ -d /var/tmp ]; then | ||
local _tmp=/var/tmp | ||
else | ||
local _tmp=/tmp | ||
fi | ||
|
||
workdir="$(mktemp -d -p "$_tmp" 2> /dev/null || mktemp -d "${_tmp}/lacework.XXXX")" | ||
# add a trap to clean up work directory | ||
trap 'code=$?; rm -rf $workdir; exit $code' INT TERM EXIT | ||
cd "${workdir}" | ||
} | ||
|
||
check_platform() { | ||
local _ostype | ||
_ostype="$(uname -s)" | ||
|
||
case "${_ostype}" in | ||
Darwin|Linux) | ||
sys="$(uname -s | tr '[:upper:]' '[:lower:]')" | ||
arch="$(uname -m | tr '[:upper:]' '[:lower:]')" | ||
;; | ||
*) | ||
exit_with "unable to determine OS platform type: ${_ostype}" 2 | ||
;; | ||
esac | ||
|
||
case "${sys}" in | ||
darwin) | ||
ext=zip | ||
shasum_cmd="shasum -a 256" | ||
;; | ||
linux) | ||
ext=tar.gz | ||
shasum_cmd="sha256sum" | ||
;; | ||
*) | ||
exit_with "unable to determine system type, perhaps is not supported: ${sys}" 3 | ||
;; | ||
esac | ||
|
||
# The following architectures match our cross-platform build process | ||
# https://golang.org/doc/install/source#environment | ||
case "${arch}" in | ||
x86_64) | ||
arch=amd64 | ||
;; | ||
i686) | ||
arch=386 | ||
;; | ||
*) | ||
exit_with "architecture not supported: ${arch}" 3 | ||
;; | ||
esac | ||
|
||
if [ -z "${target:-}" ]; then | ||
target="${sys}-${arch}" | ||
fi | ||
} | ||
|
||
download_archive() { | ||
local _version="${1:-latest}" | ||
local -r _target="${2:?}" | ||
local url | ||
|
||
if [ "$_version" == "latest" ]; then | ||
url="${github_releases}/latest/download/lacework-cli-${_target}.${ext}" | ||
else | ||
url="${github_releases}/download/${_version}/lacework-cli-${_target}.${ext}" | ||
fi | ||
|
||
download_file "${url}" "${workdir}/lacework-cli-${_version}.${ext}" | ||
download_file "${url}.sha256sum" "${workdir}/lacework-cli-${_version}.${ext}.sha256sum" | ||
|
||
archive="lacework-cli-${_target}.${ext}" | ||
sha_file="lacework-cli-${_target}.${ext}.sha256sum" | ||
|
||
mv -v "${workdir}/lacework-cli-${_version}.${ext}" "${archive}" | ||
mv -v "${workdir}/lacework-cli-${_version}.${ext}.sha256sum" "${sha_file}" | ||
} | ||
|
||
verify_archive() { | ||
log "Verifying the shasum digest matches the downloaded archive" | ||
${shasum_cmd} -c "${sha_file}" | ||
} | ||
|
||
extract_archive() { | ||
log "Extracting ${archive}" | ||
case "${ext}" in | ||
tar.gz) | ||
archive_dir="${archive%.tar.gz}" | ||
mkdir "${archive_dir}" | ||
zcat "${archive}" | tar --extract --directory "${archive_dir}" --strip-components=1 | ||
|
||
;; | ||
zip) | ||
archive_dir="${archive%.zip}" | ||
unzip -j "${archive}" -d "${archive_dir}" | ||
;; | ||
*) | ||
exit_with "[extract] Unknown file extension: ${ext}" 4 | ||
;; | ||
esac | ||
} | ||
|
||
install_cli() { | ||
log "Installing lacework-cli into /usr/local/bin" | ||
mkdir -pv /usr/local/bin | ||
binary="lacework-cli-${target}" | ||
install -v "${archive_dir}/lacework-cli-"* /usr/local/bin/lacework-cli | ||
} | ||
|
||
print_cli_version() { | ||
info "Verifying installed lacework-cli version" | ||
lacework-cli version | ||
} | ||
|
||
download_file() { | ||
local _url="${1}" | ||
local _dst="${2}" | ||
local _code | ||
local _wget_extra_args="" | ||
local _curl_extra_args="" | ||
|
||
# try to download with wget | ||
if command -v wget > /dev/null; then | ||
log "Downloading via wget: ${_url}" | ||
|
||
wget -q -O "${_dst}" "${_url}" | ||
_code="$?" | ||
|
||
if [ $_code -eq 0 ]; then | ||
return 0 | ||
else | ||
warn "wget failed to download file, trying to download with curl" | ||
fi | ||
fi | ||
|
||
# try to download with curl | ||
if command -v curl > /dev/null; then | ||
log "Downloading via curl: ${_url}" | ||
|
||
curl -sSfL "${_url}" -o "${_dst}" | ||
_code="$?" | ||
|
||
if [ $_code -eq 0 ]; then | ||
return 0 | ||
else | ||
warn "curl failed to download file" | ||
fi | ||
fi | ||
|
||
# wget and curl have failed, inform the user | ||
exit_with "Required: SSL-enabled 'curl' or 'wget' on PATH with" 6 | ||
} | ||
|
||
log() { | ||
echo "--> install: $1" | ||
} | ||
|
||
warn() { | ||
echo "xxx install: $1" >&2 | ||
} | ||
|
||
exit_with() { | ||
warn "$1" | ||
exit "${2:-10}" | ||
} | ||
|
||
main "$@" || exit 99 |
Oops, something went wrong.