Skip to content

Commit

Permalink
feat(cli): Installation scripts and documentation ⚡
Browse files Browse the repository at this point in the history
Signed-off-by: Salim Afiune Maya <[email protected]>
  • Loading branch information
afiune committed Mar 26, 2020
1 parent a6e3816 commit 367f5c5
Show file tree
Hide file tree
Showing 5 changed files with 423 additions and 8 deletions.
26 changes: 18 additions & 8 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
default: ci

ci: lint test fmt-check imports-check

export GOFLAGS=-mod=vendor
ci: lint test fmt-check imports-check build-cli-cross-platform

GOLANGCILINTVERSION?=1.23.8
COVERAGEOUT?=coverage.out
CLINAME?=lacework-cli
GO_LDFLAGS="-X github.com/lacework/go-sdk/cli/cmd.Version=$(shell cat cli/VERSION) \
-X github.com/lacework/go-sdk/cli/cmd.GitSHA=$(shell git rev-parse HEAD) \
-X github.com/lacework/go-sdk/cli/cmd.BuildTime=$(shell date +%Y%m%d%H%M%S)"
GOFLAGS=-mod=vendor
export GOFLAGS GO_LDFLAGS

prepare: install-tools go-vendor

Expand Down Expand Up @@ -37,11 +40,15 @@ fmt-check:
imports-check:
@test -z $(shell goimports -l $(shell go list -f {{.Dir}} ./...))

build-cli:
go build -o bin/$(CLINAME) cli/main.go
@echo
@echo To execute the generated binary run:
@echo " ./bin/$(CLINAME)"
build-cli-cross-platform:
gox -output="bin/$(CLINAME)-{{.OS}}-{{.Arch}}" \
-os="darwin linux windows" \
-arch="amd64 386" \
-ldflags=$(GO_LDFLAGS) \
github.com/lacework/go-sdk/cli

release-cli: lint fmt-check imports-check test
scripts/lacework_cli_release.sh

install-tools:
ifeq (, $(shell which golangci-lint))
Expand All @@ -50,3 +57,6 @@ endif
ifeq (, $(shell which goimports))
go get golang.org/x/tools/cmd/goimports
endif
ifeq (, $(shell which gox))
go get github.com/mitchellh/gox
endif
52 changes: 52 additions & 0 deletions cli/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
<img src="https://techally-content.s3-us-west-1.amazonaws.com/public-content/lacework_logo_full.png" width="600">

# `lacework-cli`

The Lacework Command Line Interface is a tool that helps you manage your
Lacework cloud security platform. You can use it to manage compliance
reports, external integrations, vulnerability scans, and other operations.

## Install

### Bash:
```
$ curl https://raw.githubusercontent.com/lacework/go-sdk/master/cli/install.sh | sudo bash
```

### Powershell:
```
C:\> Set-ExecutionPolicy Bypass -Scope Process -Force
C:\> iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/lacework/go-sdk/master/cli/install.ps1'))
```

## Configuration File

The `lacework-cli` looks for a file named `.lacework.toml` inside your home
directory (`$HOME/.lacework.toml`) to access the following parameters:
* `account`: Account subdomain of URL (i.e. `<ACCOUNT>.lacework.net`)
* `api_key`: API Access Key ID
* `api_secret`: API Access Secret Key


An example of a Lacework configuration file:
```toml
account = "example"
api_key = "EXAMPLE_1234567890ABC"
api_secret = "_super_secret_key"
```

You can provide a different configuration file with the option `--config`.

## Basic Usage
Once you have created your configuration file `$HOME/.lacework.toml`,
you are ready to use the Lacework cli, a few basic commands are:

1) List all integration in your account:
```bash
$ lacework-cli integration list
```
1) Use the `api` command to access Lacework's ResfulAPI, for example,
to get details about and specific event:
```bash
$ lacework-cli api get '/external/events/GetEventDetails?EVENT_ID=16700'
```
16 changes: 16 additions & 0 deletions cli/install.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
<#
.SYNOPSIS
Installs the 'lacework-cli' tool.
.DESCRIPTION
This script builds habitat components and ensures that all necesary prerequisites are installed.
.Parameter Version
Specifies a version (ex: 0.1.0)
#>

$ErrorActionPreference="stop"

Set-Variable GithubReleasesRootUrl -Option ReadOnly -value "https://github.com/lacework/go-sdk/releases"

Write-Host "Comming soon! (Installatiohn of the 'lacework-cli' tool)"
230 changes: 230 additions & 0 deletions cli/install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,230 @@
#!/bin/bash
#
set -eou pipefail

# If the variable $LW_DEBUG is set, print all shell commands executed
if [ -n "${LW_DEBUG:-}" ]; then set -x; fi

readonly github_releases="https://github.com/lacework/go-sdk/releases"

usage() {
local _cmd
_cmd="$(basename "${0}")"
cat <<USAGE
${_cmd}: Installs the 'lacework-cli' tool.
USAGE:
${_cmd} [FLAGS]
FLAGS:
-h Prints help information
-v Specifies a version (ex: 0.1.0)
-t Specifies the target of the program to download (default: linux-amd64)
USAGE
}

main() {
version=""

# Parse command line flags and options.
while getopts "c:hv:t:" opt; do
case "${opt}" in
h)
usage
exit 0
;;
v)
version="${OPTARG}"
;;
t)
target="${OPTARG}"
;;
\?)
echo "" >&2
usage >&2
exit_with "Invalid option" 1
;;
esac
done

log "Installing the 'lacewor-cli' tool"
create_workdir
check_platform
download_archive "$version" "$target"
verify_archive
extract_archive
install_cli
print_cli_version
log "The 'lacework-cli' tool has been successfully installed."
}

create_workdir() {
if [ -d /var/tmp ]; then
local _tmp=/var/tmp
else
local _tmp=/tmp
fi

workdir="$(mktemp -d -p "$_tmp" 2> /dev/null || mktemp -d "${_tmp}/lacework.XXXX")"
# add a trap to clean up work directory
trap 'code=$?; rm -rf $workdir; exit $code' INT TERM EXIT
cd "${workdir}"
}

check_platform() {
local _ostype
_ostype="$(uname -s)"

case "${_ostype}" in
Darwin|Linux)
sys="$(uname -s | tr '[:upper:]' '[:lower:]')"
arch="$(uname -m | tr '[:upper:]' '[:lower:]')"
;;
*)
exit_with "unable to determine OS platform type: ${_ostype}" 2
;;
esac

case "${sys}" in
darwin)
ext=zip
shasum_cmd="shasum -a 256"
;;
linux)
ext=tar.gz
shasum_cmd="sha256sum"
;;
*)
exit_with "unable to determine system type, perhaps is not supported: ${sys}" 3
;;
esac

# The following architectures match our cross-platform build process
# https://golang.org/doc/install/source#environment
case "${arch}" in
x86_64)
arch=amd64
;;
i686)
arch=386
;;
*)
exit_with "architecture not supported: ${arch}" 3
;;
esac

if [ -z "${target:-}" ]; then
target="${sys}-${arch}"
fi
}

download_archive() {
local _version="${1:-latest}"
local -r _target="${2:?}"
local url

if [ "$_version" == "latest" ]; then
url="${github_releases}/latest/download/lacework-cli-${_target}.${ext}"
else
url="${github_releases}/download/${_version}/lacework-cli-${_target}.${ext}"
fi

download_file "${url}" "${workdir}/lacework-cli-${_version}.${ext}"
download_file "${url}.sha256sum" "${workdir}/lacework-cli-${_version}.${ext}.sha256sum"

archive="lacework-cli-${_target}.${ext}"
sha_file="lacework-cli-${_target}.${ext}.sha256sum"

mv -v "${workdir}/lacework-cli-${_version}.${ext}" "${archive}"
mv -v "${workdir}/lacework-cli-${_version}.${ext}.sha256sum" "${sha_file}"
}

verify_archive() {
log "Verifying the shasum digest matches the downloaded archive"
${shasum_cmd} -c "${sha_file}"
}

extract_archive() {
log "Extracting ${archive}"
case "${ext}" in
tar.gz)
archive_dir="${archive%.tar.gz}"
mkdir "${archive_dir}"
zcat "${archive}" | tar --extract --directory "${archive_dir}" --strip-components=1

;;
zip)
archive_dir="${archive%.zip}"
unzip -j "${archive}" -d "${archive_dir}"
;;
*)
exit_with "[extract] Unknown file extension: ${ext}" 4
;;
esac
}

install_cli() {
log "Installing lacework-cli into /usr/local/bin"
mkdir -pv /usr/local/bin
binary="lacework-cli-${target}"
install -v "${archive_dir}/lacework-cli-"* /usr/local/bin/lacework-cli
}

print_cli_version() {
info "Verifying installed lacework-cli version"
lacework-cli version
}

download_file() {
local _url="${1}"
local _dst="${2}"
local _code
local _wget_extra_args=""
local _curl_extra_args=""

# try to download with wget
if command -v wget > /dev/null; then
log "Downloading via wget: ${_url}"

wget -q -O "${_dst}" "${_url}"
_code="$?"

if [ $_code -eq 0 ]; then
return 0
else
warn "wget failed to download file, trying to download with curl"
fi
fi

# try to download with curl
if command -v curl > /dev/null; then
log "Downloading via curl: ${_url}"

curl -sSfL "${_url}" -o "${_dst}"
_code="$?"

if [ $_code -eq 0 ]; then
return 0
else
warn "curl failed to download file"
fi
fi

# wget and curl have failed, inform the user
exit_with "Required: SSL-enabled 'curl' or 'wget' on PATH with" 6
}

log() {
echo "--> install: $1"
}

warn() {
echo "xxx install: $1" >&2
}

exit_with() {
warn "$1"
exit "${2:-10}"
}

main "$@" || exit 99
Loading

0 comments on commit 367f5c5

Please sign in to comment.