feat(cli): new event list command

Adding a new `event` command with one sub-commands called `list` exposed to the end-user. This new command will list all events from a date range, by default last 7 days unless the user provides a different range. Example: Human readable output ``` $ lacework event list EVENT ID | TYPE | SEVERITY | START TIME | END TIME -----------+------------------------------------+----------+----------------------+----------------------- 10 | NewViolations | High | 2020-04-20T13:00:00Z | 2020-04-20T14:00:00Z 4 | VPCNetworkFirewallRuleChanged | Medium | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z 8 | VPCNetworkRouteChanged | Medium | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z 1 | ProjectOwnershipAssignmentsChanged | Medium | 2020-04-16T17:00:00Z | 2020-04-16T18:00:00Z 6 | NewViolations | Medium | 2020-04-18T13:00:00Z | 2020-04-18T14:00:00Z 3 | VPCNetworkChanged | Medium | 2020-04-16T20:00:00Z | 2020-04-16T21:00:00Z 2 | CloudStorageIAMPermissionChanged | Medium | 2020-04-16T18:00:00Z | 2020-04-16T19:00:00Z 5 | CloudStorageIAMPermissionChanged | Low | 2020-04-17T19:00:00Z | 2020-04-17T20:00:00Z 9 | VPCNetworkRouteChanged | Low | 2020-04-20T04:00:00Z | 2020-04-20T05:00:00Z 7 | VPCNetworkFirewallRuleChanged | Low | 2020-04-19T23:00:00Z | 2020-04-20T00:00:00Z ``` Example: Machine/JSON format ``` $ lacework event list --json [ { "end_time": "2020-04-20T14:00:00Z", "event_id": "10", "event_type": "NewViolations", "severity": "2", "start_time": "2020-04-20T13:00:00Z" }, { "end_time": "2020-04-16T21:00:00Z", "event_id": "4", "event_type": "VPCNetworkFirewallRuleChanged", "severity": "3", "start_time": "2020-04-16T20:00:00Z" }, { "end_time": "2020-04-20T00:00:00Z", "event_id": "8", "event_type": "VPCNetworkRouteChanged", "severity": "3", "start_time": "2020-04-19T23:00:00Z" }, { "end_time": "2020-04-16T18:00:00Z", "event_id": "1", "event_type": "ProjectOwnershipAssignmentsChanged", "severity": "3", "start_time": "2020-04-16T17:00:00Z" }, { "end_time": "2020-04-18T14:00:00Z", "event_id": "6", "event_type": "NewViolations", "severity": "3", "start_time": "2020-04-18T13:00:00Z" }, { "end_time": "2020-04-16T21:00:00Z", "event_id": "3", "event_type": "VPCNetworkChanged", "severity": "3", "start_time": "2020-04-16T20:00:00Z" }, { "end_time": "2020-04-16T19:00:00Z", "event_id": "2", "event_type": "CloudStorageIAMPermissionChanged", "severity": "3", "start_time": "2020-04-16T18:00:00Z" }, { "end_time": "2020-04-17T20:00:00Z", "event_id": "5", "event_type": "CloudStorageIAMPermissionChanged", "severity": "4", "start_time": "2020-04-17T19:00:00Z" }, { "end_time": "2020-04-20T05:00:00Z", "event_id": "9", "event_type": "VPCNetworkRouteChanged", "severity": "4", "start_time": "2020-04-20T04:00:00Z" }, { "end_time": "2020-04-20T00:00:00Z", "event_id": "7", "event_type": "VPCNetworkFirewallRuleChanged", "severity": "4", "start_time": "2020-04-19T23:00:00Z" } ] ``` Issue #68 Signed-off-by: Salim Afiune Maya <[email protected]>
lacework · Apr 23, 2020 · d7c9f9e · d7c9f9e
1 parent 533a271
commit d7c9f9e
Showing 1 changed file with 126 additions and 0 deletions.
diff --git a/cli/cmd/event.go b/cli/cmd/event.go
@@ -0,0 +1,126 @@
+//
+// Author:: Salim Afiune Maya (<[email protected]>)
+// Copyright:: Copyright 2020, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package cmd
+
+import (
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/lacework/go-sdk/api"
+	"github.com/olekukonko/tablewriter"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+)
+
+var (
+	// eventCmd represents the event command
+	eventCmd = &cobra.Command{
+		Use:   "event",
+		Short: "Inspect Lacework events",
+	}
+
+	// eventListCmd represents the list sub-command inside the event command
+	eventListCmd = &cobra.Command{
+		Use:   "list",
+		Short: "List all events from a date range (default last 7 days)",
+		Long: `List all events from a data range, by default it displays the last
+7 days, but you can specify a different time range.`,
+		Args: cobra.NoArgs,
+		RunE: func(_ *cobra.Command, _ []string) error {
+			lacework, err := api.NewClient(cli.Account,
+				api.WithLogLevel(cli.LogLevel),
+				api.WithApiKeys(cli.KeyID, cli.Secret),
+			)
+			if err != nil {
+				return errors.Wrap(err, "unable to generate api client")
+			}
+
+			response, err := lacework.Events.List()
+			if err != nil {
+				return errors.Wrap(err, "unable to get events")
+			}
+
+			// Sort the events from the response by severity
+			sort.Slice(response.Events, func(i, j int) bool {
+				return response.Events[i].Severity < response.Events[j].Severity
+			})
+
+			if cli.JSONOutput() {
+				return cli.OutputJSON(response.Events)
+			}
+
+			cli.OutputHuman(eventsToTableReport(response.Events))
+			return nil
+		},
+	}
+
+	// eventShowCmd represents the show sub-command inside the event command
+	eventShowCmd = &cobra.Command{
+		Use:   "show <event_id>",
+		Short: "Create an external integrations",
+		Args:  cobra.ExactArgs(1),
+		RunE: func(_ *cobra.Command, _ []string) error {
+			return nil
+		},
+	}
+)
+
+func init() {
+	// add the integration command
+	rootCmd.AddCommand(eventCmd)
+
+	// add sub-commands to the integration command
+	eventCmd.AddCommand(eventListCmd)
+	eventCmd.AddCommand(eventShowCmd)
+}
+
+func eventsToTableReport(events []api.Event) string {
+	var (
+		eventsReport = &strings.Builder{}
+		table        = tablewriter.NewWriter(eventsReport)
+	)
+
+	table.SetHeader([]string{
+		"Event ID",
+		"Type",
+		"Severity",
+		"Start Time",
+		"End Time",
+	})
+	table.SetBorder(false)
+	table.AppendBulk(eventsToTable(events))
+	table.Render()
+
+	return eventsReport.String()
+}
+
+func eventsToTable(events []api.Event) [][]string {
+	out := [][]string{}
+	for _, event := range events {
+		out = append(out, []string{
+			event.EventID,
+			event.EventType,
+			event.SeverityString(),
+			event.StartTime.UTC().Format(time.RFC3339),
+			event.EndTime.UTC().Format(time.RFC3339),
+		})
+	}
+	return out
+}