From f6cfcdc74df7faf9173274e94f08aed2b8abdec6 Mon Sep 17 00:00:00 2001 From: Salim Afiune Maya Date: Thu, 25 Jun 2020 12:22:11 -0600 Subject: [PATCH 1/2] feat(cli): add time range flags to events list cmd We are adding two flags to the `events list` command to provide a custom time range: ``` $ lacework event list --end "2020-06-19T00:00:00Z" --start "2020-06-13T00:00:00Z" ``` If either a start or an end time is provided, both flags are required. Signed-off-by: Salim Afiune Maya --- cli/cmd/event.go | 65 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 2 deletions(-) diff --git a/cli/cmd/event.go b/cli/cmd/event.go index 625396366..11a2727ad 100644 --- a/cli/cmd/event.go +++ b/cli/cmd/event.go @@ -33,6 +33,14 @@ import ( ) var ( + eventsCmdState = struct { + // start time for listing events + Start string + + // end time for listing events + End string + }{} + // easily add or remove borders to all event details tables eventDetailsBorder = true @@ -54,8 +62,26 @@ events from the last 7 days, but it is possible to specify a different time range.`, Args: cobra.NoArgs, RunE: func(_ *cobra.Command, _ []string) error { - cli.Log.Info("requesting list of events") - response, err := cli.LwApi.Events.List() + + var ( + response api.EventsResponse + err error + ) + if eventsCmdState.Start != "" || eventsCmdState.End != "" { + start, end, errT := parseStartAndEndTime() + if errT != nil { + return errors.Wrap(errT, "unable to parse time range") + } + + cli.Log.Infow("requesting list of events from custom time range", + "start_time", start, "end_time", end, + ) + response, err = cli.LwApi.Events.ListRange(start, end) + } else { + cli.Log.Info("requesting list of events from the last 7 days") + response, err = cli.LwApi.Events.List() + } + if err != nil { return errors.Wrap(err, "unable to get events") } @@ -117,6 +143,16 @@ func init() { // add sub-commands to the event command eventCmd.AddCommand(eventListCmd) + + // add start flag to events list command + eventListCmd.Flags().StringVar(&eventsCmdState.Start, + "start", "", "start of the time range in UTC (format: yyyy-MM-ddTHH:mm:ssZ)", + ) + // add end flag to events list command + eventListCmd.Flags().StringVar(&eventsCmdState.End, + "end", "", "end of the time range in UTC (format: yyyy-MM-ddTHH:mm:ssZ)", + ) + eventCmd.AddCommand(eventShowCmd) } @@ -863,3 +899,28 @@ func eventMachineEntitiesTable(machines []api.EventMachineEntity) string { return r.String() } + +// parse the start and end time provided by the user +func parseStartAndEndTime() (start time.Time, end time.Time, err error) { + if eventsCmdState.Start == "" { + err = errors.New("when providing an end time, start time should be provided (--start)") + return + } + start, err = time.Parse(time.RFC3339, eventsCmdState.Start) + if err != nil { + err = errors.Wrap(err, "unable to parse start time") + return + } + + if eventsCmdState.End == "" { + err = errors.New("when providing a start time, end time should be provided (--end)") + return + } + end, err = time.Parse(time.RFC3339, eventsCmdState.End) + if err != nil { + err = errors.Wrap(err, "unable to parse end time") + return + } + + return +} From fe23afbd001d4db5838298c143c76ed0f6d3a436 Mon Sep 17 00:00:00 2001 From: Salim Afiune Maya Date: Thu, 25 Jun 2020 14:51:45 -0600 Subject: [PATCH 2/2] test: add integration tests for event time rage Signed-off-by: Salim Afiune Maya --- integration/event_test.go | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/integration/event_test.go b/integration/event_test.go index d3afa9771..63d169050 100644 --- a/integration/event_test.go +++ b/integration/event_test.go @@ -20,6 +20,7 @@ package integration import ( "testing" + "time" "github.com/stretchr/testify/assert" ) @@ -56,3 +57,27 @@ func TestEventCommandList(t *testing.T) { assert.Equal(t, 0, exitcode, "EXITCODE is not the expected one") } + +func TestEventCommandListTimeRange(t *testing.T) { + var ( + now = time.Now().UTC() + from = now.AddDate(0, 0, -1) // 1 days from now + ) + + out, err, exitcode := LaceworkCLIWithTOMLConfig("event", "list", "--start", from.Format(time.RFC3339), "--end", now.Format(time.RFC3339)) + assert.Contains(t, out.String(), "EVENT ID", + "STDOUT table headers changed, please check") + assert.Contains(t, out.String(), "TYPE", + "STDOUT table headers changed, please check") + assert.Contains(t, out.String(), "SEVERITY", + "STDOUT table headers changed, please check") + assert.Contains(t, out.String(), "START TIME", + "STDOUT table headers changed, please check") + assert.Contains(t, out.String(), "END TIME", + "STDOUT table headers changed, please check") + assert.Empty(t, + err.String(), + "STDERR should be empty") + assert.Equal(t, 0, exitcode, + "EXITCODE is not the expected one") +}