Add missing dependency (#43)

* Add missing dependency pyyaml now used for secure example files * Add one-line install including virtualenv * Update tests The error for set_secure_system_falco_rules.py has changed. Now that the system rules file is not per-customer, it can't be tied to this test account. So just verify it can be fetched without inspecting its contents. This also changes the result of creating default policies/modifying policies a bit.
sysdiglabs · Nov 8, 2017 · b81b5e7 · b81b5e7
1 parent 1fd3a9a
commit b81b5e7
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -18,6 +18,12 @@ Installation
     cd python-sdc-client
     python setup.py install
 
+#### One-step cmdline to create virtualenv, install client, and gain access to sample programs
+
+```
+$ virtualenv python-sdc-env && source python-sdc-env/bin/activate && pip install sdcclient && git clone https://github.com/draios/python-sdc-client && python python-sdc-client/examples/set_secure_system_falco_rules.py --help
+```
+
 Quick start
 -----------
 - If you are interested in exporting metrics data from Sysdig Monitor, take a look at [examples/get_data_simple.py](examples/get_data_simple.py) and [examples/get_data_advanced.py](examples/get_data_advanced.py).

diff --git a/requirements.txt b/requirements.txt
@@ -1 +1,2 @@
 requests
+pyyaml
diff --git a/test/test_secure_apis.sh b/test/test_secure_apis.sh
@@ -15,15 +15,14 @@ if [[ $? != 1 ]]; then
    exit 1
 fi
 
-if [[ "$OUT" != "status code 405" ]]; then
+if [[ "$OUT" != "Access is denied Not enough privileges to complete the action" ]]; then
     echo "Unexpected output from set_secure_system_falco_rules.py: $OUT"
     exit 1
 fi
 set -e
 
-# There's a known system falco rules file. Get it and compare it to the expected file
+# Get the system falco rules file. Don't validate it, just verify that it can be fetched.
 $SCRIPTDIR/../examples/get_secure_system_falco_rules.py $PYTHON_SDC_TEST_API_TOKEN > /tmp/falco_rules.yaml
-diff /tmp/falco_rules.yaml $SCRIPTDIR/sample-falco-rules.yaml
 
 NOW=$(date)
 cat <<EOF > /tmp/test_apis_user_rules.yaml
@@ -50,66 +49,66 @@ fi
 # be 1, corresponding to the system falco rule.
 $SCRIPTDIR/../examples/create_default_policies.py $PYTHON_SDC_TEST_API_TOKEN
 OUT=`$SCRIPTDIR/../examples/list_policies.py $PYTHON_SDC_TEST_API_TOKEN`
-if [[ $OUT != *"\"name\": \"My Rule\""* ]]; then
+if [[ $OUT != *"\"name\": \"Write below binary dir\""* ]]; then
     echo "Unexpected output after creating default policies"
     exit 1
 fi
 
 # Get that policy, change the name, and create a new duplicate policy.
-OUT=`$SCRIPTDIR/../examples/get_policy.py $PYTHON_SDC_TEST_API_TOKEN "My Rule"`
+OUT=`$SCRIPTDIR/../examples/get_policy.py $PYTHON_SDC_TEST_API_TOKEN "Write below binary dir"`
 MY_POLICY=$OUT
-if [[ $OUT != *"\"name\": \"My Rule\""* ]]; then
-    echo "Could not fetch policy with name \"My Rule\""
+if [[ $OUT != *"\"name\": \"Write below binary dir\""* ]]; then
+    echo "Could not fetch policy with name \"Write below binary dir\""
     exit 1
 fi
 
-NEW_POLICY=`echo $MY_POLICY | sed -e "s/My Rule/Copy Of My Rule/g" | sed -e 's/"id": [0-9]*,//' | sed -e 's/"version": [0-9]*/"version": null/'`
+NEW_POLICY=`echo $MY_POLICY | sed -e "s/Write below binary dir/Copy Of Write below binary dir/g" | sed -e 's/"id": [0-9]*,//' | sed -e 's/"version": [0-9]*/"version": null/'`
 OUT=`echo $NEW_POLICY | $SCRIPTDIR/../examples/add_policy.py $PYTHON_SDC_TEST_API_TOKEN`
-if [[ $OUT != *"\"name\": \"Copy Of My Rule\""* ]]; then
+if [[ $OUT != *"\"name\": \"Copy Of Write below binary dir\""* ]]; then
     echo "Could not create new policy"
     exit 1
 fi
 
 # Change the description of the new policy and update it.
-MODIFIED_POLICY=`echo $MY_POLICY | sed -e "s/My Description/My New Description/g"`
+MODIFIED_POLICY=`echo $MY_POLICY | sed -e "s/an attempt to write to any file below a set of binary directories/My New Description/g"`
 OUT=`echo $MODIFIED_POLICY | $SCRIPTDIR/../examples/update_policy.py $PYTHON_SDC_TEST_API_TOKEN`
 if [[ $OUT != *"\"description\": \"My New Description\""* ]]; then
-    echo "Could not update policy \"Copy Of My Rule\""
+    echo "Could not update policy \"Copy Of Write below binary dir\""
     exit 1
 fi
 
 # Delete the new policy.
-OUT=`$SCRIPTDIR/../examples/delete_policy.py --name "Copy Of My Rule" $PYTHON_SDC_TEST_API_TOKEN`
-if [[ $OUT != *"\"name\": \"Copy Of My Rule\""* ]]; then
-    echo "Could not delete policy \"Copy Of My Rule\""
+OUT=`$SCRIPTDIR/../examples/delete_policy.py --name "Copy Of Write below binary dir" $PYTHON_SDC_TEST_API_TOKEN`
+if [[ $OUT != *"\"name\": \"Copy Of Write below binary dir\""* ]]; then
+    echo "Could not delete policy \"Copy Of Write below binary dir\""
     exit 1
 fi
 
 OUT=`$SCRIPTDIR/../examples/list_policies.py $PYTHON_SDC_TEST_API_TOKEN`
-if [[ $OUT = *"\"name\": \"Copy Of My Rule\""* ]]; then
-    echo "After deleting policy Copy Of My Rule, policy was still present?"
+if [[ $OUT = *"\"name\": \"Copy Of Write below binary dir\""* ]]; then
+    echo "After deleting policy Copy Of Write below binary dir, policy was still present?"
     exit 1
 fi
 
 # Make a copy again, but this time delete by id
-NEW_POLICY=`echo $MY_POLICY | sed -e "s/My Rule/Another Copy Of My Rule/g" | sed -e 's/"id": [0-9]*,//' | sed -e 's/"version": [0-9]*/"version": null/'`
+NEW_POLICY=`echo $MY_POLICY | sed -e "s/Write below binary dir/Another Copy Of Write below binary dir/g" | sed -e 's/"id": [0-9]*,//' | sed -e 's/"version": [0-9]*/"version": null/'`
 OUT=`echo $NEW_POLICY | $SCRIPTDIR/../examples/add_policy.py $PYTHON_SDC_TEST_API_TOKEN`
-if [[ $OUT != *"\"name\": \"Another Copy Of My Rule\""* ]]; then
+if [[ $OUT != *"\"name\": \"Another Copy Of Write below binary dir\""* ]]; then
     echo "Could not create new policy"
     exit 1
 fi
 
 ID=`echo $OUT | grep -E -o '"id": [^,]+,' | awk '{print $2}' | awk -F, '{print $1}'`
 
 OUT=`$SCRIPTDIR/../examples/delete_policy.py --id $ID $PYTHON_SDC_TEST_API_TOKEN`
-if [[ $OUT != *"\"name\": \"Another Copy Of My Rule\""* ]]; then
-    echo "Could not delete policy \"Copy Of My Rule\""
+if [[ $OUT != *"\"name\": \"Another Copy Of Write below binary dir\""* ]]; then
+    echo "Could not delete policy \"Copy Of Write below binary dir\""
     exit 1
 fi
 
 OUT=`$SCRIPTDIR/../examples/list_policies.py $PYTHON_SDC_TEST_API_TOKEN`
-if [[ $OUT = *"\"name\": \"Another Copy Of My Rule\""* ]]; then
-    echo "After deleting policy Another Copy Of My Rule, policy was still present?"
+if [[ $OUT = *"\"name\": \"Another Copy Of Write below binary dir\""* ]]; then
+    echo "After deleting policy Another Copy Of Write below binary dir, policy was still present?"
     exit 1
 fi
 
@@ -120,7 +119,7 @@ FOUND=0
 
 for i in $(seq 10); do
     sleep 10
-    touch /tmp/some-file.txt
+    sudo touch /bin/some-file.txt
 
     EVTS=`$SCRIPTDIR/../examples/get_secure_policy_events.py $PYTHON_SDC_TEST_API_TOKEN 60`