diff options
author | Eddie Arrage <eddie.arrage@huawei.com> | 2018-08-02 23:15:39 +0000 |
---|---|---|
committer | Eddie Arrage <eddie.arrage@huawei.com> | 2018-08-02 23:56:23 +0000 |
commit | c0837d0701009e6142f9800f2b146bec17d6910f (patch) | |
tree | 8b07c911619c889e0f16d24fca6cbc115f760bab /clover/cloverctl/src/cloverctl/cmd/create_idsrules.go | |
parent | 25285393777b4e0ce7989cb6c9cce6b040523feb (diff) |
Implement initial cloverctl CLI tool
- Uses client-go package to interface to k8s API and implement
functions as cloverkube package.
- Identifies GKE LB IP for clover-controller for user
- Identifies NodePort port number for clover-controller for user
if environment is local k8s (assumes flannel CNI currently)
- Deploys and deletes clover-collector and clover-controller with
native client-go constructs (currently images are defined with
local registry). Future work will implement other clover services
and Istio components. Uses the clover-system namespace.
- Uses Cobra go package to implement CLI (used in kubectl and
istioctl) using cloverctl <verb> <noun> convention.
- Interfaces to clover-controller to configure clover services
(visibility, IDS ...) within the cluster via REST messaging
- Start visibility (collector) engine using input yaml file or
defaults
- Init, stop and clear (truncate Cassandra tables) visibility
engine or get basic stats.
- Add custom rules to IDS from input yaml file and start/stop
IDS
- Generate jmeter testplan on jmeter-master using input yaml
file. Start tests and output log/results from CLI.
- Specify number of jmeter slaves to initiate tests on from
CLI. Automatically find IP addresses of jmeter slaves within
the k8s cluster.
- Sample yaml files for adding IDS rules, starting visibility
engine and generating jmeter test plans.
- Build script to install go and get dependent packages.
- Implement a custom Istio inject package for manual sidecar
injection (cloverinject). Currently, unused as it is built from
Istio 0.8.0/1.0.0 code base.
Change-Id: Ibb8d08cb98267bdffb8905c221473f177d51bbb3
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Diffstat (limited to 'clover/cloverctl/src/cloverctl/cmd/create_idsrules.go')
-rw-r--r-- | clover/cloverctl/src/cloverctl/cmd/create_idsrules.go | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/clover/cloverctl/src/cloverctl/cmd/create_idsrules.go b/clover/cloverctl/src/cloverctl/cmd/create_idsrules.go new file mode 100644 index 0000000..bc0d8d5 --- /dev/null +++ b/clover/cloverctl/src/cloverctl/cmd/create_idsrules.go @@ -0,0 +1,56 @@ +// Copyright (c) Authors of Clover +// +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Apache License, Version 2.0 +// which accompanies this distribution, and is available at +// http://www.apache.org/licenses/LICENSE-2.0 + +package cmd + +import ( + "fmt" + "io/ioutil" + "gopkg.in/resty.v1" + "github.com/ghodss/yaml" + "github.com/spf13/cobra" +) + + +var idsrulesCmd = &cobra.Command{ + Use: "idsrules", + Short: "Create one or many IDS rules from yaml file", + Long: ``, + Run: func(cmd *cobra.Command, args []string) { + createIDSRules() + }, +} + +func init() { + createCmd.AddCommand(idsrulesCmd) + idsrulesCmd.Flags().StringVarP(&cloverFile, "file", "f", "", "Input yaml file to add IDS rules") + idsrulesCmd.MarkFlagRequired("file") + +} + +func createIDSRules() { + url := controllerIP + "/snort/addrule" + in, err := ioutil.ReadFile(cloverFile) + if err != nil { + fmt.Println("Please specify a valid rule definition yaml file") + return + } + out_json, err := yaml.YAMLToJSON(in) + if err != nil { + panic(err.Error()) + } + resp, err := resty.R(). + SetHeader("Content-Type", "application/json"). + SetBody(out_json). + Post(url) + if err != nil { + panic(err.Error()) + } + fmt.Printf("\n%v\n", resp) + //fmt.Println(string(out_json)) + +} |