2020-11-30 09:37:17 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2021-12-29 13:08:47 +00:00
|
|
|
"encoding/csv"
|
2020-11-30 09:37:17 +00:00
|
|
|
"encoding/json"
|
|
|
|
|
"fmt"
|
2022-10-07 09:05:35 +00:00
|
|
|
"io"
|
2022-12-05 14:39:54 +00:00
|
|
|
"strings"
|
2020-11-30 09:37:17 +00:00
|
|
|
"time"
|
|
|
|
|
|
2023-07-28 14:37:39 +00:00
|
|
|
"github.com/AlecAivazis/survey/v2"
|
2022-10-13 10:28:24 +00:00
|
|
|
"github.com/fatih/color"
|
2020-11-30 09:37:17 +00:00
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
|
"github.com/spf13/cobra"
|
2023-11-24 14:01:13 +00:00
|
|
|
"slices"
|
2022-10-07 09:05:35 +00:00
|
|
|
|
2023-11-24 14:01:13 +00:00
|
|
|
"github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require"
|
2022-10-07 09:05:35 +00:00
|
|
|
middlewares "github.com/crowdsecurity/crowdsec/pkg/apiserver/middlewares/v1"
|
|
|
|
|
"github.com/crowdsecurity/crowdsec/pkg/database"
|
|
|
|
|
"github.com/crowdsecurity/crowdsec/pkg/types"
|
2020-11-30 09:37:17 +00:00
|
|
|
)
|
|
|
|
|
|
2022-10-07 09:05:35 +00:00
|
|
|
func getBouncers(out io.Writer, dbClient *database.Client) error {
|
2022-08-18 09:54:01 +00:00
|
|
|
bouncers, err := dbClient.ListBouncers()
|
|
|
|
|
if err != nil {
|
2022-10-07 09:05:35 +00:00
|
|
|
return fmt.Errorf("unable to list bouncers: %s", err)
|
2022-08-18 09:54:01 +00:00
|
|
|
}
|
2023-11-24 14:01:13 +00:00
|
|
|
|
|
|
|
|
switch csConfig.Cscli.Output {
|
|
|
|
|
case "human":
|
2022-10-07 09:05:35 +00:00
|
|
|
getBouncersTable(out, bouncers)
|
2023-11-24 14:01:13 +00:00
|
|
|
case "json":
|
2022-10-07 09:05:35 +00:00
|
|
|
enc := json.NewEncoder(out)
|
|
|
|
|
enc.SetIndent("", " ")
|
|
|
|
|
if err := enc.Encode(bouncers); err != nil {
|
2023-02-20 14:05:42 +00:00
|
|
|
return fmt.Errorf("failed to unmarshal: %w", err)
|
2022-08-18 09:54:01 +00:00
|
|
|
}
|
2022-10-07 09:05:35 +00:00
|
|
|
return nil
|
2023-11-24 14:01:13 +00:00
|
|
|
case "raw":
|
2022-10-07 09:05:35 +00:00
|
|
|
csvwriter := csv.NewWriter(out)
|
2022-08-18 09:54:01 +00:00
|
|
|
err := csvwriter.Write([]string{"name", "ip", "revoked", "last_pull", "type", "version", "auth_type"})
|
|
|
|
|
if err != nil {
|
2023-02-20 14:05:42 +00:00
|
|
|
return fmt.Errorf("failed to write raw header: %w", err)
|
2022-08-18 09:54:01 +00:00
|
|
|
}
|
|
|
|
|
for _, b := range bouncers {
|
|
|
|
|
var revoked string
|
|
|
|
|
if !b.Revoked {
|
|
|
|
|
revoked = "validated"
|
|
|
|
|
} else {
|
|
|
|
|
revoked = "pending"
|
|
|
|
|
}
|
|
|
|
|
err := csvwriter.Write([]string{b.Name, b.IPAddress, revoked, b.LastPull.Format(time.RFC3339), b.Type, b.Version, b.AuthType})
|
|
|
|
|
if err != nil {
|
2023-02-20 14:05:42 +00:00
|
|
|
return fmt.Errorf("failed to write raw: %w", err)
|
2022-08-18 09:54:01 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
csvwriter.Flush()
|
|
|
|
|
}
|
2023-11-24 14:01:13 +00:00
|
|
|
|
2022-10-07 09:05:35 +00:00
|
|
|
return nil
|
2022-08-18 09:54:01 +00:00
|
|
|
}
|
|
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
type cliBouncers struct {}
|
|
|
|
|
|
|
|
|
|
func NewCLIBouncers() *cliBouncers {
|
|
|
|
|
return &cliBouncers{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (cli cliBouncers) NewCommand() *cobra.Command {
|
|
|
|
|
cmd := &cobra.Command{
|
|
|
|
|
Use: "bouncers [action]",
|
|
|
|
|
Short: "Manage bouncers [requires local API]",
|
|
|
|
|
Long: `To list/add/delete/prune bouncers.
|
|
|
|
|
Note: This command requires database direct access, so is intended to be run on Local API/master.
|
|
|
|
|
`,
|
|
|
|
|
Args: cobra.MinimumNArgs(1),
|
|
|
|
|
Aliases: []string{"bouncer"},
|
|
|
|
|
DisableAutoGenTag: true,
|
|
|
|
|
PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
|
|
|
|
|
var err error
|
|
|
|
|
if err = require.LAPI(csConfig); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dbClient, err = database.NewClient(csConfig.DbConfig)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("unable to create new database client: %s", err)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cmd.AddCommand(cli.NewListCmd())
|
|
|
|
|
cmd.AddCommand(cli.NewAddCmd())
|
|
|
|
|
cmd.AddCommand(cli.NewDeleteCmd())
|
|
|
|
|
cmd.AddCommand(cli.NewPruneCmd())
|
|
|
|
|
|
|
|
|
|
return cmd
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (cli cliBouncers) NewListCmd() *cobra.Command {
|
|
|
|
|
cmd := &cobra.Command{
|
2021-08-31 13:03:47 +00:00
|
|
|
Use: "list",
|
2023-07-28 14:37:39 +00:00
|
|
|
Short: "list all bouncers within the database",
|
2021-08-31 13:03:47 +00:00
|
|
|
Example: `cscli bouncers list`,
|
|
|
|
|
Args: cobra.ExactArgs(0),
|
|
|
|
|
DisableAutoGenTag: true,
|
2023-02-20 14:05:42 +00:00
|
|
|
RunE: func(cmd *cobra.Command, arg []string) error {
|
2022-10-13 10:28:24 +00:00
|
|
|
err := getBouncers(color.Output, dbClient)
|
2020-11-30 09:37:17 +00:00
|
|
|
if err != nil {
|
2023-02-20 14:05:42 +00:00
|
|
|
return fmt.Errorf("unable to list bouncers: %s", err)
|
2020-11-30 09:37:17 +00:00
|
|
|
}
|
2023-02-20 14:05:42 +00:00
|
|
|
return nil
|
2020-11-30 09:37:17 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
return cmd
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
|
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
func (cli cliBouncers) add(cmd *cobra.Command, args []string) error {
|
2023-11-24 14:01:13 +00:00
|
|
|
keyLength := 32
|
2022-12-30 09:13:52 +00:00
|
|
|
|
2023-11-24 14:01:13 +00:00
|
|
|
flags := cmd.Flags()
|
2022-12-30 09:13:52 +00:00
|
|
|
|
|
|
|
|
key, err := flags.GetString("key")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
keyName := args[0]
|
|
|
|
|
var apiKey string
|
|
|
|
|
|
|
|
|
|
if keyName == "" {
|
2023-02-20 14:05:42 +00:00
|
|
|
return fmt.Errorf("please provide a name for the api key")
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
|
|
|
|
apiKey = key
|
|
|
|
|
if key == "" {
|
|
|
|
|
apiKey, err = middlewares.GenerateAPIKey(keyLength)
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
2023-02-20 14:05:42 +00:00
|
|
|
return fmt.Errorf("unable to generate api key: %s", err)
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
|
|
|
|
_, err = dbClient.CreateBouncer(keyName, "", middlewares.HashSHA512(apiKey), types.ApiKeyAuthType)
|
|
|
|
|
if err != nil {
|
2023-02-20 14:05:42 +00:00
|
|
|
return fmt.Errorf("unable to create bouncer: %s", err)
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
|
|
|
|
|
2023-11-24 14:01:13 +00:00
|
|
|
switch csConfig.Cscli.Output {
|
|
|
|
|
case "human":
|
2023-07-21 21:23:24 +00:00
|
|
|
fmt.Printf("API key for '%s':\n\n", keyName)
|
2022-12-30 09:13:52 +00:00
|
|
|
fmt.Printf(" %s\n\n", apiKey)
|
|
|
|
|
fmt.Print("Please keep this key since you will not be able to retrieve it!\n")
|
2023-11-24 14:01:13 +00:00
|
|
|
case "raw":
|
2022-12-30 09:13:52 +00:00
|
|
|
fmt.Printf("%s", apiKey)
|
2023-11-24 14:01:13 +00:00
|
|
|
case "json":
|
2022-12-30 09:13:52 +00:00
|
|
|
j, err := json.Marshal(apiKey)
|
|
|
|
|
if err != nil {
|
2023-02-20 14:05:42 +00:00
|
|
|
return fmt.Errorf("unable to marshal api key")
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
|
|
|
|
fmt.Printf("%s", string(j))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
func (cli cliBouncers) NewAddCmd() *cobra.Command {
|
|
|
|
|
cmd := &cobra.Command{
|
2023-11-24 14:01:13 +00:00
|
|
|
Use: "add MyBouncerName",
|
2023-07-28 14:37:39 +00:00
|
|
|
Short: "add a single bouncer to the database",
|
2023-03-03 10:06:27 +00:00
|
|
|
Example: `cscli bouncers add MyBouncerName
|
2023-11-24 14:01:13 +00:00
|
|
|
cscli bouncers add MyBouncerName --key <random-key>`,
|
2021-08-31 13:03:47 +00:00
|
|
|
Args: cobra.ExactArgs(1),
|
|
|
|
|
DisableAutoGenTag: true,
|
2023-12-07 13:36:35 +00:00
|
|
|
RunE: cli.add,
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
2020-11-30 09:37:17 +00:00
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
flags := cmd.Flags()
|
2023-11-24 14:01:13 +00:00
|
|
|
flags.StringP("length", "l", "", "length of the api key")
|
|
|
|
|
flags.MarkDeprecated("length", "use --key instead")
|
2022-12-30 09:13:52 +00:00
|
|
|
flags.StringP("key", "k", "", "api key for the bouncer")
|
|
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
return cmd
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
|
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
func (cli cliBouncers) delete(cmd *cobra.Command, args []string) error {
|
2022-12-30 09:13:52 +00:00
|
|
|
for _, bouncerID := range args {
|
|
|
|
|
err := dbClient.DeleteBouncer(bouncerID)
|
|
|
|
|
if err != nil {
|
2023-02-20 14:05:42 +00:00
|
|
|
return fmt.Errorf("unable to delete bouncer '%s': %s", bouncerID, err)
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
|
|
|
|
log.Infof("bouncer '%s' deleted successfully", bouncerID)
|
2020-11-30 09:37:17 +00:00
|
|
|
}
|
|
|
|
|
|
2022-12-30 09:13:52 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
func (cli cliBouncers) NewDeleteCmd() *cobra.Command {
|
|
|
|
|
cmd := &cobra.Command{
|
2021-08-31 13:03:47 +00:00
|
|
|
Use: "delete MyBouncerName",
|
2023-08-03 10:26:08 +00:00
|
|
|
Short: "delete bouncer(s) from the database",
|
2021-09-02 10:23:06 +00:00
|
|
|
Args: cobra.MinimumNArgs(1),
|
2022-04-20 13:44:48 +00:00
|
|
|
Aliases: []string{"remove"},
|
2021-08-31 13:03:47 +00:00
|
|
|
DisableAutoGenTag: true,
|
2022-12-05 14:39:54 +00:00
|
|
|
ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
|
|
|
|
|
var err error
|
|
|
|
|
dbClient, err = getDBClient()
|
|
|
|
|
if err != nil {
|
|
|
|
|
cobra.CompError("unable to create new database client: " + err.Error())
|
|
|
|
|
return nil, cobra.ShellCompDirectiveNoFileComp
|
|
|
|
|
}
|
|
|
|
|
bouncers, err := dbClient.ListBouncers()
|
|
|
|
|
if err != nil {
|
|
|
|
|
cobra.CompError("unable to list bouncers " + err.Error())
|
|
|
|
|
}
|
|
|
|
|
ret := make([]string, 0)
|
|
|
|
|
for _, bouncer := range bouncers {
|
2023-05-31 10:39:22 +00:00
|
|
|
if strings.Contains(bouncer.Name, toComplete) && !slices.Contains(args, bouncer.Name) {
|
2022-12-05 14:39:54 +00:00
|
|
|
ret = append(ret, bouncer.Name)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ret, cobra.ShellCompDirectiveNoFileComp
|
|
|
|
|
},
|
2023-12-07 13:36:35 +00:00
|
|
|
RunE: cli.delete,
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
|
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
return cmd
|
2022-12-30 09:13:52 +00:00
|
|
|
}
|
|
|
|
|
|
2023-12-07 13:36:35 +00:00
|
|
|
func (cli cliBouncers) NewPruneCmd() *cobra.Command {
|
2023-07-28 14:37:39 +00:00
|
|
|
var parsedDuration time.Duration
|
2023-12-07 13:36:35 +00:00
|
|
|
cmd := &cobra.Command{
|
2023-07-28 14:37:39 +00:00
|
|
|
Use: "prune",
|
|
|
|
|
Short: "prune multiple bouncers from the database",
|
|
|
|
|
Args: cobra.NoArgs,
|
|
|
|
|
DisableAutoGenTag: true,
|
|
|
|
|
Example: `cscli bouncers prune -d 60m
|
|
|
|
|
cscli bouncers prune -d 60m --force`,
|
|
|
|
|
PreRunE: func(cmd *cobra.Command, args []string) error {
|
|
|
|
|
dur, _ := cmd.Flags().GetString("duration")
|
|
|
|
|
var err error
|
|
|
|
|
parsedDuration, err = time.ParseDuration(fmt.Sprintf("-%s", dur))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("unable to parse duration '%s': %s", dur, err)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
|
|
|
force, _ := cmd.Flags().GetBool("force")
|
|
|
|
|
if parsedDuration >= 0-2*time.Minute {
|
|
|
|
|
var answer bool
|
|
|
|
|
prompt := &survey.Confirm{
|
|
|
|
|
Message: "The duration you provided is less than or equal 2 minutes this may remove active bouncers continue ?",
|
|
|
|
|
Default: false,
|
|
|
|
|
}
|
|
|
|
|
if err := survey.AskOne(prompt, &answer); err != nil {
|
|
|
|
|
return fmt.Errorf("unable to ask about prune check: %s", err)
|
|
|
|
|
}
|
|
|
|
|
if !answer {
|
|
|
|
|
fmt.Println("user aborted prune no changes were made")
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
bouncers, err := dbClient.QueryBouncersLastPulltimeLT(time.Now().UTC().Add(parsedDuration))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("unable to query bouncers: %s", err)
|
|
|
|
|
}
|
|
|
|
|
if len(bouncers) == 0 {
|
|
|
|
|
fmt.Println("no bouncers to prune")
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
getBouncersTable(color.Output, bouncers)
|
|
|
|
|
if !force {
|
|
|
|
|
var answer bool
|
|
|
|
|
prompt := &survey.Confirm{
|
|
|
|
|
Message: "You are about to PERMANENTLY remove the above bouncers from the database these will NOT be recoverable, continue ?",
|
|
|
|
|
Default: false,
|
|
|
|
|
}
|
|
|
|
|
if err := survey.AskOne(prompt, &answer); err != nil {
|
|
|
|
|
return fmt.Errorf("unable to ask about prune check: %s", err)
|
|
|
|
|
}
|
|
|
|
|
if !answer {
|
|
|
|
|
fmt.Println("user aborted prune no changes were made")
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
nbDeleted, err := dbClient.BulkDeleteBouncers(bouncers)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("unable to prune bouncers: %s", err)
|
|
|
|
|
}
|
|
|
|
|
fmt.Printf("successfully delete %d bouncers\n", nbDeleted)
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
}
|
2023-12-07 13:36:35 +00:00
|
|
|
cmd.Flags().StringP("duration", "d", "60m", "duration of time since last pull")
|
|
|
|
|
cmd.Flags().Bool("force", false, "force prune without asking for confirmation")
|
|
|
|
|
return cmd
|
2020-11-30 09:37:17 +00:00
|
|
|
}
|
