Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add traceectl to tracee #4396

Open
wants to merge 46 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
9f3f301
Add traceectl to tracee
ShohamBit Nov 18, 2024
dc74620
change design for traceectl
ShohamBit Nov 24, 2024
d1c4c2b
remove not support code by tracee
ShohamBit Nov 26, 2024
276a26d
fix client code
ShohamBit Nov 28, 2024
963f304
fix formatter
ShohamBit Nov 28, 2024
f6a7e73
fix mock server and client
ShohamBit Nov 28, 2024
76e458f
fix client and root
ShohamBit Nov 28, 2024
02e7469
moved printer stream code to stream
ShohamBit Nov 28, 2024
4eb3d36
add support to json
ShohamBit Nov 28, 2024
996ba0b
fix event and remove printer pkg
ShohamBit Nov 28, 2024
49f032b
support output
ShohamBit Nov 28, 2024
dc8f5c5
Merge branch 'main' of https://github.com/aquasecurity/tracee into tr…
ShohamBit Nov 28, 2024
0db47c2
added basic documantion for traceectl
ShohamBit Nov 28, 2024
aab269e
add white space to make the server connection a separate block.
ShohamBit Nov 28, 2024
bc1b6b7
added version command doc
ShohamBit Nov 28, 2024
ae1af2b
added doc for event
ShohamBit Nov 28, 2024
c8dd56f
added stream doc
ShohamBit Nov 28, 2024
bd86112
added metrics docs
ShohamBit Nov 28, 2024
70e1142
make formt flag global
ShohamBit Nov 28, 2024
951073f
added docs to traceectl flags
ShohamBit Nov 28, 2024
0d4a491
added error msg for not supported output format
ShohamBit Dec 3, 2024
866bca3
added server flag code
ShohamBit Dec 4, 2024
21986f0
modified code to align with new status flag code, fix minor issues
ShohamBit Dec 4, 2024
2e6736d
change make bulid to go build, remove install
ShohamBit Dec 4, 2024
22a9ce4
change default socket to /var/run/tracee.sock
ShohamBit Dec 4, 2024
66cbb46
added docs to mkdocs file
ShohamBit Dec 4, 2024
040aa47
Update cmd/traceectl/cmd/event.go
ShohamBit Dec 5, 2024
b25453a
Update cmd/traceectl/cmd/event.go
ShohamBit Dec 5, 2024
38eee76
Update cmd/traceectl/cmd/event.go
ShohamBit Dec 5, 2024
80ac03f
Update cmd/traceectl/cmd/event.go
ShohamBit Dec 5, 2024
9d709f8
Update docs/docs/traceectl/commands/version.md
ShohamBit Dec 5, 2024
685dc3a
Update docs/docs/traceectl/flags/format.md
ShohamBit Dec 5, 2024
1988569
Update cmd/traceectl/cmd/event.go
ShohamBit Dec 5, 2024
a0aab98
Update docs/docs/traceectl/flags/server.md
ShohamBit Dec 5, 2024
ec9ad90
Update docs/docs/traceectl/index.md
ShohamBit Dec 5, 2024
e29a2c2
Update docs/docs/traceectl/index.md
ShohamBit Dec 5, 2024
a6ba7ce
Update cmd/traceectl/cmd/event.go
ShohamBit Dec 5, 2024
4cc6c42
Update cmd/traceectl/cmd/event.go
ShohamBit Dec 5, 2024
cc6f0fb
fix client pkg
ShohamBit Dec 5, 2024
1d8be55
fix flag pkg
ShohamBit Dec 5, 2024
57347ac
tidy formmatter pkg
ShohamBit Dec 5, 2024
3adbf18
fix event command code
ShohamBit Dec 5, 2024
b7a2978
fix root command
ShohamBit Dec 5, 2024
30317ed
fix stream code
ShohamBit Dec 5, 2024
2159616
resolve client creation code
ShohamBit Dec 8, 2024
b97a6ab
made changes to the docs of traceectl
ShohamBit Dec 8, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
150 changes: 150 additions & 0 deletions cmd/traceectl/cmd/event.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
package cmd

//TODO:
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
import (
"context"

pb "github.com/aquasecurity/tracee/api/v1beta1"
"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/formatter"
"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/printer"
"github.com/spf13/cobra"
)

var eventFormatFlag string
var eventOutputFlag string

var eventCmd = &cobra.Command{
Use: "event [command]",
Short: "Event management for tracee",
Long: `Event Management for tracee
Let you enable and disable events in tracee.
Get descriptions of events and run them.
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
`,
Args: cobra.MinimumNArgs(1),
Run: func(cmd *cobra.Command, args []string) {
if len(args) == 0 {
cmd.PrintErrln("Error: no event names provided. Please specify at least one event to enable.")
return
}
},
}

func init() {
eventCmd.AddCommand(listEventCmd)
eventCmd.AddCommand(describeEventCmd)
eventCmd.AddCommand(enableEventCmd)
eventCmd.AddCommand(disableEventCmd)

listEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table|template) ")
listEventCmd.Flags().StringVarP(&eventOutputFlag, "output", "o", "stdout", "Output destination ")

describeEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table|template) ")
describeEventCmd.Flags().StringVarP(&eventOutputFlag, "output", "o", "stdout", "Output destination ")
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
}

var listEventCmd = &cobra.Command{
Use: "list",
Short: "list events",
Long: `Lists all available event definitions (built-in and plugin-defined), providing a brief summary of each.`,
Args: cobra.MaximumNArgs(0),
Run: func(cmd *cobra.Command, args []string) {
listEvents(cmd, args)
},
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
}
var describeEventCmd = &cobra.Command{
Use: "describe <event_name>",
Short: "describe event",
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
Long: `Retrieves the detailed definition of a specific event, including its fields, types, and other metadata.`,
Args: cobra.ExactArgs(1),
Run: func(cmd *cobra.Command, args []string) {
getEventDescriptions(cmd, args)
},
}
var enableEventCmd = &cobra.Command{
Use: "enable <event_name>",
Short: "enable event",
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
Long: `Enables capturing of a specific event type.`,
Args: cobra.ExactArgs(1),
Run: func(cmd *cobra.Command, args []string) {
enableEvents(cmd, args[0])
},
}
var disableEventCmd = &cobra.Command{
Use: "disable <event_name>",
Short: "disable event",
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
Long: `Disables capturing of a specific event type.`,
Args: cobra.ExactArgs(1),
Run: func(cmd *cobra.Command, args []string) {
disableEvents(cmd, args[0])
},
}

func listEvents(cmd *cobra.Command, args []string) {
var traceeClient client.ServiceClient
if err := traceeClient.NewServiceClient(serverInfo); err != nil {
cmd.PrintErrln("Error creating client: ", err)
return
}
defer traceeClient.CloseConnection()
response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
cmd.PrintErrln("Error getting event definitions: ", err)
return

ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
}
format, err := formatter.New(eventFormatFlag, eventOutputFlag, cmd)
if err != nil {
cmd.PrintErrln("Error creating formatter: ", err)
return
}
printer.ListEvents(format, args, response)
}
func getEventDescriptions(cmd *cobra.Command, args []string) {
var traceeClient client.ServiceClient
if err := traceeClient.NewServiceClient(serverInfo); err != nil {
cmd.PrintErrln("Error creating client: ", err)
return
}
defer traceeClient.CloseConnection()
response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
if err != nil {
cmd.PrintErrln("Error getting event definitions: ", err)
return

}
format, err := formatter.New(eventFormatFlag, eventOutputFlag, cmd)
if err != nil {
cmd.PrintErrln("Error creating formatter: ", err)
return
}
printer.DescribeEvent(format, args, response)
}
func enableEvents(cmd *cobra.Command, eventName string) {
var traceeClient client.ServiceClient
if err := traceeClient.NewServiceClient(serverInfo); err != nil {
cmd.PrintErrln("Error creating client: ", err)
return
}
_, err := traceeClient.EnableEvent(context.Background(), &pb.EnableEventRequest{Name: eventName})
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
cmd.PrintErrln("Error enabling event:", err)
return
}
cmd.Printf("Enabled event: %s\n", eventName)
}

func disableEvents(cmd *cobra.Command, eventName string) {
var traceeClient client.ServiceClient
if err := traceeClient.NewServiceClient(serverInfo); err != nil {
cmd.PrintErrln("Error creating client: ", err)
return
}
_, err := traceeClient.DisableEvent(context.Background(), &pb.DisableEventRequest{Name: eventName})
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
cmd.PrintErrln("Error disabling event:", err)
return
}
cmd.Printf("Disabled event: %s\n", eventName)

}
64 changes: 64 additions & 0 deletions cmd/traceectl/cmd/event_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
package cmd

import (
"fmt"
"testing"

"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/test"
)

func TestEvent(t *testing.T) {
eventTests := []test.TestCase{
{
TestName: "event",
OutputSlice: []string{"event"},
ExpectedPrinter: nil,
ExpectedError: fmt.Errorf("requires at least 1 arg(s), only received 0"),
},
{
TestName: "events list",
OutputSlice: []string{"event", "list", "--format", "json"},
ExpectedPrinter: "",
ExpectedError: nil,
},
{
TestName: "No events describe",
OutputSlice: []string{"event", "describe", "--format", "json"},
ExpectedPrinter: nil,
ExpectedError: fmt.Errorf("accepts 1 arg(s), received 0"),
},
{
TestName: "describe <event_test1>",
OutputSlice: []string{"event", "describe", "event_test1", "--format", "json"},
ExpectedPrinter: "event_test1",
ExpectedError: nil,
},
{
TestName: "No events enable",
OutputSlice: []string{"event", "enable"},
ExpectedPrinter: nil,
ExpectedError: fmt.Errorf("accepts 1 arg(s), received 0"),
},
{
TestName: "enable event",
OutputSlice: []string{"event", "enable", "event"},
ExpectedPrinter: "Enabled event: event",
ExpectedError: nil,
},
{
TestName: "No disable events",
OutputSlice: []string{"event", "disable"},
ExpectedPrinter: nil,
ExpectedError: fmt.Errorf("accepts 1 arg(s), received 0"),
},
{
TestName: "disable event",
OutputSlice: []string{"event", "disable", "event"},
ExpectedPrinter: "Disabled event: event",
ExpectedError: nil,
},
}
for _, testCase := range eventTests {
t.Run(testCase.TestName, func(t *testing.T) { test.TestCommand(t, testCase, rootCmd) })
}
}
106 changes: 106 additions & 0 deletions cmd/traceectl/cmd/root.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
package cmd

import (
"context"
"os"

pb "github.com/aquasecurity/tracee/api/v1beta1"
"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"

"github.com/spf13/cobra"
)

var formatFlag string
var outputFlag string
var serverFlag string
var (
serverInfo client.ServerInfo = client.ServerInfo{
ConnectionType: client.PROTOCOL_UNIX,
ADDR: client.SOCKET,
}

rootCmd = &cobra.Command{
Use: "traceectl [flags] [command]",
Short: "TraceeCtl is a CLI tool for tracee",
Long: "TraceeCtl is the client for the tracee API server.",
Run: func(cmd *cobra.Command, args []string) {
cmd.Help()
},
}
)

func init() {
rootCmd.AddCommand(streamCmd)
rootCmd.AddCommand(eventCmd)
rootCmd.AddCommand(metricsCmd)
rootCmd.AddCommand(versionCmd)

rootCmd.PersistentFlags().StringVar(&serverInfo.ADDR, "server", client.SOCKET, `Server connection path or address.
for unix socket <socket_path> (default: /tmp/tracee.sock)
for tcp <IP:Port>`)

}

var metricsCmd = &cobra.Command{
Use: "metrics [--output <format>]",
Short: "Display Tracee metrics",
Long: "Retrieves metrics about Tracee's performance and resource usage.",
Run: func(cmd *cobra.Command, args []string) {
displayMetrics(cmd, args)
},
}

var versionCmd = &cobra.Command{
Use: "version",
Short: "Display the version of tracee",
Long: "This is the version of tracee application you connected to",
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
Run: func(cmd *cobra.Command, args []string) {
displayVersion(cmd, args)
},
}

func Execute() {
if err := rootCmd.Execute(); err != nil {
os.Exit(1)
}
}

func displayMetrics(cmd *cobra.Command, _ []string) {
var traceeClient client.DiagnosticClient
if err := traceeClient.NewDiagnosticClient(serverInfo); err != nil {
cmd.PrintErrln("Error creating client: ", err)
return
}
defer traceeClient.CloseConnection()
response, err := traceeClient.GetMetrics(context.Background(), &pb.GetMetricsRequest{})
if err != nil {
cmd.PrintErrln("Error getting metrics: ", err)
return
}
cmd.Println("EventCount:", response.EventCount)
cmd.Println("EventsFiltered:", response.EventsFiltered)
cmd.Println("NetCapCount:", response.NetCapCount)
cmd.Println("BPFLogsCount:", response.BPFLogsCount)
cmd.Println("ErrorCount:", response.ErrorCount)
cmd.Println("LostEvCount:", response.LostEvCount)
cmd.Println("LostWrCount:", response.LostWrCount)
cmd.Println("LostNtCapCount:", response.LostNtCapCount)
cmd.Println("LostBPFLogsCount:", response.LostBPFLogsCount)
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
}

func displayVersion(cmd *cobra.Command, _ []string) {
var traceeClient client.ServiceClient
if err := traceeClient.NewServiceClient(serverInfo); err != nil {
cmd.PrintErrln("Error creating client: ", err)
return
}
defer traceeClient.CloseConnection()
response, err := traceeClient.GetVersion(context.Background(), &pb.GetVersionRequest{})

if err != nil {
cmd.PrintErrln("Error getting version: ", err)
return
} else {
cmd.Println("Version: ", response.Version)
}
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
}
53 changes: 53 additions & 0 deletions cmd/traceectl/cmd/stream.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
package cmd

import (
pb "github.com/aquasecurity/tracee/api/v1beta1"
"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/formatter"
"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/printer"

"github.com/spf13/cobra"
)

var streamFormatFlag string
var streamOutputFlag string
var streamCmd = &cobra.Command{
Use: "stream [policies...]",
Short: "Stream events from tracee",
Long: `Stream Management:

`,
Run: func(cmd *cobra.Command, args []string) {
stream(cmd, args)
},
}

func init() {

streamCmd.Flags().StringVarP(&streamFormatFlag, "format", "f", formatter.FormatJSON, "Output format (json|table|template)")
streamCmd.Flags().StringVarP(&streamOutputFlag, "output", "o", "stdout", "Output destination ")
}

func stream(cmd *cobra.Command, args []string) {

var traceeClient client.ServiceClient
err := traceeClient.NewServiceClient(serverInfo)
if err != nil {
cmd.PrintErrln("Error creating client: ", err)
return
}
defer traceeClient.CloseConnection()
req := &pb.StreamEventsRequest{Policies: args}
stream, err := traceeClient.StreamEvents(cmd.Context(), req)
if err != nil {
cmd.PrintErrln("Error calling Stream: ", err)
return
}
format, err := formatter.New(streamFormatFlag, streamOutputFlag, cmd)
if err != nil {
cmd.PrintErrln("Error creating formatter: ", err)
return
}
printer.StreamEvents(format, args, stream)

}
Loading