alert_logic 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2f27c0cd3f279ace8c205fbf2d9d30e968031e7b
+  data.tar.gz: 59254fc8eae44353d53784063a4fe79c4d696df3
+SHA512:
+  metadata.gz: e3db2ee086242a95906fee39aaece994804ab73845d507f899676a85542b9df9a6d3304aa25ee2a4147e8b88feab77c6fbd5bcff11a14fe515682f4b0a845dc8
+  data.tar.gz: edc3f29405ea8cc9f7b4fdffa9884a7fcc90b51782d04d4c3dd0563f58cebd30b3dec831699600c194f145a962a6a3f0e4479e2d0f794971576038614843d6d7

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.env
+spec/support/json
+*.swp
+.ruby-version

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/.rubocop.yml

@@ -0,0 +1,13 @@
+AllCops:
+  Excludes:
+    - vendor/**
+HashSyntax:
+  EnforcedStyle: hash_rockets
+MethodLength:
+  Max: 30
+Eval:
+  Enabled: false
+RegexpLiteral:
+  Enabled: false
+Documentation:
+  Enabled: false

data/Gemfile

@@ -0,0 +1,20 @@
+source 'https://rubygems.org'
+
+group :test do
+  gem 'bundler', '>= 1.5'
+  gem 'rake'
+  gem 'rspec'
+  gem 'rubocop', :platforms => [:ruby_19, :ruby_20, :ruby_21]
+  gem 'sinatra'
+  gem 'webmock'
+  gem 'dotenv'
+end
+
+group :dev do
+  gem 'guard', :platforms => [:ruby_19, :ruby_20, :ruby_21]
+  gem 'guard-rspec', :platforms => [:ruby_19, :ruby_20, :ruby_21]
+  gem 'guard-bundler', :platforms => [:ruby_19, :ruby_20, :ruby_21]
+  gem 'pry-rescue', :platforms => [:ruby_19, :ruby_20, :ruby_21]
+end
+
+gemspec

data/Guardfile

@@ -0,0 +1,13 @@
+guard :rspec, :cmd => 'bundle exec rspec' do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^spec/.+/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})         { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^lib/.+/(.+)\.rb$})      { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^lib/.+/(.+)/(.+)\.rb$}) { |m| "spec/#{m[1]}/#{m[2]}_spec.rb" }
+  watch('spec/spec_helper.rb')      { 'spec' }
+end
+
+guard :bundler do
+  watch('Gemfile')
+  watch(/^.+\.gemspec/)
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Ryan Cragun
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,109 @@
+# AlertLogic
+
+AlertLogic is very early on in development.  The code is not 100% tested and
+many of the tests need to be refactorerd.  Some helper methods have not been
+added but every allowable action the API supports will eventually find itself as
+an instance method on each resource.  You should not consider this a stable API
+until a more mature release with full feature coverage.
+
+While the client passes the specs in Ruby 1.8.7, there's no guarantee that all
+functions will work.  If possible use Ruby >= 1.9.3.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'alert_logic'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install alert_logic
+
+## Usage
+
+AlertLogic only requires the API secret key to authenticate with the API.
+
+```ruby
+require 'alert_logic'
+AlertLogic.secret_key = "YOUR 50 HEX CHARACTER SECRET KEY"
+```
+
+From there you can make raw requests with the API Client:
+
+```ruby
+AlertLogic.api_client.get('policy', 'SOME_POLICY_ID')
+```
+
+If you'd rather avoid the the global client you can create an instance:
+
+```ruby
+@client = AlertLogic::Client.new("YOUR 50 HEX CHARACTER SECRET KEY")
+@client.list('protectedhost')
+```
+
+Using the raw client is fine but the real utility comes from using the resource
+classes:
+
+```ruby
+hosts = AlertLogic::ProtectedHost.find(:all)
+appliance = AlertLogic::Appliance.find(:online, 'id' => 'SOME ID')
+policy_ids = AlertLogic:::Policy.find(:appliance_assignment)
+```
+
+Yeah, that's right, you can use preset filters, custom filters, preset and
+custom filters together or you can even define your own:
+
+```ruby
+my_filters = {
+  :us_east_appliance => {'id' => 'ID OF THE APPLIANCE IN US EAST'}
+  :us_west_appliance => {'id' => 'ID OF THE APPLIANCE IN US WEST'}
+}
+AlertLogic::Resource.filters.merge!(my_filters)
+us_east_appliance = AlertLogic::Appliance.find(:us_east_appliance).first
+```
+
+That's nice, but the real magic comes when you use the classes together:
+
+```ruby
+linux_hosts = AlertLogic::ProtectedHost.find(:online, :linux)
+us_east_appliance = AlertLogic::Appliance.find(:us_east_appliance).first
+linux_hosts.each { |host| host.assign_appliance(us_east_appliance) }
+```
+
+Another cool thing is that all of the Resource attributes become instance
+variables with their own corresponding accessors:
+
+```ruby
+host = AlertLogic::ProtectedHost.find_by_id('SOME HOST ID')
+host.status #=> 'online'
+host.appliance_assigned_to #=> 'XXXXXX-XXXX-XXXX-XXXX-XXXXXXXX'
+host.appliance_connected_to #=> '10.10.1.1'
+host.local_hostname #=> ip-10-154-155-257.ec2.internal
+```
+
+And common actions have corresponding API methods built on:
+
+```ruby
+host = AlertLogic::ProtectedHost.find_by_id('SOME HOST ID')
+host.name #=> 'some_name'
+host.name = "My New Name" #=> "My New Name"
+host.name #=> 'My New Name'
+host.tags #=> nil
+host.tags = "my_tag some_other_tag" #=> "my_tag some_other_tag"
+host.tags #=> [{"name"=>"my_tag"}, {"name"=>"some_other_tag"}]
+host.config_policy_id #=> 'XXXXXX-XXXX-XXXX-XXXX-XXXXXXXX'
+host.config_policy_id = 'AAAAA-AAAAA-AAAA-AAAAA-AAAAAAAA'
+host.config_policy_id #=> 'AAAAA-AAAAA-AAAA-AAAAA-AAAAAAAA'
+```
+
+## Contributing
+
+1. Fork it ( http://github.com/ryancragun/alert_logic/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,45 @@
+#!/usr/bin/env rake
+
+require 'rake'
+require 'rspec'
+require 'rspec/core/rake_task'
+require 'bundler/gem_tasks'
+
+namespace :test do
+  desc 'Run spec suite'
+  RSpec::Core::RakeTask.new(:spec) do |task|
+    task.pattern = FileList['spec/**/*_spec.rb']
+  end
+
+  desc 'Build canned JSON responses'
+  task :build_json do
+    ruby 'spec/support/build_json_responses.rb'
+  end
+
+  desc 'Load fake API console'
+  task :console do
+    ruby 'spec/support/fake_api_console.rb'
+  end
+
+  if RUBY_VERSION !~ /^1\.8\..$/
+    require 'rubocop/rake_task'
+
+    desc 'Run Rubocop style checks'
+    Rubocop::RakeTask.new do |cop|
+      cop.fail_on_error = true
+    end
+  end
+end
+
+if RUBY_VERSION !~ /^1\.8\..$/
+  desc 'Default task to run spec suite'
+  task  :default => ['test:spec', 'test:rubocop']
+else
+  desc 'Default task to run spec suite'
+  task  :default => ['test:spec']
+end
+
+desc 'Load API console'
+task :console do
+  ruby 'spec/support/api_console.rb'
+end

data/alert_logic.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'alert_logic/version'
+require 'base64'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'alert_logic'
+  spec.version       = AlertLogic::VERSION
+  spec.authors       = ['Ryan Cragun']
+  encoded_email      = %w(cnlhbkByaWdodHNjYWxlLmNvbQ==)
+  spec.email         = encoded_email.map { |e| Base64.decode64(e) }
+  message = %q(A feature rich API client for AlertLogic Threat Manager)
+  spec.summary       = message
+  spec.description   = message
+  spec.homepage      = 'https://github.com/ryancragun/alert_logic-gem'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($ORS)
+  spec.executables   = spec.files.grep(/^bin/) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(/^(test|spec|features)/)
+  spec.require_paths = %w(lib)
+
+  spec.add_dependency 'json' if RbConfig::CONFIG['ruby_version'].to_f < 1.9
+  spec.add_dependency 'faraday'
+end

data/lib/alert_logic.rb

@@ -0,0 +1,45 @@
+require 'rubygems'
+require 'logger'
+require 'faraday'
+require 'json'
+
+require 'alert_logic/version'
+require 'alert_logic/log'
+require 'alert_logic/utils'
+require 'alert_logic/client'
+require 'alert_logic/resources'
+
+# Root module methods
+module AlertLogic
+  @api_client = nil
+  @secret_key = nil
+
+  # module api_client and secret_key accessors
+  def self.api_client(secret_key = nil, endpoint = nil)
+    if @api_client
+      if (endpoint && @api_client.endpoint != endpoint) ||
+         (secret_key && @api_client.secret_key != secret_key)
+        @api_client = nil
+      end
+    end
+    @api_client ||= Client.new(secret_key, endpoint)
+  end
+
+  def self.secret_key(secret_key = nil)
+    if !@secret_key && secret_key ||
+       (@secret_key && secret_key) && (@secret_key != secret_key)
+      AlertLogic.api_client(secret_key)
+      @secret_key = secret_key
+    end
+    @secret_key
+  end
+
+  def self.secret_key=(secret_key)
+    if !secret_key
+      @secret_key = nil
+      @api_client = nil
+    else
+      self.secret_key(secret_key)
+    end
+  end
+end

data/lib/alert_logic/client.rb

@@ -0,0 +1,2 @@
+require 'alert_logic/client/rest_methods'
+require 'alert_logic/client/base_client'

data/lib/alert_logic/client/base_client.rb

@@ -0,0 +1,98 @@
+module AlertLogic
+  # JSON parsing HTTP client with some helper methods
+  class Client
+    include Utils
+    include RestMethods
+
+    attr_reader :endpoint, :secret_key
+
+    DEFAULT_ENDPOINT = 'https://publicapi.alertlogic.net/api/tm/v1/'
+
+    def initialize(secret_key = nil, endpoint = nil)
+      @secret_key = secret_key  || AlertLogic.secret_key
+      @endpoint   = endpoint    || DEFAULT_ENDPOINT
+      @logger     = AlertLogic.logger
+      init
+    end
+
+    def secret_key=(secret_key)
+      @secret_key = secret_key
+      reload!
+      @secret_key
+    end
+
+    def endpoint=(endpoint)
+      @endpoint = endpoint
+      reload!
+      @endpoint
+    end
+
+    def reload!
+      @connection = nil
+      init
+    end
+
+    private
+
+    def init
+      verify_key
+      options = { :url => @endpoint,
+                  :ssl => { :verify => false }
+                }
+      headers = { 'Accept'      => 'application/json',
+                  'User-Agent'  => "alert_logic gem v#{VERSION}"
+                }
+      @connection = Faraday.new(options) do |con|
+        con.use         Faraday::Response::Logger,  @logger
+        con.use         Faraday::Response::RaiseError
+        con.adapter     Faraday.default_adapter
+        con.headers     = headers
+        con.basic_auth  @secret_key, ''
+      end
+    end
+
+    def verify_key
+      unless @secret_key =~ /^[a-fA-F\d]{50}$/
+        msg = "#{@secret_key.inspect} is invalid. "
+        msg << 'You must supply a valid 50 character secret_key!'
+        fail InvalidKey, msg
+      end
+    end
+
+    def parse_response_for(resource_type, &api_call)
+      res = yield(api_call)
+      ClientResponse.new(
+        res.status,
+        normalize_response(resource_type, JSON.parse(res.body))
+      )
+    rescue => e
+      raise ClientError, e.message
+    end
+
+    def normalize_response(resource_type, js)
+      if js.respond_to?(:key?)
+        if js.key?(pluralize(resource_type))
+          flatten(resource_type, js[pluralize(resource_type)])
+        elsif js.key?(resource_type)
+          [js[resource_type]]
+        else
+          js.first
+        end
+      elsif js.respond_to?(:empty?) && !js.empty?
+        js
+      else
+        @logger.info "No #{pluralize(resource_type)} found.."
+        []
+      end
+    end
+
+    def flatten(type, resources)
+      resources.count >= 1 ? resources.map! { |item| item[type] } : []
+    end
+  end
+
+  ClientResponse = Struct.new(:status, :body)
+
+  class ClientError < Faraday::Error::ClientError; end
+  class InvalidKey < ClientError; end
+end

data/lib/alert_logic/client/rest_methods.rb

@@ -0,0 +1,58 @@
+module AlertLogic
+  # RestMethods mixin for Client class
+  module RestMethods
+    # Standard REST methods
+    def delete(resource_type, resource_id)
+      parse_response_for(resource_type) do
+        @connection.delete do |request|
+          request.url "#{pluralize(resource_type)}/#{resource_id}"
+        end
+      end
+    end
+
+    def get(resource_type, resource_id, params = {})
+      parse_response_for(resource_type) do
+        base_url = pluralize(resource_type)
+        @connection.get do |request|
+          request.url resource_id ? "#{base_url}/#{resource_id}" : base_url
+          params.each { |k, v| request.params[k] = v }
+        end
+      end
+    end
+
+    def post(resource_type, resource_id, payload)
+      parse_response_for(resource_type) do
+        base_url = pluralize(resource_type)
+        @connection.post do |request|
+          request.url resource_id ? "#{base_url}/#{resource_id}" : base_url
+          request.body = payload.to_json
+          request.headers['Content-Type'] = 'application/json'
+        end
+      end
+    end
+
+    def put(resource_type, resource_id, payload)
+      parse_response_for(resource_type) do
+        @connection.put do |request|
+          request.url "#{pluralize(resource_type)}/#{resource_id}"
+          request.body = payload.to_json
+          request.headers['Content-Type'] = 'application/json'
+        end
+      end
+    end
+
+    # REST method wrappers from AlertLogic API Documentation
+    # https://developer.alertlogic.net/docs/iodocs/tm
+    alias_method :retrieve, :get
+    alias_method :edit, :post
+    alias_method :replace, :put
+
+    def list(resource_type, params = {})
+      get(resource_type, nil, params)
+    end
+
+    def create(resource_type, payload)
+      post(resource_type, nil, payload)
+    end
+  end
+end