soar_auditor_api 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +40 -48
- data/lib/soar_auditor_api/version.rb +1 -1
- data/sanity/Gemfile +1 -2
- data/sanity/sanity.rb +6 -4
- data/soar_auditor_api.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 86bd2491171a982f60f65da6895a59d063339d35
|
4
|
+
data.tar.gz: b9c2e332fa486de9d2426d62c82c0f3cec123c2d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 260db2993a63524491abf76e5819ab0e58fbcd16aea12835acf06a9e90c761072aad52256274fe6ec01330d8d12a28636fd56b7e2e3257882f43c1c3017aee2d
|
7
|
+
data.tar.gz: 01d1e3b6d87b79e1146066c159a5db24b8cd0082b5babe411eb59a222d8852620c4231c8a3dbd8bc7cd312c6ebcc39344fdd5cfaaf957d62c37d8d35ed06fdc5
|
data/README.md
CHANGED
@@ -1,12 +1,10 @@
|
|
1
|
-
#TODO fix this file
|
2
|
-
|
3
1
|
# SoarAuditorApi
|
4
2
|
|
5
3
|
This gem provides the auditor api for the SOAR architecture.
|
6
4
|
|
7
5
|
## State of the API
|
8
6
|
|
9
|
-
|
7
|
+
This API is still a work in progress but should be sufficient to most auditors
|
10
8
|
|
11
9
|
## Installation
|
12
10
|
|
@@ -32,14 +30,6 @@ Behavioural driven testing can be performed:
|
|
32
30
|
|
33
31
|
## Usage
|
34
32
|
|
35
|
-
|
36
|
-
|
37
|
-
### Auditing Providers that utilize the SoarAuditorAPI as clients
|
38
|
-
|
39
|
-
|
40
|
-
Note that the APIs (debug/info/warn/error/fatal) accept any object as a parameter. The object will be serialized using the .to_s method and therefore the object must implement the .to_s method (or already be a string that has the .to_s method).
|
41
|
-
|
42
|
-
|
43
33
|
### Auditors that extend from the SoarAuditorAPI
|
44
34
|
|
45
35
|
Extend from the SoarAuditorAPI as follow
|
@@ -49,7 +39,7 @@ class MyAuditor < SoarAuditorApi::SoarAuditorAPI
|
|
49
39
|
end
|
50
40
|
```
|
51
41
|
|
52
|
-
|
42
|
+
It is required that the auditors that extend from this API implement two methods: "audit" and "configuration_is_valid". The API will call these methods using inversion of control as follow:
|
53
43
|
|
54
44
|
The configuration_is_valid method provides the API with a way of ensuring that a configuration is valid for the auditor.
|
55
45
|
```ruby
|
@@ -65,68 +55,69 @@ def audit(data)
|
|
65
55
|
end
|
66
56
|
```
|
67
57
|
|
68
|
-
The configuration is made available to the auditor through the @configuration attribute in the API.
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
#TODO complete this section
|
74
|
-
#TODO Extend the SoarAuditorApi::AuditingProviderAPI to create an auditing provider:
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
Provide the required inversion of control method to configure (an) injected auditor(s):
|
79
|
-
|
80
|
-
```
|
81
|
-
def configure_auditor(configuration = nil)
|
82
|
-
@auditor.configure(configuration)
|
58
|
+
The configuration is made available to the auditor through the @configuration attribute in the API class.
|
59
|
+
```ruby
|
60
|
+
def audit(data)
|
61
|
+
puts @configuration["preprefix"] + data
|
83
62
|
end
|
84
63
|
```
|
85
64
|
|
86
|
-
Initialize the provider so:
|
87
65
|
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
66
|
+
### Auditing Providers that utilize the SoarAuditorAPI as clients
|
67
|
+
|
68
|
+
Instantiate an auditor that extends the SoarAuditorAPI:
|
69
|
+
```ruby
|
70
|
+
@iut = SanityAuditor.new
|
92
71
|
```
|
93
72
|
|
94
|
-
|
73
|
+
Configure the auditor with required parameters:
|
74
|
+
```ruby
|
75
|
+
configuration = { "preprefix" => "very important:" }
|
76
|
+
@iut.configure(configuration)
|
77
|
+
```
|
95
78
|
|
79
|
+
Set the desired audit level. Allowed levels (in increasing level of priority) are :debug, :info, :warn, :error and :fatal. As an example only :warn, :error and :fatal audit events will be logged if you set the level to :warn.
|
80
|
+
```ruby
|
81
|
+
@iut.set_audit_level(:warn)
|
96
82
|
```
|
83
|
+
|
84
|
+
Use the auditing interfaces as follow. The API also supports appending as below, enabling support, e.g. for Rack::CommonLogger, etc.:
|
85
|
+
```ruby
|
97
86
|
@iut.info("This is info")
|
98
|
-
@iut.debug(some_debug_object)
|
99
87
|
@iut.warn("Statistics show that dropped packets have increased to #{dropped}%")
|
100
88
|
@iut.error("Could not resend some dropped packets. They have been lost. All is still OK, I could compensate")
|
101
89
|
@iut.fatal("Unable to perform action, too many dropped packets. Functional degradation.")
|
102
90
|
@iut << 'Rack::CommonLogger requires this'
|
103
91
|
```
|
104
92
|
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
93
|
+
Note that the APIs (debug/info/warn/error/fatal) accept any object as a parameter. The object will be serialized using the .to_s method and therefore the object must implement the .to_s method (or already be of a basic object type that has the .to_s method).
|
94
|
+
```ruby
|
95
|
+
some_debug_object = 123
|
96
|
+
@iut.debug(some_debug_object)
|
109
97
|
```
|
110
98
|
|
111
99
|
## Detailed example
|
112
100
|
|
113
|
-
```
|
114
|
-
require 'log4r'
|
101
|
+
```ruby
|
115
102
|
require 'soar_auditor_api'
|
103
|
+
require 'byebug'
|
104
|
+
|
105
|
+
class SanityAuditor < SoarAuditorApi::SoarAuditorAPI
|
106
|
+
def configuration_is_valid(configuration)
|
107
|
+
return configuration.include?("preprefix")
|
108
|
+
end
|
116
109
|
|
117
|
-
|
118
|
-
|
119
|
-
@auditor.outputters = configuration['outputter']
|
110
|
+
def audit(data)
|
111
|
+
puts @configuration["preprefix"] + data
|
120
112
|
end
|
121
113
|
end
|
122
114
|
|
123
115
|
class Main
|
124
|
-
include Log4r
|
125
|
-
|
126
116
|
def test_sanity
|
127
|
-
|
128
|
-
|
129
|
-
@iut
|
117
|
+
@iut = SanityAuditor.new
|
118
|
+
configuration = { "preprefix" => "very important:" }
|
119
|
+
@iut.configure(configuration)
|
120
|
+
@iut.set_audit_level(:debug)
|
130
121
|
|
131
122
|
some_debug_object = 123
|
132
123
|
@iut.info("This is info")
|
@@ -135,6 +126,7 @@ class Main
|
|
135
126
|
@iut.warn("Statistics show that dropped packets have increased to #{dropped}%")
|
136
127
|
@iut.error("Could not resend some dropped packets. They have been lost. All is still OK, I could compensate")
|
137
128
|
@iut.fatal("Unable to perform action, too many dropped packets. Functional degradation.")
|
129
|
+
@iut << 'Rack::CommonLogger requires this'
|
138
130
|
end
|
139
131
|
end
|
140
132
|
|
data/sanity/Gemfile
CHANGED
data/sanity/sanity.rb
CHANGED
@@ -1,20 +1,22 @@
|
|
1
1
|
require 'soar_auditor_api'
|
2
2
|
require 'byebug'
|
3
3
|
|
4
|
-
class SanityAuditor < SoarAuditorAPI
|
4
|
+
class SanityAuditor < SoarAuditorApi::SoarAuditorAPI
|
5
5
|
def configuration_is_valid(configuration)
|
6
|
-
return
|
6
|
+
return configuration.include?("preprefix")
|
7
7
|
end
|
8
8
|
|
9
9
|
def audit(data)
|
10
|
-
puts data
|
10
|
+
puts @configuration["preprefix"] + data
|
11
11
|
end
|
12
12
|
end
|
13
13
|
|
14
14
|
class Main
|
15
15
|
def test_sanity
|
16
16
|
@iut = SanityAuditor.new
|
17
|
-
|
17
|
+
configuration = { "preprefix" => "very important:" }
|
18
|
+
@iut.configure(configuration)
|
19
|
+
@iut.set_audit_level(:debug)
|
18
20
|
|
19
21
|
some_debug_object = 123
|
20
22
|
@iut.info("This is info")
|
data/soar_auditor_api.gemspec
CHANGED
@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
|
|
10
10
|
spec.email = ["barney.de.villiers@hetzner.co.za"]
|
11
11
|
|
12
12
|
spec.summary = %q{SOAR auditor api}
|
13
|
-
spec.description = %q{SOAR auditor api from which
|
13
|
+
spec.description = %q{SOAR auditor api from which auditor implementations will extend}
|
14
14
|
spec.homepage = "https://github.hetzner.co.za/hetznerZA/soar_auditor_api"
|
15
15
|
spec.license = "MIT"
|
16
16
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: soar_auditor_api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Barney de Villiers
|
@@ -66,7 +66,7 @@ dependencies:
|
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '9'
|
69
|
-
description: SOAR auditor api from which
|
69
|
+
description: SOAR auditor api from which auditor implementations will extend
|
70
70
|
email:
|
71
71
|
- barney.de.villiers@hetzner.co.za
|
72
72
|
executables: []
|