Work on sysdig captures

Author: gianlucaborello

.travis.yml

@@ -15,7 +15,7 @@ script:
 - examples/get_data_simple.py XXX
 - examples/list_alerts.py XXX
 - examples/list_alert_notifications.py XXX
-- examples/resolve_alert_notifications.py XXX
+- examples/resolve_alert_notifications.py XXX 1
 - examples/list_dashboards.py XXX
 - examples/list_hosts.py XXX
 - examples/list_metrics.py XXX
@@ -25,6 +25,8 @@ script:
 - examples/print_data_retention_info.py XXX
 - examples/print_explore_grouping.py XXX
 - examples/print_user_info.py XXX
+- examples/list_sysdig_captures.py XXX
+- examples/create_sysdig_capture.py XXX ip-10-0-2-202.ec2.internal apicapture 10
 - echo "Testing pip version"
 - rm -rf sdcclient
 - pip install sdcclient
@@ -37,7 +39,7 @@ script:
 - examples/get_data_simple.py XXX
 - examples/list_alerts.py XXX
 - examples/list_alert_notifications.py XXX
-- examples/resolve_alert_notifications.py XXX
+- examples/resolve_alert_notifications.py XXX 1
 - examples/list_dashboards.py XXX
 - examples/list_hosts.py XXX
 - examples/list_metrics.py XXX
@@ -47,3 +49,5 @@ script:
 - examples/print_data_retention_info.py XXX
 - examples/print_explore_grouping.py XXX
 - examples/print_user_info.py XXX
+- examples/list_sysdig_captures.py XXX
+- examples/create_sysdig_capture.py XXX ip-10-0-2-202.ec2.internal apicapture 10

README.md

@@ -164,7 +164,7 @@ A dictionary containing the list of available sampling intervals.
 
 #### `get_data_retention_info(self)`  
 **Description**  
-Return the list of data retention intervals, with beginning and end UTC time for each of them. Sysdig Cloud performs rollups of the data it stores. This means that data is stored at different time granularities depending on how far in time it is. This call can be used to know what precision you can expect before you make a call to get_data().  
+Return the list of data retention intervals, with beginning and end UTC time for each of them. Sysdig Cloud performs rollups of the data it stores. This means that data is stored at different time granularities depending on how far in time it is. This call can be used to know what precision you can expect before you make a call to `get_data()`.  
 **Success Return Value**  
 A dictionary containing the list of available sampling intervals.  
 **Example**  
@@ -175,8 +175,8 @@ A dictionary containing the list of available sampling intervals.
 Returns the list of Sysdig Cloud events.  
 **Arguments**  
 - **name**: filter events by name.  
-- **from_ts**: filter events created after `from_ts`.
-- **to_ts**: filter events created before `to_ts`.
+- **from_ts**: filter events by start time. Timestamp format is in UTC (seconds).
+- **to_ts**: filter events by end time. Timestamp format is in UTC (seconds).
 - **tags**: filter events by tags. Can be, for example `tag1 = 'value1'`.  
 
 **Success Return Value**  
@@ -208,6 +208,32 @@ An integer number.
 **Example**  
 [examples/print_user_info.py](examples/print_user_info.py).  
 
+#### `get_notifications(self, from_ts, to_ts, state=None, resolved=None)`
+**Description**  
+Returns the list of Sysdig Cloud alert notifications.  
+**Arguments**  
+- **from_ts**: filter events by start time. Timestamp format is in UTC (seconds). 
+- **to_ts**: filter events by start time. Timestamp format is in UTC (seconds).
+- **state**: filter events by alert state. Supported values are `OK` and `ACTIVE`.  
+- **resolved**: filter events by resolution status. Supported values are `True` and `False.
+
+**Success Return Value**  
+A dictionary containing the list of notifications.  
+**Example**  
+[examples/list_alert_notifications.py](examples/list_alert_notifications.py). 
+
+#### `update_notification_resolution(self, notification, resolved)`
+**Description**  
+Updates the resolution status of an alert notification.  
+**Arguments**  
+- **notification**: notification object as returned by `get_notifications()`. 
+- **resolved**: new resolution status. Supported values are `True` and `False.
+
+**Success Return Value**  
+The updated notification.  
+**Example**  
+[examples/resolve_alert_notifications.py](examples/resolve_alert_notifications.py). 
+
 #### `get_user_info(self)`  
 **Description**  
 Get details about the current user.  

examples/create_sysdig_capture.py

@@ -0,0 +1,62 @@
+#!/usr/bin/env python
+#
+# Creates a sysdig capture, waits for termination and prints the download URL.
+#
+
+import os
+import sys
+import time
+sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(sys.argv[0])), '..'))
+from sdcclient import SdcClient
+
+#
+# Parse arguments
+#
+if len(sys.argv) not in (5, 6):
+    print 'usage: %s <sysdig-token> hostname capture_name duration [filter]' % sys.argv[0]
+    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
+    sys.exit(1)
+
+sdc_token = sys.argv[1]
+hostname = sys.argv[2]
+capture_name = sys.argv[3]
+duration = sys.argv[4]
+capture_filter = ''
+
+if len(sys.argv) == 6:
+    capture_filter = sys.argv[5]
+
+#
+# Instantiate the SDC client
+#
+sdclient = SdcClient(sdc_token)
+
+res = sdclient.create_sysdig_capture(hostname, capture_name, int(duration), capture_filter)
+
+#
+# Show the list of metrics
+#
+if res[0]:
+    capture = res[1]
+else:
+    print res[1]
+    sys.exit(1)
+
+while True:
+    res = sdclient.poll_sysdig_capture(capture)
+    if res[0]:
+        capture = res[1]
+    else:
+        print res[1]
+        sys.exit(1)
+
+    print 'Capture is in state ' + capture['status']
+    if capture['status'] in ('requested', 'capturing', 'uploading'):
+        pass
+    elif capture['status'] in ('error', 'uploadingError'):
+        sys.exit(1)
+    elif capture['status'] in ('done', 'uploaded'):
+        print 'Download at: ' + sdclient.url + capture['downloadURL']
+        sys.exit(0)
+
+    time.sleep(1)

examples/list_alert_notifications.py

@@ -31,31 +31,31 @@
 
 print res[1]
 if not res[0]:
-	sys.exit(1)
+    sys.exit(1)
 
 #
-# Get the notifications in the active state
+# Get the notifications in the last day and active state
 #
 res = sdclient.get_notifications(from_ts=int(time.time()-86400), to_ts=int(time.time()), state='ACTIVE')
 
 print res[1]
 if not res[0]:
-	sys.exit(1)
+    sys.exit(1)
 
 #
-# Get the notifications in the active state
+# Get the notifications in the last day and active state
 #
 res = sdclient.get_notifications(from_ts=int(time.time()-86400), to_ts=int(time.time()), state='OK')
 
 print res[1]
 if not res[0]:
-	sys.exit(1)
+    sys.exit(1)
 
 #
-# Get the resolved notifications
+# Get the notifications in the last day and resolved state
 #
 res = sdclient.get_notifications(from_ts=int(time.time()-86400), to_ts=int(time.time()), resolved=True)
 
 print res[1]
 if not res[0]:
-	sys.exit(1)
+    sys.exit(1)

examples/list_events.py

@@ -8,6 +8,10 @@
 sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(sys.argv[0])), '..'))
 from sdcclient import SdcClient
 
+def print_events(data):
+    for event in data['events']:
+        print 'time: %d, name: %s, description: %s, severity: %d' % (event['timestamp'], event['name'], event['description'], event['severity'])
+
 #
 # Parse arguments
 #
@@ -28,33 +32,41 @@
 #
 res = sdclient.get_events()
 
-print res[1]
-if not res[0]:
-	sys.exit(1)
+if res[0]:
+    print_events(res[1])
+else:
+    print res[1]
+    sys.exit(1)
 
 #
 # Get the events that match a period in time
 #
 res = sdclient.get_events(from_ts=1460365211, to_ts=1460465211)
 
-print res[1]
-if not res[0]:
-	sys.exit(1)
+if res[0]:
+    print_events(res[1])
+else:
+    print res[1]
+    sys.exit(1)
 
 #
 # Get the events that match a name
 #
 res = sdclient.get_events(name='test event')
 
-print res[1]
-if not res[0]:
-	sys.exit(1)
+if res[0]:
+    print_events(res[1])
+else:
+    print res[1]
+    sys.exit(1)
 
 #
 # Get the events that match a tag/value pair
 #
 res = sdclient.get_events(tags="tag1 = 'value1'")
 
-print res[1]
-if not res[0]:
-	sys.exit(1)
+if res[0]:
+    print_events(res[1])
+else:
+    print res[1]
+    sys.exit(1)

examples/list_sysdig_captures.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+#
+# Print the list of sysdig captures.
+#
+
+import os
+import sys
+sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(sys.argv[0])), '..'))
+from sdcclient import SdcClient
+
+#
+# Parse arguments
+#
+if len(sys.argv) != 2:
+    print 'usage: %s <sysdig-token>' % sys.argv[0]
+    print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
+    sys.exit(1)
+
+sdc_token = sys.argv[1]
+
+#
+# Instantiate the SDC client
+#
+sdclient = SdcClient(sdc_token)
+
+#
+# Fire the request.
+#
+res = sdclient.get_sysdig_captures()
+
+#
+# Show the list of metrics
+#
+if res[0]:
+    data = res[1]
+else:
+    print res[1]
+    sys.exit(1)
+
+for capture in data:
+	print "Folder %s, Name %s, Host: %s, Size: %d, Status: %s" % \
+		(capture['folder'], capture['name'], capture['agent']['hostName'], capture['size'], capture['status'])

examples/resolve_alert_notifications.py

@@ -12,12 +12,13 @@
 #
 # Parse arguments
 #
-if len(sys.argv) != 2:
-    print 'usage: %s <sysdig-token>' % sys.argv[0]
+if len(sys.argv) != 3:
+    print 'usage: %s <sysdig-token> <num-days-to-resolve>' % sys.argv[0]
     print 'You can find your token at https://app.sysdigcloud.com/#/settings/user'
     sys.exit(1)
 
 sdc_token = sys.argv[1]
+num_days_to_resolve = sys.argv[2]
 
 #
 # Instantiate the SDC client
@@ -27,7 +28,8 @@
 #
 # Get the unresolved notifications in the last day
 #
-res = sdclient.get_notifications(from_ts=int(time.time()-86400), to_ts=int(time.time()), resolved=False)
+res = sdclient.get_notifications(from_ts=int(time.time() - num_days_to_resolve * 86400),
+                                 to_ts=int(time.time()), resolved=False)
 
 if not res[0]:
     print res[1]

sdcclient/_client.py

@@ -49,6 +49,13 @@ def get_user_info(self):
             self.userinfo = r.json()
         return [True, self.userinfo]
 
+    def get_connected_agents(self):
+        r = requests.get(self.url + '/api/agents/connected', headers=self.hdrs)
+        if not self.__checkResponse(r):
+            return [False, self.lasterr]
+        data = r.json()
+        return [True, data['agents']]
+
     def get_n_connected_agents(self):
         r = requests.get(self.url + '/api/agents/connected', headers=self.hdrs)
         if not self.__checkResponse(r):
@@ -589,3 +596,47 @@ def get_metrics(self):
         if not self.__checkResponse(r):
             return [False, self.lasterr]
         return [True, r.json()]
+
+    def get_sysdig_captures(self):
+        r = requests.get(self.url + '/api/sysdig', headers=self.hdrs)
+        if not self.__checkResponse(r):
+            return [False, self.lasterr]
+        return [True, r.json()['dumps']]
+
+    def poll_sysdig_capture(self, capture):
+        if 'id' not in capture:
+            return [False, 'Invalid capture format']
+
+        r = requests.get(self.url + '/api/sysdig/' + str(capture['id']), headers=self.hdrs)
+        if not self.__checkResponse(r):
+            return [False, self.lasterr]
+        return [True, r.json()['dump']]
+
+    def create_sysdig_capture(self, hostname, capture_name, duration, capture_filter='', folder='/'):
+        res = self.get_connected_agents()
+        if not res[0]:
+            return res
+
+        capture_agent = None
+
+        for agent in res[1]:
+            if hostname == agent['hostName']:
+                capture_agent = agent
+                break
+
+        if capture_agent is None:
+            return [False, hostname + ' not found']
+
+        data = {
+            'agent': capture_agent,
+            'name' : capture_name,
+            'duration': duration,
+            'folder': folder,
+            'filters': capture_filter,
+            'bucketName': ''
+        }
+
+        r = requests.post(self.url + '/api/sysdig', headers=self.hdrs, data=json.dumps(data))
+        if not self.__checkResponse(r):
+            return [False, self.lasterr]
+        return [True, r.json()['dump']]