add policy support to stream, and documented

aquasecurity · Feb 11, 2025 · 3fb0c30 · 3fb0c30
1 parent 60844d7
commit 3fb0c30
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 6 deletions.
diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
@@ -13,7 +13,7 @@ import (
 )
 
 var streamCmd = &cobra.Command{
-	Use:   "stream [policies...]",
+	Use:   "stream",
 	Short: "Stream events from tracee",
 	Long: `Stream Management:
 Stream events directly from tracee to the preferred output format.
@@ -47,5 +47,8 @@ func init() {
 	if err := viper.BindPFlag(flags.OutputFlag, streamCmd.Flags().Lookup(flags.OutputFlag)); err != nil {
 		panic(err)
 	}
-	// streamCmd.Flags().String("policy")
+	streamCmd.Flags().StringSlice(flags.PolicyFlag, []string{""}, "Specify the policies for streamed events.")
+	if err := viper.BindPFlag(flags.PolicyFlag, streamCmd.Flags().Lookup(flags.PolicyFlag)); err != nil {
+		panic(err)
+	}
 }
diff --git a/cmd/traceectl/pkg/cmd/cobra/stream.go b/cmd/traceectl/pkg/cmd/cobra/stream.go
@@ -32,6 +32,11 @@ func GetStream(cmdCobra *cobra.Command) (cmd.Stream, error) {
 		return stream, err
 	}
 
+	policies, err := flags.PreparePolicy(viper.GetStringSlice(flags.PolicyFlag))
+	if err != nil {
+		return stream, err
+	}
+
 	//
 	//	Create stream runner
 	//
@@ -42,6 +47,7 @@ func GetStream(cmdCobra *cobra.Command) (cmd.Stream, error) {
 	}
 	stream.Printer = p
 	stream.Server = server
+	stream.Policies = policies
 	stream.Config.Printer = config.PrinterConfig{
 		Kind:    format,
 		OutPath: output.Path,

diff --git a/cmd/traceectl/pkg/cmd/flags/policy.go b/cmd/traceectl/pkg/cmd/flags/policy.go
@@ -0,0 +1,12 @@
+package flags
+
+import "fmt"
+
+const PolicyFlag = "policy"
+
+func PreparePolicy(policySlice []string) ([]string, error) {
+	if len(policySlice) > 0 {
+		return policySlice, nil
+	}
+	return nil, fmt.Errorf("policy cannot be empty")
+}
diff --git a/cmd/traceectl/pkg/cmd/stream.go b/cmd/traceectl/pkg/cmd/stream.go
@@ -14,9 +14,10 @@ import (
 )
 
 type Stream struct {
-	Config  config.Config
-	Server  *client.Server
-	Printer printer.EventPrinter
+	Config   config.Config
+	Server   *client.Server
+	Printer  printer.EventPrinter
+	Policies []string
 }
 
 func (s Stream) Run() error {
@@ -35,7 +36,7 @@ func (s Stream) Run() error {
 	errChan := make(chan error)
 
 	go func() {
-		stream, err := s.Server.StreamEvents(ctx, &pb.StreamEventsRequest{Policies: []string{""}})
+		stream, err := s.Server.StreamEvents(ctx, &pb.StreamEventsRequest{Policies: s.Policies})
 		if err != nil {
 			errChan <- fmt.Errorf("error calling Stream: %s", err)
 			return

diff --git a/docs/traceectl/commands/stream.md b/docs/traceectl/commands/stream.md
@@ -10,12 +10,25 @@ The `stream` command is structured as follows:
 traceectl stream [flags]
 ```
 
+- **`--policy`**: Specifies the policies to stream from (default is `""`).
 - **`--format`**: Specifies the format (default is `table`).
 - **`--server`**: Specifies the server unix socket path (default is `/var/run/tracee.sock`)
 - **`--output`**: Specifies the output (default is `stdout`)
 
 ## Examples
 
+- **Stream Events in JSON Format with a Specific Policy and different unix socket**
+
+  ```sh
+  traceectl stream --format json --server /tmp/tracee.sock --policy policy1 policy2
+  ```
+
+- **Stream Events to file**
+
+  ```sh
+  traceectl stream --output /path/to/file 
+  ```
+
 - **Stream Events in JSON Format**
 
   ```sh

diff --git a/docs/traceectl/flags/policy.md b/docs/traceectl/flags/policy.md
@@ -0,0 +1,23 @@
+# `policy` Flag
+
+The `--policy` flag is used to specify the polices to include for the command's stream events. If this flag is set it must have a valid policy name loaded into tracee.
+
+- **""**: This is the default policy, which means that the command's streamed events will display on the terminal all events capture by tracee. This is convenient for users who want to see immediate results directly in their console.
+
+  Example:
+
+  ```sh
+  traceectl stream --policy policy1
+  ```
+
+  In this example, the command outputs the streamed events from a specific policy to the terminal.
+
+- **Multi Policy**: You can use the `--policy` flag to specify multiple policies to include for the command's stream events. This is useful if you want to make batter analysis for different needs
+
+  Example:
+
+  ```sh
+  traceectl stream --policy policy1 policy2
+  ```
+
+In this example, the command outputs the streamed events from a specific policies to the terminal. This is especially helpful for logging purposes or when working with large amounts of data that need to be sorted for further processing.