Merge branch 'master' into iss176

.github/workflows/publish.yml

@@ -12,7 +12,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v1
       with:
-        python-version: '3.x'
+        python-version: '3.8'
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
@@ -25,7 +25,7 @@ jobs:
           src_file=( ./dist/*.tar.gz )
           wheel_file=( ./dist/*.whl )
           echo "RELEASE_ID=$(jq --raw-output '.release.id' $GITHUB_EVENT_PATH)" >> $GITHUB_ENV
-          echo "SOURCE_DIST_FILE=$(jq --raw-output '.release.id' $GITHUB_EVENT_PATH)" >> $GITHUB_ENV
+          echo "SOURCE_DIST_FILE=$(basename $src_file)" >> $GITHUB_ENV
           echo "WHEEL_FILE=$(basename $wheel_file)" >> $GITHUB_ENV
     - name: Set Upload Url
       run: |

CHANGELOG.md

@@ -8,7 +8,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 The intended audience of this file is for py42 consumers -- as such, changes that don't affect
 how a consumer would use the library (e.g. adding unit tests, updating documentation, etc) are not captured here.
 
-## Unreleased
+# Unreleased
+
+# Added
+
+- `code42 departing-employee list` command.
+
+- `code42 high-risk-employee list` command.
+
+### Changed
+
+- The error text when removing an employee from a detection list now references the employee
+  by ID rather the username.
+
+## 1.1.0 - 2020-12-18
 
 ### Fixed
 

README.md

@@ -117,7 +117,7 @@ code42 security-data search -b 10d -e 12h
 
 Begin date will be ignored if provided on subsequent queries using `-c/--use-checkpoint`.
 
-Use different format with `-f`:
+Use other formats with `-f`:
 
 ```bash
 code42 security-data search -b 2020-02-02 -f CEF

docs/commands.md

@@ -2,6 +2,7 @@
 
 * [Profile](commands/profile.rst)
 * [Security Data](commands/securitydata.rst)
+* [Audit Logs](commands/auditlogs.rst)
 * [Alerts](commands/alerts.rst)
 * [Alert Rules](commands/alertrules.rst)
 * [Departing Employee](commands/departingemployee.rst)

docs/commands/auditlogs.rst

@@ -0,0 +1,3 @@
+.. click:: code42cli.cmds.auditlogs:audit_logs
+  :prog: auditlogs
+  :show-nested:

integration/test_alert_rules.py

@@ -0,0 +1,57 @@
+import pytest
+from integration import run_command
+
+ALERT_RULES_COMMAND = "code42 alert-rules"
+
+
+@pytest.mark.integration
+@pytest.mark.parametrize(
+    "command",
+    [
+        "{} list".format(ALERT_RULES_COMMAND),
+        "{} show test-rule-id".format(ALERT_RULES_COMMAND),
+        "{} list -f CSV".format(ALERT_RULES_COMMAND),
+        "{} list -f TABLE".format(ALERT_RULES_COMMAND),
+        "{} list -f RAW-JSON".format(ALERT_RULES_COMMAND),
+        "{} list -f JSON".format(ALERT_RULES_COMMAND),
+        "{} list --format CSV".format(ALERT_RULES_COMMAND),
+        "{} list --format TABLE".format(ALERT_RULES_COMMAND),
+        "{} list --format JSON".format(ALERT_RULES_COMMAND),
+        "{} list --format RAW-JSON".format(ALERT_RULES_COMMAND),
+    ],
+)
+def test_alert_rules_command_returns_success_return_code(command):
+    return_code, response = run_command(command)
+    assert return_code == 0
+
+
+@pytest.mark.parametrize(
+    "command, error_msg",
+    [
+        (
+            "{} add-user --rule-id test-rule-id".format(ALERT_RULES_COMMAND),
+            "Missing option '-u' / '--username'.",
+        ),
+        (
+            "{} remove-user --rule-id test-rule-id".format(ALERT_RULES_COMMAND),
+            "Missing option '-u' / '--username'.",
+        ),
+        ("{} add-user".format(ALERT_RULES_COMMAND), "Missing option '--rule-id'."),
+        ("{} remove-user".format(ALERT_RULES_COMMAND), "Missing option '--rule-id'."),
+        ("{} show".format(ALERT_RULES_COMMAND), "Missing argument 'RULE_ID'."),
+        (
+            "{} bulk add".format(ALERT_RULES_COMMAND),
+            "Error: Missing argument 'CSV_FILE'.",
+        ),
+        (
+            "{} bulk remove".format(ALERT_RULES_COMMAND),
+            "Error: Missing argument 'CSV_FILE'.",
+        ),
+    ],
+)
+def test_alert_rules_command_returns_error_exit_status_when_missing_required_parameters(
+    command, error_msg
+):
+    return_code, response = run_command(command)
+    assert return_code == 2
+    assert error_msg in "".join(response)

integration/test_alerts.py

@@ -11,21 +11,48 @@
 end_date_str = end_date.strftime("%Y-%m-%d")
 
 ALERT_COMMAND = "code42 alerts search -b {} -e {}".format(begin_date_str, end_date_str)
+ADVANCED_QUERY = """{"groupClause":"AND", "groups":[{"filterClause":"AND",
+"filters":[{"operator":"ON_OR_AFTER", "term":"eventTimestamp", "value":"2020-09-13T00:00:00.000Z"},
+{"operator":"ON_OR_BEFORE", "term":"eventTimestamp", "value":"2020-12-07T13:20:15.195Z"}]}],
+"srtDir":"asc", "srtKey":"eventId", "pgNum":1, "pgSize":10000}
+"""
+ALERT_ADVANCED_QUERY_COMMAND = "code42 alerts search --advanced-query '{}'".format(
+    ADVANCED_QUERY
+)
 
 
+@pytest.mark.integration
 @pytest.mark.parametrize(
     "command",
     [
-        ("{}".format(ALERT_COMMAND)),
-        ("{} --state OPEN".format(ALERT_COMMAND)),
-        ("{} --state RESOLVED".format(ALERT_COMMAND)),
-        ("{} --actor user@code42.com".format(ALERT_COMMAND)),
-        ("{} --rule-name 'File Upload Alert'".format(ALERT_COMMAND)),
-        ("{} --rule-id 962a6a1c-54f6-4477-90bd-a08cc74cbf71".format(ALERT_COMMAND)),
-        ("{} --rule-type FedEndpointExfiltration".format(ALERT_COMMAND)),
-        ("{} --description 'Alert on any file upload'".format(ALERT_COMMAND)),
+        ALERT_COMMAND,
+        "{} --state OPEN".format(ALERT_COMMAND),
+        "{} --state RESOLVED".format(ALERT_COMMAND),
+        "{} --actor user@code42.com".format(ALERT_COMMAND),
+        "{} --rule-name 'File Upload Alert'".format(ALERT_COMMAND),
+        "{} --rule-id 962a6a1c-54f6-4477-90bd-a08cc74cbf71".format(ALERT_COMMAND),
+        "{} --rule-type FedEndpointExfiltration".format(ALERT_COMMAND),
+        "{} --description 'Alert on any file upload'".format(ALERT_COMMAND),
+        "{} --exclude-rule-type 'FedEndpointExfiltration'".format(ALERT_COMMAND),
+        "{} --exclude-rule-id '962a6a1c-54f6-4477-90bd-a08cc74cbf71'".format(
+            ALERT_COMMAND
+        ),
+        "{} --exclude-rule-name 'File Upload Alert'".format(ALERT_COMMAND),
+        "{} --exclude-actor-contains 'user@code42.com'".format(ALERT_COMMAND),
+        "{} --exclude-actor 'user@code42.com'".format(ALERT_COMMAND),
+        "{} --actor-contains 'user@code42.com'".format(ALERT_COMMAND),
+        ALERT_ADVANCED_QUERY_COMMAND,
     ],
 )
-def test_alert_returns_success_return_code(command):
+def test_alert_command_returns_success_return_code(command):
     return_code, response = run_command(command)
     assert return_code == 0
+
+
+@pytest.mark.parametrize(
+    "command", ["{} --advanced-query '{}'".format(ALERT_COMMAND, ADVANCED_QUERY)]
+)
+def test_begin_cant_be_used_with_advanced_query(command):
+    return_code, response = run_command(command)
+    assert return_code == 2
+    assert "--begin can't be used with: --advanced-query" in response[0]

integration/test_auditlogs.py

@@ -4,12 +4,44 @@
 import pytest
 from integration import run_command
 
-BASE_COMMAND = "code42 audit-logs search -b"
+SEARCH_COMMAND = "code42 audit-logs search"
+BASE_COMMAND = "{} -b".format(SEARCH_COMMAND)
 begin_date = datetime.utcnow() - timedelta(days=-10)
 begin_date_str = begin_date.strftime("%Y-%m-%d %H:%M:%S")
+end_date = datetime.utcnow() - timedelta(days=10)
+end_date_str = end_date.strftime("%Y-%m-%d %H:%M:%S")
 
 
-@pytest.mark.parametrize("command", [("{} '{}'".format(BASE_COMMAND, begin_date_str))])
-def test_auditlogs_search(command):
+@pytest.mark.integration
+@pytest.mark.parametrize(
+    "command",
+    [
+        ("{} '{}'".format(BASE_COMMAND, begin_date_str)),
+        ("{} '{}' -e '{}'".format(BASE_COMMAND, begin_date_str, end_date_str)),
+        ("{} '{}' --end '{}'".format(BASE_COMMAND, begin_date_str, end_date_str)),
+        ("{} '{}' --event-type '{}'".format(BASE_COMMAND, begin_date_str, "test")),
+        ("{} '{}' --username '{}'".format(BASE_COMMAND, begin_date_str, "test")),
+        ("{} '{}' --user-id '{}'".format(BASE_COMMAND, begin_date_str, "123")),
+        ("{} '{}' --user-ip '{}'".format(BASE_COMMAND, begin_date_str, "0.0.0.0")),
+        ("{} '{}' --affected-user-id '{}'".format(BASE_COMMAND, begin_date_str, "123")),
+        (
+            "{} '{}' --affected-username '{}'".format(
+                BASE_COMMAND, begin_date_str, "test"
+            )
+        ),
+        ("{} '{}' -f {}".format(BASE_COMMAND, begin_date_str, "CSV")),
+        ("{} '{}' -f '{}'".format(BASE_COMMAND, begin_date_str, "TABLE")),
+        ("{} '{}' -f '{}'".format(BASE_COMMAND, begin_date_str, "JSON")),
+        ("{} '{}' -f '{}'".format(BASE_COMMAND, begin_date_str, "RAW-JSON")),
+        ("{} '{}' --format {}".format(BASE_COMMAND, begin_date_str, "CSV")),
+        ("{} '{}' --format '{}'".format(BASE_COMMAND, begin_date_str, "TABLE")),
+        ("{} '{}' --format '{}'".format(BASE_COMMAND, begin_date_str, "JSON")),
+        ("{} '{}' --format '{}'".format(BASE_COMMAND, begin_date_str, "RAW-JSON")),
+        ("{} --begin '{}'".format(SEARCH_COMMAND, begin_date_str)),
+        ("{} '{}' -d".format(BASE_COMMAND, begin_date_str)),
+        ("{} '{}' --debug".format(BASE_COMMAND, begin_date_str)),
+    ],
+)
+def test_auditlogs_search_command_returns_success_return_code(command):
     return_code, response = run_command(command)
     assert return_code == 0

integration/test_departing_employee.py

@@ -0,0 +1,30 @@
+import pytest
+from integration import run_command
+
+DEPARTING_EMPLOYEE_COMMAND = "code42 departing-employee"
+
+
+@pytest.mark.parametrize(
+    "command, error_msg",
+    [
+        ("{} add".format(DEPARTING_EMPLOYEE_COMMAND), "Missing argument 'USERNAME'."),
+        (
+            "{} remove".format(DEPARTING_EMPLOYEE_COMMAND),
+            "Missing argument 'USERNAME'.",
+        ),
+        (
+            "{} bulk add".format(DEPARTING_EMPLOYEE_COMMAND),
+            "Missing argument 'CSV_FILE'.",
+        ),
+        (
+            "{} bulk remove".format(DEPARTING_EMPLOYEE_COMMAND),
+            "Missing argument 'FILE'.",
+        ),
+    ],
+)
+def test_departing_employee_command_returns_error_exit_status_when_missing_required_parameters(
+    command, error_msg
+):
+    return_code, response = run_command(command)
+    assert return_code == 2
+    assert error_msg in "".join(response)

integration/test_high_risk_employee.py

@@ -0,0 +1,29 @@
+import pytest
+from integration import run_command
+
+HR_EMPLOYEE_COMMAND = "code42 high-risk-employee"
+
+
+@pytest.mark.parametrize(
+    "command, error_msg",
+    [
+        ("{} add".format(HR_EMPLOYEE_COMMAND), "Missing argument 'USERNAME'."),
+        ("{} remove".format(HR_EMPLOYEE_COMMAND), "Missing argument 'USERNAME'."),
+        ("{} bulk add".format(HR_EMPLOYEE_COMMAND), "Missing argument 'CSV_FILE'."),
+        ("{} bulk remove".format(HR_EMPLOYEE_COMMAND), "Missing argument 'FILE'."),
+        (
+            "{} bulk add-risk-tags".format(HR_EMPLOYEE_COMMAND),
+            "Missing argument 'CSV_FILE'.",
+        ),
+        (
+            "{} bulk remove-risk-tags".format(HR_EMPLOYEE_COMMAND),
+            "Missing argument 'CSV_FILE'.",
+        ),
+    ],
+)
+def test_hr_employee_command_returns_error_exit_status_when_missing_required_parameters(
+    command, error_msg
+):
+    return_code, response = run_command(command)
+    assert return_code == 2
+    assert error_msg in "".join(response)

integration/test_legal_hold.py

@@ -0,0 +1,63 @@
+import pytest
+from integration import run_command
+
+LEGAL_HOLD_COMMAND = "code42 legal-hold"
+
+
+@pytest.mark.integration
+@pytest.mark.parametrize(
+    "command",
+    [
+        "{} list".format(LEGAL_HOLD_COMMAND),
+        "{} show 984140047896012577".format(LEGAL_HOLD_COMMAND),
+        "{} list -f CSV".format(LEGAL_HOLD_COMMAND),
+        "{} list -f TABLE".format(LEGAL_HOLD_COMMAND),
+        "{} list -f RAW-JSON".format(LEGAL_HOLD_COMMAND),
+        "{} list -f JSON".format(LEGAL_HOLD_COMMAND),
+        "{} list --format CSV".format(LEGAL_HOLD_COMMAND),
+        "{} list --format TABLE".format(LEGAL_HOLD_COMMAND),
+        "{} list --format JSON".format(LEGAL_HOLD_COMMAND),
+        "{} list --format RAW-JSON".format(LEGAL_HOLD_COMMAND),
+    ],
+)
+def test_alert_rules_command_returns_success_return_code(command):
+    return_code, response = run_command(command)
+    assert return_code == 0
+
+
+@pytest.mark.parametrize(
+    "command, error_msg",
+    [
+        (
+            "{} add-user --matter-id test-matter-id".format(LEGAL_HOLD_COMMAND),
+            "Missing option '-u' / '--username'.",
+        ),
+        (
+            "{} remove-user --matter-id test-matter-id".format(LEGAL_HOLD_COMMAND),
+            "Missing option '-u' / '--username'.",
+        ),
+        (
+            "{} add-user".format(LEGAL_HOLD_COMMAND),
+            "Missing option '-m' / '--matter-id'.",
+        ),
+        (
+            "{} remove-user".format(LEGAL_HOLD_COMMAND),
+            "Missing option '-m' / '--matter-id'.",
+        ),
+        ("{} show".format(LEGAL_HOLD_COMMAND), "Missing argument 'MATTER_ID'."),
+        (
+            "{} bulk add".format(LEGAL_HOLD_COMMAND),
+            "Error: Missing argument 'CSV_FILE'.",
+        ),
+        (
+            "{} bulk remove".format(LEGAL_HOLD_COMMAND),
+            "Error: Missing argument 'CSV_FILE'.",
+        ),
+    ],
+)
+def test_alert_rules_command_returns_error_exit_status_when_missing_required_parameters(
+    command, error_msg
+):
+    return_code, response = run_command(command)
+    assert return_code == 2
+    assert error_msg in "".join(response)

src/code42cli/__version__.py

@@ -1 +1 @@
-__version__ = "1.0.0"
+__version__ = "1.1.0"

src/code42cli/click_ext/groups.py

@@ -8,6 +8,7 @@
 from py42.exceptions import Py42InvalidRuleOperationError
 from py42.exceptions import Py42LegalHoldNotFoundOrPermissionDeniedError
 from py42.exceptions import Py42UserAlreadyAddedError
+from py42.exceptions import Py42UserNotOnListError
 
 from code42cli.errors import Code42CLIError
 from code42cli.errors import LoggedCLIError
@@ -53,6 +54,7 @@ def invoke(self, ctx):
         except (
             UserDoesNotExistError,
             Py42UserAlreadyAddedError,
+            Py42UserNotOnListError,
             Py42InvalidRuleOperationError,
             Py42LegalHoldNotFoundOrPermissionDeniedError,
         ) as err: