Turbot DocsGetting StartedConceptsGuidesIntegrationsMods7-minute LabsPolicy SettingsCalculated PoliciesCLICustom ModsGraphQLTerraformFAQsReferenceRelease NotesTurbot.comEnterprise

Turbot CLI in 7 minutes
Goal Install the CLI, query Turbot, then build and publish your first mod.
Time 7 minutes

Overview

The Turbot Command Line Interface (CLI) ) is a unified tool to manage your Turbot resources.

In this exercise, you will use the turbot command to query the Turbot API, and then build and publish your first mod.

By the end of this lab, you will be able to run basic turbot cli commands.

Prerequisites

  • Ensure you have signed up with the Turbot registry.
  • You will need Turbot API access keys. If you do not have keys for your profile, you can generate new ones.
  • You will need to know the URL of your Turbot workspace(s)

Install the Turbot CLI

  • Download the latest Turbot CLI. The latest version is available from the Turbot Developer Portal.
  • Unzip the turbot binary into a directory in your PATH (for example /usr/local/bin/turbot)
  • Run turbot --version to verify your CLI version.

Setup Your Turbot Credentials

To configure the Turbot CLI tool to connect to your workspace, run the turbot configure command. When prompted, enter your Workspace URL, Turbot API Access Key, and Turbot API Secret Key:

$ turbot configure
Migrating CLI config from /Users/TestUser/.turbot/config.yml to /Users/TestUser/.config/turbot/config.yml
Migrating registry file from /Users/TestUser/.turbot/registry.json to /Users/TestUser/.config/turbot/registry.yml
✔ Profile name [default] …default✔ Workspace URL … https://morales-turbot.cloud.turbot-dev.com✔ Turbot Access Key … ************************************✔ Turbot Secret Key … ************************************Written profile 'default' to '/Users/TestUser/.config/turbot/credentials.yml'

This command will generate a default profile and add it to your Turbot credentials file.

Login

Login to the Turbot registry using the turbot login command.

✔ Enter your turbot-dev.com username: … ***********
✔ Enter your turbot-dev.com password: … ***********
Logged in to turbot mod registry

Query Turbot with 'turbot graphql'

You can use the turbot graphql command to execute graphql queries against a Turbot workspace.

  1. Run the following command. This executes a query against your workspace that returns the most recent controls in alarm or error state.

    $ turbot graphql controls --filter "state:alarm,error sort:-timestamp" 
controls:
  items:
    controls:
  items:
    - type:
        uri: 'tmod:@turbot/turbot#/control/types/controlInstalled'
      state: error
      turbot:
        id: '178116018631614'
    - type:
        uri: 'tmod:@turbot/aws-lex#/control/types/botDiscovery'
      state: error
      turbot:
        id: '178116018444199'
    - type:
        uri: 'tmod:@turbot/aws-lex#/control/types/botDiscovery'
      state: error
      turbot:
        id: '178116018441126'
  1. Run the same command, adding an --output parameter to change the format the output:
turbot graphql controls --filter "state:alarm,error sort:-timestamp" --output '{items { turbot{timestamp} type{title} resource{trunk{title} }}}'
  - turbot:
        timestamp: '2019-12-10T10:03:44.387Z'
      type:
        title: Control Installed
      resource:
        trunk:
          title: Turbot > @turbot/aws-lex > Usage
    - turbot:
        timestamp: '2019-12-10T10:03:44.164Z'
      type:
        title: Discovery
      resource:
        trunk:
          title: Turbot > vandelay_industries > 876515858155 > us-east-1
    - turbot:
        timestamp: '2019-12-10T10:03:44.164Z'
      type:
        title: Discovery
      resource:
        trunk:
          title: Turbot > vandelay_industries > 876515858155 > us-west-1

  1. You can run the same query by constructing the entire graphql statement and using --query.

    • Create a file named my-query.txt and add the following GraphQL statement:

      {
controls(filter: "state:alarm,error sort:-timestamp") {
items {
  turbot {
    timestamp
  }
  type {
    title
  }
  resource {
    trunk {
      title
    }
  }
}
}
}
    • Run the turbot graphql command, and pass the file name to the --query argument:
    turbot graphql --query my-query.txt 
    controls:
  items:
    - turbot:
        timestamp: '2019-12-10T10:03:44.387Z'
      type:
        title: Control Installed
      resource:
        trunk:
          title: Turbot > @turbot/aws-lex > Usage
    - turbot:
        timestamp: '2019-12-10T10:03:44.164Z'
      type:
        title: Discovery
      resource:
        trunk:
          title: Turbot > vandelay_industries > 876515858155 > us-east-1
    - turbot:
        timestamp: '2019-12-10T10:03:44.164Z'
      type:
        title: Discovery
      resource:
        trunk:
          title: Turbot > vandelay_industries > 876515858155 > us-west-1

Build and Publish a Mod

We have included example mods in the example-mods folder of the Turbot CLI repo to get you comfortable with the Turbot CLI.

Clone the repo:

git clone git@github.com:turbot/cli.git
cd cli/example-mods/ssl-check/

Install

Use turbot install to install your mod dependencies and headers.

$ turbot install
Installing dependencies for tmod:@turbot/ssl-check
{
  "@turbot/turbot": ">=5.0.0-alpha.1"
}
Registry: turbot.com
Refreshed the mod registry token
Acquired header URLs

* Installing @turbot/turbot version 5.0.0

Installed 1 header to /Users/your_user_folder/archive/trash/cli/example-mods/ssl-check/turbot_mods

Inspect

Inspect and verify the structure of your mod using the turbot inspect command. Make sure you are in the correct mod directory. 

$ turbot inspect 

Policy types:
Turbot > SSL Check
Turbot > SSL Check > SSL Input
Turbot > SSL Check Expiration
Turbot > SSL Expiration Warning Period

Control types:
Turbot > SSL Check
Turbot > SSL Check Expiration

Test

Run unit tests with turbot test

  1. Run build.sh to install all the npm dependencies for the mod.
$ ./build.sh 
~/archive/trash/cli/example-mods/ssl-check/functions/checkSSLExpiration ~/archive/trash/cli/example-mods/ssl-check
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN sslCheckExpiration@1.0.0 No repository field.
npm WARN sslCheckExpiration@1.0.0 No license field.

added 205 packages from 237 contributors and audited 522 packages in 9.025s
found 14 high severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details
  adding: index.js (deflated 66%)
  adding: package.json (deflated 35%)
  adding: node_modules/ (stored 0%)
  adding: node_modules/fs-constants/ (stored 0%)
  adding: node_modules/fs-constants/LICENSE (deflated 41%)
  adding: node_modules/fs-constants/index.js (deflated 23%)
  adding: node_modules/fs-constants/README.md (deflated 48%)
  adding: node_modules/fs-constants/package.json (deflated 55%)
  adding: node_modules/fs-constants/browser.js (stored 0%)
  adding: node_modules/asn1/ (stored 0%)
  adding: node_modules/asn1/LICENSE (deflated 41%)
  adding: node_modules/asn1/README.md (deflated 48%)
  adding: node_modules/asn1/package.json (deflated 53%)
  ...
  1. Run turbot vcr start to run the docker container that the tests will run against.
$ turbot vcr start
docker run --name turbot-vcr -p 1080:1080 -d --rm jamesdbloom/mockserver
ae60438d68b8cfe563b08f15308cc1c5e63ce8a7b684c46e927a5687ef44adea
  1. Run the turbot test command to ensure all the test cases are passing locally. 
$ turbot test

Policy types:
Turbot > SSL Check
Turbot > SSL Check > SSL Input
Turbot > SSL Check Expiration
Turbot > SSL Expiration Warning Period

Control types:
Turbot > SSL Check
Turbot > SSL Check Expiration

Control log level: warning


  mod
    ✓ is parseable
    Compile mod
      ✓ Mod was successfully compiled
    Policy
      Types
        SSL Check [sslCheck]
          single default
            ✓ default and default template template
            - default or default template template
            ✓ default valid
          example
            ✓ #0 is valid
        SSL Input [sslInput]
          single default
            ✓ default and default template template
            - default or default template template
            ✓ default valid
          example
            ✓ #0 is valid
        SSL Check Expiration [sslCheckExpiration]
          single default
            ✓ default and default template template
            - default or default template template
            ✓ default valid
          example
            ✓ #0 is valid
        SSL Expiration Warning Period [sslExpirationWarningPeriod]
          single default
            ✓ default and default template template
            - default or default template template
    Control
      Types
        SSL Check [sslCheck]
          ✓ input queries use valid graphql
          ✓ input queries have valid policy references
          ✓ Test data validation was executed
          Skip if cmdb policy set to skip
            Setup
              ✓ Test data valid
            Inline
              ✓ run
            Function
              ✓ run (6146ms)
            Output
              ✓ Validate test expectation
              ✓ Assert expected output
        SSL Check Expiration [sslCheckExpiration]
          ✓ input queries use valid graphql
          ✓ input queries have valid policy references
          ✓ Test data validation was executed
          Skip if cmdb policy set to skip
            Setup
              ✓ Test data valid
            Inline
              ✓ run
            Function
              - run
            Output
              ✓ Validate test expectation
              ✓ Assert expected output
          OK with zero warning period
            Setup
              ✓ Test data valid
            Inline
              ✓ run
            Function
              ✓ run (7205ms)
            Output
              ✓ Validate test expectation
              ✓ Assert expected output
          Alarm with large warning period
            Setup
              ✓ Test data valid
            Inline
              ✓ run
            Function
              ✓ run (7325ms)
            Output
              ✓ Validate test expectation
              ✓ Assert expected output
          Error with invalid url
            Setup
              ✓ Test data valid
            Inline
              ✓ run
            Function
              ✓ run (6503ms)
            Output
              ✓ Validate test expectation
              ✓ Assert expected output


  42 passing (29s)
  5 pending

Upload

  • Upload and install your mod to your turbot workspace using the turbot up command.
$ turbot up

Policy types:
Turbot > SSL Check
Turbot > SSL Check > SSL Input
Turbot > SSL Check Expiration
Turbot > SSL Expiration Warning Period

Control types:
Turbot > SSL Check
Turbot > SSL Check Expiration

Running prepack script: ./build.sh
~/archive/trash/cli/example-mods/ssl-check/functions/checkSSLExpiration ~/archive/trash/cli/example-mods/ssl-check

...

~/archive/trash/cli/example-mods/ssl-check

Zipping mod
Uploading mod {
  dirName: '/Users/jsmyth/archive/trash/cli/example-mods/ssl-check',
  parent: 'tmod:@turbot/turbot#/',
  packedMod: '/Users/jsmyth/archive/trash/cli/example-mods/ssl-check/index.zip',
  workspace: 'https://morales-turbot.cloud.turbot-dev.com/api/latest/graphql'
}
Mod upload started.. { parent: 'tmod:@turbot/turbot#/' }

Build id 20191218230735220

Module successfully uploaded.
Mod resource page: https://morales-turbot.cloud.turbot-dev.com/resource/178871981691555

Check control installed controls to ensure all Lambda based controls have been installed successfully.

Triggering mod install control ...
Check the status of your mod install here: https://morales-turbot.cloud.turbot-dev.com/control/178871982425772
  • The turbot up command provides a link to view the status of the mod install. you can visit that link in the Turbot Console to verify that you mod installs correctly. Alternately, you can query the control from the cli using the control id from the link:
$ turbot graphql control --id "178871982425772"
control:
  type:
    uri: 'tmod:@turbot/turbot#/control/types/modInstalled'
  state: ok
  turbot:
    id: '178871982425772'

Further Reading