From b72533bb51801072244c01896db02b59052552fa Mon Sep 17 00:00:00 2001
From: Antoine Drochon <androcho@akamai.com>
Date: Wed, 26 May 2021 16:39:22 -0700
Subject: [PATCH] add the --tail mode add --start and --end for more control
 bump to 0.0.3

---
 README.md      | 12 ++++++++
 bin/akamai-mfa | 77 +++++++++++++++++++++++++++++++++++---------------
 cli.json       |  2 +-
 3 files changed, 68 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index dcfeb8d..21f4d32 100644
--- a/README.md
+++ b/README.md
@@ -63,7 +63,19 @@ Output is using JSON formatting, you'll find all the details about each attribut
 
 ## Command examples
 
+Inline general help
+```
+% akamai mfa --help
+```
+
+Inline help for auth event
+```
+% akamai mfa event auth --help
+```
+
 Try to pull MFA events with the following examples.
+When ``--start`` is omitted, start is set to 5 minutes ago.
+When ``--end`` is omitted, end takes now minutes 30 seconds.
 
 For Authentication events:
 
diff --git a/bin/akamai-mfa b/bin/akamai-mfa
index 710b7d1..2660b78 100755
--- a/bin/akamai-mfa
+++ b/bin/akamai-mfa
@@ -39,12 +39,21 @@ import os
 import json
 
 
-__VERSION__ = "0.0.2"
+__VERSION__ = "0.0.3"
 LOG_FMT = '%(asctime)s [%(levelname)s] %(threadName)s %(message)s'
+MOST_RECENT_PADDING = 30
+
 log_file = None
+mfa_api_url = "https://mfa.akamai.com"
+mfa_api_ver = "v1"
+tail_pull_interval = 60  # Default is 60
+page_size = 10  # default is 1000
 
 
 class MFAConfig():
+    """
+    Manage CLI MFA input parameters
+    """
 
     CONFIG_KEYS = [
         'mfa_integration_id',
@@ -65,6 +74,14 @@ class MFAConfig():
         cmdparser = subparsers.add_parser('version', help="Display CLI-MFA version")
         eventparser = subparsers.add_parser('event', help="Dump MFA events")
         eventparser.add_argument("event_type", choices=['policy', 'auth'], default='policy', help="Event type")
+        eventparser.add_argument("--start", "-s", default=None, type=int, help="Scan for events after this epoch")
+        eventparser.add_argument("--end", "-e", default=None, type=int, help="Scan for events before this epoch")
+        eventparser.add_argument("--tail", "-f", default=False, action="store_true", 
+                                 help="""Do not stop when most recent log is reached, rather 
+                                         wait for additional data to be appended to the input.""")
+        eventparser.add_argument("--noreceipt", default=False, action="store_true", 
+                                 help="Discard the receipt attribute to save log space")
+
         parser.add_argument("--edgerc", type=argparse.FileType('r'), default=os.path.expanduser("~/.edgerc"),
                             help='Location of the credentials file (default is %s)' % os.path.expanduser("~/.edgerc"))
     
@@ -152,17 +169,10 @@ if __name__ == "__main__":
         print(__VERSION__)
         sys.exit(0)
 
-
-    mfa_api_url = "https://mfa.akamai.com"
-    mfa_api_ver = "v1"
-
     session = requests.Session()
     session.headers.update({'User-Agent': f'cli-mfa/{__VERSION__}'})
     session.auth = AkamaiMFAAuth(config)
 
-    page_size = 10
-    scan_end = datetime.datetime.utcnow()
-    scan_start = scan_end - datetime.timedelta(days=2)
 
     if config.event_type == 'auth':
         api_report_type = 'auths'
@@ -170,17 +180,40 @@ if __name__ == "__main__":
         api_report_type = 'policies'
 
     api_url = f'{mfa_api_url}/api/{mfa_api_ver}/control/reports/{api_report_type}'
-    page = 1
-    page_count = None
-    while page_count is None or page <= page_count:
-        params = {
-            'after': scan_start.isoformat(),
-            'before': scan_end.isoformat(),
-            'page_size': page_size,
-            'page': page
-        }
-        r = session.get(api_url, params=params)
-        page += 1
-        page_count = r.json().get('result', {}).get('total_page_count')
-        for mfa_event in r.json().get('result', {}).get('page'):
-            print(json.dumps(mfa_event))
+    scan_end = datetime.datetime.utcnow() - datetime.timedelta(seconds=MOST_RECENT_PADDING)
+    scan_start = scan_end - datetime.timedelta(minutes=5)
+    if config.end:
+        scan_end = datetime.datetime.utcfromtimestamp(config.end)
+    if config.start:
+        scan_start = datetime.datetime.utcfromtimestamp(config.start)
+
+
+    while True:
+        loop_start = time.time()
+        page = 1
+        page_count = None
+        while page_count is None or page <= page_count:
+            params = {
+                'after': scan_start.isoformat(),
+                'before': scan_end.isoformat(),
+                'page_size': page_size,
+                'page': page
+            }
+            r = session.get(api_url, params=params)
+            page += 1
+            page_count = r.json().get('result', {}).get('total_page_count')
+            for mfa_event in r.json().get('result', {}).get('page'):
+                if config.noreceipt:
+                    mfa_event.pop('receipt')
+                print(json.dumps(mfa_event))
+                sys.stdout.flush()
+
+        if config.tail:
+            wait = tail_pull_interval - (time.time() - loop_start)
+            logging.debug("Wait %s sec..." % wait)
+            time.sleep(wait)
+            scan_start = scan_end # next iteration we stich, start is the previous end
+            scan_end = datetime.datetime.utcnow() - datetime.timedelta(seconds=MOST_RECENT_PADDING)
+            
+        else:
+            break
diff --git a/cli.json b/cli.json
index 739219e..8aa0b33 100644
--- a/cli.json
+++ b/cli.json
@@ -5,7 +5,7 @@
     "commands": [
       {
         "name": "mfa",
-        "version": "0.0.2",
+        "version": "0.0.3",
         "description": "Akamai CLI for MFA"
       }
     ]