File Safe

Goals and implementation

The collector file safe is a S3-like file storage with the following features:

  • upload and download over https
  • user or node authentication
  • fine-grained ACLs
  • immutable files
  • file integrity check upon download request
  • unique file version id
  • binary and text file types

Upload/Download using nodemgr

The safe cli command Syntax

$ sudo nodemgr collector cli -- safe --help
Usage: nodemgr.py [options]

Upload, download and manage files in the collector safe. The safe is a file
sharing facility with access control rules for nodes and users making it
suitable to serve compliance reference files.

Options:
  -h, --help   show this help message and exit
  --ls         List the accessible files in the safe.
  --upload     Upload the file pointed by --file to the safe. Optionally give
               a name using --name.
  --download   Download from the safe the file pointed by --file to the file
               path or directory pointed by --to.
  --file=FILE  The safe file uuid to download, or the local file to upload.
  --to=TO      The local file path or directory name to download.
  --name=NAME  The user-friendly name to attach to the upload.

Example upload

$ sudo nodemgr collector cli -- safe --upload --file /etc/resolv.conf --name resolv.conf

Example download

$ sudo nodemgr collector cli -- safe --download --file safe.uuid.a44b45aa173dfe3c.7265736f6c762e636f6e66.conf --to /tmp/foo
.
downloaded

$ cat /tmp/foo
nameserver 8.8.8.8

Safe support in compliance

The files compliance object is able to fetch file content from the safe. To that end, just use the safe://<file id> format in the files rule path key.