|
| 1 | +package cli |
| 2 | + |
| 3 | +import ( |
| 4 | + jailcli "github.com/coder/jail/cli" |
| 5 | + "github.com/coder/serpent" |
| 6 | +) |
| 7 | + |
| 8 | +func (r *RootCmd) jail() *serpent.Command { |
| 9 | + var config jailcli.Config |
| 10 | + |
| 11 | + return &serpent.Command{ |
| 12 | + Use: "jail -- <command>", |
| 13 | + Short: "Monitor and restrict HTTP/HTTPS requests from processes", |
| 14 | + Long: `coder jail creates an isolated network environment for the target process, |
| 15 | +intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces |
| 16 | +user-defined rules. |
| 17 | +
|
| 18 | +Examples: |
| 19 | + # Allow only requests to github.com |
| 20 | + coder jail --allow "github.com" -- curl https://github.com |
| 21 | +
|
| 22 | + # Monitor all requests to specific domains (allow only those) |
| 23 | + coder jail --allow "github.com/api/issues/*" --allow "GET,HEAD github.com" -- npm install |
| 24 | +
|
| 25 | + # Block everything by default (implicit)`, |
| 26 | + Options: serpent.OptionSet{ |
| 27 | + { |
| 28 | + Name: "allow", |
| 29 | + Flag: "allow", |
| 30 | + Env: "JAIL_ALLOW", |
| 31 | + Description: "Allow rule (can be specified multiple times). Format: 'pattern' or 'METHOD[,METHOD] pattern'.", |
| 32 | + Value: serpent.StringArrayOf(&config.AllowStrings), |
| 33 | + }, |
| 34 | + { |
| 35 | + Name: "log-level", |
| 36 | + Flag: "log-level", |
| 37 | + Env: "JAIL_LOG_LEVEL", |
| 38 | + Description: "Set log level (error, warn, info, debug).", |
| 39 | + Default: "warn", |
| 40 | + Value: serpent.StringOf(&config.LogLevel), |
| 41 | + }, |
| 42 | + }, |
| 43 | + Handler: func(inv *serpent.Invocation) error { |
| 44 | + return jailcli.Run(config, inv.Args) |
| 45 | + }, |
| 46 | + } |
| 47 | +} |
0 commit comments