github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-06-28 16:41:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Mar 2nd 2023 update

Browse Source
This commit is contained in:
Ned Wright 2023-03-02 17:08:49 +00:00
parent fef95b12b3
commit 2a7ddf0666
14 changed files with 170 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
View File

@ -50,7 +50,7 @@ checkIDP(shared_ptr<istream> file_stream)
if (line.find("<identity_portal/>") != string::npos) { if (line.find("<identity_portal/>") != string::npos) {
return string("false"); return string("false");
} }
if (line.find("identity_provider") != string::npos) { if (line.find("<central_idp ") != string::npos) {
return string("true"); return string("true");
} }
} }

5
components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
View File

@ -46,12 +46,7 @@ SHELL_CMD_HANDLER(
getSmbObjectName getSmbObjectName
) )
#endif//smb #endif//smb
#endif // SHELL_CMD_HANDLER
// use SHELL_CMD_OUTPUT(key as string, shell command as string) to return a shell command output as the value
// for a given key
#ifdef SHELL_CMD_OUTPUT
SHELL_CMD_OUTPUT("kernel_version", "uname -r") SHELL_CMD_OUTPUT("kernel_version", "uname -r")
SHELL_CMD_OUTPUT("helloWorld", "cat /tmp/agentHelloWorld 2>/dev/null") SHELL_CMD_OUTPUT("helloWorld", "cat /tmp/agentHelloWorld 2>/dev/null")
#endif // SHELL_CMD_OUTPUT #endif // SHELL_CMD_OUTPUT

2
components/security_apps/orchestration/manifest_controller/manifest_controller.cc
View File

@ -397,7 +397,7 @@ ManifestController::Impl::handlePackage(
if (!package.isInstallable().ok()) { if (!package.isInstallable().ok()) {
string report_msg = string report_msg =
"Skipping installation of " + package.getName() + ". Reason: " + package.isInstallable().getErr(); "Skipping installation of package: " + package.getName() + ". Reason: " + package.isInstallable().getErr();
dbgWarning(D_ORCHESTRATOR) << report_msg; dbgWarning(D_ORCHESTRATOR) << report_msg;
LogGen(report_msg, Audience::SECURITY, Severity::CRITICAL, Priority::HIGH, Tags::ORCHESTRATOR); LogGen(report_msg, Audience::SECURITY, Severity::CRITICAL, Priority::HIGH, Tags::ORCHESTRATOR);
current_packages.insert(make_pair(package.getName(), package)); current_packages.insert(make_pair(package.getName(), package));

14
components/security_apps/orchestration/orchestration_comp.cc
View File

@ -1342,6 +1342,18 @@ private:
<< LogField("agentType", "Orchestration") << LogField("agentType", "Orchestration")
<< LogField("agentVersion", Version::get()); << LogField("agentVersion", Version::get());
auto email = getSettingWithDefault<string>("", "email-address");
if (email != "") {
dbgInfo(D_ORCHESTRATOR) << "Sending registration data";
LogGen(
"Local Agent Data",
Audience::INTERNAL,
Severity::INFO,
Priority::LOW,
Tags::ORCHESTRATOR
) << LogField("userDefinedId", email);
}
reportAgentDetailsMetaData(); reportAgentDetailsMetaData();
if (!Singleton::Consume<I_ManifestController>::by<OrchestrationComp>()->loadAfterSelfUpdate()) { if (!Singleton::Consume<I_ManifestController>::by<OrchestrationComp>()->loadAfterSelfUpdate()) {
@ -1683,5 +1695,7 @@ OrchestrationComp::preload()
registerExpectedSetting<vector<string>>("orchestration", "Orchestration status ignored policies"); registerExpectedSetting<vector<string>>("orchestration", "Orchestration status ignored policies");
registerExpectedSetting<string>("agentType"); registerExpectedSetting<string>("agentType");
registerExpectedSetting<string>("upgradeMode"); registerExpectedSetting<string>("upgradeMode");
registerExpectedSetting<string>("email-address");
registerExpectedConfigFile("orchestration", Config::ConfigFileType::Policy); registerExpectedConfigFile("orchestration", Config::ConfigFileType::Policy);
registerExpectedConfigFile("registration-data", Config::ConfigFileType::Policy);
} }

19
components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc
View File

@ -456,6 +456,25 @@ TEST_F(OrchestrationTest, register_config)
env.fini(); env.fini();
} }
TEST_F(OrchestrationTest, registertion_data_config)
{
EXPECT_CALL(rest, mockRestCall(RestAction::ADD, "declare-boolean-variable", _))
.WillOnce(WithArg<2>(Invoke(this, &OrchestrationTest::declareVariable)));
preload();
env.init();
string config_json =
"{\n"
" \"email-address\": \"fake@example.com\"\n"
"}";
istringstream ss(config_json);
Singleton::Consume<Config::I_Config>::from(config_comp)->loadConfiguration(ss);
EXPECT_THAT(getSetting<string>("email-address"), IsValue("fake@example.com"));
env.fini();
}
TEST_F(OrchestrationTest, orchestrationPolicyUpdate) TEST_F(OrchestrationTest, orchestrationPolicyUpdate)
{ {
waitForRestCall(); waitForRestCall();

74
components/security_apps/waap/waap_clib/WaapAssetState.cc
View File

@ -102,6 +102,8 @@ static const boost::regex utf_evasion_for_dot_regex(utf_evasion_for_dot_helper);
static const std::string sqli_comma_evasion_regex_helper = "\"\\s*,\\s*\""; static const std::string sqli_comma_evasion_regex_helper = "\"\\s*,\\s*\"";
static const boost::regex sqli_comma_evasion_regex(sqli_comma_evasion_regex_helper); static const boost::regex sqli_comma_evasion_regex(sqli_comma_evasion_regex_helper);
static const boost::regex space_evasion_regex("[[:space:]]{2,}");
WaapAssetState::WaapAssetState(const std::shared_ptr<WaapAssetState>& pWaapAssetState, WaapAssetState::WaapAssetState(const std::shared_ptr<WaapAssetState>& pWaapAssetState,
const std::string& waapDataFileName, const std::string& waapDataFileName,
const std::string& id) : const std::string& id) :
@ -267,6 +269,76 @@ WaapAssetState::WaapAssetState(std::shared_ptr<Signatures> signatures,
} }
#endif #endif
void trimSpaces(std::string & text) {
size_t result_position = 0;
size_t position = 0;
space_stage state = NO_SPACES;
uint32_t code;
if (text.empty()) {
return;
}
boost::cmatch what;
if (!boost::regex_search(text.c_str(), what, space_evasion_regex))
return;
dbgTrace(D_WAAP) << "Boost regex passed";
for (;position < text.size(); position++) {
code = text[position];
switch (code) {
case '\t':
case ' ':
case '\f':
case '\v':
if (state == NO_SPACES) {
state = SPACE_SYNBOL;
text[result_position++] = code;
}
break;
case '\r':
switch (state) {
case (SPACE_SYNBOL):
text[result_position - 1] = code;
state = BR_SYMBOL;
break;
case (NO_SPACES):
text[result_position++] = code;
state = BR_SYMBOL;
break;
case (BN_SYMBOL):
text[result_position++] = code;
state = BNR_SEQUENCE;
break;
default:
break;
}
break;
case '\n':
switch (state) {
case (SPACE_SYNBOL):
text[result_position - 1] = code;
state = BN_SYMBOL;
break;
case (NO_SPACES):
text[result_position++] = code;
state = BN_SYMBOL;
break;
case (BR_SYMBOL):
text[result_position++] = code;
state = BRN_SEQUENCE;
break;
default:
break;
}
break;
default:
text[result_position++] = code;
state = NO_SPACES;
}
}
text.erase(result_position, position - result_position);
}
// Python equivalent: text = re.sub(r'[^\x00-\x7F]+',' ', text) // Python equivalent: text = re.sub(r'[^\x00-\x7F]+',' ', text)
void replaceUnicodeSequence(std::string & text, const char repl) { void replaceUnicodeSequence(std::string & text, const char repl) {
std::string::iterator it = text.begin(); std::string::iterator it = text.begin();
@ -432,6 +504,8 @@ WaapAssetState::WaapAssetState(std::shared_ptr<Signatures> signatures,
dbgTrace(D_WAAP_SAMPLE_PREPROCESS) << "unescape: (11) '" << text << "'"; dbgTrace(D_WAAP_SAMPLE_PREPROCESS) << "unescape: (11) '" << text << "'";
trimSpaces(text);
// 12. finally, apply tolower() to all characters of a string // 12. finally, apply tolower() to all characters of a string
// std::for_each(text.begin(), text.end(), [](char &c) { c = tolower(c); }); // std::for_each(text.begin(), text.end(), [](char &c) { c = tolower(c); });
for (std::string::iterator pC = text.begin(); pC != text.end(); ++pC) { for (std::string::iterator pC = text.begin(); pC != text.end(); ++pC) {

3
components/security_apps/waap/waap_clib/WaapAssetState.h
View File

@ -34,6 +34,8 @@
#include "ScanResult.h" #include "ScanResult.h"
#include "WaapSampleValue.h" #include "WaapSampleValue.h"
enum space_stage {SPACE_SYNBOL, BR_SYMBOL, BN_SYMBOL, BRN_SEQUENCE, BNR_SEQUENCE, NO_SPACES};
class IWaf2Transaction; class IWaf2Transaction;
class WaapAssetState : public boost::noncopyable, public I_WaapAssetState class WaapAssetState : public boost::noncopyable, public I_WaapAssetState
@ -155,6 +157,7 @@ inline std::size_t hash_value(WaapAssetState::CacheKey const &cacheKey)
} }
void filterUnicode(std::string & text); void filterUnicode(std::string & text);
void trimSpaces(std::string & text);
void replaceUnicodeSequence(std::string & text, const char repl); void replaceUnicodeSequence(std::string & text, const char repl);
std::string unescape(const std::string & s); std::string unescape(const std::string & s);

1
core/include/services_sdk/resources/debug_flags.h
View File

@ -147,6 +147,7 @@ DEFINE_FLAG(D_COMPONENT, D_ALL)
DEFINE_FLAG(D_IOT_ENFORCE_POLICY, D_IOT_ENFORCE) DEFINE_FLAG(D_IOT_ENFORCE_POLICY, D_IOT_ENFORCE)
DEFINE_FLAG(D_IOT_ENFORCE_ASSETS, D_IOT_ENFORCE) DEFINE_FLAG(D_IOT_ENFORCE_ASSETS, D_IOT_ENFORCE)
DEFINE_FLAG(D_IOT_DOCTOR, D_IOT_NEXT) DEFINE_FLAG(D_IOT_DOCTOR, D_IOT_NEXT)
DEFINE_FLAG(D_IOT_RISK, D_IOT_NEXT)
DEFINE_FLAG(D_IOT_DISCOVERY, D_IOT_NEXT) DEFINE_FLAG(D_IOT_DISCOVERY, D_IOT_NEXT)
DEFINE_FLAG(D_IOT_DISCOVERY_UTILS, D_IOT_DISCOVERY) DEFINE_FLAG(D_IOT_DISCOVERY_UTILS, D_IOT_DISCOVERY)
DEFINE_FLAG(D_IOT_PROBE, D_IOT_DISCOVERY_UTILS) DEFINE_FLAG(D_IOT_PROBE, D_IOT_DISCOVERY_UTILS)

1
core/mainloop/mainloop.cc
View File

@ -441,6 +441,7 @@ void
MainloopComponent::Impl::yield(bool force) MainloopComponent::Impl::yield(bool force)
{ {
dbgAssert(curr_iter != routines.end()) << "Calling 'yield' without a running current routine"; dbgAssert(curr_iter != routines.end()) << "Calling 'yield' without a running current routine";
if (do_stop) throw MainloopStop();
if (!force && getTimer()->getMonotonicTime() < stop_time) return; if (!force && getTimer()->getMonotonicTime() < stop_time) return;
auto env = Singleton::Consume<I_Environment>::by<MainloopComponent>()->saveEnvironment(); auto env = Singleton::Consume<I_Environment>::by<MainloopComponent>()->saveEnvironment();

4
core/report/tag_and_enum_management.cc
View File

@ -242,8 +242,8 @@ TagAndEnumManagement::convertToString(const Notification &notification)
case Notification::SYNC_LEARNING: return "b9b9ab04-2e2a-4cd1-b7e5-2c956861fb69"; case Notification::SYNC_LEARNING: return "b9b9ab04-2e2a-4cd1-b7e5-2c956861fb69";
case Notification::SDWAN_POLICY_UPDATE: return "2b18f5a0-5503-4c6b-967f-aa71dbced1aa"; case Notification::SDWAN_POLICY_UPDATE: return "2b18f5a0-5503-4c6b-967f-aa71dbced1aa";
case Notification::SDWAN_POLICY_UPDATE_ERROR: return "8d2db6ea-30b7-11ec-8d3d-0242ac130003"; case Notification::SDWAN_POLICY_UPDATE_ERROR: return "8d2db6ea-30b7-11ec-8d3d-0242ac130003";
case Notification::SDWAN_POLICY_UPDATE_LOG: return "f3a4fa06-2d91-41bc-84cd-7e9eaa9f4ce3"; case Notification::SDWAN_POLICY_UPDATE_LOG: return "97cb79e1-e873-4f28-b123-5e19f8dd6f99";
case Notification::SDWAN_POLICY_UPDATE_ERROR_LOG: return "5529d385-44ed-46d6-b8d0-1b8a99b4fbea"; case Notification::SDWAN_POLICY_UPDATE_ERROR_LOG: return "44ca5755-07a2-483c-b756-b7df444e175c";
} }
dbgAssert(false) << "Reached impossible notification value of: " << static_cast<int>(notification); dbgAssert(false) << "Reached impossible notification value of: " << static_cast<int>(notification);

8
core/tenant_manager/tenant_manager.cc
View File

@ -410,7 +410,13 @@ TenantManager::Impl::getProfileId(const string &tenant_id, const string &region,
auto maybe_account_region_set = getSetting<AccountRegionSet>("accountRegionSet"); auto maybe_account_region_set = getSetting<AccountRegionSet>("accountRegionSet");
if (maybe_account_region_set.ok()) { if (maybe_account_region_set.ok()) {
for (const AccountRegionPair &account : maybe_account_region_set.unpack().getAccoutRegionPairs()) { auto account_region_set = maybe_account_region_set.unpack().getAccoutRegionPairs();
if (account_region_set.empty()) {
dbgTrace(D_TENANT_MANAGER) << "Old profile with new hook. Resolving to profile ID: " << profile_id;
profiles_to_return.push_back(profile_id);
return profiles_to_return;
}
for (const AccountRegionPair &account : account_region_set) {
if (region == account.getRegion() && (account_id.empty() || account_id == account.getAccountID())) { if (region == account.getRegion() && (account_id.empty() || account_id == account.getAccountID())) {
dbgTrace(D_TENANT_MANAGER) << "Found a corresponding profile ID: " << profile_id; dbgTrace(D_TENANT_MANAGER) << "Found a corresponding profile ID: " << profile_id;
profiles_to_return.push_back(profile_id); profiles_to_return.push_back(profile_id);

9
nodes/orchestration/package/cpnano_debug/cpnano_debug.cc
View File

@ -78,6 +78,7 @@ enum class Service {
SDWAN_LOGGER, SDWAN_LOGGER,
IOT_ENFORCE, IOT_ENFORCE,
IOT_DOCTOR, IOT_DOCTOR,
IOT_RISK,
IOT_GW_SENSOR, IOT_GW_SENSOR,
IOT_SNMP, IOT_SNMP,
IOT_MS_DHCP, IOT_MS_DHCP,
@ -152,6 +153,7 @@ getServiceString(const Service service)
case (Service::CAPSULE8): return "capsule8"; case (Service::CAPSULE8): return "capsule8";
case (Service::IOT_ENFORCE): return "iot-enforce"; case (Service::IOT_ENFORCE): return "iot-enforce";
case (Service::IOT_DOCTOR): return "iot-doctor"; case (Service::IOT_DOCTOR): return "iot-doctor";
case (Service::IOT_RISK): return "iot-risk";
case (Service::IOT_GW_SENSOR): return "iot-gw-sensor"; case (Service::IOT_GW_SENSOR): return "iot-gw-sensor";
case (Service::IOT_SNMP): return "iot-snmp"; case (Service::IOT_SNMP): return "iot-snmp";
case (Service::IOT_MS_DHCP): return "iot-ms-dhcp"; case (Service::IOT_MS_DHCP): return "iot-ms-dhcp";
@ -267,6 +269,11 @@ getServiceConfig (const Service service)
filesystem_path + "/conf/cp-nano-iot-doctor-debug-conf.json", filesystem_path + "/conf/cp-nano-iot-doctor-debug-conf.json",
log_files_path + "/nano_agent/cp-nano-iot-doctor.dbg" log_files_path + "/nano_agent/cp-nano-iot-doctor.dbg"
); );
case (Service::IOT_RISK):
return ServiceConfig(
filesystem_path + "/conf/cp-nano-iot-risk-debug-conf.json",
log_files_path + "/nano_agent/cp-nano-iot-risk.dbg"
);
case (Service::IOT_GW_SENSOR): case (Service::IOT_GW_SENSOR):
return ServiceConfig( return ServiceConfig(
filesystem_path + "/conf/cp-nano-iot-gw-sensor-debug-conf.json", filesystem_path + "/conf/cp-nano-iot-gw-sensor-debug-conf.json",
@ -1246,6 +1253,8 @@ extractServices(const vector<string> &args)
services.push_back(Service::IOT_ENFORCE); services.push_back(Service::IOT_ENFORCE);
} else if (getServiceString(Service::IOT_DOCTOR).find(maybe_service) == 0) { } else if (getServiceString(Service::IOT_DOCTOR).find(maybe_service) == 0) {
services.push_back(Service::IOT_DOCTOR); services.push_back(Service::IOT_DOCTOR);
} else if (getServiceString(Service::IOT_RISK).find(maybe_service) == 0) {
services.push_back(Service::IOT_RISK);
} else if (getServiceString(Service::IOT_GW_SENSOR).find(maybe_service) == 0) { } else if (getServiceString(Service::IOT_GW_SENSOR).find(maybe_service) == 0) {
services.push_back(Service::IOT_GW_SENSOR); services.push_back(Service::IOT_GW_SENSOR);
} else if (getServiceString(Service::IOT_SNMP).find(maybe_service) == 0) { } else if (getServiceString(Service::IOT_SNMP).find(maybe_service) == 0) {

31
nodes/orchestration/package/open-appsec-ctl.sh
View File

@ -1565,26 +1565,39 @@ stop_service() # Initials - stops
exit 255 exit 255
} }
record_command() # Initials - rc
{
touch /var/log/nano_agent/operations.log
echo "$(tail -99 /var/log/nano_agent/operations.log)" > /var/log/nano_agent/operations.log
echo $(date "+%Y.%m.%d-%H.%M.%S") ": " $0 $@ >> /var/log/nano_agent/operations.log
}
run() # Initials - r run() # Initials - r
{ {
r_deprecated_msg="Option ${1} is deprecated. Please use" r_deprecated_msg="Option ${1} is deprecated. Please use"
if [ -z "$1" ]; then if [ -z "$1" ]; then
usage usage
elif [ "--debug" = "$1" ] || [ "-d" = "$1" ]; then elif [ "--debug" = "$1" ] || [ "-d" = "$1" ]; then
record_command $@
run_cpnano_debug "cpnano" "$@" run_cpnano_debug "cpnano" "$@"
elif [ "--display-policy" = "$1" ] || [ "-dp" = "$1" ]; then elif [ "--display-policy" = "$1" ] || [ "-dp" = "$1" ]; then
record_command $@
run_display_policy run_display_policy
elif [ "--status" = "$1" ] || [ "-s" = "$1" ]; then elif [ "--status" = "$1" ] || [ "-s" = "$1" ]; then
record_command $@
run_status run_status
if [ "--extended" = "$2" ]; then if [ "--extended" = "$2" ]; then
shift shift
run_health_check "${@}" run_health_check "${@}"
fi fi
elif [ "--start-agent" = "$1" ] || [ "-r" = "$1" ]; then elif [ "--start-agent" = "$1" ] || [ "-r" = "$1" ]; then
record_command $@
run_start_agent run_start_agent
elif [ "--stop-agent" = "$1" ] || [ "-q" = "$1" ]; then elif [ "--stop-agent" = "$1" ] || [ "-q" = "$1" ]; then
record_command $@
run_stop_agent run_stop_agent
elif [ "--uninstall" = "$1" ] || [ "-u" = "$1" ]; then elif [ "--uninstall" = "$1" ] || [ "-u" = "$1" ]; then
record_command $@
uninstall_agent uninstall_agent
elif [ "--display-settings" = "$1" ]; then elif [ "--display-settings" = "$1" ]; then
echo "${r_deprecated_msg} --display-config" echo "${r_deprecated_msg} --display-config"
@ -1595,42 +1608,56 @@ run() # Initials - r
elif [ "-ls" = "$1" ]; then elif [ "-ls" = "$1" ]; then
echo "${r_deprecated_msg} -lc" echo "${r_deprecated_msg} -lc"
elif [ "--display-config" = "$1" ] || [ "-dc" = "$1" ]; then elif [ "--display-config" = "$1" ] || [ "-dc" = "$1" ]; then
record_command $@
shift shift
run_display_settings "${@}" run_display_settings "${@}"
elif [ "--load-config" = "$1" ] || [ "-lc" = "$1" ]; then elif [ "--load-config" = "$1" ] || [ "-lc" = "$1" ]; then
record_command $@
shift shift
run_load_settings "${@}" run_load_settings "${@}"
elif [ "--set-proxy" = "$1" ] || [ "-sp" = "$1" ]; then elif [ "--set-proxy" = "$1" ] || [ "-sp" = "$1" ]; then
record_command $@
shift shift
set_proxy "${@}" set_proxy "${@}"
elif [ "--set-gradual-policy" = "$1" ] || [ "-gp" = "$1" ]; then elif [ "--set-gradual-policy" = "$1" ] || [ "-gp" = "$1" ]; then
record_command $@
shift shift
run_update_gradual_policy "set" "${@}" run_update_gradual_policy "set" "${@}"
elif [ "--delete-gradual-policy" = "$1" ] || [ "-dg" = "$1" ]; then elif [ "--delete-gradual-policy" = "$1" ] || [ "-dg" = "$1" ]; then
record_command $@
shift shift
run_update_gradual_policy "delete" "${@}" run_update_gradual_policy "delete" "${@}"
elif [ "--set-traffic-recording-policy" = "$1" ] || [ "-tr" = "$1" ]; then elif [ "--set-traffic-recording-policy" = "$1" ] || [ "-tr" = "$1" ]; then
record_command $@
shift shift
run_set_traffic_recording_policy "${@}" run_set_traffic_recording_policy "${@}"
elif [ "--cp-agent-info" = "$1" ] || [ "-ai" = "$1" ]; then elif [ "--cp-agent-info" = "$1" ] || [ "-ai" = "$1" ]; then
record_command $@
shift shift
run_ai "${@}" run_ai "${@}"
elif [ "--update-certs" = "$1" ] || [ "-uc" = "$1" ]; then elif [ "--update-certs" = "$1" ] || [ "-uc" = "$1" ]; then
record_command $@
run_set_ca_directory "$2" run_set_ca_directory "$2"
elif [ "--set-public-key" = "$1" ] || [ "-pk" = "$1" ]; then elif [ "--set-public-key" = "$1" ] || [ "-pk" = "$1" ]; then
record_command $@
run_set_publick_key "$2" run_set_publick_key "$2"
elif [ "--print-metrics" = "$1" ] || [ "-pm" = "$1" ]; then elif [ "--print-metrics" = "$1" ] || [ "-pm" = "$1" ]; then
record_command $@
run_print_metrics "$2" run_print_metrics "$2"
elif [ "--stop-service" = "$1" ] || [ "-qs" = "$1" ]; then elif [ "--stop-service" = "$1" ] || [ "-qs" = "$1" ]; then
record_command $@
shift shift
stop_service "${@}" stop_service "${@}"
elif [ "--start-service" = "$1" ] || [ "-rs" = "$1" ]; then elif [ "--start-service" = "$1" ] || [ "-rs" = "$1" ]; then
record_command $@
shift shift
start_service "${@}" start_service "${@}"
elif [ "--set-mode" = "$1" ] || [ "-sm" = "$1" ]; then elif [ "--set-mode" = "$1" ] || [ "-sm" = "$1" ]; then
record_command $@
shift shift
set_mode "${@}" set_mode "${@}"
elif [ "-vp" = "$1" ] || [ "--view-policy" = "$1" ]; then elif [ "-vp" = "$1" ] || [ "--view-policy" = "$1" ]; then
record_command $@
shift shift
var_policy_file=$1 var_policy_file=$1
if [ -z ${var_policy_file} ]; then if [ -z ${var_policy_file} ]; then
@ -1638,6 +1665,7 @@ run() # Initials - r
fi fi
less ${var_policy_file} less ${var_policy_file}
elif [ "-ep" = "$1" ] || [ "--edit-policy" = "$1" ]; then elif [ "-ep" = "$1" ] || [ "--edit-policy" = "$1" ]; then
record_command $@
shift shift
var_policy_file=$1 var_policy_file=$1
if [ -z ${var_policy_file} ]; then if [ -z ${var_policy_file} ]; then
@ -1645,6 +1673,7 @@ run() # Initials - r
fi fi
vi ${var_policy_file} vi ${var_policy_file}
elif [ "-ap" = "$1" ] || [ "--apply-policy" = "$1" ]; then elif [ "-ap" = "$1" ] || [ "--apply-policy" = "$1" ]; then
record_command $@
curl_apply_policy=$(${curl_cmd} -S -w "%{http_code}\n" -m 1 --noproxy "*" --header "Content-Type: application/json" \ curl_apply_policy=$(${curl_cmd} -S -w "%{http_code}\n" -m 1 --noproxy "*" --header "Content-Type: application/json" \
--request POST --data {} http://127.0.0.1:"$(extract_api_port 'orchestration')"/set-apply-policy 2>&1) --request POST --data {} http://127.0.0.1:"$(extract_api_port 'orchestration')"/set-apply-policy 2>&1)
while [ /etc/cp/conf/local_policy.yaml -nt /etc/cp/conf/policy.json ]; do while [ /etc/cp/conf/local_policy.yaml -nt /etc/cp/conf/policy.json ]; do
@ -1654,8 +1683,10 @@ run() # Initials - r
echo "New policy applied." echo "New policy applied."
exit 1 exit 1
elif [ "-lp" = "$1" ] || [ "--list-policies" = "$1" ]; then elif [ "-lp" = "$1" ] || [ "--list-policies" = "$1" ]; then
record_command $@
echo "/etc/cp/conf/local_policy.yaml" echo "/etc/cp/conf/local_policy.yaml"
elif [ "-vl" = "$1" ] || [ "--view-logs" = "$1" ]; then elif [ "-vl" = "$1" ] || [ "--view-logs" = "$1" ]; then
record_command $@
less /var/log/nano_agent/cp-nano-http-transaction-handler.log? less /var/log/nano_agent/cp-nano-http-transaction-handler.log?
else else
usage usage

8
nodes/orchestration/package/orchestration_package.sh
View File

@ -50,6 +50,7 @@ var_sleep_interval=30
var_error_sleep_interval=30 var_error_sleep_interval=30
var_upgrade_mode= var_upgrade_mode=
var_token= var_token=
var_email=
var_installation_debug_mode=false var_installation_debug_mode=false
var_startup_service= var_startup_service=
var_arch_flag= var_arch_flag=
@ -132,6 +133,7 @@ usage()
echo "--uninstall : Remove Nano Agent" echo "--uninstall : Remove Nano Agent"
echo "--token <token> : Registration token" echo "--token <token> : Registration token"
echo "--fog <fog URL> : Fog Address" echo "--fog <fog URL> : Fog Address"
echo "--email <email address> : Contact Information"
echo "--certs-dir <Trusted CA directory> : Path to the trusted CA directory" echo "--certs-dir <Trusted CA directory> : Path to the trusted CA directory"
echo "--public-key <Public key file path> : Path to the SSL certificate's public key file (PEM format)" echo "--public-key <Public key file path> : Path to the SSL certificate's public key file (PEM format)"
echo "--ignore <ignore packages list> : List of ignored packages" echo "--ignore <ignore packages list> : List of ignored packages"
@ -222,6 +224,9 @@ while true; do
elif [ "$1" = "--token" ]; then elif [ "$1" = "--token" ]; then
shift shift
OTP_TOKEN=$1 OTP_TOKEN=$1
elif [ "$1" = "--email" ]; then
shift
var_email=$1
elif [ "$1" = "--offline_mode" ]; then elif [ "$1" = "--offline_mode" ]; then
var_offline_mode=true var_offline_mode=true
var_orchestration_mode="offline_mode" var_orchestration_mode="offline_mode"
@ -891,7 +896,8 @@ install_orchestration()
cp_print "Building the default policy json" cp_print "Building the default policy json"
echo '{"'$ORCHESTRATION_NAME'": { "fog-address":"'$var_fog_address'", ' > ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json echo '{"'$ORCHESTRATION_NAME'": { "fog-address":"'$var_fog_address'", ' > ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json
echo '"pulling-interval":'$var_sleep_interval', ' >> ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json echo '"pulling-interval":'$var_sleep_interval', ' >> ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json
echo '"error-pulling-interval":'$var_error_sleep_interval'}}' >> ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json echo '"error-pulling-interval":'$var_error_sleep_interval'},' >> ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json
echo '"registration-data": { "email-address": "'$var_email'"}}' >> ${FILESYSTEM_PATH}/${CONF_PATH}/policy.json
copy_orchestration_executable copy_orchestration_executable
copy_k8s_executable copy_k8s_executable