mirror of
https://github.com/openappsec/openappsec.git
synced 2025-09-29 19:24:26 +03:00
Nov_12_2023-Dev
This commit is contained in:
Ned Wright
@@ -45,11 +45,7 @@ checkSamlPortal(const string &command_output)
|
||||
Maybe<string>
|
||||
getIDAGaia(const string &command_output)
|
||||
{
|
||||
if (command_output.find("Portal is running") != string::npos) {
|
||||
return string("ida_gaia");
|
||||
}
|
||||
|
||||
return genError("Current host does not have SAML Portal configured");
|
||||
return string("ida_gaia");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
@@ -72,6 +68,22 @@ checkIDP(shared_ptr<istream> file_stream)
|
||||
|
||||
#if defined(gaia) || defined(smb)
|
||||
|
||||
Maybe<string>
|
||||
checkIsCpviewRunning(const string &command_output)
|
||||
{
|
||||
if (command_output == "true" || command_output == "false") return command_output;
|
||||
|
||||
return genError("cpview is not running");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
checkIsCPotelcolGRET64(const string &command_output)
|
||||
{
|
||||
if (command_output == "true" || command_output == "false") return command_output;
|
||||
|
||||
return genError("CPotelcol is not installed or its take is below T64");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
checkHasSDWan(const string &command_output)
|
||||
{
|
||||
@@ -193,6 +205,12 @@ checkIfSdwanRunning(const string &command_output)
|
||||
return genError("Could not determine if sd-wan is running or not");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
getClusterObjectIP(const string &command_output)
|
||||
{
|
||||
return getAttr(command_output, "Cluster object IP was not found");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
getSmbObjectName(const string &command_output)
|
||||
{
|
||||
|
||||
@@ -30,6 +30,14 @@
|
||||
#ifdef SHELL_CMD_HANDLER
|
||||
#if defined(gaia) || defined(smb)
|
||||
SHELL_CMD_HANDLER("cpProductIntegrationMgmtObjectType", "cpprod_util CPPROD_IsMgmtMachine", getMgmtObjType)
|
||||
SHELL_CMD_HANDLER("isCpviewRunning",
|
||||
"pidof cpview_api_service > /dev/null 2>&1 && [ -f $CPDIR/conf/cpview_api_service.version ] "
|
||||
"&& echo 'true' || echo 'false'",
|
||||
checkIsCpviewRunning)
|
||||
SHELL_CMD_HANDLER("isCPotelcolGRET64",
|
||||
"grep -A 10 '(BUNDLE_CPOTELCOL_AUTOUPDATE' ${CPDIR}/registry/HKLM_registry.data | "
|
||||
"awk '/SU_Build_Take/{val = substr($2, 2, length($2)-2); if (val >=64) print \"true\"; else print \"false\" }'",
|
||||
checkIsCPotelcolGRET64)
|
||||
SHELL_CMD_HANDLER("hasSDWan", "[ -f $FWDIR/bin/sdwan_steering ] && echo '1' || echo '0'", checkHasSDWan)
|
||||
SHELL_CMD_HANDLER(
|
||||
"canUpdateSDWanData",
|
||||
@@ -50,12 +58,20 @@ SHELL_CMD_HANDLER(
|
||||
"cat /etc/cp-release | grep -oE 'R[0-9]+(\\.[0-9]+)?'",
|
||||
getGWVersion
|
||||
)
|
||||
SHELL_CMD_HANDLER(
|
||||
"cpProductIntegrationMgmtParentObjectIP",
|
||||
"obj=\"$(cpsdwan get_data | jq -r .cluster_name)\";"
|
||||
" awk -v obj=\"$obj\" '$1 == \":\" && $2 == \"(\" obj, $1 == \":ip_address\" { if ($1 == \":ip_address\")"
|
||||
" { gsub(/[()]/, \"\", $2); print $2; exit; } }'"
|
||||
" $FWDIR/state/local/FW1/local.gateway_cluster",
|
||||
getClusterObjectIP
|
||||
)
|
||||
#endif //gaia || smb
|
||||
|
||||
#if defined(gaia)
|
||||
SHELL_CMD_HANDLER("hasSupportedBlade", "enabled_blades", checkHasSupportedBlade)
|
||||
SHELL_CMD_HANDLER("hasSamlPortal", "mpclient status saml-vpn", checkSamlPortal)
|
||||
SHELL_CMD_HANDLER("requiredNanoServices", "mpclient status saml-vpn", getIDAGaia)
|
||||
SHELL_CMD_HANDLER("requiredNanoServices", "ida_gaia", getIDAGaia)
|
||||
SHELL_CMD_HANDLER(
|
||||
"cpProductIntegrationMgmtParentObjectName",
|
||||
"cat $FWDIR/database/myself_objects.C "
|
||||
|
||||
@@ -278,36 +278,6 @@ HttpsCurl::HttpsCurl(const HttpsCurl &other) :
|
||||
HttpCurl(other),
|
||||
ca_path(other.ca_path) {}
|
||||
|
||||
bool
|
||||
HttpsCurl::downloadOpenAppsecPackages()
|
||||
{
|
||||
char errorstr[CURL_ERROR_SIZE];
|
||||
CURL* curl_handle = curl_easy_init();
|
||||
if (!curl_handle) return false;
|
||||
|
||||
curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 1);
|
||||
curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 2);
|
||||
|
||||
curl_easy_setopt(curl_handle, CURLOPT_URL, ("https://" + curl_url).c_str());
|
||||
curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, writeResponseCallback);
|
||||
curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, &out_file);
|
||||
|
||||
curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 1L);
|
||||
curl_easy_setopt(curl_handle, CURLOPT_ERRORBUFFER, errorstr);
|
||||
|
||||
CURLcode res = curl_easy_perform(curl_handle);
|
||||
if (res == CURLE_OK) {
|
||||
dbgTrace(D_HTTP_REQUEST) << "CURL HTTP request successfully completed.";
|
||||
} else {
|
||||
dbgWarning(D_HTTP_REQUEST) << "CURL result " + string(curl_easy_strerror(res));
|
||||
curl_easy_cleanup(curl_handle);
|
||||
return false;
|
||||
}
|
||||
|
||||
curl_easy_cleanup(curl_handle);
|
||||
return true;
|
||||
}
|
||||
|
||||
void
|
||||
HttpsCurl::setCurlOpts(long timeout, HTTP_VERSION http_version)
|
||||
{
|
||||
@@ -347,7 +317,7 @@ HttpsCurl::setCurlOpts(long timeout, HTTP_VERSION http_version)
|
||||
curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, writeResponseCallback);
|
||||
curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, &out_file);
|
||||
curl_easy_setopt(curl_handle, CURLOPT_TIMEOUT, timeout);
|
||||
curl_easy_setopt(curl_handle, CURLOPT_CAINFO, ca_path.c_str());
|
||||
if (ca_path != "") curl_easy_setopt(curl_handle, CURLOPT_CAINFO, ca_path.c_str());
|
||||
headers = curl_slist_append(headers, "Accept: */*");
|
||||
string auth = string("Authorization: Bearer ") + bearer;
|
||||
headers = curl_slist_append(headers, auth.c_str());
|
||||
|
||||
@@ -105,7 +105,6 @@ public:
|
||||
static CURLcode ssl_ctx_verify_certificate(CURL *curl, void *ssl_ctx, void *opq);
|
||||
static int verify_certificate(int preverify_ok, X509_STORE_CTX *ctx);
|
||||
void setCurlOpts(long timeout = 60L, HTTP_VERSION http_version = HTTP_VERSION::HTTP_VERSION_1_1) override;
|
||||
bool downloadOpenAppsecPackages();
|
||||
|
||||
private:
|
||||
std::string ca_path;
|
||||
|
||||
@@ -592,13 +592,8 @@ HTTPClient::curlGetFileOverSSL(const URLParser &url, ofstream &out_file, const s
|
||||
proxy_config->getProxyCredentials(ProxyProtocol::HTTPS),
|
||||
cert_file_path);
|
||||
|
||||
bool connection_ok;
|
||||
if (url.getBaseURL().unpack() == "downloads.openappsec.io") {
|
||||
connection_ok = ssl_curl_client.downloadOpenAppsecPackages();
|
||||
} else {
|
||||
ssl_curl_client.setCurlOpts();
|
||||
connection_ok = ssl_curl_client.connect();
|
||||
}
|
||||
ssl_curl_client.setCurlOpts();
|
||||
bool connection_ok = ssl_curl_client.connect();
|
||||
if (!connection_ok)
|
||||
{
|
||||
stringstream url_s;
|
||||
|
||||
@@ -256,10 +256,23 @@ private:
|
||||
if (!getenv("DOCKER_RPM_ENABLED")) return HealthCheckStatus::IGNORED;
|
||||
|
||||
static const string standalone_cmd = "/usr/sbin/cpnano -s --docker-rpm; echo $?";
|
||||
static int timeout_tolerance = 1;
|
||||
static HealthCheckStatus health_status = HealthCheckStatus::HEALTHY;
|
||||
|
||||
dbgTrace(D_HEALTH_CHECK) << "Checking the standalone docker health status with command: " << standalone_cmd;
|
||||
|
||||
auto maybe_result = Singleton::Consume<I_ShellCmd>::by<HealthChecker>()->getExecOutput(standalone_cmd, 1000);
|
||||
auto maybe_result = Singleton::Consume<I_ShellCmd>::by<HealthChecker>()->getExecOutput(standalone_cmd, 5000);
|
||||
if (!maybe_result.ok()) {
|
||||
if (maybe_result.getErr().find("Reached timeout") != string::npos) {
|
||||
dbgWarning(D_HEALTH_CHECK)
|
||||
<< "Reached timeout while querying standalone health status, attempt number: "
|
||||
<< timeout_tolerance;
|
||||
|
||||
return health_status == HealthCheckStatus::UNHEALTHY || timeout_tolerance++ > 3 ?
|
||||
HealthCheckStatus::UNHEALTHY :
|
||||
health_status;
|
||||
}
|
||||
|
||||
dbgWarning(D_HEALTH_CHECK) << "Unable to get the standalone docker status. Returning unhealthy status.";
|
||||
return HealthCheckStatus::UNHEALTHY;
|
||||
}
|
||||
@@ -267,10 +280,10 @@ private:
|
||||
|
||||
auto response = NGEN::Strings::removeTrailingWhitespaces(maybe_result.unpack());
|
||||
|
||||
if (response.back() == '0') return HealthCheckStatus::HEALTHY;
|
||||
if (response.back() == '1') return HealthCheckStatus::UNHEALTHY;
|
||||
if (response.back() == '1') return health_status = HealthCheckStatus::UNHEALTHY;
|
||||
|
||||
return HealthCheckStatus::DEGRADED;
|
||||
timeout_tolerance = 1;
|
||||
return health_status = (response.back() == '0') ? HealthCheckStatus::HEALTHY : HealthCheckStatus::DEGRADED;
|
||||
}
|
||||
|
||||
bool
|
||||
|
||||
@@ -87,10 +87,12 @@ public:
|
||||
|
||||
private:
|
||||
std::string getCleanChecksum(const std::string &unclean_checksum);
|
||||
void periodicPolicyLoad();
|
||||
|
||||
std::string local_policy_path;
|
||||
std::string curr_version;
|
||||
std::string curr_policy;
|
||||
std::string curr_checksum;
|
||||
bool should_apply_policy;
|
||||
};
|
||||
|
||||
|
||||
@@ -54,7 +54,6 @@ public:
|
||||
last_update = i_orch_status->getUpdateTime();
|
||||
last_update_status = i_orch_status->getUpdateStatus();
|
||||
policy_version = i_orch_status->getPolicyVersion();
|
||||
waap_model_version = i_orch_status->getWaapModelVersion();
|
||||
last_policy_update = i_orch_status->getLastPolicyUpdate();
|
||||
last_manifest_update = i_orch_status->getLastManifestUpdate();
|
||||
last_settings_update = i_orch_status->getLastSettingsUpdate();
|
||||
@@ -73,7 +72,6 @@ private:
|
||||
S2C_LABEL_PARAM(std::string, last_update, "Last update");
|
||||
S2C_LABEL_PARAM(std::string, last_update_status, "Last update status");
|
||||
S2C_LABEL_PARAM(std::string, policy_version, "Policy version");
|
||||
S2C_LABEL_PARAM(std::string, waap_model_version, "AI model version");
|
||||
S2C_LABEL_PARAM(std::string, last_policy_update, "Last policy update");
|
||||
S2C_LABEL_PARAM(std::string, last_manifest_update, "Last manifest update");
|
||||
S2C_LABEL_PARAM(std::string, last_settings_update, "Last settings update");
|
||||
|
||||
@@ -45,7 +45,6 @@ public:
|
||||
MOCK_CONST_METHOD0(getUpdateTime, const std::string&());
|
||||
MOCK_CONST_METHOD0(getLastManifestUpdate, const std::string&());
|
||||
MOCK_CONST_METHOD0(getPolicyVersion, const std::string&());
|
||||
MOCK_CONST_METHOD0(getWaapModelVersion, const std::string&());
|
||||
MOCK_CONST_METHOD0(getLastPolicyUpdate, const std::string&());
|
||||
MOCK_CONST_METHOD0(getLastSettingsUpdate, const std::string&());
|
||||
MOCK_CONST_METHOD0(getUpgradeMode, const std::string&());
|
||||
|
||||
@@ -66,7 +66,7 @@ public:
|
||||
|
||||
typedef std::map<std::string, PortNumber> ServicePortMap;
|
||||
MOCK_METHOD0(getServiceToPortMap, ServicePortMap());
|
||||
MOCK_METHOD2(updateReconfStatus, void(int id, ReconfStatus status));
|
||||
MOCK_METHOD3(updateReconfStatus, void(int id, const std::string &service_name, ReconfStatus status));
|
||||
MOCK_METHOD4(
|
||||
startReconfStatus,
|
||||
void(int id, ReconfStatus status, const std::string &serivce_name, const std::string &service_id)
|
||||
|
||||
@@ -11,7 +11,6 @@
|
||||
#include "mock/mock_time_get.h"
|
||||
#include "mock/mock_orchestration_tools.h"
|
||||
#include "mock/mock_agent_details.h"
|
||||
#include "mock/mock_details_resolver.h"
|
||||
#include "mock/mock_mainloop.h"
|
||||
#include "mock/mock_rest_api.h"
|
||||
|
||||
@@ -39,17 +38,9 @@ public:
|
||||
.WillOnce(DoAll(SaveArg<2>(&routine), Return(1))
|
||||
);
|
||||
EXPECT_CALL(mock_tools, readFile(file_path)).WillOnce(Return(start_file_content));
|
||||
prepareResolvedDetails();
|
||||
orchestration_status.init();
|
||||
}
|
||||
|
||||
void
|
||||
prepareResolvedDetails()
|
||||
{
|
||||
map<string, string> resolved_details({{"AppSecModelVersion", waap_model}});
|
||||
EXPECT_CALL(mock_details_resolver, getResolvedDetails()).WillRepeatedly(Return(resolved_details));
|
||||
}
|
||||
|
||||
string
|
||||
orchestrationStatusFileToString()
|
||||
{
|
||||
@@ -91,8 +82,7 @@ public:
|
||||
const string ®istration_details_architecture = "",
|
||||
const string &agent_id = "None",
|
||||
const string &profile_id = "None",
|
||||
const string &tenant_id = "None",
|
||||
const string &waap_model_version = "Advanced model"
|
||||
const string &tenant_id = "None"
|
||||
)
|
||||
{
|
||||
return "{\n"
|
||||
@@ -101,7 +91,6 @@ public:
|
||||
" \"Last update\": \"" + last_update + "\",\n"
|
||||
" \"Last manifest update\": \"" + last_manifest_update + "\",\n"
|
||||
" \"Policy version\": \"" + policy_version + "\",\n"
|
||||
" \"AI model version\": \"" + waap_model_version + "\",\n"
|
||||
" \"Last policy update\": \"" + last_policy_update + "\",\n"
|
||||
" \"Last settings update\": \"" + last_settings_update + "\",\n"
|
||||
" \"Upgrade mode\": \"" + upgrade_mode + "\",\n"
|
||||
@@ -129,14 +118,12 @@ public:
|
||||
ostringstream capture_debug;
|
||||
StrictMock<MockOrchestrationTools> mock_tools;
|
||||
StrictMock<MockAgentDetails> mock_agent_details;
|
||||
StrictMock<MockDetailsResolver> mock_details_resolver;
|
||||
OrchestrationStatus orchestration_status;
|
||||
I_OrchestrationStatus * i_orchestration_status =
|
||||
Singleton::Consume<I_OrchestrationStatus>::from(orchestration_status);
|
||||
string file_path;
|
||||
Maybe<string> start_file_content = genError("No file");
|
||||
I_MainLoop::Routine routine;
|
||||
string waap_model = "Advanced model";
|
||||
};
|
||||
|
||||
TEST_F(OrchestrationStatusTest, doNothing)
|
||||
@@ -160,7 +147,6 @@ TEST_F(OrchestrationStatusTest, recoverFields)
|
||||
|
||||
TEST_F(OrchestrationStatusTest, loadFromFile)
|
||||
{
|
||||
prepareResolvedDetails();
|
||||
Maybe<string> status = genError("No file");;
|
||||
CPTestTempfile status_file;
|
||||
file_path = status_file.fname;
|
||||
@@ -228,14 +214,12 @@ TEST_F(OrchestrationStatusTest, recoveryFields)
|
||||
const string agent_id = "AgentId";
|
||||
const string profile_id = "ProfileId";
|
||||
const string tenant_id = "TenantId";
|
||||
|
||||
auto fog_addr = Maybe<string>(string("FogDomain"));
|
||||
|
||||
EXPECT_CALL(mock_agent_details, getAgentId()).WillOnce(Return(agent_id));
|
||||
EXPECT_CALL(mock_agent_details, getProfileId()).WillOnce(Return(profile_id));
|
||||
EXPECT_CALL(mock_agent_details, getTenantId()).WillOnce(Return(tenant_id));
|
||||
EXPECT_CALL(mock_agent_details, getFogDomain()).WillOnce(Return(fog_addr));
|
||||
|
||||
i_orchestration_status->writeStatusToFile();
|
||||
EXPECT_THAT(capture_debug.str(), HasSubstr("Repairing status fields"));
|
||||
|
||||
@@ -243,7 +227,6 @@ TEST_F(OrchestrationStatusTest, recoveryFields)
|
||||
EXPECT_EQ(i_orchestration_status->getProfileId(), profile_id);
|
||||
EXPECT_EQ(i_orchestration_status->getTenantId(), tenant_id);
|
||||
EXPECT_EQ(i_orchestration_status->getFogAddress(), fog_addr.unpack());
|
||||
EXPECT_EQ(i_orchestration_status->getWaapModelVersion(), waap_model);
|
||||
}
|
||||
|
||||
TEST_F(OrchestrationStatusTest, updateAllLastUpdatesTypes)
|
||||
@@ -436,7 +419,6 @@ TEST_F(OrchestrationStatusTest, setAllFields)
|
||||
" \"Last update\": \"current time\",\n"
|
||||
" \"Last manifest update\": \"current time\",\n"
|
||||
" \"Policy version\": \"12\",\n"
|
||||
" \"AI model version\": \"Advanced model\",\n"
|
||||
" \"Last policy update\": \"current time\",\n"
|
||||
" \"Last settings update\": \"current time\",\n"
|
||||
" \"Upgrade mode\": \"Test Mode\",\n"
|
||||
|
||||
@@ -108,7 +108,6 @@ public:
|
||||
last_update_attempt = from.last_update_attempt;
|
||||
last_manifest_update = from.last_manifest_update;
|
||||
policy_version = from.policy_version;
|
||||
waap_model_version = from.waap_model_version;
|
||||
last_policy_update = from.last_policy_update;
|
||||
last_settings_update = from.last_settings_update;
|
||||
upgrade_mode = from.upgrade_mode;
|
||||
@@ -129,7 +128,6 @@ public:
|
||||
const string & getUpdateTime() const { return last_update_time; }
|
||||
const string & getLastManifestUpdate() const { return last_manifest_update; }
|
||||
const string & getPolicyVersion() const { return policy_version; }
|
||||
const string & getWaapModelVersion() const { return waap_model_version; }
|
||||
const string & getLastPolicyUpdate() const { return last_policy_update; }
|
||||
const string & getLastSettingsUpdate() const { return last_settings_update; }
|
||||
const string & getUpgradeMode() const { return upgrade_mode; }
|
||||
@@ -144,16 +142,6 @@ public:
|
||||
const map<string, string> & getServicePolicies() const { return service_policies; }
|
||||
const map<string, string> & getServiceSettings() const { return service_settings; }
|
||||
|
||||
void updateWaapModelVersion() {
|
||||
map<string, string> details_resolver =
|
||||
Singleton::Consume<I_DetailsResolver>::by<OrchestrationStatus>()->getResolvedDetails();
|
||||
if (details_resolver.find("AppSecModelVersion") != details_resolver.end()) {
|
||||
waap_model_version = details_resolver["AppSecModelVersion"];
|
||||
} else {
|
||||
waap_model_version = "None";
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
insertServicePolicy(const string &key, const string &value)
|
||||
{
|
||||
@@ -279,7 +267,6 @@ public:
|
||||
last_manifest_update = "None";
|
||||
last_policy_update = "None";
|
||||
last_settings_update = "None";
|
||||
waap_model_version = "None";
|
||||
fog_address = "None";
|
||||
agent_id = "None";
|
||||
profile_id = "None";
|
||||
@@ -305,7 +292,6 @@ public:
|
||||
} else {
|
||||
fog_address = "None";
|
||||
}
|
||||
updateWaapModelVersion();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -318,7 +304,6 @@ public:
|
||||
archive(cereal::make_nvp("Last update", last_update_time));
|
||||
archive(cereal::make_nvp("Last manifest update", last_manifest_update));
|
||||
archive(cereal::make_nvp("Policy version", policy_version));
|
||||
archive(cereal::make_nvp("AI model version", waap_model_version));
|
||||
archive(cereal::make_nvp("Last policy update", last_policy_update));
|
||||
archive(cereal::make_nvp("Last settings update", last_settings_update));
|
||||
archive(cereal::make_nvp("Upgrade mode", upgrade_mode));
|
||||
@@ -346,7 +331,6 @@ public:
|
||||
archive.setNextName(nullptr);
|
||||
}
|
||||
|
||||
archive(cereal::make_nvp("AI model version", waap_model_version));
|
||||
archive(cereal::make_nvp("Last policy update", last_policy_update));
|
||||
archive(cereal::make_nvp("Last settings update", last_settings_update));
|
||||
|
||||
@@ -384,7 +368,6 @@ private:
|
||||
string last_update_attempt;
|
||||
string last_manifest_update;
|
||||
string policy_version;
|
||||
string waap_model_version;
|
||||
string last_policy_update;
|
||||
string last_settings_update;
|
||||
string upgrade_mode;
|
||||
@@ -411,7 +394,6 @@ public:
|
||||
"orchestration",
|
||||
"Orchestration status path"
|
||||
);
|
||||
status.updateWaapModelVersion();
|
||||
auto write_result =
|
||||
orchestration_tools->objectToJsonFile<Status>(status, orchestration_status_path);
|
||||
if (!write_result) {
|
||||
@@ -515,7 +497,6 @@ private:
|
||||
const string & getUpdateTime() const override { return status.getUpdateTime(); }
|
||||
const string & getLastManifestUpdate() const override { return status.getLastManifestUpdate(); }
|
||||
const string & getPolicyVersion() const override { return status.getPolicyVersion(); }
|
||||
const string & getWaapModelVersion() const override { return status.getWaapModelVersion(); }
|
||||
const string & getLastPolicyUpdate() const override { return status.getLastPolicyUpdate(); }
|
||||
const string & getLastSettingsUpdate() const override { return status.getLastSettingsUpdate(); }
|
||||
const string & getUpgradeMode() const override { return status.getUpgradeMode(); }
|
||||
|
||||
@@ -1797,7 +1797,6 @@ TEST_F(OrchestrationTest, GetRestOrchStatus)
|
||||
" \"Last update\": \"" + test_str + "\",\n"
|
||||
" \"Last update status\": \"" + test_str + "\",\n"
|
||||
" \"Policy version\": \"" + test_str + "\",\n"
|
||||
" \"AI model version\": \"" + test_str + "\",\n"
|
||||
" \"Last policy update\": \"" + test_str + "\",\n"
|
||||
" \"Last manifest update\": \"" + test_str + "\",\n"
|
||||
" \"Last settings update\": \"" + test_str + "\",\n"
|
||||
@@ -1824,7 +1823,6 @@ TEST_F(OrchestrationTest, GetRestOrchStatus)
|
||||
EXPECT_CALL(mock_status, getUpdateTime()).WillOnce(ReturnRef(test_str));
|
||||
EXPECT_CALL(mock_status, getLastManifestUpdate()).WillOnce(ReturnRef(test_str));
|
||||
EXPECT_CALL(mock_status, getPolicyVersion()).WillOnce(ReturnRef(test_str));
|
||||
EXPECT_CALL(mock_status, getWaapModelVersion()).WillOnce(ReturnRef(test_str));
|
||||
EXPECT_CALL(mock_status, getLastPolicyUpdate()).WillOnce(ReturnRef(test_str));
|
||||
EXPECT_CALL(mock_status, getLastSettingsUpdate()).WillOnce(ReturnRef(test_str));
|
||||
EXPECT_CALL(mock_status, getUpgradeMode()).WillOnce(ReturnRef(test_str));
|
||||
|
||||
@@ -53,32 +53,37 @@ public:
|
||||
{
|
||||
auto service_controller = Singleton::Consume<I_ServiceController>::by<ServiceReconfStatusMonitor>();
|
||||
if (!finished.get()) {
|
||||
service_controller->updateReconfStatus(id.get(), ReconfStatus::IN_PROGRESS);
|
||||
service_controller->updateReconfStatus(id.get(), service_name.get(), ReconfStatus::IN_PROGRESS);
|
||||
dbgTrace(D_ORCHESTRATOR)
|
||||
<< "Request for service reconfiguration, with id "
|
||||
<< "Request for service reconfiguration is still in progress. ID: "
|
||||
<< id.get()
|
||||
<< ", is still in progress.";
|
||||
<< ", Service Name: "
|
||||
<< service_name.get();
|
||||
return;
|
||||
}
|
||||
if (error.get()) {
|
||||
service_controller->updateReconfStatus(id.get(), ReconfStatus::FAILED);
|
||||
service_controller->updateReconfStatus(id.get(), service_name.get(), ReconfStatus::FAILED);
|
||||
dbgError(D_ORCHESTRATOR)
|
||||
<< "Request for service reconfiguration, with id "
|
||||
<< "Request for service reconfiguration failed to complete. ID: "
|
||||
<< id.get()
|
||||
<< ", failed to complete."
|
||||
<< ", Service Name: "
|
||||
<< service_name.get()
|
||||
<< "."
|
||||
<< (error_message.isActive() ? " Error: " + error_message.get() : "");
|
||||
return;
|
||||
}
|
||||
service_controller->updateReconfStatus(id.get(), ReconfStatus::SUCCEEDED);
|
||||
service_controller->updateReconfStatus(id.get(), service_name.get(), ReconfStatus::SUCCEEDED);
|
||||
dbgInfo(D_ORCHESTRATOR)
|
||||
<< "Request for service reconfiguration, with id "
|
||||
<< "Request for service reconfiguration successfully accomplished. Reconf ID: "
|
||||
<< id.get()
|
||||
<< ", successfully accomplished.";
|
||||
<< ", Service Name: "
|
||||
<< service_name.get();
|
||||
return;
|
||||
}
|
||||
|
||||
private:
|
||||
C2S_PARAM(int, id);
|
||||
C2S_PARAM(string, service_name);
|
||||
C2S_PARAM(bool, error);
|
||||
C2S_PARAM(bool, finished);
|
||||
C2S_OPTIONAL_PARAM(string, error_message);
|
||||
@@ -292,7 +297,7 @@ public:
|
||||
const string & getPolicyVersion() const override;
|
||||
const string & getUpdatePolicyVersion() const override;
|
||||
const string & getPolicyVersions() const override;
|
||||
void updateReconfStatus(int id, ReconfStatus status) override;
|
||||
void updateReconfStatus(int id, const string &service_name, ReconfStatus status) override;
|
||||
void startReconfStatus(
|
||||
int id,
|
||||
ReconfStatus status,
|
||||
@@ -780,6 +785,7 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
string version_value;
|
||||
string send_signal_for_services_err;
|
||||
|
||||
changed_policy_files.clear();
|
||||
for (auto &single_policy : all_security_policies.unpack()) {
|
||||
if (single_policy.first == version_param) {
|
||||
version_value = single_policy.second;
|
||||
@@ -1076,19 +1082,25 @@ ServiceController::Impl::getUpdatePolicyVersion() const
|
||||
}
|
||||
|
||||
void
|
||||
ServiceController::Impl::updateReconfStatus(int id, ReconfStatus status)
|
||||
ServiceController::Impl::updateReconfStatus(int id, const string &service_name, ReconfStatus status)
|
||||
{
|
||||
if (status == ReconfStatus::FAILED) {
|
||||
failed_services.emplace(id, status);
|
||||
}
|
||||
|
||||
if (services_reconf_status.find(id) == services_reconf_status.end()) {
|
||||
dbgError(D_ORCHESTRATOR) << "Service reconfiguration monitor received illegal id :" << id;
|
||||
dbgError(D_ORCHESTRATOR)
|
||||
<< "Unable to find a mapping for reconfiguration ID:"
|
||||
<< id
|
||||
<< ". Service name: "
|
||||
<< service_name;
|
||||
return;
|
||||
}
|
||||
dbgTrace(D_ORCHESTRATOR)
|
||||
<< "Updating reconf status for reconfiguration ID "
|
||||
<< id
|
||||
<< ", Service name: "
|
||||
<< service_name
|
||||
<< ". Status: "
|
||||
<< static_cast<int>(status);
|
||||
services_reconf_status[id] = status;
|
||||
|
||||
@@ -1928,6 +1928,7 @@ TEST_F(ServiceControllerTest, test_delayed_reconf)
|
||||
reconf_status
|
||||
<< "{"
|
||||
<< " \"id\": 1,"
|
||||
<< " \"service_name\": \"max\","
|
||||
<< " \"finished\": true,"
|
||||
<< " \"error\": false,"
|
||||
<< " \"error_message\": \"\""
|
||||
|
||||
@@ -22,6 +22,16 @@ DeclarativePolicyUtils::init()
|
||||
RestAction::SET, "apply-policy"
|
||||
);
|
||||
registerListener();
|
||||
char *automatic_load = getenv("autoPolicyLoad");
|
||||
if (automatic_load != nullptr && automatic_load == string("true")) {
|
||||
auto mainloop = Singleton::Consume<I_MainLoop>::by<DeclarativePolicyUtils>();
|
||||
mainloop->addRecurringRoutine(
|
||||
I_MainLoop::RoutineType::Offline,
|
||||
chrono::minutes(1),
|
||||
[&] () { periodicPolicyLoad(); },
|
||||
"Automatic Policy Loading"
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// LCOV_EXCL_START Reason: no test exist
|
||||
@@ -170,3 +180,19 @@ DeclarativePolicyUtils::getUpdate(CheckUpdateRequest &request)
|
||||
curr_version = maybe_new_version.unpack();
|
||||
return policy_response;
|
||||
}
|
||||
|
||||
void
|
||||
DeclarativePolicyUtils::periodicPolicyLoad()
|
||||
{
|
||||
auto new_checksum = getLocalPolicyChecksum();
|
||||
|
||||
if (!new_checksum.ok()) {
|
||||
dbgWarning(D_ORCHESTRATOR) << "Failed to calculate checksum";
|
||||
return;
|
||||
}
|
||||
|
||||
if (*new_checksum == curr_checksum) return;
|
||||
|
||||
should_apply_policy = true;
|
||||
curr_checksum = *new_checksum;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user