github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-06-28 16:41:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Jul 31st update

Browse Source
This commit is contained in:
Ned Wright 2024-07-31 17:15:35 +00:00
parent 705a5e6061
commit 384b59cc87
39 changed files with 1026 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
components/include/external_sdk_server.h
View File

@ -24,7 +24,8 @@ class ExternalSdkServer
: :
public Component, public Component,
Singleton::Provide<I_ExternalSdkServer>, Singleton::Provide<I_ExternalSdkServer>,
Singleton::Consume<I_RestApi> Singleton::Consume<I_RestApi>,
Singleton::Consume<I_Messaging>
{ {
public: public:
ExternalSdkServer(); ExternalSdkServer();

2
components/security_apps/local_policy_mgmt_gen/include/ingress_data.h
View File

@ -79,6 +79,7 @@ class DefaultBackend
{ {
public: public:
void load(cereal::JSONInputArchive &); void load(cereal::JSONInputArchive &);
bool doesExist() const;
private: private:
bool is_exists = false; bool is_exists = false;
@ -90,6 +91,7 @@ public:
void load(cereal::JSONInputArchive &archive_in); void load(cereal::JSONInputArchive &archive_in);
const std::vector<IngressDefinedRule> & getRules() const; const std::vector<IngressDefinedRule> & getRules() const;
bool doesDefaultBackendExist() const;
private: private:
std::string ingress_class_name; std::string ingress_class_name;

4
components/security_apps/local_policy_mgmt_gen/include/new_log_trigger.h
View File

@ -129,7 +129,7 @@ public:
bool shouldBeautifyLogs() const; bool shouldBeautifyLogs() const;
bool getCloud() const; bool getCloud() const;
bool isK8SNeeded() const; bool isContainerNeeded() const;
bool isCefNeeded() const; bool isCefNeeded() const;
bool isSyslogNeeded() const; bool isSyslogNeeded() const;
const std::string & getSyslogServerIpv4Address() const; const std::string & getSyslogServerIpv4Address() const;
@ -140,7 +140,7 @@ private:
const NewLoggingService & getCefServiceData() const; const NewLoggingService & getCefServiceData() const;
bool cloud = false; bool cloud = false;
bool k8s_service = false; bool container_service = false;
bool agent_local = true; bool agent_local = true;
bool beautify_logs = true; bool beautify_logs = true;
NewLoggingService syslog_service; NewLoggingService syslog_service;

2
components/security_apps/local_policy_mgmt_gen/include/policy_maker_utils.h
View File

@ -111,7 +111,7 @@ private:
SecurityAppsWrapper security_apps; SecurityAppsWrapper security_apps;
}; };
class PolicyMakerUtils class PolicyMakerUtils : Singleton::Consume<I_EnvDetails>
{ {
public: public:
std::string proccesSingleAppsecPolicy( std::string proccesSingleAppsecPolicy(

8
components/security_apps/local_policy_mgmt_gen/include/triggers_section.h
View File

@ -39,7 +39,7 @@ public:
bool _logToAgent, bool _logToAgent,
bool _logToCef, bool _logToCef,
bool _logToCloud, bool _logToCloud,
bool _logToK8sService, bool _logToContainerService,
bool _logToSyslog, bool _logToSyslog,
bool _responseBody, bool _responseBody,
bool _tpDetect, bool _tpDetect,
@ -73,7 +73,7 @@ private:
bool logToAgent; bool logToAgent;
bool logToCef; bool logToCef;
bool logToCloud; bool logToCloud;
bool logToK8sService; bool logToContainerService;
bool logToSyslog; bool logToSyslog;
bool responseBody; bool responseBody;
bool tpDetect; bool tpDetect;
@ -258,7 +258,7 @@ public:
bool shouldBeautifyLogs() const; bool shouldBeautifyLogs() const;
bool getCloud() const; bool getCloud() const;
bool isK8SNeeded() const; bool isContainerNeeded() const;
bool isCefNeeded() const; bool isCefNeeded() const;
bool isSyslogNeeded() const; bool isSyslogNeeded() const;
const std::string & getSyslogServerIpv4Address() const; const std::string & getSyslogServerIpv4Address() const;
@ -269,7 +269,7 @@ private:
const LoggingService & getCefServiceData() const; const LoggingService & getCefServiceData() const;
bool cloud = false; bool cloud = false;
bool k8s_service = false; bool container_service = false;
bool agent_local = true; bool agent_local = true;
bool beautify_logs = true; bool beautify_logs = true;
LoggingService syslog_service; LoggingService syslog_service;

12
components/security_apps/local_policy_mgmt_gen/ingress_data.cc
View File

@ -86,6 +86,12 @@ DefaultBackend::load(cereal::JSONInputArchive &)
is_exists = true; is_exists = true;
} }
bool
DefaultBackend::doesExist() const
{
return is_exists;
}
void void
IngressSpec::load(cereal::JSONInputArchive &archive_in) IngressSpec::load(cereal::JSONInputArchive &archive_in)
{ {
@ -101,6 +107,12 @@ IngressSpec::getRules() const
return rules; return rules;
} }
bool
IngressSpec::doesDefaultBackendExist() const
{
return default_backend.doesExist();
}
void void
SingleIngressData::load(cereal::JSONInputArchive &archive_in) SingleIngressData::load(cereal::JSONInputArchive &archive_in)
{ {

14
components/security_apps/local_policy_mgmt_gen/k8s_policy_utils.cc
View File

@ -532,6 +532,16 @@ K8sPolicyUtils::createPolicy(
map<AnnotationKeys, string> &annotations_values, map<AnnotationKeys, string> &annotations_values,
const SingleIngressData &item) const const SingleIngressData &item) const
{ {
if (policies.find(annotations_values[AnnotationKeys::PolicyKey]) == policies.end()) {
policies[annotations_values[AnnotationKeys::PolicyKey]] = appsec_policy;
}
if (item.getSpec().doesDefaultBackendExist()) {
dbgTrace(D_LOCAL_POLICY)
<< "Inserting Any host rule to the specific asset set";
K ingress_rule = K("*");
policies[annotations_values[AnnotationKeys::PolicyKey]].addSpecificRule(ingress_rule);
}
for (const IngressDefinedRule &rule : item.getSpec().getRules()) { for (const IngressDefinedRule &rule : item.getSpec().getRules()) {
string url = rule.getHost(); string url = rule.getHost();
for (const IngressRulePath &uri : rule.getPathsWrapper().getRulePaths()) { for (const IngressRulePath &uri : rule.getPathsWrapper().getRulePaths()) {
@ -544,14 +554,12 @@ K8sPolicyUtils::createPolicy(
<< uri.getPath() << uri.getPath()
<< "'"; << "'";
K ingress_rule = K(url + uri.getPath()); K ingress_rule = K(url + uri.getPath());
appsec_policy.addSpecificRule(ingress_rule); policies[annotations_values[AnnotationKeys::PolicyKey]].addSpecificRule(ingress_rule);
} }
} }
} }
policies[annotations_values[AnnotationKeys::PolicyKey]] = appsec_policy;
} }
std::tuple<map<string, AppsecLinuxPolicy>, map<string, V1beta2AppsecLinuxPolicy>> std::tuple<map<string, AppsecLinuxPolicy>, map<string, V1beta2AppsecLinuxPolicy>>
K8sPolicyUtils::createAppsecPoliciesFromIngresses() K8sPolicyUtils::createAppsecPoliciesFromIngresses()
{ {

1
components/security_apps/local_policy_mgmt_gen/new_appsec_policy_crd_parser.cc
View File

@ -126,6 +126,7 @@ NewAppsecPolicySpec::load(cereal::JSONInputArchive &archive_in)
dbgTrace(D_LOCAL_POLICY) << "Loading AppSec policy spec"; dbgTrace(D_LOCAL_POLICY) << "Loading AppSec policy spec";
parseAppsecJSONKey<string>("appsecClassName", appsec_class_name, archive_in); parseAppsecJSONKey<string>("appsecClassName", appsec_class_name, archive_in);
parseAppsecJSONKey<NewParsedRule>("default", default_rule, archive_in); parseAppsecJSONKey<NewParsedRule>("default", default_rule, archive_in);
default_rule.setHost("*");
parseAppsecJSONKey<vector<NewParsedRule>>("specificRules", specific_rules, archive_in); parseAppsecJSONKey<vector<NewParsedRule>>("specificRules", specific_rules, archive_in);
} }

8
components/security_apps/local_policy_mgmt_gen/new_log_trigger.cc
View File

@ -183,7 +183,9 @@ NewAppsecTriggerLogDestination::load(cereal::JSONInputArchive &archive_in)
auto mode = Singleton::Consume<I_AgentDetails>::by<NewAppsecTriggerLogDestination>()->getOrchestrationMode(); auto mode = Singleton::Consume<I_AgentDetails>::by<NewAppsecTriggerLogDestination>()->getOrchestrationMode();
auto env_type = Singleton::Consume<I_EnvDetails>::by<NewAppsecTriggerLogDestination>()->getEnvType(); auto env_type = Singleton::Consume<I_EnvDetails>::by<NewAppsecTriggerLogDestination>()->getEnvType();
bool k8s_service_default = (mode == OrchestrationMode::HYBRID && env_type == EnvType::K8S); bool k8s_service_default = (mode == OrchestrationMode::HYBRID && env_type == EnvType::K8S);
parseAppsecJSONKey<bool>("k8s-service", k8s_service, archive_in, k8s_service_default); // BC try load previous name. TODO: update CRD
parseAppsecJSONKey<bool>("k8s-service", container_service, archive_in, k8s_service_default);
parseAppsecJSONKey<bool>("container-service", container_service, archive_in, container_service);
NewStdoutLogging stdout_log; NewStdoutLogging stdout_log;
parseAppsecJSONKey<NewStdoutLogging>("stdout", stdout_log, archive_in); parseAppsecJSONKey<NewStdoutLogging>("stdout", stdout_log, archive_in);
@ -224,9 +226,9 @@ NewAppsecTriggerLogDestination::getCloud() const
} }
bool bool
NewAppsecTriggerLogDestination::isK8SNeeded() const NewAppsecTriggerLogDestination::isContainerNeeded() const
{ {
return k8s_service; return container_service;
} }
bool bool

8
components/security_apps/local_policy_mgmt_gen/policy_maker_utils.cc
View File

@ -538,7 +538,7 @@ extractLogTriggerData(const string &trigger_annotation_name, const T &trigger_sp
bool webHeaders = trigger_spec.getAppsecTriggerExtendedLogging().isHttpHeaders(); bool webHeaders = trigger_spec.getAppsecTriggerExtendedLogging().isHttpHeaders();
bool webBody = trigger_spec.getAppsecTriggerExtendedLogging().isRequestBody(); bool webBody = trigger_spec.getAppsecTriggerExtendedLogging().isRequestBody();
bool logToCloud = trigger_spec.getAppsecTriggerLogDestination().getCloud(); bool logToCloud = trigger_spec.getAppsecTriggerLogDestination().getCloud();
bool logToK8sService = trigger_spec.getAppsecTriggerLogDestination().isK8SNeeded(); bool logToContainerService = trigger_spec.getAppsecTriggerLogDestination().isContainerNeeded();
bool logToAgent = trigger_spec.getAppsecTriggerLogDestination().isAgentLocal(); bool logToAgent = trigger_spec.getAppsecTriggerLogDestination().isAgentLocal();
bool beautify_logs = trigger_spec.getAppsecTriggerLogDestination().shouldBeautifyLogs(); bool beautify_logs = trigger_spec.getAppsecTriggerLogDestination().shouldBeautifyLogs();
bool logToCef = trigger_spec.getAppsecTriggerLogDestination().isCefNeeded(); bool logToCef = trigger_spec.getAppsecTriggerLogDestination().isCefNeeded();
@ -565,7 +565,7 @@ extractLogTriggerData(const string &trigger_annotation_name, const T &trigger_sp
logToAgent, logToAgent,
logToCef, logToCef,
logToCloud, logToCloud,
logToK8sService, logToContainerService,
logToSyslog, logToSyslog,
responseBody, responseBody,
tpDetect, tpDetect,
@ -1636,8 +1636,10 @@ PolicyMakerUtils::createAgentPolicyFromAppsecPolicy(const string &policy_name, c
createPolicyElements<T, R>(specific_rules, default_rule, appsec_policy, policy_name); createPolicyElements<T, R>(specific_rules, default_rule, appsec_policy, policy_name);
// add default rule to policy // add default rule to policy
if (Singleton::Consume<I_EnvDetails>::by<PolicyMakerUtils>()->getEnvType() != EnvType::K8S) {
createPolicyElementsByRule<T, R>(default_rule, default_rule, appsec_policy, policy_name); createPolicyElementsByRule<T, R>(default_rule, default_rule, appsec_policy, policy_name);
} }
}
// LCOV_EXCL_START Reason: no test exist // LCOV_EXCL_START Reason: no test exist
template<> template<>
@ -1659,12 +1661,14 @@ PolicyMakerUtils::createAgentPolicyFromAppsecPolicy<V1beta2AppsecLinuxPolicy, Ne
); );
// add default rule to policy // add default rule to policy
if (Singleton::Consume<I_EnvDetails>::by<PolicyMakerUtils>()->getEnvType() != EnvType::K8S) {
createPolicyElementsByRule<V1beta2AppsecLinuxPolicy, NewParsedRule>( createPolicyElementsByRule<V1beta2AppsecLinuxPolicy, NewParsedRule>(
default_rule, default_rule,
default_rule, default_rule,
appsec_policy, appsec_policy,
policy_name); policy_name);
} }
}
// LCOV_EXCL_STOP // LCOV_EXCL_STOP
string string

14
components/security_apps/local_policy_mgmt_gen/triggers_section.cc
View File

@ -30,7 +30,7 @@ LogTriggerSection::LogTriggerSection(
bool _logToAgent, bool _logToAgent,
bool _logToCef, bool _logToCef,
bool _logToCloud, bool _logToCloud,
bool _logToK8sService, bool _logToContainerService,
bool _logToSyslog, bool _logToSyslog,
bool _responseBody, bool _responseBody,
bool _tpDetect, bool _tpDetect,
@ -55,7 +55,7 @@ LogTriggerSection::LogTriggerSection(
logToAgent(_logToAgent), logToAgent(_logToAgent),
logToCef(_logToCef), logToCef(_logToCef),
logToCloud(_logToCloud), logToCloud(_logToCloud),
logToK8sService(_logToK8sService), logToContainerService(_logToContainerService),
logToSyslog(_logToSyslog), logToSyslog(_logToSyslog),
responseBody(_responseBody), responseBody(_responseBody),
tpDetect(_tpDetect), tpDetect(_tpDetect),
@ -101,7 +101,7 @@ LogTriggerSection::save(cereal::JSONOutputArchive &out_ar) const
cereal::make_nvp("logToAgent", logToAgent), cereal::make_nvp("logToAgent", logToAgent),
cereal::make_nvp("logToCef", logToCef), cereal::make_nvp("logToCef", logToCef),
cereal::make_nvp("logToCloud", logToCloud), cereal::make_nvp("logToCloud", logToCloud),
cereal::make_nvp("logToK8sService", logToK8sService), cereal::make_nvp("logToContainerService", logToContainerService),
cereal::make_nvp("logToSyslog", logToSyslog), cereal::make_nvp("logToSyslog", logToSyslog),
cereal::make_nvp("responseBody", responseBody), cereal::make_nvp("responseBody", responseBody),
cereal::make_nvp("responseCode", false), cereal::make_nvp("responseCode", false),
@ -396,7 +396,9 @@ AppsecTriggerLogDestination::load(cereal::JSONInputArchive &archive_in)
auto mode = Singleton::Consume<I_AgentDetails>::by<AppsecTriggerLogDestination>()->getOrchestrationMode(); auto mode = Singleton::Consume<I_AgentDetails>::by<AppsecTriggerLogDestination>()->getOrchestrationMode();
auto env_type = Singleton::Consume<I_EnvDetails>::by<AppsecTriggerLogDestination>()->getEnvType(); auto env_type = Singleton::Consume<I_EnvDetails>::by<AppsecTriggerLogDestination>()->getEnvType();
bool k8s_service_default = (mode == OrchestrationMode::HYBRID && env_type == EnvType::K8S); bool k8s_service_default = (mode == OrchestrationMode::HYBRID && env_type == EnvType::K8S);
parseAppsecJSONKey<bool>("k8s-service", k8s_service, archive_in, k8s_service_default); // BC try load previous name. TODO: update CRD
parseAppsecJSONKey<bool>("k8s-service", container_service, archive_in, k8s_service_default);
parseAppsecJSONKey<bool>("container-service", container_service, archive_in, container_service);
StdoutLogging stdout_log; StdoutLogging stdout_log;
parseAppsecJSONKey<StdoutLogging>("stdout", stdout_log, archive_in); parseAppsecJSONKey<StdoutLogging>("stdout", stdout_log, archive_in);
@ -437,9 +439,9 @@ AppsecTriggerLogDestination::getCloud() const
} }
bool bool
AppsecTriggerLogDestination::isK8SNeeded() const AppsecTriggerLogDestination::isContainerNeeded() const
{ {
return k8s_service; return container_service;
} }
bool bool

1
components/security_apps/orchestration/CMakeLists.txt
View File

@ -15,5 +15,6 @@ add_subdirectory(health_check)
add_subdirectory(health_check_manager) add_subdirectory(health_check_manager)
add_subdirectory(updates_process_reporter) add_subdirectory(updates_process_reporter)
add_subdirectory(env_details) add_subdirectory(env_details)
add_subdirectory(external_sdk_server)
#add_subdirectory(orchestration_ut) #add_subdirectory(orchestration_ut)

2
components/security_apps/orchestration/details_resolver/details_resolver.cc
View File

@ -142,7 +142,7 @@ DetailsResolver::Impl::isCloudStorageEnabled()
{ {
auto cloud_storage_mode_override = getProfileAgentSetting<bool>("agent.cloudStorage.enabled"); auto cloud_storage_mode_override = getProfileAgentSetting<bool>("agent.cloudStorage.enabled");
if (cloud_storage_mode_override.ok()) { if (cloud_storage_mode_override.ok()) {
dbgInfo(D_ORCHESTRATOR) << "Received cloud-storage mode override: " << *cloud_storage_mode_override; dbgDebug(D_ORCHESTRATOR) << "Received cloud-storage mode override: " << *cloud_storage_mode_override;
return *cloud_storage_mode_override; return *cloud_storage_mode_override;
} }

2
components/security_apps/orchestration/details_resolver/details_resolving_handler.cc
View File

@ -142,7 +142,7 @@ DetailsResolvingHanlder::Impl::getResolvedDetails() const
shared_ptr<ifstream> in_file = shared_ptr<ifstream> in_file =
Singleton::Consume<I_OrchestrationTools>::by<DetailsResolvingHanlder>()->fileStreamWrapper(path); Singleton::Consume<I_OrchestrationTools>::by<DetailsResolvingHanlder>()->fileStreamWrapper(path);
if (!in_file->is_open()) { if (!in_file->is_open()) {
dbgWarning(D_AGENT_DETAILS) << "Could not open file for processing. Path: " << path; dbgDebug(D_AGENT_DETAILS) << "Could not open file for processing. Path: " << path;
continue; continue;
} }

4
components/security_apps/orchestration/external_sdk_server/CMakeLists.txt Normal file
View File

@ -0,0 +1,4 @@
include_directories(${PROJECT_SOURCE_DIR}/core/external_sdk/)
add_library(external_sdk_server external_sdk_server.cc)
add_subdirectory(external_sdk_server_ut)

348
components/security_apps/orchestration/external_sdk_server/external_sdk_server.cc Normal file
View File

@ -0,0 +1,348 @@
#include "external_sdk_server.h"
#include "external_agent_sdk.h"
#include "log_generator.h"
#include "rest_server.h"
#include "generic_metric.h"
#include "customized_cereal_map.h"
#include "report/log_rest.h"
using namespace std;
USE_DEBUG_FLAG(D_EXTERNAL_SDK_USER);
USE_DEBUG_FLAG(D_EXTERNAL_SDK_SERVER);
class ExternalSdkRest : public ServerRest
{
public:
void
doCall() override
{
dbgFlow(D_EXTERNAL_SDK_SERVER);
Maybe<SdkApiType> sdk_event_type = convertToEnum<SdkApiType>(event_type.get());
if (!sdk_event_type.ok()) {
dbgWarning(D_EXTERNAL_SDK_SERVER) << "Received illegal event type. Type : " << event_type.get();
throw JsonError("Illegal event type provided");
}
dbgDebug(D_EXTERNAL_SDK_SERVER)
<< "Handling a new external sdk api call event. Type : "
<< convertApiTypeToString(sdk_event_type.unpack());
I_ExternalSdkServer *sdk_server = Singleton::Consume<I_ExternalSdkServer>::from<ExternalSdkServer>();
switch(sdk_event_type.unpack()) {
case SdkApiType::SendCodeEvent: {
if (!file.isActive()) {
throw JsonError("File was not provided for code event");
}
if (!func.isActive()) {
throw JsonError("Function was not provided for code event");
}
if (!line.isActive()) {
throw JsonError("Line path was not provided for code event");
}
if (!trace_id.isActive()) {
throw JsonError("Trace ID was not provided for code event");
}
if (!span_id.isActive()) {
throw JsonError("Span ID was not provided for code event");
}
if (!message.isActive()) {
throw JsonError("Message was not provided for code event");
}
sdk_server->sendDebug(
file.get(),
func.get(),
line.get(),
getDebugLevel(),
trace_id.get(),
span_id.get(),
message.get(),
additional_fields.isActive() ? additional_fields.get() : map<string, string>()
);
return;
}
case SdkApiType::SendEventDrivenEvent: {
if (!event_name.isActive()) {
throw JsonError("Event name was not provided for event");
}
sdk_server->sendLog(
event_name.get(),
getAudience(),
getSeverity(),
getPriority(),
tag.get(),
additional_fields.isActive() ? additional_fields.get() : map<string, string>()
);
return;
}
case SdkApiType::SendGetConfigRequest: {
if (!config_path.isActive()) {
throw JsonError("Config path was not provided for get configuration event");
}
Maybe<string> config_val = sdk_server->getConfigValue(config_path.get());
config_value = config_val.ok() ? config_val.unpack() : "";
return;
}
case SdkApiType::SendPeriodicEvent: {
if (!event_name.isActive()) {
throw JsonError("Event name was not provided for periodic event");
}
if (!service_name.isActive()) {
throw JsonError("Service name was not provided for periodic event");
}
sdk_server->sendMetric(
event_name,
service_name,
getAudienceTeam(),
ReportIS::IssuingEngine::AGENT_CORE,
additional_fields.isActive() ? additional_fields.get() : map<string, string>()
);
return;
}
default: {
dbgError(D_EXTERNAL_SDK_SERVER) << "Received illegal event type. Type : " << event_type.get();
}
}
}
private:
static string
convertApiTypeToString(SdkApiType type)
{
static const EnumArray<SdkApiType, string> api_type_string {
"Code Event",
"Periodic Event",
"Event Driven",
"Get Configuration",
};
return api_type_string[type];
}
Debug::DebugLevel
getDebugLevel()
{
static const map<int, Debug::DebugLevel> debug_levels = {
{0, Debug::DebugLevel::TRACE},
{1, Debug::DebugLevel::DEBUG},
{2, Debug::DebugLevel::INFO},
{3, Debug::DebugLevel::WARNING},
{4, Debug::DebugLevel::ERROR}
};
if (!debug_level.isActive()) {
throw JsonError("Debug level was not provided for code event");
}
auto level = debug_levels.find(debug_level.get());
if(level == debug_levels.end()) {
throw JsonError("Illegal debug level provided");
}
return level->second;
}
ReportIS::Severity
getSeverity()
{
if (!severity.isActive()) {
throw JsonError("Event severity was not provided for periodic event");
}
switch (severity.get()) {
case EventSeverity::SeverityCritical: return ReportIS::Severity::CRITICAL;
case EventSeverity::SeverityHigh: return ReportIS::Severity::HIGH;
case EventSeverity::SeverityMedium: return ReportIS::Severity::MEDIUM;
case EventSeverity::SeverityLow: return ReportIS::Severity::LOW;
case EventSeverity::SeverityInfo: return ReportIS::Severity::INFO;
default:
throw JsonError("Illegal event severity provided");
}
}
ReportIS::Priority
getPriority()
{
if (!priority.isActive()) {
throw JsonError("Event priority was not provided");
}
switch (priority.get()) {
case EventPriority::PriorityUrgent: return ReportIS::Priority::URGENT;
case EventPriority::PriorityHigh: return ReportIS::Priority::HIGH;
case EventPriority::PriorityMedium: return ReportIS::Priority::MEDIUM;
case EventPriority::PriorityLow: return ReportIS::Priority::LOW;
default:
throw JsonError("Illegal event priority provided");
}
}
ReportIS::Audience
getAudience()
{
if (!audience.isActive()) {
throw JsonError("Event audience was not provided");
}
switch (audience.get()) {
case EventAudience::AudienceSecurity: return ReportIS::Audience::SECURITY;
case EventAudience::AudienceInternal: return ReportIS::Audience::INTERNAL;
default:
throw JsonError("Illegal event audience provided");
}
}
ReportIS::AudienceTeam
getAudienceTeam()
{
if (!team.isActive()) {
throw JsonError("Event audience team was not provided");
}
switch (team.get()) {
case EventAudienceTeam::AudienceTeamAgentCore: return ReportIS::AudienceTeam::AGENT_CORE;
case EventAudienceTeam::AudienceTeamIot: return ReportIS::AudienceTeam::IOT_NEXT;
case EventAudienceTeam::AudienceTeamWaap: return ReportIS::AudienceTeam::WAAP;
case EventAudienceTeam::AudienceTeamAgentIntelligence: return ReportIS::AudienceTeam::AGENT_INTELLIGENCE;
default:
throw JsonError("Illegal event audience team provided");
}
}
using additional_fields_map = map<string, string>;
C2S_LABEL_PARAM(int, event_type, "eventType");
C2S_LABEL_OPTIONAL_PARAM(additional_fields_map, additional_fields, "additionalFields");
C2S_LABEL_OPTIONAL_PARAM(string, event_name, "eventName");
C2S_LABEL_OPTIONAL_PARAM(string, service_name, "serviceName");
C2S_OPTIONAL_PARAM(int, team);
C2S_OPTIONAL_PARAM(int, audience);
C2S_OPTIONAL_PARAM(int, severity);
C2S_OPTIONAL_PARAM(int, priority);
C2S_OPTIONAL_PARAM(string, tag);
C2S_OPTIONAL_PARAM(string, file);
C2S_OPTIONAL_PARAM(string, func);
C2S_OPTIONAL_PARAM(int, line);
C2S_LABEL_OPTIONAL_PARAM(int, debug_level, "debugLevel");
C2S_LABEL_OPTIONAL_PARAM(string, trace_id, "traceId");
C2S_LABEL_OPTIONAL_PARAM(string, span_id, "spanId");
C2S_OPTIONAL_PARAM(string, message);
C2S_LABEL_OPTIONAL_PARAM(string, config_path, "configPath");
S2C_LABEL_OPTIONAL_PARAM(string, config_value, "configValue");
};
class ExternalSdkServer::Impl
:
public Singleton::Provide<I_ExternalSdkServer>::From<ExternalSdkServer>
{
public:
void
init()
{
auto rest = Singleton::Consume<I_RestApi>::by<ExternalSdkServer>();
rest->addRestCall<ExternalSdkRest>(RestAction::ADD, "sdk-call");
}
void
sendLog(
const string &event_name,
ReportIS::Audience audience,
ReportIS::Severity severity,
ReportIS::Priority priority,
const string &tag_string,
const map<string, string> &additional_fields)
{
Maybe<ReportIS::Tags> tag = TagAndEnumManagement::convertStringToTag(tag_string);
set<ReportIS::Tags> tags;
if (tag.ok()) tags.insert(tag.unpack());
LogGen log(event_name, audience, severity, priority, tags);
for (const auto &field : additional_fields) {
log << LogField(field.first, field.second);
}
}
void
sendDebug(
const string &file_name,
const string &function_name,
unsigned int line_number,
Debug::DebugLevel debug_level,
const string &trace_id,
const string &span_id,
const string &message,
const map<string, string> &additional_fields)
{
(void)trace_id;
(void)span_id;
Debug debug(file_name, function_name, line_number, debug_level, D_EXTERNAL_SDK_USER);
debug.getStreamAggr() << message;
bool is_first_key = true;
for (const auto &field : additional_fields) {
if (is_first_key) {
is_first_key = false;
debug.getStreamAggr() << ". ";
} else {
debug.getStreamAggr() << ", ";
}
debug.getStreamAggr() << "\"" << field.first << "\": \"" << field.second << "\"";
}
}
void
sendMetric(
const string &event_title,
const string &service_name,
ReportIS::AudienceTeam team,
ReportIS::IssuingEngine issuing_engine,
const map<string, string> &additional_fields)
{
ScopedContext ctx;
ctx.registerValue("Service Name", service_name);
set<ReportIS::Tags> tags;
Report metric_to_fog(
event_title,
Singleton::Consume<I_TimeGet>::by<GenericMetric>()->getWalltime(),
ReportIS::Type::PERIODIC,
ReportIS::Level::LOG,
ReportIS::LogLevel::INFO,
ReportIS::Audience::INTERNAL,
team,
ReportIS::Severity::INFO,
ReportIS::Priority::LOW,
chrono::seconds(0),
LogField("agentId", Singleton::Consume<I_AgentDetails>::by<GenericMetric>()->getAgentId()),
tags,
ReportIS::Tags::INFORMATIONAL,
issuing_engine
);
for (const auto &field : additional_fields) {
metric_to_fog << LogField(field.first, field.second);
}
LogRest metric_client_rest(metric_to_fog);
string fog_metric_uri = getConfigurationWithDefault<string>("/api/v1/agents/events", "metric", "fogMetricUri");
Singleton::Consume<I_Messaging>::by<ExternalSdkServer>()->sendAsyncMessage(
HTTPMethod::POST,
fog_metric_uri,
metric_client_rest,
MessageCategory::METRIC,
MessageMetadata(),
false
);
}
Maybe<string>
getConfigValue(const string &config_path)
{
auto config_val = getProfileAgentSetting<string>(config_path);
if (!config_val.ok()) {
stringstream error;
error << "Failed to get configuration. Config path: " << config_path << ", Error: " << config_val.getErr();
return genError(error.str());
}
return config_val.unpack();
}
};
ExternalSdkServer::ExternalSdkServer() : Component("ExternalSdkServer"), pimpl(make_unique<Impl>()) {}
ExternalSdkServer::~ExternalSdkServer() {}
void ExternalSdkServer::init() { pimpl->init(); }
void ExternalSdkServer::fini() {}
void ExternalSdkServer::preload() {}

7
components/security_apps/orchestration/external_sdk_server/external_sdk_server_ut/CMakeLists.txt Normal file
View File

@ -0,0 +1,7 @@
link_directories(${BOOST_ROOT}/lib)
add_unit_test(
external_sdk_server_ut
"external_sdk_server_ut.cc"
"external_sdk_server;mainloop;singleton;rest;environment;time_proxy;logging;event_is;metric;-lboost_context;agent_details;-lboost_regex;messaging;"
)

349
components/security_apps/orchestration/external_sdk_server/external_sdk_server_ut/external_sdk_server_ut.cc Normal file
View File

@ -0,0 +1,349 @@
#include <stdio.h>
#include <stdarg.h>
#include "external_sdk_server.h"
#include "cptest.h"
#include "mock/mock_rest_api.h"
#include "mock/mock_messaging.h"
#include "mock/mock_logging.h"
#include "mock/mock_time_get.h"
#include "config.h"
#include "config_component.h"
#include "agent_details.h"
using namespace std;
using namespace testing;
class ExternalSdkServerTest : public Test
{
public:
ExternalSdkServerTest()
{
EXPECT_CALL(rest_mocker, mockRestCall(RestAction::ADD, "sdk-call", _)).WillOnce(
WithArg<2>(
Invoke(
[this](const unique_ptr<RestInit> &rest_ptr)
{
mock_sdk_rest = rest_ptr->getRest();
return true;
}
)
)
);
sdk_server.preload();
sdk_server.init();
i_sdk = Singleton::Consume<I_ExternalSdkServer>::from(sdk_server);
}
~ExternalSdkServerTest()
{
sdk_server.fini();
}
ExternalSdkServer sdk_server;
NiceMock<MockTimeGet> mock_timer;
StrictMock<MockMessaging> messaging_mocker;
StrictMock<MockRestApi> rest_mocker;
StrictMock<MockLogging> log_mocker;
unique_ptr<ServerRest> mock_sdk_rest;
I_ExternalSdkServer *i_sdk;
ConfigComponent conf;
AgentDetails agent_details;
::Environment env;
};
TEST_F(ExternalSdkServerTest, initTest)
{
}
TEST_F(ExternalSdkServerTest, configCall)
{
Maybe<string> no_conf = i_sdk->getConfigValue("key1");
EXPECT_FALSE(no_conf.ok());
string config_json =
"{\n"
"\"agentSettings\": [\n"
"{\n"
"\"id\": \"id1\",\n"
"\"key\": \"key1\",\n"
"\"value\": \"value1\"\n"
"},\n"
"{\n"
"\"id\": \"id1\",\n"
"\"key\": \"key2\",\n"
"\"value\": \"value2\"\n"
"}\n"
"]\n"
"}\n";
conf.preload();
istringstream conf_stream(config_json);
ASSERT_TRUE(Singleton::Consume<Config::I_Config>::from(conf)->loadConfiguration(conf_stream));
Maybe<string> conf_found = i_sdk->getConfigValue("key1");
ASSERT_TRUE(conf_found.ok());
EXPECT_EQ(conf_found.unpack(), "value1");
conf_found = i_sdk->getConfigValue("key2");
ASSERT_TRUE(conf_found.ok());
EXPECT_EQ(conf_found.unpack(), "value2");
stringstream config_call_body;
config_call_body << "{ \"eventType\": 3, \"configPath\": \"key1\" }";
Maybe<string> sdk_conf = mock_sdk_rest->performRestCall(config_call_body);
ASSERT_TRUE(sdk_conf.ok());
EXPECT_EQ(
sdk_conf.unpack(),
"{\n"
" \"configValue\": \"value1\"\n"
"}"
);
}
template <typename T>
string
toJson(const T &obj)
{
stringstream ss;
{
cereal::JSONOutputArchive ar(ss);
obj.serialize(ar);
}
return ss.str();
}
TEST_F(ExternalSdkServerTest, eventDrivenCall)
{
string generated_log;
EXPECT_CALL(log_mocker, getCurrentLogId()).Times(2).WillRepeatedly(Return(0));
EXPECT_CALL(log_mocker, sendLog(_)).Times(2).WillRepeatedly(
WithArg<0>(
Invoke(
[&] (const Report &msg)
{
generated_log = toJson(msg);
}
)
)
);
i_sdk->sendLog(
"my log",
ReportIS::Audience::INTERNAL,
ReportIS::Severity::LOW,
ReportIS::Priority::HIGH,
"IPS",
{{"key1", "value1"}, {"key2", "value2"}}
);
static const string expected_log =
"{\n"
" \"eventTime\": \"\",\n"
" \"eventName\": \"my log\",\n"
" \"eventSeverity\": \"Low\",\n"
" \"eventPriority\": \"High\",\n"
" \"eventType\": \"Event Driven\",\n"
" \"eventLevel\": \"Log\",\n"
" \"eventLogLevel\": \"info\",\n"
" \"eventAudience\": \"Internal\",\n"
" \"eventAudienceTeam\": \"\",\n"
" \"eventFrequency\": 0,\n"
" \"eventTags\": [\n"
" \"IPS\"\n"
" ],\n"
" \"eventSource\": {\n"
" \"agentId\": \"Unknown\",\n"
" \"eventTraceId\": \"\",\n"
" \"eventSpanId\": \"\",\n"
" \"issuingEngineVersion\": \"\",\n"
" \"serviceName\": \"Unnamed Nano Service\"\n"
" },\n"
" \"eventData\": {\n"
" \"logIndex\": 0,\n"
" \"key1\": \"value1\",\n"
" \"key2\": \"value2\"\n"
" }\n"
"}";
EXPECT_EQ(generated_log, expected_log);
string event_call_body =
"{\n"
" \"eventType\": 2,\n"
" \"eventName\": \"my log\",\n"
" \"audience\": 1,\n"
" \"severity\": 3,\n"
" \"priority\": 1,\n"
" \"tag\": \"IPS\",\n"
" \"team\": 3,\n"
" \"additionalFields\": {\n"
" \"key1\": \"value1\",\n"
" \"key2\": \"value2\"\n"
" }\n"
"}";
generated_log = "";
stringstream event_call_stream;
event_call_stream << event_call_body;
EXPECT_TRUE(mock_sdk_rest->performRestCall(event_call_stream).ok());
EXPECT_EQ(generated_log, expected_log);
}
TEST_F(ExternalSdkServerTest, periodicEventCall)
{
string message_body;
EXPECT_CALL(
messaging_mocker,
sendAsyncMessage(
HTTPMethod::POST,
"/api/v1/agents/events",
_,
MessageCategory::METRIC,
_,
false
)
).Times(2).WillRepeatedly(SaveArg<2>(&message_body));
i_sdk->sendMetric(
"my metric",
"matrix",
ReportIS::AudienceTeam::AGENT_INTELLIGENCE,
ReportIS::IssuingEngine::AGENT_CORE,
{{"key", "value"}}
);
static const string expected_message =
"{\n"
" \"log\": {\n"
" \"eventTime\": \"\",\n"
" \"eventName\": \"my metric\",\n"
" \"eventSeverity\": \"Info\",\n"
" \"eventPriority\": \"Low\",\n"
" \"eventType\": \"Periodic\",\n"
" \"eventLevel\": \"Log\",\n"
" \"eventLogLevel\": \"info\",\n"
" \"eventAudience\": \"Internal\",\n"
" \"eventAudienceTeam\": \"Agent Intelligence\",\n"
" \"eventFrequency\": 0,\n"
" \"eventTags\": [\n"
" \"Informational\"\n"
" ],\n"
" \"eventSource\": {\n"
" \"agentId\": \"Unknown\",\n"
" \"issuingEngine\": \"Agent Core\",\n"
" \"eventTraceId\": \"\",\n"
" \"eventSpanId\": \"\",\n"
" \"issuingEngineVersion\": \"\",\n"
" \"serviceName\": \"matrix\"\n"
" },\n"
" \"eventData\": {\n"
" \"key\": \"value\"\n"
" }\n"
" }\n"
"}";
EXPECT_EQ(message_body, expected_message);
string event_call_body =
"{\n"
" \"eventType\": 1,\n"
" \"eventName\": \"my metric\",\n"
" \"serviceName\": \"matrix\",\n"
" \"team\": 3,\n"
" \"additionalFields\": {\n"
" \"key\": \"value\"\n"
" }\n"
"}";
stringstream event_call_stream;
event_call_stream << event_call_body;
message_body = "";
EXPECT_TRUE(mock_sdk_rest->performRestCall(event_call_stream).ok());
EXPECT_EQ(message_body, expected_message);
}
USE_DEBUG_FLAG(D_EXTERNAL_SDK_USER);
USE_DEBUG_FLAG(D_EXTERNAL_SDK_SERVER);
TEST_F(ExternalSdkServerTest, codeEventCall)
{
ostringstream capture_debug;
Debug::setUnitTestFlag(D_EXTERNAL_SDK_SERVER, Debug::DebugLevel::TRACE);
Debug::setUnitTestFlag(D_EXTERNAL_SDK_USER, Debug::DebugLevel::TRACE);
Debug::setNewDefaultStdout(&capture_debug);
i_sdk->sendDebug(
"file.cc",
"myFunc2",
42,
Debug::DebugLevel::TRACE,
"123",
"abc",
"h#l1ow w0r!d",
{{"hi", "universe"}}
);
EXPECT_THAT(
capture_debug.str(),
HasSubstr(
"[myFunc2@file.cc:42 | >>>] "
"h#l1ow w0r!d. \"hi\": \"universe\"\n"
)
);
string debug_event =
"{\n"
" \"eventType\": 0,\n"
" \"file\": \"my file\",\n"
" \"func\": \"function_name\",\n"
" \"line\": 42,\n"
" \"debugLevel\": 0,\n"
" \"traceId\": \"\",\n"
" \"spanId\": \"span2323\",\n"
" \"message\": \"some short debug\",\n"
" \"team\": 1,\n"
" \"additionalFields\": {\n"
" \"name\": \"moshe\",\n"
" \"food\": \"bamba\"\n"
" }\n"
"}";
stringstream event_call_stream;
event_call_stream << debug_event;
EXPECT_TRUE(mock_sdk_rest->performRestCall(event_call_stream).ok());
EXPECT_THAT(
capture_debug.str(),
HasSubstr(
"[function_name@my file:42 | >>>] "
"some short debug. \"food\": \"bamba\", \"name\": \"moshe\"\n"
)
);
Debug::setNewDefaultStdout(&cout);
}
TEST_F(ExternalSdkServerTest, ilegalEventCall)
{
string event_call_body =
"{\n"
" \"eventType\": 7,\n"
" \"eventName\": \"my metric\",\n"
" \"serviceName\": \"matrix\",\n"
" \"team\": 3,\n"
" \"additionalFields\": {\n"
" \"key\": \"value\"\n"
" }\n"
"}";
stringstream event_call_stream;
event_call_stream << event_call_body;
Maybe<string> failed_respond = mock_sdk_rest->performRestCall(event_call_stream);
EXPECT_FALSE(failed_respond.ok());
EXPECT_EQ(failed_respond.getErr(), "Illegal event type provided");
}

2
components/security_apps/orchestration/include/updates_process_report.h
View File

@ -50,6 +50,8 @@ public:
return report.str(); return report.str();
} }
UpdatesFailureReason getReason() const { return reason; }
private: private:
UpdatesProcessResult result; UpdatesProcessResult result;
UpdatesConfigType type; UpdatesConfigType type;

1
components/security_apps/orchestration/include/updates_process_reporter.h
View File

@ -34,6 +34,7 @@ private:
void sendReoprt(); void sendReoprt();
static std::vector<UpdatesProcessReport> reports; static std::vector<UpdatesProcessReport> reports;
uint report_failure_count = 0;
}; };
#endif // __UPDATES_PROCESS_REPORTER_H__ #endif // __UPDATES_PROCESS_REPORTER_H__

2
components/security_apps/orchestration/orchestration_comp.cc
View File

@ -1499,7 +1499,7 @@ private:
<< " minutes from now."; << " minutes from now.";
upgrade_delay_time += chrono::minutes(upgrade_delay_interval); upgrade_delay_time += chrono::minutes(upgrade_delay_interval);
} catch (const exception& err) { } catch (const exception& err) {
dbgInfo(D_ORCHESTRATOR) << "Failed to parse upgrade delay interval."; dbgWarning(D_ORCHESTRATOR) << "Failed to parse upgrade delay interval.";
} }
} }

10
components/security_apps/orchestration/service_controller/service_controller.cc
View File

@ -413,7 +413,7 @@ ServiceController::Impl::getUpdatedReconfStatus()
} }
if (!maybe_service.unpack().isServiceActive()) { if (!maybe_service.unpack().isServiceActive()) {
dbgInfo(D_SERVICE_CONTROLLER) dbgDebug(D_SERVICE_CONTROLLER)
<< "Service is not active, removing from registered services list. Service: " << "Service is not active, removing from registered services list. Service: "
<< services_reconf_names[service_and_reconf_status.first] << services_reconf_names[service_and_reconf_status.first]
<< "ID: " << "ID: "
@ -508,7 +508,7 @@ ServiceController::Impl::loadRegisteredServicesFromFile()
ar(cereal::make_nvp("Registered Services", pending_services)); ar(cereal::make_nvp("Registered Services", pending_services));
pending_services.erase("cp-nano-orchestration"); pending_services.erase("cp-nano-orchestration");
dbgInfo(D_SERVICE_CONTROLLER) dbgDebug(D_SERVICE_CONTROLLER)
<< "Orchestration pending services loaded from file." << "Orchestration pending services loaded from file."
<< " File: " << " File: "
<< registered_services_file << registered_services_file
@ -516,7 +516,7 @@ ServiceController::Impl::loadRegisteredServicesFromFile()
for (const auto &id_service_pair : pending_services) { for (const auto &id_service_pair : pending_services) {
const auto &service = id_service_pair.second; const auto &service = id_service_pair.second;
dbgInfo(D_SERVICE_CONTROLLER) dbgDebug(D_SERVICE_CONTROLLER)
<< "Service name: " << "Service name: "
<< service.getServiceName() << service.getServiceName()
<< ", Service ID: " << ", Service ID: "
@ -548,14 +548,14 @@ ServiceController::Impl::writeRegisteredServicesToFile()
cereal::JSONOutputArchive ar(ss); cereal::JSONOutputArchive ar(ss);
ar(cereal::make_nvp("Registered Services", registered_services_with_orch)); ar(cereal::make_nvp("Registered Services", registered_services_with_orch));
dbgInfo(D_SERVICE_CONTROLLER) dbgDebug(D_SERVICE_CONTROLLER)
<< "Orchestration registered services file has been updated. File: " << "Orchestration registered services file has been updated. File: "
<< registered_services_file << registered_services_file
<< ". Registered Services:"; << ". Registered Services:";
for (const auto &id_service_pair : registered_services_with_orch) { for (const auto &id_service_pair : registered_services_with_orch) {
const auto &service = id_service_pair.second; const auto &service = id_service_pair.second;
dbgInfo(D_SERVICE_CONTROLLER) dbgDebug(D_SERVICE_CONTROLLER)
<< "Service name: " << "Service name: "
<< service.getServiceName() << service.getServiceName()
<< ", Service ID: " << ", Service ID: "

27
components/security_apps/orchestration/updates_process_reporter/updates_process_reporter.cc
View File

@ -31,9 +31,15 @@ UpdatesProcessReporter::upon(const UpdatesProcessEvent &event)
if (event.getReason() == UpdatesFailureReason::CHECK_UPDATE) { if (event.getReason() == UpdatesFailureReason::CHECK_UPDATE) {
if (event.getResult() == UpdatesProcessResult::SUCCESS && reports.empty()) { if (event.getResult() == UpdatesProcessResult::SUCCESS && reports.empty()) {
dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Update proccess finished successfully"; dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Update proccess finished successfully";
report_failure_count = 0;
return; return;
} }
dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Update proccess finished with errors"; dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Update proccess finished with errors";
report_failure_count++;
if (report_failure_count <= 1) {
reports.clear();
return;
}
reports.emplace_back( reports.emplace_back(
UpdatesProcessReport( UpdatesProcessReport(
event.getResult(), event.getResult(),
@ -54,18 +60,27 @@ UpdatesProcessReporter::upon(const UpdatesProcessEvent &event)
void void
UpdatesProcessReporter::sendReoprt() UpdatesProcessReporter::sendReoprt()
{ {
stringstream all_reports; stringstream full_reports;
all_reports << "Updates process reports:" << endl; UpdatesFailureReason failure_reason = UpdatesFailureReason::NONE;
full_reports << "Updates process reports:" << endl;
full_reports << "report failure count:" << report_failure_count << endl;
for (const auto &report : reports) { for (const auto &report : reports) {
all_reports << report.toString() << endl; if (report.getReason() != UpdatesFailureReason::CHECK_UPDATE) {
failure_reason = report.getReason();
}
full_reports << report.toString() << endl;
} }
reports.clear(); reports.clear();
dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Sending updates process report: " << endl << all_reports.str(); dbgTrace(D_UPDATES_PROCESS_REPORTER) << "Sending updates process report: " << endl << full_reports.str();
LogGen( LogGen log (
"Updates process report", "Updates process report",
ReportIS::Audience::INTERNAL, ReportIS::Audience::INTERNAL,
ReportIS::Severity::HIGH, ReportIS::Severity::HIGH,
ReportIS::Priority::HIGH, ReportIS::Priority::HIGH,
ReportIS::Tags::ORCHESTRATOR ReportIS::Tags::ORCHESTRATOR
) << LogField("eventMessage", all_reports.str()); );
log << LogField("eventMessage", full_reports.str());
if (failure_reason != UpdatesFailureReason::NONE) {
log.addToOrigin(LogField("eventCategory", convertUpdatesFailureReasonToStr(failure_reason)));
}
} }

6
components/utils/generic_rulebase/triggers_config.cc
View File

@ -173,7 +173,7 @@ LogTriggerConf::load(cereal::JSONInputArchive& archive_in)
setTriggersFlag("webUrlQuery", archive_in, WebLogFields::webUrlQuery, log_web_fields); setTriggersFlag("webUrlQuery", archive_in, WebLogFields::webUrlQuery, log_web_fields);
setTriggersFlag("logToAgent", archive_in, ReportIS::StreamType::JSON_LOG_FILE, active_streams); setTriggersFlag("logToAgent", archive_in, ReportIS::StreamType::JSON_LOG_FILE, active_streams);
setTriggersFlag("logToCloud", archive_in, ReportIS::StreamType::JSON_FOG, active_streams); setTriggersFlag("logToCloud", archive_in, ReportIS::StreamType::JSON_FOG, active_streams);
setTriggersFlag("logToK8sService", archive_in, ReportIS::StreamType::JSON_K8S_SVC, active_streams); setTriggersFlag("logToContainerService", archive_in, ReportIS::StreamType::JSON_CONTAINER_SVC, active_streams);
setTriggersFlag("logToSyslog", archive_in, ReportIS::StreamType::SYSLOG, active_streams); setTriggersFlag("logToSyslog", archive_in, ReportIS::StreamType::SYSLOG, active_streams);
setTriggersFlag("logToCef", archive_in, ReportIS::StreamType::CEF, active_streams); setTriggersFlag("logToCef", archive_in, ReportIS::StreamType::CEF, active_streams);
setTriggersFlag("acAllow", archive_in, SecurityType::AccessControl, should_log_on_detect); setTriggersFlag("acAllow", archive_in, SecurityType::AccessControl, should_log_on_detect);
@ -221,8 +221,8 @@ LogTriggerConf::load(cereal::JSONInputArchive& archive_in)
case ReportIS::StreamType::JSON_LOG_FILE: case ReportIS::StreamType::JSON_LOG_FILE:
setLogConfiguration(ReportIS::StreamType::JSON_LOG_FILE); setLogConfiguration(ReportIS::StreamType::JSON_LOG_FILE);
break; break;
case ReportIS::StreamType::JSON_K8S_SVC: case ReportIS::StreamType::JSON_CONTAINER_SVC:
setLogConfiguration(ReportIS::StreamType::JSON_K8S_SVC); setLogConfiguration(ReportIS::StreamType::JSON_CONTAINER_SVC);
break; break;
case ReportIS::StreamType::SYSLOG: case ReportIS::StreamType::SYSLOG:
setLogConfiguration(ReportIS::StreamType::SYSLOG, getUrlForSyslog(), syslog_protocol); setLogConfiguration(ReportIS::StreamType::SYSLOG, getUrlForSyslog(), syslog_protocol);

87
core/external_sdk/external_agent_sdk.h Normal file
View File

@ -0,0 +1,87 @@
#ifndef __EXTERNAL_AGENT_SDK_H__
#define __EXTERNAL_AGENT_SDK_H__
#ifdef __cplusplus
enum class SdkApiType
#else
enum SdkApiType
#endif
{
SendCodeEvent,
SendPeriodicEvent,
SendEventDrivenEvent,
SendGetConfigRequest,
#ifndef __cplusplus
};
#else //__cplusplus
COUNT
};
extern "C"
{
#endif // __cplusplus
enum DebugLevel { DebugTrace, DebugDebug, DebugInfo, DebugWarning, DebugError };
enum EventAudience { AudienceSecurity, AudienceInternal };
enum EventAudienceTeam { AudienceTeamAgentCore, AudienceTeamIot, AudienceTeamWaap, AudienceTeamAgentIntelligence };
enum EventSeverity { SeverityCritical, SeverityHigh, SeverityMedium, SeverityLow, SeverityInfo };
enum EventPriority { PriorityUrgent, PriorityHigh, PriorityMedium, PriorityLow };
enum SdkReturn {
SdkSuccess = 0,
SdkUninitialized = -1,
IlegalNumOfAdditionData = -2,
EmptyConfigRespond = -3,
InitCurlFailed = -4,
ExecuteCurlFailed = -5,
Non200Respond = -6,
AllocationFailure = -7
};
void initAgentSdk();
void finiAgentSdk();
// Get configuration using path. Output is allocated internally and requires caller to free
enum SdkReturn getAgentConfiguration(const char *configuration_path, char **config_value_output);
enum SdkReturn
sendPeriodicData(
const char *event_title,
const char *service_name,
enum EventAudienceTeam team,
const char **periodic_data,
int periodic_data_size
);
enum SdkReturn
sendEventDrivenLog(
const char *event_name,
enum EventAudience audience,
enum EventSeverity severity,
enum EventPriority priority,
const char *tag,
enum EventAudienceTeam team,
const char **event_data,
int event_data_size
);
enum SdkReturn
sendDebugMessage(
const char *file_name,
const char *function_name,
unsigned int line_number,
enum DebugLevel debug_level,
const char *trace_id,
const char *span_id,
const char *message,
enum EventAudienceTeam team,
const char **event_data,
int event_data_size
);
#ifdef __cplusplus
}
#endif // __cplusplus
#endif // __EXTERNAL_AGENT_SDK_H__

58
core/include/services_sdk/interfaces/messaging/messaging_metadata.h
View File

@ -5,6 +5,7 @@
#include <string> #include <string>
#include "flags.h" #include "flags.h"
#include "config.h"
#include "singleton.h" #include "singleton.h"
#include "i_agent_details.h" #include "i_agent_details.h"
@ -118,6 +119,29 @@ public:
return headers; return headers;
} }
std::string
getCaPath() const
{
if (!ca_path.empty()) return ca_path;
return getConfigurationWithDefault(
getFilesystemPathConfig() + "/certs/fog.pem",
"message",
"Certificate chain file path"
);
}
const std::string &
getClientCertPath() const
{
return client_cert_path;
}
const std::string &
getClientKeyPath() const
{
return client_key_path;
}
void void
insertHeader(const std::string &header_key, const std::string &header_val) insertHeader(const std::string &header_key, const std::string &header_val)
{ {
@ -137,6 +161,24 @@ public:
is_proxy_set = true; is_proxy_set = true;
} }
void
setCAPath (const std::string &_ca_path)
{
ca_path = _ca_path;
}
void
setDualAuthenticationSettings
(
const std::string &_client_cert_path,
const std::string &_client_key_path
)
{
client_cert_path = _client_cert_path;
client_key_path = _client_key_path;
is_dual_auth = true;
}
void void
setExternalCertificate(const std::string &_external_certificate) setExternalCertificate(const std::string &_external_certificate)
{ {
@ -161,6 +203,12 @@ public:
return is_proxy_set; return is_proxy_set;
} }
bool
isDualAuth() const
{
return is_dual_auth;
}
bool bool
isToFog() const isToFog() const
{ {
@ -175,18 +223,26 @@ public:
cereal::make_nvp("host_name", host_name), cereal::make_nvp("host_name", host_name),
cereal::make_nvp("port_num", port_num), cereal::make_nvp("port_num", port_num),
cereal::make_nvp("is_proxy_set", is_proxy_set), cereal::make_nvp("is_proxy_set", is_proxy_set),
cereal::make_nvp("is_dual_auth", is_dual_auth),
cereal::make_nvp("headers", headers), cereal::make_nvp("headers", headers),
cereal::make_nvp("conn_flags", conn_flags), cereal::make_nvp("conn_flags", conn_flags),
cereal::make_nvp("external_certificate", external_certificate), cereal::make_nvp("external_certificate", external_certificate),
cereal::make_nvp("should_buffer", should_buffer), cereal::make_nvp("should_buffer", should_buffer),
cereal::make_nvp("is_to_fog", is_to_fog) cereal::make_nvp("is_to_fog", is_to_fog),
cereal::make_nvp("ca_path", ca_path),
cereal::make_nvp("client_cert_path", client_cert_path),
cereal::make_nvp("client_key_path", client_key_path)
); );
} }
private: private:
std::string host_name = ""; std::string host_name = "";
std::string ca_path = "";
std::string client_cert_path = "";
std::string client_key_path = "";
uint16_t port_num = 0; uint16_t port_num = 0;
bool is_proxy_set = false; bool is_proxy_set = false;
bool is_dual_auth = false;
std::map<std::string, std::string> headers; std::map<std::string, std::string> headers;
Flags<MessageConnectionConfig> conn_flags; Flags<MessageConnectionConfig> conn_flags;
MessageProxySettings proxy_settings; MessageProxySettings proxy_settings;

2
core/include/services_sdk/resources/report/report_enums.h
View File

@ -23,7 +23,7 @@ enum class StreamType {
JSON_DEBUG, JSON_DEBUG,
JSON_FOG, JSON_FOG,
JSON_LOG_FILE, JSON_LOG_FILE,
JSON_K8S_SVC, JSON_CONTAINER_SVC,
SYSLOG, SYSLOG,
CEF, CEF,

5
core/intelligence_is_v2/intelligence_comp_v2.cc
View File

@ -383,6 +383,11 @@ private:
} }
if (getProfileAgentSettingWithDefault<bool>(false, "agent.config.supportInvalidation")) return true; if (getProfileAgentSettingWithDefault<bool>(false, "agent.config.supportInvalidation")) return true;
if (getSetting<string>("intelligence", "local intelligence server ip").ok()) {
return getProfileAgentSettingWithDefault<bool>(true, "agent.config.useLocalIntelligence");
}
dbgTrace(D_INTELLIGENCE) << "Local intelligence not supported"; dbgTrace(D_INTELLIGENCE) << "Local intelligence not supported";
return false; return false;

20
core/logging/k8s_svc_stream.cc
View File

@ -22,21 +22,21 @@ const static string default_log_uri = "/api/v1/agents/events";
USE_DEBUG_FLAG(D_REPORT); USE_DEBUG_FLAG(D_REPORT);
K8sSvcStream::K8sSvcStream() ContainerSvcStream::ContainerSvcStream()
: :
i_msg(Singleton::Consume<I_Messaging>::by<LoggingComp>()) i_msg(Singleton::Consume<I_Messaging>::by<LoggingComp>())
{ {
} }
K8sSvcStream::~K8sSvcStream() ContainerSvcStream::~ContainerSvcStream()
{ {
} }
void void
K8sSvcStream::sendLog(const Report &log) ContainerSvcStream::sendLog(const Report &log)
{ {
auto svc_host = getConfigurationWithDefault(default_host, "Logging", "K8sSvc Log host"); auto svc_host = getConfigurationWithDefault(default_host, "Logging", "Container Log host");
auto K8sSvc_log_uri = getConfigurationWithDefault(default_log_uri, "Logging", "K8sSvc Log URI"); auto svc_log_uri = getConfigurationWithDefault(default_log_uri, "Logging", "Container Log URI");
LogRest rest(log); LogRest rest(log);
MessageMetadata rest_req_md(svc_host, 80); MessageMetadata rest_req_md(svc_host, 80);
@ -45,7 +45,7 @@ K8sSvcStream::sendLog(const Report &log)
bool ok = i_msg->sendSyncMessageWithoutResponse( bool ok = i_msg->sendSyncMessageWithoutResponse(
HTTPMethod::POST, HTTPMethod::POST,
K8sSvc_log_uri, svc_log_uri,
rest, rest,
MessageCategory::LOG, MessageCategory::LOG,
rest_req_md rest_req_md
@ -57,7 +57,7 @@ K8sSvcStream::sendLog(const Report &log)
} }
void void
K8sSvcStream::sendLog(const LogBulkRest &logs, bool persistence_only) ContainerSvcStream::sendLog(const LogBulkRest &logs, bool persistence_only)
{ {
dbgFlow(D_REPORT) << "send bulk logs"; dbgFlow(D_REPORT) << "send bulk logs";
@ -66,15 +66,15 @@ K8sSvcStream::sendLog(const LogBulkRest &logs, bool persistence_only)
return; return;
} }
auto svc_host = getConfigurationWithDefault(default_host, "Logging", "K8sSvc Log host"); auto svc_host = getConfigurationWithDefault(default_host, "Logging", "Container Log host");
auto K8sSvc_log_uri = getConfigurationWithDefault(default_bulk_uri, "Logging", "K8sSvc Bulk Log URI"); auto svc_log_uri = getConfigurationWithDefault(default_bulk_uri, "Logging", "Container Bulk Log URI");
MessageMetadata rest_req_md(svc_host, 80); MessageMetadata rest_req_md(svc_host, 80);
rest_req_md.insertHeader("X-Tenant-Id", Singleton::Consume<I_AgentDetails>::by<LoggingComp>()->getTenantId()); rest_req_md.insertHeader("X-Tenant-Id", Singleton::Consume<I_AgentDetails>::by<LoggingComp>()->getTenantId());
rest_req_md.setConnectioFlag(MessageConnectionConfig::UNSECURE_CONN); rest_req_md.setConnectioFlag(MessageConnectionConfig::UNSECURE_CONN);
bool ok = i_msg->sendSyncMessageWithoutResponse( bool ok = i_msg->sendSyncMessageWithoutResponse(
HTTPMethod::POST, HTTPMethod::POST,
K8sSvc_log_uri, svc_log_uri,
logs, logs,
MessageCategory::LOG, MessageCategory::LOG,
rest_req_md rest_req_md

6
core/logging/log_streams.h
View File

@ -80,11 +80,11 @@ private:
I_Messaging *i_msg = nullptr; I_Messaging *i_msg = nullptr;
}; };
class K8sSvcStream : public Stream class ContainerSvcStream : public Stream
{ {
public: public:
K8sSvcStream(); ContainerSvcStream();
~K8sSvcStream(); ~ContainerSvcStream();
void sendLog(const Report &log) override; void sendLog(const Report &log) override;
void sendLog(const LogBulkRest &logs, bool persistance_only) override; void sendLog(const LogBulkRest &logs, bool persistance_only) override;

6
core/logging/logging.cc
View File

@ -270,7 +270,7 @@ private:
case StreamType::JSON_DEBUG: return make_shared<DebugStream>(); case StreamType::JSON_DEBUG: return make_shared<DebugStream>();
case StreamType::JSON_FOG: return make_shared<FogStream>(); case StreamType::JSON_FOG: return make_shared<FogStream>();
case StreamType::JSON_LOG_FILE: return make_shared<LogFileStream>(); case StreamType::JSON_LOG_FILE: return make_shared<LogFileStream>();
case StreamType::JSON_K8S_SVC: return make_shared<K8sSvcStream>(); case StreamType::JSON_CONTAINER_SVC: return make_shared<ContainerSvcStream>();
case StreamType::SYSLOG: return nullptr; case StreamType::SYSLOG: return nullptr;
case StreamType::CEF: return nullptr; case StreamType::CEF: return nullptr;
case StreamType::NONE: return nullptr; case StreamType::NONE: return nullptr;
@ -319,7 +319,9 @@ LoggingComp::preload()
registerExpectedConfiguration<string>("Logging", "Log file name"); registerExpectedConfiguration<string>("Logging", "Log file name");
registerExpectedConfiguration<string>("Logging", "Log file line separator"); registerExpectedConfiguration<string>("Logging", "Log file line separator");
registerExpectedConfiguration<string>("Logging", "Fog Log URI"); registerExpectedConfiguration<string>("Logging", "Fog Log URI");
registerExpectedConfiguration<string>("Logging", "K8sSvc Log host"); registerExpectedConfiguration<string>("Logging", "Container Log host");
registerExpectedConfiguration<string>("Logging", "Container Log URI");
registerExpectedConfiguration<string>("Logging", "Container Bulk Log URI");
registerExpectedConfiguration<string>("Logging", "Syslog IP"); registerExpectedConfiguration<string>("Logging", "Syslog IP");
registerExpectedConfiguration<uint>("Logging", "Syslog port"); registerExpectedConfiguration<uint>("Logging", "Syslog port");
registerExpectedConfiguration<string>("Logging", "CEF IP"); registerExpectedConfiguration<string>("Logging", "CEF IP");

2
core/logging/logging_ut/logging_ut.cc
View File

@ -68,7 +68,7 @@ public:
return; return;
} }
if (should_load_k8s_stream) { if (should_load_k8s_stream) {
Singleton::Consume<I_Logging>::by<fakeConfig>()->addStream(ReportIS::StreamType::JSON_K8S_SVC); Singleton::Consume<I_Logging>::by<fakeConfig>()->addStream(ReportIS::StreamType::JSON_CONTAINER_SVC);
return; return;
} }
Singleton::Consume<I_Logging>::by<fakeConfig>()->addStream(ReportIS::StreamType::JSON_DEBUG); Singleton::Consume<I_Logging>::by<fakeConfig>()->addStream(ReportIS::StreamType::JSON_DEBUG);

35
core/messaging/connection/connection.cc
View File

@ -90,6 +90,12 @@ public:
if (metadata_flags.isSet(MessageConnectionConfig::IGNORE_SSL_VALIDATION)) { if (metadata_flags.isSet(MessageConnectionConfig::IGNORE_SSL_VALIDATION)) {
flags.setFlag(ConnectionFlags::IGNORE_SSL_VALIDATION); flags.setFlag(ConnectionFlags::IGNORE_SSL_VALIDATION);
} }
ca_path = metadata.getCaPath();
if (metadata.isDualAuth()) {
client_cert_path = metadata.getClientCertPath();
client_key_path = metadata.getClientKeyPath();
is_dual_auth = true;
}
} }
void void
@ -263,20 +269,33 @@ private:
SSL_CTX_set_verify(ssl_ctx.get(), SSL_VERIFY_PEER, nullptr); SSL_CTX_set_verify(ssl_ctx.get(), SSL_VERIFY_PEER, nullptr);
auto defualt_cert_path = getFilesystemPathConfig() + "/certs/fog.pem"; if (is_dual_auth) {
auto cert_path = getConfigurationWithDefault(defualt_cert_path, "message", "Certificate chain file path"); dbgTrace(D_CONNECTION)
const char *cert = cert_path.c_str(); << "Setting dual authentication."
<< "Client cert path: " << client_cert_path
<< ", client key path: " << client_key_path;
if (SSL_CTX_use_certificate_file(ssl_ctx.get(), client_cert_path.c_str(), SSL_FILETYPE_PEM) <= 0) {
string error = ERR_error_string(ERR_get_error(), nullptr);
return genError("Error in setting client cert: " + error);
}
if (SSL_CTX_use_PrivateKey_file(ssl_ctx.get(), client_key_path.c_str(), SSL_FILETYPE_PEM) <= 0) {
string error = ERR_error_string(ERR_get_error(), nullptr);
return genError("Error in setting client key: " + error);
}
}
dbgTrace(D_CONNECTION) << "Setting CA authentication";
auto details_ssl_dir = Singleton::Consume<I_AgentDetails>::by<Messaging>()->getOpenSSLDir(); auto details_ssl_dir = Singleton::Consume<I_AgentDetails>::by<Messaging>()->getOpenSSLDir();
auto openssl_dir = details_ssl_dir.ok() ? *details_ssl_dir : "/usr/lib/ssl/certs/"; auto openssl_dir = details_ssl_dir.ok() ? *details_ssl_dir : "/usr/lib/ssl/certs/";
auto configured_ssl_dir = getConfigurationWithDefault(openssl_dir, "message", "Trusted CA directory"); auto configured_ssl_dir = getConfigurationWithDefault(openssl_dir, "message", "Trusted CA directory");
const char *ca_dir = configured_ssl_dir.empty() ? nullptr : configured_ssl_dir.c_str(); const char *ca_dir = configured_ssl_dir.empty() ? nullptr : configured_ssl_dir.c_str();
if (SSL_CTX_load_verify_locations(ssl_ctx.get(), cert, ca_dir) != 1) { if (SSL_CTX_load_verify_locations(ssl_ctx.get(), ca_path.c_str(), ca_dir) != 1) {
return genError("Failed to load certificate locations"); return genError("Failed to load certificate locations");
} }
dbgDebug(D_CONNECTION) << "SSL context set successfully. Certificate: " << cert << ", CA dir: " << ca_dir; dbgDebug(D_CONNECTION) << "SSL context set successfully. Certificate: " << ca_path << ", CA dir: " << ca_dir;
return Maybe<void>(); return Maybe<void>();
} }
@ -457,7 +476,6 @@ private:
return BioConnectionStatus::SHOULD_NOT_RETRY; return BioConnectionStatus::SHOULD_NOT_RETRY;
} }
Maybe<void> Maybe<void>
connectToHost() connectToHost()
{ {
@ -654,6 +672,10 @@ private:
Flags<ConnectionFlags> flags; Flags<ConnectionFlags> flags;
MessageProxySettings settings; MessageProxySettings settings;
string ca_path = "";
string client_cert_path = "";
string client_key_path = "";
string connect_message; string connect_message;
string certificate; string certificate;
@ -666,6 +688,7 @@ private:
bool lock = false; bool lock = false;
bool should_close_connection = false; bool should_close_connection = false;
bool is_dual_auth = false;
}; };
Connection::Connection(const MessageConnectionKey &key, const MessageMetadata &metadata) Connection::Connection(const MessageConnectionKey &key, const MessageMetadata &metadata)

2
core/messaging/connection/connection_ut/connection_comp_ut.cc
View File

@ -89,6 +89,8 @@ TEST_F(TestConnectionComp, testSetAndGetConnection)
Flags<MessageConnectionConfig> conn_flags; Flags<MessageConnectionConfig> conn_flags;
conn_flags.setFlag(MessageConnectionConfig::UNSECURE_CONN); conn_flags.setFlag(MessageConnectionConfig::UNSECURE_CONN);
MessageMetadata conn_metadata("127.0.0.1", 8080, conn_flags); MessageMetadata conn_metadata("127.0.0.1", 8080, conn_flags);
conn_metadata.setCAPath("ca.pem");
conn_metadata.setDualAuthenticationSettings("ca_client.pem", "private_client.key");
auto maybe_connection = i_conn->establishConnection(conn_metadata, MessageCategory::LOG); auto maybe_connection = i_conn->establishConnection(conn_metadata, MessageCategory::LOG);
ASSERT_TRUE(maybe_connection.ok()); ASSERT_TRUE(maybe_connection.ok());

6
core/messaging/messaging_comp/messaging_comp_ut/messaging_comp_ut.cc
View File

@ -253,9 +253,13 @@ operator==(const MessageMetadata &one, const MessageMetadata &two)
one.getConnectionFlags() == two.getConnectionFlags() && one.getConnectionFlags() == two.getConnectionFlags() &&
one.getProxySettings() == two.getProxySettings() && one.getProxySettings() == two.getProxySettings() &&
one.getExternalCertificate() == two.getExternalCertificate() && one.getExternalCertificate() == two.getExternalCertificate() &&
one.getCaPath() == two.getCaPath() &&
one.getClientCertPath() == two.getClientCertPath() &&
one.getClientKeyPath() == two.getClientKeyPath() &&
one.getHeaders() == two.getHeaders() && one.getHeaders() == two.getHeaders() &&
one.shouldBufferMessage() == two.shouldBufferMessage() && one.shouldBufferMessage() == two.shouldBufferMessage() &&
one.isProxySet() == two.isProxySet(); one.isProxySet() == two.isProxySet() &&
one.isDualAuth() == two.isDualAuth();
} }
TEST_F(TestMessagingComp, testSetFogConnection) TEST_F(TestMessagingComp, testSetFogConnection)

2
core/report/tag_and_enum_management.cc
View File

@ -150,7 +150,7 @@ TagAndEnumManagement::convertToString(const StreamType &stream_type)
case StreamType::JSON_DEBUG: return "JSON Debug stream"; case StreamType::JSON_DEBUG: return "JSON Debug stream";
case StreamType::JSON_FOG: return "JSON FOG stream"; case StreamType::JSON_FOG: return "JSON FOG stream";
case StreamType::JSON_LOG_FILE: return "JSON File stream"; case StreamType::JSON_LOG_FILE: return "JSON File stream";
case StreamType::JSON_K8S_SVC: return "JSON K8S service stream"; case StreamType::JSON_CONTAINER_SVC: return "JSON K8S service stream";
case StreamType::SYSLOG: return "Syslog stream"; case StreamType::SYSLOG: return "Syslog stream";
case StreamType::CEF: return "CEF stream"; case StreamType::CEF: return "CEF stream";

2
nodes/orchestration/CMakeLists.txt
View File

@ -30,7 +30,7 @@ target_link_libraries(
env_details env_details
local_policy_mgmt_gen local_policy_mgmt_gen
curl curl
external_sdk_server
-Wl,--end-group -Wl,--end-group
) )

4
nodes/orchestration/main.cc
View File

@ -51,6 +51,7 @@
#include "generic_metric.h" #include "generic_metric.h"
#include "tenant_manager.h" #include "tenant_manager.h"
#include "local_policy_mgmt_gen.h" #include "local_policy_mgmt_gen.h"
#include "external_sdk_server.h"
using namespace std; using namespace std;
@ -72,7 +73,8 @@ main(int argc, char **argv)
OrchestrationTools, OrchestrationTools,
HealthChecker, HealthChecker,
HealthCheckManager, HealthCheckManager,
LocalPolicyMgmtGenerator LocalPolicyMgmtGenerator,
ExternalSdkServer
> comps; > comps;
comps.registerGlobalValue<uint>("Nano service API Port Primary", 7777); comps.registerGlobalValue<uint>("Nano service API Port Primary", 7777);

14
nodes/orchestration/package/open-appsec-cloud-mgmt-k8s
View File

@ -13,6 +13,10 @@ profile_id=
cluster_id= cluster_id=
latest_policy_version=1 latest_policy_version=1
if [ -f $POLICY_CRDS_PATH ]; then
chmod 644 $POLICY_CRDS_PATH
fi
load_agent_details() load_agent_details()
{ {
tenant_id=$(awk -F\" '/Tenant ID/{print $4}' /etc/cp/conf/agent_details.json) tenant_id=$(awk -F\" '/Tenant ID/{print $4}' /etc/cp/conf/agent_details.json)
@ -29,7 +33,7 @@ get_latest_policy_version()
bucket_list=$(curl -s -w "%{http_code}\n" --request GET \ bucket_list=$(curl -s -w "%{http_code}\n" --request GET \
-H "user-agent: Infinity Next (a7030abf93a4c13)" -H "Authorization: Bearer ${ra_token}" \ -H "user-agent: Infinity Next (a7030abf93a4c13)" -H "Authorization: Bearer ${ra_token}" \
"$var_fog/agents-core/storage/?list-type=2&prefix=${tenant_id}/${profile_id}") "$var_fog/agents-core/storage/?list-type=2&prefix=${tenant_id}/${profile_id}")
paths_list=$(echo $bucket_list | /etc/cp/bin/yq -p xml | grep "/policy") paths_list=$(echo $bucket_list | awk -F'<Key>|</Key>' '/policy-/ {for (i = 1; i <= NF; i++) if ($i ~ /policy/) print $i}')
prefix="${tenant_id}/${profile_id}" prefix="${tenant_id}/${profile_id}"
paths=$(echo $paths_list | tr " " "\n" | grep / ) paths=$(echo $paths_list | tr " " "\n" | grep / )
@ -257,6 +261,7 @@ usage()
echo "Options:" echo "Options:"
echo " --fog <fog address> : Namespace with the relevant Helm Chart" echo " --fog <fog address> : Namespace with the relevant Helm Chart"
echo " --upload_policy_only : Upload policy to the fog, withput changing agent mode" echo " --upload_policy_only : Upload policy to the fog, withput changing agent mode"
echo " --debug : Keep the debuging files"
exit 255 exit 255
} }
@ -277,6 +282,8 @@ validate_arg_value_exists()
fi fi
} }
debug_mode="false"
while true; do while true; do
if [ "$1" = "--token" ]; then if [ "$1" = "--token" ]; then
validate_arg_value_exists "$1" "$#" validate_arg_value_exists "$1" "$#"
@ -290,6 +297,8 @@ while true; do
validate_arg_value_exists "$1" "$#" validate_arg_value_exists "$1" "$#"
shift shift
ra_token="$1" ra_token="$1"
elif [ "$1" = "--debug" ]; then
debug_mode="true"
elif [ -z "$1" ]; then elif [ -z "$1" ]; then
break break
fi fi
@ -305,5 +314,8 @@ upload_crds_to_the_cloud
if [ "$?" = "0" ]; then if [ "$?" = "0" ]; then
echo "SUCCESS" echo "SUCCESS"
fi fi
if [ "$debug_mode" = "false" ]; then
rm $POLICY_CRDS_PATH
fi
exit 0 exit 0