github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-11-16 09:21:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

Sep_24_2023-Dev

Browse Source
This commit is contained in:
Ned Wright
2023-09-24 10:28:57 +00:00
parent a4d1fb6f7f
commit 582791e37a
106 changed files with 12287 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/security_apps/orchestration/CMakeLists.txt
View File

@@ -12,7 +12,6 @@ add_subdirectory(manifest_controller)
add_subdirectory(update_communication)
add_subdirectory(details_resolver)
add_subdirectory(health_check)
add_subdirectory(local_policy_mgmt_gen)
add_subdirectory(env_details)
#add_subdirectory(orchestration_ut)

84
components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
View File

@@ -42,6 +42,16 @@ checkSamlPortal(const string &command_output)
return genError("Current host does not have SAML Portal configured");
}
Maybe<string>
getIDAGaia(const string &command_output)
{
if (command_output.find("Portal is running") != string::npos) {
return string("ida_gaia");
}
return genError("Current host does not have SAML Portal configured");
}
Maybe<string>
checkIDP(shared_ptr<istream> file_stream)
{
@@ -226,58 +236,24 @@ getSmbGWIPSecVPNBlade(const string &command_output)
{
return getSmbBlade(command_output, "IPSec VPN Blade was not found");
}
Maybe<string>
getMgmtParentObjAttr(shared_ptr<istream> file_stream, const string &parent_obj, const string &attr)
{
string line;
bool found_parent_obj = false;
while (getline(*file_stream, line)) {
size_t parent_obj_pos = line.find(parent_obj);
if (parent_obj_pos != string::npos) found_parent_obj = true;
if (!found_parent_obj) continue;
size_t attr_pos = line.find(attr);
if (attr_pos == string::npos) continue;
line = line.substr(attr_pos + attr.size());
return line;
}
return genError("Parent object attribute was not found. Attr: " + attr);
}
#endif // gaia || smb
#if defined(gaia)
Maybe<string>
getMgmtParentObjUid(shared_ptr<istream> file_stream)
getMgmtParentObjUid(const string &command_output)
{
auto maybe_unparsed_uid = getMgmtParentObjAttr(file_stream, "cluster_object", "Uid ");
if (!maybe_unparsed_uid.ok()) {
return maybe_unparsed_uid;
}
const string &unparsed_uid = maybe_unparsed_uid.unpack();
auto maybe_uid = chopHeadAndTail(unparsed_uid, "(\"{", "}\")");
if (!maybe_uid.ok()) {
return maybe_uid;
}
string uid = maybe_uid.unpack();
transform(uid.begin(), uid.end(), uid.begin(), ::tolower);
return uid;
return getAttr(command_output, "Parent object uuid was not found");
}
Maybe<string>
getMgmtParentObjName(shared_ptr<istream> file_stream)
getMgmtParentObjName(const string &command_output)
{
auto maybe_unparsed_name = getMgmtParentObjAttr(file_stream, "cluster_object", "Name ");
if (!maybe_unparsed_name.ok()) {
return maybe_unparsed_name;
}
const string &unparsed_name = maybe_unparsed_name.unpack();
return chopHeadAndTail(unparsed_name, "(", ")");
return getAttr(command_output, "Parent object name was not found");
}
#elif defined(smb)
Maybe<string>
getMgmtParentObjUid(const string &command_output)
getSmbMgmtParentObjUid(const string &command_output)
{
if (!command_output.empty()) {
return command_output;
@@ -286,7 +262,7 @@ getMgmtParentObjUid(const string &command_output)
}
Maybe<string>
getMgmtParentObjName(const string &command_output)
getSmbMgmtParentObjName(const string &command_output)
{
if (!command_output.empty()) {
return command_output;
@@ -314,6 +290,34 @@ getOsRelease(shared_ptr<istream> file_stream)
return genError("Os release was not found");
}
Maybe<string>
getWaapModelVersion(shared_ptr<istream> file_stream)
{
string line;
static const int max_lines = 5;
int i = 0;
bool found_key = false;
while (i < max_lines && getline(*file_stream, line)) {
if (!found_key) {
size_t index = line.find("\"model_version\":");
if (index != string::npos) {
found_key = true;
}
} else {
size_t start = line.find_first_of('"');
size_t end = line.find_last_of('"');
if (start != string::npos && end != string::npos && end > start) {
return line.substr(start + 1, end - start - 1);
} else {
return genError("Model version value unreadable");
}
}
i++;
}
return genError("Model version was not found");
}
#if defined(alpine)
string &
ltrim(string &s)

19
components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
View File

@@ -55,6 +55,19 @@ SHELL_CMD_HANDLER(
#if defined(gaia)
SHELL_CMD_HANDLER("hasSupportedBlade", "enabled_blades", checkHasSupportedBlade)
SHELL_CMD_HANDLER("hasSamlPortal", "mpclient status saml-vpn", checkSamlPortal)
SHELL_CMD_HANDLER("requiredNanoServices", "mpclient status saml-vpn", getIDAGaia)
SHELL_CMD_HANDLER(
"cpProductIntegrationMgmtParentObjectName",
"cat $FWDIR/database/myself_objects.C "
"| awk -F '[:()]' '/:cluster_object/ {found=1; next} found && /:Name/ {print $3; exit}'",
getMgmtParentObjName
)
SHELL_CMD_HANDLER(
"cpProductIntegrationMgmtParentObjectUid",
"cat $FWDIR/database/myself_objects.C "
"| awk -F'[{}]' '/:cluster_object/ { found=1; next } found && /:Uid/ { uid=tolower($2); print uid; exit }'",
getMgmtParentObjUid
)
SHELL_CMD_HANDLER(
"Hardware",
"cat $FWDIR/database/myself_objects.C | awk -F '[:()]' '/:appliance_type/ {print $3}' | head -n 1",
@@ -81,12 +94,12 @@ SHELL_CMD_HANDLER(
SHELL_CMD_HANDLER(
"cpProductIntegrationMgmtParentObjectName",
"cpsdwan get_data | jq -r .cluster_name",
getMgmtParentObjName
getSmbMgmtParentObjName
)
SHELL_CMD_HANDLER(
"cpProductIntegrationMgmtParentObjectUid",
"cpsdwan get_data | jq -r .cluster_uuid",
getMgmtParentObjUid
getSmbMgmtParentObjUid
)
SHELL_CMD_HANDLER(
"cpProductIntegrationMgmtObjectName",
@@ -143,4 +156,6 @@ FILE_CONTENT_HANDLER(
FILE_CONTENT_HANDLER("os_release", "/etc/os-release", getOsRelease)
#endif // gaia || smb
FILE_CONTENT_HANDLER("AppSecModelVersion", "/etc/cp/conf/waap/waap.data", getWaapModelVersion)
#endif // FILE_CONTENT_HANDLER

4
components/security_apps/orchestration/details_resolver/details_resolving_handler.cc
View File

@@ -22,6 +22,7 @@
#include "maybe_res.h"
#include "enum_array.h"
#include "i_shell_cmd.h"
#include "i_orchestration_tools.h"
#include "config.h"
using namespace std;
@@ -77,7 +78,8 @@ DetailsResolvingHanlder::Impl::getResolvedDetails() const
const string &path = file_handler.second.first;
FileContentHandler handler = file_handler.second.second;
shared_ptr<ifstream> in_file = make_shared<ifstream>(path);
shared_ptr<ifstream> in_file =
Singleton::Consume<I_OrchestrationTools>::by<DetailsResolvingHanlder>()->fileStreamWrapper(path);
if (!in_file->is_open()) {
dbgWarning(D_AGENT_DETAILS) << "Could not open file for processing. Path: " << path;
continue;

2
components/security_apps/orchestration/details_resolver/details_resolving_handler.h
View File

@@ -18,11 +18,13 @@
#include <map>
#include "i_shell_cmd.h"
#include "i_orchestration_tools.h"
#include "i_agent_details_reporter.h"
class DetailsResolvingHanlder
:
Singleton::Consume<I_ShellCmd>,
Singleton::Consume<I_OrchestrationTools>,
Singleton::Consume<I_AgentDetailsReporter>
{
public:

36
components/security_apps/orchestration/downloader/curl_client.cc
View File

@@ -278,6 +278,36 @@ HttpsCurl::HttpsCurl(const HttpsCurl &other) :
HttpCurl(other),
ca_path(other.ca_path) {}
bool
HttpsCurl::downloadOpenAppsecPackages()
{
char errorstr[CURL_ERROR_SIZE];
CURL* curl_handle = curl_easy_init();
if (!curl_handle) return false;
curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 1);
curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 2);
curl_easy_setopt(curl_handle, CURLOPT_URL, ("https://" + curl_url).c_str());
curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, writeResponseCallback);
curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, &out_file);
curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 1L);
curl_easy_setopt(curl_handle, CURLOPT_ERRORBUFFER, errorstr);
CURLcode res = curl_easy_perform(curl_handle);
if (res == CURLE_OK) {
dbgTrace(D_HTTP_REQUEST) << "CURL HTTP request successfully completed.";
} else {
dbgWarning(D_HTTP_REQUEST) << "CURL result " + string(curl_easy_strerror(res));
curl_easy_cleanup(curl_handle);
return false;
}
curl_easy_cleanup(curl_handle);
return true;
}
void
HttpsCurl::setCurlOpts(long timeout, HTTP_VERSION http_version)
{
@@ -299,9 +329,9 @@ HttpsCurl::setCurlOpts(long timeout, HTTP_VERSION http_version)
curl_easy_setopt(curl_handle, CURLOPT_HTTP_VERSION, http_version);
//SSL options
if (getProfileAgentSettingWithDefault<bool>(
false,
"agent.config.message.ignoreSslValidation") == false)
if (
getProfileAgentSettingWithDefault<bool>(false, "agent.config.message.ignoreSslValidation") == false
)
{
curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl_handle, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_verify_certificate);

1
components/security_apps/orchestration/downloader/curl_client.h
View File

@@ -105,6 +105,7 @@ public:
static CURLcode ssl_ctx_verify_certificate(CURL *curl, void *ssl_ctx, void *opq);
static int verify_certificate(int preverify_ok, X509_STORE_CTX *ctx);
void setCurlOpts(long timeout = 60L, HTTP_VERSION http_version = HTTP_VERSION::HTTP_VERSION_1_1) override;
bool downloadOpenAppsecPackages();
private:
std::string ca_path;

25
components/security_apps/orchestration/downloader/downloader_ut/downloader_ut.cc
View File

@@ -51,7 +51,7 @@ TEST_F(DownloaderTest, downloadFileFromFog)
calculateChecksum(Package::ChecksumTypes::SHA256, "/tmp/virtualSettings.download")
).WillOnce(Return(string("123")));
EXPECT_CALL(mock_orchestration_tools, writeFile(fog_response, "/tmp/virtualSettings.download"))
EXPECT_CALL(mock_orchestration_tools, writeFile(fog_response, "/tmp/virtualSettings.download", false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile("/tmp/virtualSettings.download")).WillOnce(Return(true));
@@ -183,7 +183,7 @@ TEST_F(DownloaderTest, downloadEmptyFileFromFog)
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file)).WillOnce(Return(fog_response));
EXPECT_CALL(mock_orchestration_tools, writeFile(fog_response, "/tmp/manifest.download"))
EXPECT_CALL(mock_orchestration_tools, writeFile(fog_response, "/tmp/manifest.download", false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile("/tmp/manifest.download")).WillOnce(Return(false));
@@ -342,13 +342,23 @@ TEST_F(DownloaderTest, download_virtual_policy)
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file)).WillOnce(Return(fog_response));
EXPECT_CALL(mock_orchestration_tools, writeFile(tenant_0000_file, "/tmp/virtualPolicy_0000_profile_1234.download"))
.WillOnce(Return(true));
EXPECT_CALL(
mock_orchestration_tools,
writeFile(
tenant_0000_file,
"/tmp/virtualPolicy_0000_profile_1234.download",
false)
).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, fillKeyInJson(_, _, _)).WillRepeatedly(Return());
EXPECT_CALL(mock_orchestration_tools, writeFile(tenant_1111_file, "/tmp/virtualPolicy_1111_profile_1235.download"))
.WillOnce(Return(true));
EXPECT_CALL(
mock_orchestration_tools,
writeFile(
tenant_1111_file,
"/tmp/virtualPolicy_1111_profile_1235.download",
false)
).WillOnce(Return(true));
map<pair<string, string>, string> expected_downloaded_files =
{
@@ -427,7 +437,8 @@ TEST_F(DownloaderTest, download_virtual_settings)
mock_orchestration_tools,
writeFile(
tenant_0000_file,
tenant_0000_path.str()
tenant_0000_path.str(),
false
)
).WillOnce(Return(true));

2
components/security_apps/orchestration/downloader/http_client.h
View File

@@ -37,8 +37,8 @@ private:
std::string loadCAChainDir();
Maybe<void> getFileSSL(const URLParser &url, std::ofstream &out_file, const std::string &_token);
Maybe<void> getFileHttp(const URLParser &url, std::ofstream &out_file, const std::string &_token);
Maybe<void> curlGetFileOverSSL(const URLParser &url, std::ofstream &out_file, const std::string &_token);
Maybe<void> curlGetFileOverHttp(const URLParser &url, std::ofstream &out_file, const std::string &_token);
Maybe<void> curlGetFileOverSSL(const URLParser &url, std::ofstream &out_file, const std::string &_token);
};
// LCOV_EXCL_STOP

9
components/security_apps/orchestration/downloader/https_client.cc
View File

@@ -592,8 +592,13 @@ HTTPClient::curlGetFileOverSSL(const URLParser &url, ofstream &out_file, const s
proxy_config->getProxyCredentials(ProxyProtocol::HTTPS),
cert_file_path);
ssl_curl_client.setCurlOpts();
bool connection_ok = ssl_curl_client.connect();
bool connection_ok;
if (url.getBaseURL().unpack() == "downloads.openappsec.io") {
connection_ok = ssl_curl_client.downloadOpenAppsecPackages();
} else {
ssl_curl_client.setCurlOpts();
connection_ok = ssl_curl_client.connect();
}
if (!connection_ok)
{
stringstream url_s;

71
components/security_apps/orchestration/health_check/health_check.cc
View File

@@ -21,6 +21,7 @@
#include "config.h"
#include "log_generator.h"
#include "health_check_manager.h"
#include "agent_core_utilities.h"
using namespace std;
using namespace ReportIS;
@@ -145,9 +146,11 @@ private:
initCloudVendorConfig()
{
static const map<string, pair<string, int>> ip_port_defaults_map = {
{"Azure", make_pair("168.63.129.16", 8117)},
{"Aws", make_pair("", 8117)}
{"Azure", make_pair(getenv("DOCKER_RPM_ENABLED") ? "" : "168.63.129.16", 8117)},
{"Aws", make_pair("", 8117)},
{"Local", make_pair("", 8117)}
};
auto cloud_vendor_maybe = getSetting<string>("reverseProxy", "cloudVendorName");
if (cloud_vendor_maybe.ok()) {
const string cloud_vendor = cloud_vendor_maybe.unpack();
@@ -247,13 +250,36 @@ private:
);
}
HealthCheckStatus
getStandaloneHealthStatus()
{
if (!getenv("DOCKER_RPM_ENABLED")) return HealthCheckStatus::IGNORED;
static const string standalone_cmd = "/usr/sbin/cpnano -s --docker-rpm; echo $?";
dbgTrace(D_HEALTH_CHECK) << "Checking the standalone docker health status with command: " << standalone_cmd;
auto maybe_result = Singleton::Consume<I_ShellCmd>::by<HealthChecker>()->getExecOutput(standalone_cmd, 1000);
if (!maybe_result.ok()) {
dbgWarning(D_HEALTH_CHECK) << "Unable to get the standalone docker status. Returning unhealthy status.";
return HealthCheckStatus::UNHEALTHY;
}
dbgTrace(D_HEALTH_CHECK) << "Got response: " << maybe_result.unpack();
auto response = NGEN::Strings::removeTrailingWhitespaces(maybe_result.unpack());
if (response.back() == '0') return HealthCheckStatus::HEALTHY;
if (response.back() == '1') return HealthCheckStatus::UNHEALTHY;
return HealthCheckStatus::DEGRADED;
}
bool
nginxContainerIsRunning()
{
static const string nginx_container_name = "cp_nginx_gaia";
static const string cmd_running =
"docker ps --filter name=" + nginx_container_name + " --filter status=running";
dbgTrace(D_HEALTH_CHECK) << "Checking if the container is running with the commmand: " << cmd_running;
dbgTrace(D_HEALTH_CHECK) << "Checking if the container is running with the command: " << cmd_running;
auto maybe_result = Singleton::Consume<I_ShellCmd>::by<HealthChecker>()->getExecOutput(cmd_running);
if (!maybe_result.ok()) {
@@ -263,7 +289,6 @@ private:
}
return (*maybe_result).find(nginx_container_name) != string::npos;
}
void
@@ -279,7 +304,7 @@ private:
{
if (open_connections_counter >= max_connections) {
dbgDebug(D_HEALTH_CHECK)
<< "Cannot serve new client, reached maximun open connections bound which is:"
<< "Cannot serve new client, reached maximum open connections bound which is:"
<< open_connections_counter
<< "maximum allowed: "
<< max_connections;
@@ -331,6 +356,42 @@ private:
"health check failed\r\n";
static const vector<char> failure_response_buffer(failure_response.begin(), failure_response.end());
static const string degraded_response =
"HTTP/1.1 202 OK\r\n"
"Content-Length: 22\r\n"
"Content-Type: text/plain\r\n"
"\r\n"
"health check partial\r\n";
static const vector<char> degraded_response_buffer(degraded_response.begin(), degraded_response.end());
HealthCheckStatus standalone_status = getStandaloneHealthStatus();
if (standalone_status != HealthCheckStatus::IGNORED) {
if (standalone_status == HealthCheckStatus::HEALTHY) {
dbgDebug(D_HEALTH_CHECK)
<< "Standalone status is healthy, returning the following response: "
<< success_response;
i_socket->writeData(curr_client_socket, success_response_buffer);
closeCurrentSocket(curr_client_socket, curr_routine_id);
return;
}
if (standalone_status == HealthCheckStatus::UNHEALTHY) {
dbgDebug(D_HEALTH_CHECK)
<< "Standalone status in unhealthy, returning the following response: "
<< failure_response;
i_socket->writeData(curr_client_socket, failure_response_buffer);
closeCurrentSocket(curr_client_socket, curr_routine_id);
return;
}
dbgDebug(D_HEALTH_CHECK)
<< "Standalone status was partially loaded, returning the following response: "
<< degraded_response;
i_socket->writeData(curr_client_socket, degraded_response_buffer);
closeCurrentSocket(curr_client_socket, curr_routine_id);
return;
}
if (nginxContainerIsRunning()) {
dbgDebug(D_HEALTH_CHECK)
<< "nginx conatiner is running, returning the following response: "

2
components/security_apps/orchestration/health_check/health_check_ut/health_check_ut.cc
View File

@@ -194,7 +194,7 @@ TEST_F(HealthCheckerTest, connectionsLimit)
connection_handler_routine();
EXPECT_THAT(
capture_debug.str(), HasSubstr("Cannot serve new client, reached maximun open connections")
capture_debug.str(), HasSubstr("Cannot serve new client, reached maximum open connections")
);
}

13
components/security_apps/orchestration/include/declarative_policy_utils.h
View File

@@ -31,6 +31,14 @@ class ApplyPolicyEvent : public Event<ApplyPolicyEvent>
{
public:
ApplyPolicyEvent() {}
ApplyPolicyEvent(const std::string &path) : local_policy_path(path) {}
// LCOV_EXCL_START Reason: no test exist
std::string getPolicyPath() const { return local_policy_path; }
// LCOV_EXCL_STOP
private:
std::string local_policy_path;
};
class DeclarativePolicyUtils
@@ -40,6 +48,7 @@ class DeclarativePolicyUtils
Singleton::Consume<I_EnvDetails>,
Singleton::Consume<I_AgentDetails>,
Singleton::Consume<I_OrchestrationTools>,
public Singleton::Consume<I_MainLoop>,
Singleton::Consume<I_RestApi>,
public Listener<ApplyPolicyEvent>
{
@@ -50,8 +59,7 @@ public:
void
doCall() override
{
Singleton::Consume<I_LocalPolicyMgmtGen>::by<DeclarativePolicyUtils>()->setPolicyPath(policy_path.get());
ApplyPolicyEvent().notify();
ApplyPolicyEvent(policy_path.get()).notify();
}
private:
@@ -80,6 +88,7 @@ public:
private:
std::string getCleanChecksum(const std::string &unclean_checksum);
std::string local_policy_path;
std::string curr_version;
std::string curr_policy;
bool should_apply_policy;

1
components/security_apps/orchestration/include/fog_authenticator.h
View File

@@ -142,6 +142,7 @@ protected:
std::string base64Encode(const std::string &in) const;
std::string buildBasicAuthHeader(const std::string &username, const std::string &pass) const;
std::string buildOAuth2Header(const std::string &token) const;
std::string getUserEdition() const;
// This apps which the orchestrations requires them from Fog.
std::vector<std::string> required_security_apps;

2
components/security_apps/orchestration/include/get_status_rest.h
View File

@@ -54,6 +54,7 @@ public:
last_update = i_orch_status->getUpdateTime();
last_update_status = i_orch_status->getUpdateStatus();
policy_version = i_orch_status->getPolicyVersion();
waap_model_version = i_orch_status->getWaapModelVersion();
last_policy_update = i_orch_status->getLastPolicyUpdate();
last_manifest_update = i_orch_status->getLastManifestUpdate();
last_settings_update = i_orch_status->getLastSettingsUpdate();
@@ -72,6 +73,7 @@ private:
S2C_LABEL_PARAM(std::string, last_update, "Last update");
S2C_LABEL_PARAM(std::string, last_update_status, "Last update status");
S2C_LABEL_PARAM(std::string, policy_version, "Policy version");
S2C_LABEL_PARAM(std::string, waap_model_version, "AI model version");
S2C_LABEL_PARAM(std::string, last_policy_update, "Last policy update");
S2C_LABEL_PARAM(std::string, last_manifest_update, "Last manifest update");
S2C_LABEL_PARAM(std::string, last_settings_update, "Last settings update");

1
components/security_apps/orchestration/include/mock/mock_orchestration_status.h
View File

@@ -45,6 +45,7 @@ public:
MOCK_CONST_METHOD0(getUpdateTime, const std::string&());
MOCK_CONST_METHOD0(getLastManifestUpdate, const std::string&());
MOCK_CONST_METHOD0(getPolicyVersion, const std::string&());
MOCK_CONST_METHOD0(getWaapModelVersion, const std::string&());
MOCK_CONST_METHOD0(getLastPolicyUpdate, const std::string&());
MOCK_CONST_METHOD0(getLastSettingsUpdate, const std::string&());
MOCK_CONST_METHOD0(getUpgradeMode, const std::string&());

35
components/security_apps/orchestration/include/namespace_data.h Normal file
View File

@@ -0,0 +1,35 @@
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef __NAMESPACE_DATA_H__
#define __NAMESPACE_DATA_H__
#include <vector>
#include <map>
#include "cereal/archives/json.hpp"
#include <cereal/types/map.hpp>
#include "rest.h"
class NamespaceData : public ClientRest
{
public:
bool loadJson(const std::string &json);
Maybe<std::string> getNamespaceUidByName(const std::string &name);
private:
std::map<std::string, std::string> ns_name_to_uid;
};
#endif // __NAMESPACE_DATA_H__

34
components/security_apps/orchestration/manifest_controller/manifest_controller.cc
View File

@@ -76,6 +76,7 @@ public:
private:
bool changeManifestFile(const string &new_manifest_file);
bool updateIgnoreListForNSaaS();
bool
handlePackage(
@@ -155,12 +156,36 @@ ManifestController::Impl::init()
}
}
bool
ManifestController::Impl::updateIgnoreListForNSaaS()
{
if (!getProfileAgentSettingWithDefault<bool>(false, "accessControl.isAwsNSaaS")) return false;
auto ignore_packages_path = getConfigurationWithDefault<string>(
getFilesystemPathConfig() + "/conf/ignore-packages.txt",
"orchestration",
"Ignore packages list file path"
);
ofstream ignore_file(ignore_packages_path);
if (!ignore_file.is_open()) {
dbgWarning(D_ORCHESTRATOR) << "Unable to open file " << ignore_packages_path << " for writing";
return false;
}
ignore_file << "all";
ignore_file.close();
dbgInfo(D_ORCHESTRATOR) << "Updated " << ignore_packages_path << " to ignore all packages";
return true;
}
bool
ManifestController::Impl::updateManifest(const string &new_manifest_file)
{
auto i_env = Singleton::Consume<I_Environment>::by<ManifestController>();
auto span_scope = i_env->startNewSpanScope(Span::ContextType::CHILD_OF);
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<ManifestController>();
static bool ignore_packages_update = false;
if (isIgnoreFile(new_manifest_file)) {
if (!orchestration_tools->copyFile(new_manifest_file, manifest_file_path)) {
@@ -173,9 +198,12 @@ ManifestController::Impl::updateManifest(const string &new_manifest_file)
dbgDebug(D_ORCHESTRATOR) << "Starting to update manifest file";
auto ignored_settings_packages = getProfileAgentSetting<IgnoredPackages>("orchestration.IgnoredPackagesList");
set<string> packages_to_ignore = ignore_packages;
if (ignored_settings_packages.ok()) packages_to_ignore = *(*ignored_settings_packages);
if (ignored_settings_packages.ok()) {
packages_to_ignore = *(*ignored_settings_packages);
ignore_packages_update = false;
}
if (packages_to_ignore.count("all") > 0) {
if (ignore_packages_update || packages_to_ignore.count("all") > 0) {
dbgTrace(D_ORCHESTRATOR) << "Nothing to update (\"ignore all\" turned on)";
if (!orchestration_tools->copyFile(new_manifest_file, manifest_file_path)) {
@@ -315,6 +343,8 @@ ManifestController::Impl::updateManifest(const string &new_manifest_file)
if (all_installed && (any_installed || no_change) && no_corrupted_package) {
manifest_file_update = changeManifestFile(new_manifest_file);
// In NSaaS - set ignore packages to any
ignore_packages_update = updateIgnoreListForNSaaS();
} else if (any_installed) {
manifest_file_update = orchestration_tools->packagesToJsonFile(current_packages, manifest_file_path);
}

20
components/security_apps/orchestration/modules/modules_ut/orchestration_status_ut.cc
View File

@@ -11,6 +11,7 @@
#include "mock/mock_time_get.h"
#include "mock/mock_orchestration_tools.h"
#include "mock/mock_agent_details.h"
#include "mock/mock_details_resolver.h"
#include "mock/mock_mainloop.h"
#include "mock/mock_rest_api.h"
@@ -38,9 +39,17 @@ public:
.WillOnce(DoAll(SaveArg<2>(&routine), Return(1))
);
EXPECT_CALL(mock_tools, readFile(file_path)).WillOnce(Return(start_file_content));
prepareResolvedDetails();
orchestration_status.init();
}
void
prepareResolvedDetails()
{
map<string, string> resolved_details({{"AppSecModelVersion", waap_model}});
EXPECT_CALL(mock_details_resolver, getResolvedDetails()).WillRepeatedly(Return(resolved_details));
}
string
orchestrationStatusFileToString()
{
@@ -82,7 +91,8 @@ public:
const string &registration_details_architecture = "",
const string &agent_id = "None",
const string &profile_id = "None",
const string &tenant_id = "None"
const string &tenant_id = "None",
const string &waap_model_version = "Advanced model"
)
{
return "{\n"
@@ -91,6 +101,7 @@ public:
" \"Last update\": \"" + last_update + "\",\n"
" \"Last manifest update\": \"" + last_manifest_update + "\",\n"
" \"Policy version\": \"" + policy_version + "\",\n"
" \"AI model version\": \"" + waap_model_version + "\",\n"
" \"Last policy update\": \"" + last_policy_update + "\",\n"
" \"Last settings update\": \"" + last_settings_update + "\",\n"
" \"Upgrade mode\": \"" + upgrade_mode + "\",\n"
@@ -118,12 +129,14 @@ public:
ostringstream capture_debug;
StrictMock<MockOrchestrationTools> mock_tools;
StrictMock<MockAgentDetails> mock_agent_details;
StrictMock<MockDetailsResolver> mock_details_resolver;
OrchestrationStatus orchestration_status;
I_OrchestrationStatus * i_orchestration_status =
Singleton::Consume<I_OrchestrationStatus>::from(orchestration_status);
string file_path;
Maybe<string> start_file_content = genError("No file");
I_MainLoop::Routine routine;
string waap_model = "Advanced model";
};
TEST_F(OrchestrationStatusTest, doNothing)
@@ -147,6 +160,7 @@ TEST_F(OrchestrationStatusTest, recoverFields)
TEST_F(OrchestrationStatusTest, loadFromFile)
{
prepareResolvedDetails();
Maybe<string> status = genError("No file");;
CPTestTempfile status_file;
file_path = status_file.fname;
@@ -214,12 +228,14 @@ TEST_F(OrchestrationStatusTest, recoveryFields)
const string agent_id = "AgentId";
const string profile_id = "ProfileId";
const string tenant_id = "TenantId";
auto fog_addr = Maybe<string>(string("FogDomain"));
EXPECT_CALL(mock_agent_details, getAgentId()).WillOnce(Return(agent_id));
EXPECT_CALL(mock_agent_details, getProfileId()).WillOnce(Return(profile_id));
EXPECT_CALL(mock_agent_details, getTenantId()).WillOnce(Return(tenant_id));
EXPECT_CALL(mock_agent_details, getFogDomain()).WillOnce(Return(fog_addr));
i_orchestration_status->writeStatusToFile();
EXPECT_THAT(capture_debug.str(), HasSubstr("Repairing status fields"));
@@ -227,6 +243,7 @@ TEST_F(OrchestrationStatusTest, recoveryFields)
EXPECT_EQ(i_orchestration_status->getProfileId(), profile_id);
EXPECT_EQ(i_orchestration_status->getTenantId(), tenant_id);
EXPECT_EQ(i_orchestration_status->getFogAddress(), fog_addr.unpack());
EXPECT_EQ(i_orchestration_status->getWaapModelVersion(), waap_model);
}
TEST_F(OrchestrationStatusTest, updateAllLastUpdatesTypes)
@@ -419,6 +436,7 @@ TEST_F(OrchestrationStatusTest, setAllFields)
" \"Last update\": \"current time\",\n"
" \"Last manifest update\": \"current time\",\n"
" \"Policy version\": \"12\",\n"
" \"AI model version\": \"Advanced model\",\n"
" \"Last policy update\": \"current time\",\n"
" \"Last settings update\": \"current time\",\n"
" \"Upgrade mode\": \"Test Mode\",\n"

23
components/security_apps/orchestration/modules/orchestration_status.cc
View File

@@ -108,6 +108,7 @@ public:
last_update_attempt = from.last_update_attempt;
last_manifest_update = from.last_manifest_update;
policy_version = from.policy_version;
waap_model_version = from.waap_model_version;
last_policy_update = from.last_policy_update;
last_settings_update = from.last_settings_update;
upgrade_mode = from.upgrade_mode;
@@ -128,6 +129,7 @@ public:
const string & getUpdateTime() const { return last_update_time; }
const string & getLastManifestUpdate() const { return last_manifest_update; }
const string & getPolicyVersion() const { return policy_version; }
const string & getWaapModelVersion() const { return waap_model_version; }
const string & getLastPolicyUpdate() const { return last_policy_update; }
const string & getLastSettingsUpdate() const { return last_settings_update; }
const string & getUpgradeMode() const { return upgrade_mode; }
@@ -142,6 +144,16 @@ public:
const map<string, string> & getServicePolicies() const { return service_policies; }
const map<string, string> & getServiceSettings() const { return service_settings; }
void updateWaapModelVersion() {
map<string, string> details_resolver =
Singleton::Consume<I_DetailsResolver>::by<OrchestrationStatus>()->getResolvedDetails();
if (details_resolver.find("AppSecModelVersion") != details_resolver.end()) {
waap_model_version = details_resolver["AppSecModelVersion"];
} else {
waap_model_version = "None";
}
}
void
insertServicePolicy(const string &key, const string &value)
{
@@ -267,12 +279,13 @@ public:
last_manifest_update = "None";
last_policy_update = "None";
last_settings_update = "None";
waap_model_version = "None";
fog_address = "None";
agent_id = "None";
profile_id = "None";
tenant_id = "None";
registration_status = "None";
manifest_status = "None";
manifest_status = getenv("CLOUDGUARD_APPSEC_STANDALONE") ? "Succeeded" : "None";
upgrade_mode = "None";
}
@@ -292,6 +305,7 @@ public:
} else {
fog_address = "None";
}
updateWaapModelVersion();
}
}
@@ -304,6 +318,7 @@ public:
archive(cereal::make_nvp("Last update", last_update_time));
archive(cereal::make_nvp("Last manifest update", last_manifest_update));
archive(cereal::make_nvp("Policy version", policy_version));
archive(cereal::make_nvp("AI model version", waap_model_version));
archive(cereal::make_nvp("Last policy update", last_policy_update));
archive(cereal::make_nvp("Last settings update", last_settings_update));
archive(cereal::make_nvp("Upgrade mode", upgrade_mode));
@@ -331,6 +346,7 @@ public:
archive.setNextName(nullptr);
}
archive(cereal::make_nvp("AI model version", waap_model_version));
archive(cereal::make_nvp("Last policy update", last_policy_update));
archive(cereal::make_nvp("Last settings update", last_settings_update));
@@ -368,6 +384,7 @@ private:
string last_update_attempt;
string last_manifest_update;
string policy_version;
string waap_model_version;
string last_policy_update;
string last_settings_update;
string upgrade_mode;
@@ -387,13 +404,14 @@ class OrchestrationStatus::Impl : Singleton::Provide<I_OrchestrationStatus>::Fro
{
public:
void
writeStatusToFile()
writeStatusToFile() override
{
auto orchestration_status_path = getConfigurationWithDefault<string>(
filesystem_prefix + "/conf/orchestration_status.json",
"orchestration",
"Orchestration status path"
);
status.updateWaapModelVersion();
auto write_result =
orchestration_tools->objectToJsonFile<Status>(status, orchestration_status_path);
if (!write_result) {
@@ -497,6 +515,7 @@ private:
const string & getUpdateTime() const override { return status.getUpdateTime(); }
const string & getLastManifestUpdate() const override { return status.getLastManifestUpdate(); }
const string & getPolicyVersion() const override { return status.getPolicyVersion(); }
const string & getWaapModelVersion() const override { return status.getWaapModelVersion(); }
const string & getLastPolicyUpdate() const override { return status.getLastPolicyUpdate(); }
const string & getLastSettingsUpdate() const override { return status.getLastSettingsUpdate(); }
const string & getUpgradeMode() const override { return status.getUpgradeMode(); }

8
components/security_apps/orchestration/orchestration_comp.cc
View File

@@ -189,6 +189,10 @@ public:
"Orchestration runner",
true
);
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<OrchestrationComp>();
orchestration_tools->getClusterId();
hybrid_mode_metric.init(
"Watchdog Metrics",
ReportIS::AudienceTeam::AGENT_CORE,
@@ -198,7 +202,6 @@ public:
ReportIS::Audience::INTERNAL
);
hybrid_mode_metric.registerListener();
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<OrchestrationComp>();
orchestration_tools->loadTenantsFromDir(
getConfigurationWithDefault<string>(getFilesystemPathConfig() + "/conf/", "orchestration", "Conf dir")
);
@@ -1485,6 +1488,9 @@ private:
if (i_details_resolver->compareCheckpointVersion(8100, greater_equal<int>())) {
agent_data_report << AgentReportFieldWithLabel("isCheckpointVersionGER81", "true");
}
if (i_details_resolver->compareCheckpointVersion(8200, greater_equal<int>())) {
agent_data_report << AgentReportFieldWithLabel("isCheckpointVersionGER82", "true");
}
#endif // gaia || smb
if (agent_data_report == curr_agent_data_report) {

2
components/security_apps/orchestration/orchestration_tools/CMakeLists.txt
View File

@@ -1,5 +1,5 @@
ADD_DEFINITIONS(-Wno-deprecated-declarations)
add_library(orchestration_tools orchestration_tools.cc)
add_library(orchestration_tools orchestration_tools.cc namespace_data.cc)
#add_subdirectory(orchestration_tools_ut)

117
components/security_apps/orchestration/orchestration_tools/namespace_data.cc Normal file
View File

@@ -0,0 +1,117 @@
// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "namespace_data.h"
using namespace std;
USE_DEBUG_FLAG(D_ORCHESTRATOR);
template <typename T>
void
parseNameSpaceJSONKey(
const string &key_name,
T &value,
cereal::JSONInputArchive &archive_in,
const T &default_value = T())
{
try {
archive_in(cereal::make_nvp(key_name, value));
} catch (const cereal::Exception &e) {
archive_in.setNextName(nullptr);
value = default_value;
dbgDebug(D_ORCHESTRATOR)
<< "Could not parse the required key. Key: "
<< key_name
<< ", Error: "
<< e.what();
}
}
class NamespaceMetadata
{
public:
void
load(cereal::JSONInputArchive &archive_in)
{
dbgFlow(D_ORCHESTRATOR);
parseNameSpaceJSONKey<string>("name", name, archive_in);
parseNameSpaceJSONKey<string>("uid", uid, archive_in);
}
const string &
getName() const
{
return name;
}
const string &
getUID() const
{
return uid;
}
private:
string name;
string uid;
};
class SingleNamespaceData
{
public:
void
load(cereal::JSONInputArchive &archive_in)
{
parseNameSpaceJSONKey<NamespaceMetadata>("metadata", metadata, archive_in);
}
const NamespaceMetadata &
getMetadata() const
{
return metadata;
}
private:
NamespaceMetadata metadata;
};
bool
NamespaceData::loadJson(const string &json)
{
dbgFlow(D_ORCHESTRATOR);
string modified_json = json;
modified_json.pop_back();
stringstream in;
in.str(modified_json);
try {
cereal::JSONInputArchive in_ar(in);
vector<SingleNamespaceData> items;
in_ar(cereal::make_nvp("items", items));
for (const SingleNamespaceData &single_ns_data : items) {
ns_name_to_uid[single_ns_data.getMetadata().getName()] = single_ns_data.getMetadata().getUID();
}
} catch (cereal::Exception &e) {
dbgWarning(D_ORCHESTRATOR) << "Failed to load namespace data JSON. Error: " << e.what();
return false;
}
return true;
}
Maybe<string>
NamespaceData::getNamespaceUidByName(const string &name)
{
if (ns_name_to_uid.find(name) == ns_name_to_uid.end()) {
return genError("Namespace doesn't exist. Name: " + name);
}
return ns_name_to_uid.at(name);
}

114
components/security_apps/orchestration/orchestration_tools/orchestration_tools.cc
View File

@@ -19,6 +19,7 @@
#include "cereal/types/vector.hpp"
#include "cereal/types/set.hpp"
#include "agent_core_utilities.h"
#include "namespace_data.h"
#include <netdb.h>
#include <arpa/inet.h>
@@ -47,11 +48,13 @@ public:
const string &tenant_id,
const string &profile_id) const override;
shared_ptr<ifstream> fileStreamWrapper(const std::string &path) const override;
Maybe<string> readFile(const string &path) const override;
bool writeFile(const string &text, const string &path) const override;
bool writeFile(const string &text, const string &path, bool append_mode = false) const override;
bool removeFile(const string &path) const override;
bool copyFile(const string &src_path, const string &dst_path) const override;
bool doesFileExist(const string &file_path) const override;
void getClusterId() const override;
void fillKeyInJson(const string &filename, const string &_key, const string &_val) const override;
bool createDirectory(const string &directory_path) const override;
bool doesDirectoryExist(const string &dir_path) const override;
@@ -127,6 +130,98 @@ OrchestrationTools::Impl::fillKeyInJson(const string &filename, const string &_k
}
// LCOV_EXCL_STOP
bool
isPlaygroundEnv()
{
const char *env_string = getenv("PLAYGROUND");
if (env_string == nullptr) return false;
string env_value = env_string;
transform(env_value.begin(), env_value.end(), env_value.begin(), ::tolower);
return env_value == "true";
}
Maybe<NamespaceData, string>
getNamespaceDataFromCluster(const string &path)
{
NamespaceData name_space;
string token = Singleton::Consume<I_EnvDetails>::by<OrchestrationTools>()->getToken();
Flags<MessageConnConfig> conn_flags;
conn_flags.setFlag(MessageConnConfig::SECURE_CONN);
conn_flags.setFlag(MessageConnConfig::IGNORE_SSL_VALIDATION);
auto messaging = Singleton::Consume<I_Messaging>::by<OrchestrationTools>();
bool res = messaging->sendObject(
name_space,
I_Messaging::Method::GET,
"kubernetes.default.svc",
443,
conn_flags,
path,
"Authorization: Bearer " + token + "\nConnection: close"
);
if (res) return name_space;
return genError(string("Was not able to get object form k8s cluser in path: " + path));
}
bool
doesClusterIdExists()
{
string playground_uid = isPlaygroundEnv() ? "playground-" : "";
dbgTrace(D_ORCHESTRATOR) << "Getting cluster UID";
auto maybe_namespaces_data = getNamespaceDataFromCluster("/api/v1/namespaces/");
if (!maybe_namespaces_data.ok()) {
dbgWarning(D_ORCHESTRATOR)
<< "Failed to retrieve K8S namespace data. Error: "
<< maybe_namespaces_data.getErr();
return false;
}
NamespaceData namespaces_data = maybe_namespaces_data.unpack();
Maybe<string> maybe_ns_uid = namespaces_data.getNamespaceUidByName("kube-system");
if (!maybe_ns_uid.ok()) {
dbgWarning(D_ORCHESTRATOR) << maybe_ns_uid.getErr();
return false;
}
string uid = playground_uid + maybe_ns_uid.unpack();
dbgTrace(D_ORCHESTRATOR) << "Found k8s cluster UID: " << uid;
I_Environment *env = Singleton::Consume<I_Environment>::by<OrchestrationTools>();
env->getConfigurationContext().registerValue<string>(
"k8sClusterId",
uid,
EnvKeyAttr::LogSection::SOURCE
);
I_AgentDetails *i_agent_details = Singleton::Consume<I_AgentDetails>::by<OrchestrationTools>();
i_agent_details->setClusterId(uid);
return true;
}
void
OrchestrationTools::Impl::getClusterId() const
{
auto env_type = Singleton::Consume<I_EnvDetails>::by<OrchestrationTools>()->getEnvType();
if (env_type == EnvType::K8S) {
Singleton::Consume<I_MainLoop>::by<OrchestrationTools>()->addOneTimeRoutine(
I_MainLoop::RoutineType::Offline,
[this] ()
{
while(!doesClusterIdExists()) {
Singleton::Consume<I_MainLoop>::by<OrchestrationTools>()->yield(chrono::seconds(1));
}
return;
},
"Get k8s cluster ID"
);
}
}
bool
OrchestrationTools::Impl::doesFileExist(const string &file_path) const
{
@@ -140,7 +235,7 @@ OrchestrationTools::Impl::doesDirectoryExist(const string &dir_path) const
}
bool
OrchestrationTools::Impl::writeFile(const string &text, const string &path) const
OrchestrationTools::Impl::writeFile(const string &text, const string &path, bool append_mode) const
{
dbgDebug(D_ORCHESTRATOR) << "Writing file: text = " << text << ", path = " << path;
if (path.find('/') != string::npos) {
@@ -151,8 +246,15 @@ OrchestrationTools::Impl::writeFile(const string &text, const string &path) cons
return false;
}
}
ofstream fout;
if (append_mode) {
fout.open(path, std::ios::app);
} else {
fout.open(path);
}
try {
ofstream fout(path);
fout << text;
return true;
} catch (const ofstream::failure &e) {
@@ -186,6 +288,12 @@ OrchestrationTools::Impl::isNonEmptyFile(const string &path) const
return false;
}
shared_ptr<ifstream>
OrchestrationTools::Impl::fileStreamWrapper(const std::string &path) const
{
return make_shared<ifstream>(path);
}
Maybe<string>
OrchestrationTools::Impl::readFile(const string &path) const
{

87
components/security_apps/orchestration/orchestration_tools/orchestration_tools_ut/orchestration_tools_ut.cc
View File

@@ -1,8 +1,13 @@
#include "orchestration_tools.h"
#include "cptest.h"
#include "config_component.h"
#include "mock/mock_tenant_manager.h"
#include "mock/mock_shell_cmd.h"
#include "mock/mock_messaging.h"
#include "mock/mock_env_details.h"
#include "mock/mock_agent_details.h"
#include "mock/mock_mainloop.h"
using namespace std;
using namespace testing;
@@ -14,6 +19,17 @@ public:
{
}
string
getResource(const string &path)
{
string resource_path = cptestFnameInSrcDir(path);
ifstream resource_file(resource_path);
EXPECT_TRUE(resource_file.is_open());
stringstream resource_file_content;
resource_file_content << resource_file.rdbuf();
return resource_file_content.str();
}
void
cleanSpaces(string &str)
{
@@ -47,27 +63,74 @@ public:
OrchestrationTools orchestration_tools;
I_OrchestrationTools *i_orchestration_tools = Singleton::Consume<I_OrchestrationTools>::from(orchestration_tools);
StrictMock<MockTenantManager> mock_tenant_manager;
NiceMock<MockMessaging> mock_messaging;
NiceMock<MockAgentDetails> mock_agent_details;
NiceMock<MockMainLoop> mock_mainloop;
StrictMock<MockShellCmd> mock_shell_cmd;
StrictMock<EnvDetailsMocker> mock_env_details;
StrictMock<MockTenantManager> mock_tenant_manager;
::Environment env;
};
TEST_F(OrchestrationToolsTest, doNothing)
{
}
TEST_F(OrchestrationToolsTest, getClusterId)
{
EXPECT_CALL(mock_env_details, getToken()).WillOnce(Return("123"));
EXPECT_CALL(mock_env_details, getEnvType()).WillOnce(Return(EnvType::K8S));
I_MainLoop::Routine routine;
EXPECT_CALL(
mock_mainloop,
addOneTimeRoutine(I_MainLoop::RoutineType::Offline, _, "Get k8s cluster ID", _)
).WillOnce(DoAll(SaveArg<1>(&routine), Return(1)));
string namespaces = getResource("k8s_namespaces.json");
EXPECT_CALL(
mock_messaging,
sendMessage(
true,
"",
I_Messaging::Method::GET,
"kubernetes.default.svc",
443,
_,
"/api/v1/namespaces/",
"Authorization: Bearer 123\nConnection: close",
_,
_
)
).WillRepeatedly(Return(Maybe<string>(namespaces)));
i_orchestration_tools->getClusterId();
routine();
}
TEST_F(OrchestrationToolsTest, writeReadTextToFile)
{
EXPECT_TRUE(i_orchestration_tools->writeFile(manifest_text, manifest_file));
EXPECT_TRUE(i_orchestration_tools->writeFile(manifest_text, manifest_file, false));
EXPECT_TRUE(i_orchestration_tools->doesFileExist(manifest_file));
EXPECT_TRUE(i_orchestration_tools->isNonEmptyFile(manifest_file));
EXPECT_TRUE(i_orchestration_tools->fileStreamWrapper(manifest_file)->is_open());
EXPECT_EQ(manifest_text, i_orchestration_tools->readFile(manifest_file).unpack());
EXPECT_FALSE(i_orchestration_tools->isNonEmptyFile("no_such_file"));
}
TEST_F(OrchestrationToolsTest, writeAndAppendToFile)
{
EXPECT_TRUE(i_orchestration_tools->writeFile("blabla", "in_test.json", false));
EXPECT_TRUE(i_orchestration_tools->doesFileExist("in_test.json"));
EXPECT_TRUE(i_orchestration_tools->isNonEmptyFile("in_test.json"));
EXPECT_TRUE(i_orchestration_tools->writeFile(" Appending Text", "in_test.json", true));
EXPECT_EQ("blabla Appending Text", i_orchestration_tools->readFile("in_test.json").unpack());;
}
TEST_F(OrchestrationToolsTest, loadPackagesFromJsonTest)
{
EXPECT_TRUE(i_orchestration_tools->writeFile("blabla", "in_test.json"));
EXPECT_TRUE(i_orchestration_tools->writeFile("blabla", "in_test.json", false));
string file_name = "in_test.json";
Maybe<map<string, Package>> packages = i_orchestration_tools->loadPackagesFromJson(file_name);
EXPECT_FALSE(packages.ok());
@@ -83,7 +146,7 @@ TEST_F(OrchestrationToolsTest, loadPackagesFromJsonTest)
TEST_F(OrchestrationToolsTest, copyFile)
{
EXPECT_TRUE(i_orchestration_tools->writeFile("blabla", "in_test.json"));
EXPECT_TRUE(i_orchestration_tools->writeFile("blabla", "in_test.json", false));
EXPECT_TRUE(i_orchestration_tools->copyFile("in_test.json", "cpy_test.json"));
EXPECT_EQ("blabla", i_orchestration_tools->readFile("cpy_test.json").unpack());
EXPECT_FALSE(i_orchestration_tools->copyFile("NOT_EXISTS_FILE", "cpy2_test.json"));
@@ -199,7 +262,7 @@ TEST_F(OrchestrationToolsTest, jsonFileToPackages)
" }"
" ]"
"}";
i_orchestration_tools->writeFile(string_stream.str(), "packages_tmp.json");
i_orchestration_tools->writeFile(string_stream.str(), "packages_tmp.json", false);
Maybe<map<string, Package>> packages = i_orchestration_tools->loadPackagesFromJson("packages_tmp.json");
EXPECT_TRUE(packages.ok());
EXPECT_TRUE(packages.unpack().find("nano-agent") != packages.unpack().end());
@@ -222,7 +285,7 @@ TEST_F(OrchestrationToolsTest, packagesToJsonFile)
" }"
" ]"
"}";
i_orchestration_tools->writeFile(string_stream.str(), "packages.json");
i_orchestration_tools->writeFile(string_stream.str(), "packages.json", false);
Maybe<map<string, Package>> packages = i_orchestration_tools->loadPackagesFromJson("packages.json");
EXPECT_TRUE(packages.ok());
EXPECT_TRUE(i_orchestration_tools->packagesToJsonFile(packages.unpack(), "packages.json"));
@@ -277,8 +340,8 @@ TEST_F(OrchestrationToolsTest, deleteVirtualTenantFiles)
EXPECT_TRUE(i_orchestration_tools->createDirectory(policy_folder_path));
string settings_file_path = conf_path + "/tenant_3fdbdd33_profile_c4c498d8_settings.json";
i_orchestration_tools->writeFile(string_stream.str(), settings_file_path);
i_orchestration_tools->writeFile(string_stream.str(), policy_file_path);
i_orchestration_tools->writeFile(string_stream.str(), settings_file_path, false);
i_orchestration_tools->writeFile(string_stream.str(), policy_file_path, false);
EXPECT_TRUE(i_orchestration_tools->doesFileExist(settings_file_path));
EXPECT_TRUE(i_orchestration_tools->doesFileExist(policy_file_path));
@@ -301,16 +364,16 @@ TEST_F(OrchestrationToolsTest, loadTenants)
EXPECT_TRUE(i_orchestration_tools->createDirectory(policy_folder_path2));
string settings_file_path1 = conf_path + "/tenant_3fdbdd33_profile_c4c498d8_settings.json";
i_orchestration_tools->writeFile(string_stream.str(), settings_file_path1);
i_orchestration_tools->writeFile(string_stream.str(), settings_file_path1, false);
string settings_file_path2 = conf_path + "/tenant_123456_profile_654321_settings.json";
i_orchestration_tools->writeFile(string_stream.str(), settings_file_path2);
i_orchestration_tools->writeFile(string_stream.str(), settings_file_path2, false);
string policy_file_path1 = policy_folder_path1 + "/policy.json";
i_orchestration_tools->writeFile(string_stream.str(), policy_file_path1);
i_orchestration_tools->writeFile(string_stream.str(), policy_file_path1, false);
string policy_file_path2 = policy_folder_path2 + "/policy.json";
i_orchestration_tools->writeFile(string_stream.str(), policy_file_path2);
i_orchestration_tools->writeFile(string_stream.str(), policy_file_path2, false);
EXPECT_TRUE(i_orchestration_tools->doesFileExist(settings_file_path1));
EXPECT_TRUE(i_orchestration_tools->doesFileExist(settings_file_path2));

8
components/security_apps/orchestration/orchestration_ut/orchestration_multitenant_ut.cc
View File

@@ -62,6 +62,8 @@ public:
addOneTimeRoutine(I_MainLoop::RoutineType::RealTime, _, "Orchestration runner", true)
).WillOnce(DoAll(SaveArg<1>(&routine), Return(1)));
EXPECT_CALL(mock_orchestration_tools, getClusterId());
EXPECT_CALL(mock_shell_cmd, getExecOutput("openssl version -d | cut -d\" \" -f2 | cut -d\"\\\"\" -f2", _, _))
.WillOnce(Return(string("OpenSSL certificates Directory")));
@@ -91,11 +93,11 @@ public:
Maybe<string> err = genError("No file exist");
EXPECT_CALL(mock_orchestration_tools, readFile("/etc/cp/conf/user-cred.json")).WillOnce(Return(err));
EXPECT_CALL(mock_orchestration_tools, writeFile("This is fake", "/etc/cp/data/data1.a")).WillOnce(
EXPECT_CALL(mock_orchestration_tools, writeFile("This is fake", "/etc/cp/data/data1.a", false)).WillOnce(
Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile("0000 is fake", "/etc/cp/data/data4.a")).WillOnce(
EXPECT_CALL(mock_orchestration_tools, writeFile("0000 is fake", "/etc/cp/data/data4.a", false)).WillOnce(
Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile("This is 3333", "/etc/cp/data/data6.a")).WillOnce(
EXPECT_CALL(mock_orchestration_tools, writeFile("This is 3333", "/etc/cp/data/data6.a", false)).WillOnce(
Return(true));
}

30
components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc
View File

@@ -54,6 +54,8 @@ public:
addOneTimeRoutine(I_MainLoop::RoutineType::RealTime, _, "Orchestration runner", true)
).WillOnce(DoAll(SaveArg<1>(&routine), Return(1)));
EXPECT_CALL(mock_orchestration_tools, getClusterId());
EXPECT_CALL(
mock_shell_cmd,
getExecOutput("openssl version -d | cut -d\" \" -f2 | cut -d\"\\\"\" -f2", _, _)
@@ -118,11 +120,11 @@ public:
Maybe<string> err = genError("No file exist");
EXPECT_CALL(mock_orchestration_tools, readFile("/etc/cp/conf/user-cred.json")).WillOnce(Return(err));
EXPECT_CALL(mock_orchestration_tools, writeFile("This is fake", "/etc/cp/data/data1.a")).WillOnce(
EXPECT_CALL(mock_orchestration_tools, writeFile("This is fake", "/etc/cp/data/data1.a", false)).WillOnce(
Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile("0000 is fake", "/etc/cp/data/data4.a")).WillOnce(
EXPECT_CALL(mock_orchestration_tools, writeFile("0000 is fake", "/etc/cp/data/data4.a", false)).WillOnce(
Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile("This is 3333", "/etc/cp/data/data6.a")).WillOnce(
EXPECT_CALL(mock_orchestration_tools, writeFile("This is 3333", "/etc/cp/data/data6.a", false)).WillOnce(
Return(true));
}
@@ -1333,26 +1335,6 @@ TEST_F(OrchestrationTest, manifestUpdate)
} catch (const invalid_argument& e) {}
}
TEST_F(OrchestrationTest, loadFromOrchestrationPolicy)
{
EXPECT_CALL(
rest,
mockRestCall(RestAction::ADD, "proxy", _)
).WillOnce(WithArg<2>(Invoke(this, &OrchestrationTest::restHandler)));
waitForRestCall();
init();
}
TEST_F(OrchestrationTest, loadFromOrchestrationBackupPolicy)
{
EXPECT_CALL(
rest,
mockRestCall(RestAction::ADD, "proxy", _)
).WillOnce(WithArg<2>(Invoke(this, &OrchestrationTest::restHandler)));
waitForRestCall();
init();
}
TEST_F(OrchestrationTest, getBadPolicyUpdate)
{
EXPECT_CALL(
@@ -1815,6 +1797,7 @@ TEST_F(OrchestrationTest, GetRestOrchStatus)
" \"Last update\": \"" + test_str + "\",\n"
" \"Last update status\": \"" + test_str + "\",\n"
" \"Policy version\": \"" + test_str + "\",\n"
" \"AI model version\": \"" + test_str + "\",\n"
" \"Last policy update\": \"" + test_str + "\",\n"
" \"Last manifest update\": \"" + test_str + "\",\n"
" \"Last settings update\": \"" + test_str + "\",\n"
@@ -1841,6 +1824,7 @@ TEST_F(OrchestrationTest, GetRestOrchStatus)
EXPECT_CALL(mock_status, getUpdateTime()).WillOnce(ReturnRef(test_str));
EXPECT_CALL(mock_status, getLastManifestUpdate()).WillOnce(ReturnRef(test_str));
EXPECT_CALL(mock_status, getPolicyVersion()).WillOnce(ReturnRef(test_str));
EXPECT_CALL(mock_status, getWaapModelVersion()).WillOnce(ReturnRef(test_str));
EXPECT_CALL(mock_status, getLastPolicyUpdate()).WillOnce(ReturnRef(test_str));
EXPECT_CALL(mock_status, getLastSettingsUpdate()).WillOnce(ReturnRef(test_str));
EXPECT_CALL(mock_status, getUpgradeMode()).WillOnce(ReturnRef(test_str));

42
components/security_apps/orchestration/service_controller/service_controller_ut/service_controller_ut.cc
View File

@@ -246,7 +246,8 @@ TEST_F(ServiceControllerTest, UpdateConfiguration)
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
.WillOnce(Return(json_parser_return));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path, false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_status,
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
@@ -357,8 +358,9 @@ TEST_F(ServiceControllerTest, supportVersions)
.WillOnce(Return(json_parser_return));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(policy_versions_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(versions, policy_versions_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path, false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(versions, policy_versions_path, false)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_status,
setServiceConfiguration("versions", policy_versions_path, OrchestrationStatusConfigType::POLICY));
EXPECT_CALL(mock_orchestration_status,
@@ -455,7 +457,8 @@ TEST_F(ServiceControllerTest, TimeOutUpdateConfiguration)
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
.WillOnce(Return(json_parser_return));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path, false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_status,
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
@@ -575,7 +578,8 @@ TEST_F(ServiceControllerTest, writeRegisteredServicesFromFile)
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
.WillOnce(Return(json_parser_return));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path, false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_status,
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
@@ -807,7 +811,8 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
.WillOnce(Return(json_parser_return));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path, false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_status,
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
@@ -965,7 +970,7 @@ TEST_F(ServiceControllerTest, backup)
).WillOnce(Return(true));
EXPECT_CALL(
mock_orchestration_tools,
writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true)
writeFile(l4_firewall, l4_firewall_policy_path, false)).WillOnce(Return(true)
);
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
.WillOnce(Return(true));
@@ -1078,7 +1083,7 @@ TEST_F(ServiceControllerTest, backup_file_doesnt_exist)
).WillOnce(Return(true));
EXPECT_CALL(
mock_orchestration_tools,
writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true)
writeFile(l4_firewall, l4_firewall_policy_path, false)).WillOnce(Return(true)
);
// backup file doesn't exist so the copyFile function should be called 0 times
@@ -1194,7 +1199,7 @@ TEST_F(ServiceControllerTest, backupAttempts)
EXPECT_CALL(
mock_orchestration_tools,
writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true)
writeFile(l4_firewall, l4_firewall_policy_path, false)).WillOnce(Return(true)
);
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
@@ -1311,8 +1316,10 @@ TEST_F(ServiceControllerTest, MultiUpdateConfiguration)
EXPECT_CALL(mock_orchestration_status,
setServiceConfiguration("orchestration", orchestration_policy_path, OrchestrationStatusConfigType::POLICY));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(orchestration, orchestration_policy_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path, false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, writeFile(orchestration, orchestration_policy_path, false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
@@ -1560,7 +1567,12 @@ TEST_F(ServiceControllerTest, ErrorUpdateConfigurationRest)
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
.WillOnce(Return(json_parser_return));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
EXPECT_CALL(
mock_orchestration_tools,
writeFile(
l4_firewall,
l4_firewall_policy_path,
false)).WillOnce(Return(true));
EXPECT_CALL(
mock_orchestration_status,
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY)
@@ -1667,7 +1679,7 @@ TEST_F(ServiceControllerTest, errorWhileWrtingNewConfiguration)
EXPECT_CALL(
mock_orchestration_tools,
writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(false)
writeFile(l4_firewall, l4_firewall_policy_path, false)).WillOnce(Return(false)
);
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
@@ -1782,7 +1794,7 @@ TEST_F(ServiceControllerTest, testMultitenantConfFiles)
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path_new)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path_new))
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path_new, false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_status, setServiceConfiguration(
@@ -1889,7 +1901,7 @@ TEST_F(ServiceControllerTest, test_delayed_reconf)
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
.WillOnce(Return(json_parser_return));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path, false)).
WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_status,
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));

2
components/security_apps/orchestration/update_communication/CMakeLists.txt
View File

@@ -1,2 +1,2 @@
add_library(update_communication update_communication.cc hybrid_communication.cc fog_communication.cc fog_authenticator.cc local_communication.cc declarative_policy_utils.cc)
add_library(update_communication update_communication.cc hybrid_communication.cc fog_communication.cc fog_authenticator.cc local_communication.cc declarative_policy_utils.cc fog_helper_open_source.cc)
#add_subdirectory(update_communication_ut)

17
components/security_apps/orchestration/update_communication/declarative_policy_utils.cc
View File

@@ -16,6 +16,7 @@ USE_DEBUG_FLAG(D_ORCHESTRATOR);
void
DeclarativePolicyUtils::init()
{
local_policy_path = getFilesystemPathConfig() + "/conf/local_policy.yaml";
should_apply_policy = true;
Singleton::Consume<I_RestApi>::by<DeclarativePolicyUtils>()->addRestCall<ApplyPolicyRest>(
RestAction::SET, "apply-policy"
@@ -25,9 +26,10 @@ DeclarativePolicyUtils::init()
// LCOV_EXCL_START Reason: no test exist
void
DeclarativePolicyUtils::upon(const ApplyPolicyEvent &)
DeclarativePolicyUtils::upon(const ApplyPolicyEvent &event)
{
dbgTrace(D_ORCHESTRATOR) << "Apply policy event";
local_policy_path = event.getPolicyPath();
should_apply_policy = true;
}
// LCOV_EXCL_STOP
@@ -54,11 +56,9 @@ DeclarativePolicyUtils::getLocalPolicyChecksum()
return orchestration_tools->readFile("/etc/cp/conf/k8s-policy-check.trigger");
}
string policy_path = Singleton::Consume<I_LocalPolicyMgmtGen>::by<DeclarativePolicyUtils>()->getLocalPolicyPath();
Maybe<string> file_checksum = orchestration_tools->calculateChecksum(
I_OrchestrationTools::SELECTED_CHECKSUM_TYPE,
policy_path
local_policy_path
);
if (!file_checksum.ok()) {
@@ -83,8 +83,11 @@ void
DeclarativePolicyUtils::updateCurrentPolicy(const string &policy_checksum)
{
string clean_policy_checksum = getCleanChecksum(policy_checksum);
curr_policy = Singleton::Consume<I_LocalPolicyMgmtGen>::by<DeclarativePolicyUtils>()->parsePolicy(
clean_policy_checksum
auto env = Singleton::Consume<I_EnvDetails>::by<DeclarativePolicyUtils>()->getEnvType();
curr_policy = Singleton::Consume<I_LocalPolicyMgmtGen>::by<DeclarativePolicyUtils>()->generateAppSecLocalPolicy(
env,
clean_policy_checksum,
local_policy_path
);
}
@@ -94,7 +97,7 @@ DeclarativePolicyUtils::getPolicyChecksum()
I_OrchestrationTools *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<DeclarativePolicyUtils>();
Maybe<string> file_checksum = orchestration_tools->calculateChecksum(
I_OrchestrationTools::SELECTED_CHECKSUM_TYPE,
Singleton::Consume<I_LocalPolicyMgmtGen>::by<DeclarativePolicyUtils>()->getAgentPolicyPath()
"/tmp/local_appsec.policy"
);
if (!file_checksum.ok()) {

5
components/security_apps/orchestration/update_communication/fog_authenticator.cc
View File

@@ -187,6 +187,8 @@ FogAuthenticator::registerAgent(
request << make_pair("managedMode", "management");
}
request << make_pair("userEdition", getUserEdition());
if (details_resolver->isReverseProxy()) {
request << make_pair("reverse_proxy", "true");
}
@@ -207,6 +209,9 @@ FogAuthenticator::registerAgent(
if (details_resolver->compareCheckpointVersion(8100, std::greater_equal<int>())) {
request << make_pair("isCheckpointVersionGER81", "true");
}
if (details_resolver->compareCheckpointVersion(8200, std::greater_equal<int>())) {
request << make_pair("isCheckpointVersionGER82", "true");
}
#endif // gaia || smb
auto fog_messaging = Singleton::Consume<I_Messaging>::by<FogAuthenticator>();

9
components/security_apps/orchestration/update_communication/fog_helper_open_source.cc Executable file
View File

@@ -0,0 +1,9 @@
#include "fog_authenticator.h"
#include <string>
std::string
FogAuthenticator::getUserEdition() const
{
return "community";
}