April 21th 2024 update

2025-09-29 19:24:26 +03:00 · 2024-04-21 12:38:24 +00:00
parent 189c9209c9
commit 66ed4a8d81
73 changed files with 994 additions and 1166 deletions
--- a/components/security_apps/orchestration/details_resolver/details_resolver.cc
+++ b/components/security_apps/orchestration/details_resolver/details_resolver.cc
@@ -44,6 +44,7 @@ public:
    bool isGwNotVsx() override;
    bool isVersionAboveR8110() override;
    bool isReverseProxy() override;
+    bool isCloudStorageEnabled() override;
    Maybe<tuple<string, string, string>> parseNginxMetadata() override;
 #if defined(gaia) || defined(smb)
    bool compareCheckpointVersion(int cp_version, std::function<bool(int, int)> compare_operator) const override;
@@ -135,6 +136,18 @@ DetailsResolver::Impl::isReverseProxy()
    return getenv("DOCKER_RPM_ENABLED") && getenv("DOCKER_RPM_ENABLED") == string("true");
 }

+bool
+DetailsResolver::Impl::isCloudStorageEnabled()
+{
+    auto cloud_storage_mode_override = getProfileAgentSetting<bool>("agent.cloudStorage.enabled");
+    if (cloud_storage_mode_override.ok()) {
+        dbgInfo(D_ORCHESTRATOR) << "Received cloud-storage mode override: " << *cloud_storage_mode_override;
+        return *cloud_storage_mode_override;
+    }
+
+    return getenv("CLOUD_STORAGE_ENABLED") && getenv("CLOUD_STORAGE_ENABLED") == string("true");
+}
+
 bool
 DetailsResolver::Impl::isKernelVersion3OrHigher()
 {
--- a/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
+++ b/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
@@ -32,6 +32,17 @@ checkSAMLSupportedBlade(const string &command_output)
    return genError("Current host does not have SAML capability");
 }

+Maybe<string>
+checkIDABlade(const string &command_output)
+{
+    string idaBlade = "identityServer";
+    if (command_output.find(idaBlade) != string::npos) {
+        return string("true");
+    }
+
+    return genError("Current host does not have IDA installed");
+}
+
 Maybe<string>
 checkSAMLPortal(const string &command_output)
 {
@@ -43,9 +54,19 @@ checkSAMLPortal(const string &command_output)
 }

 Maybe<string>
-getIDASSamlGaia(const string &command_output)
+checkPepIdaIdnStatus(const string &command_output)
 {
-    return string("idaSaml_gaia");
+    if (command_output.find("ida_idn_nano_service_enabled=1") != string::npos) {
+        return string("true");
+    }
+
+    return genError("Current host does not have PEP control IDA IDN enabled");
+}
+
+Maybe<string>
+getIDAGaiaPackages(const string &command_output)
+{
+    return string("idaSaml_gaia;idaIdn_gaia;idaIdnBg_gaia;");
 }

 Maybe<string>
@@ -76,6 +97,18 @@ checkIsInstallHorizonTelemetrySucceeded(const string &command_output)
    return command_output;
 }

+Maybe<string>
+getQUID(const string &command_output)
+{
+    if (command_output == "" ) return string("false");
+    //  validate valid QUID - contains exactly 4 '-'
+    if (std::count(command_output.begin(), command_output.end(), '-') != 4) {
+        return genError("not valid QUID");
+    }
+    return command_output;
+}
+
+
 Maybe<string>
 checkHasSDWan(const string &command_output)
 {
@@ -92,6 +125,26 @@ checkCanUpdateSDWanData(const string &command_output)
    return string("true");
 }

+Maybe<string>
+checkLsmProfileName(const string &command_output)
+{
+    if (!command_output.empty()) {
+        return command_output;
+    }
+
+    return genError("LSM profile name was not found");
+}
+
+Maybe<string>
+checkLsmProfileUuid(const string &command_output)
+{
+    if (!command_output.empty()) {
+        return command_output;
+    }
+
+    return genError("LSM profile uuid was not found");
+}
+
 Maybe<string>
 getMgmtObjType(const string &command_output)
 {
--- a/components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
+++ b/components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
@@ -46,6 +46,9 @@ SHELL_CMD_HANDLER("prerequisitesForHorizonTelemetry",
    "[ -f /var/log/nano_agent/cp-nano-horizon-telemetry-prerequisites.log ] "
    "&& head -1 /var/log/nano_agent/cp-nano-horizon-telemetry-prerequisites.log || echo ''",
    checkIsInstallHorizonTelemetrySucceeded)
+SHELL_CMD_HANDLER("QUID", "[ -d /opt/CPquid ] "
+    "&& python3 /opt/CPquid/Quid_Api.py -i /opt/CPotelcol/quid_api/get_global_id.json | jq -r .message || echo ''",
+    getQUID)
 SHELL_CMD_HANDLER("hasSDWan", "[ -f $FWDIR/bin/sdwan_steering ] && echo '1' || echo '0'", checkHasSDWan)
 SHELL_CMD_HANDLER(
    "canUpdateSDWanData",
@@ -56,6 +59,16 @@ SHELL_CMD_HANDLER(
    "isSdwanRunning",
    "[ -v $(pidof cp-nano-sdwan) ] && echo 'false' || echo 'true'",
    checkIfSdwanRunning)
+SHELL_CMD_HANDLER(
+    "lsmProfileName",
+    "jq -r .lsm_profile_name /tmp/cpsdwan_getdata_orch.json",
+    checkLsmProfileName
+)
+SHELL_CMD_HANDLER(
+    "lsmProfileUuid",
+    "jq -r .lsm_profile_uuid /tmp/cpsdwan_getdata_orch.json",
+    checkLsmProfileUuid
+)
 SHELL_CMD_HANDLER(
    "IP Address",
    "[ $(cpprod_util FWisDAG) -eq 1 ] && echo \"Dynamic Address\" "
@@ -84,8 +97,10 @@ SHELL_CMD_HANDLER(

 #if defined(gaia)
 SHELL_CMD_HANDLER("hasSAMLSupportedBlade", "enabled_blades", checkSAMLSupportedBlade)
-SHELL_CMD_HANDLER("hasSAMLPortal", "mpclient status saml-vpn", checkSAMLPortal)
-SHELL_CMD_HANDLER("requiredNanoServices", "ida_saml_gaia", getIDASSamlGaia)
+SHELL_CMD_HANDLER("hasIDABlade", "enabled_blades", checkIDABlade)
+SHELL_CMD_HANDLER("hasSAMLPortal", "mpclient status nac", checkSAMLPortal)
+SHELL_CMD_HANDLER("hasIdaIdnEnabled", "pep control IDN_nano_Srv_support status", checkPepIdaIdnStatus)
+SHELL_CMD_HANDLER("requiredNanoServices", "ida_packages", getIDAGaiaPackages)
 SHELL_CMD_HANDLER(
    "cpProductIntegrationMgmtParentObjectName",
    "cat $FWDIR/database/myself_objects.C "