github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-29 11:16:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

Jan_31_2024-Dev

Browse Source
This commit is contained in:
Ned Wright
2024-01-31 17:34:53 +00:00
parent 752a5785f0
commit 6d67818a94
376 changed files with 8101 additions and 7064 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
components/security_apps/orchestration/details_resolver/details_resolver.cc
View File

@@ -41,7 +41,7 @@ public:
string getAgentVersion() override;
bool isKernelVersion3OrHigher() override;
bool isGwNotVsx() override;
bool isVersionEqualOrAboveR8110() override;
bool isVersionAboveR8110() override;
bool isReverseProxy() override;
Maybe<tuple<string, string, string>> parseNginxMetadata() override;
#if defined(gaia) || defined(smb)
@@ -193,10 +193,12 @@ DetailsResolver::Impl::getCheckpointVersion() const
#endif // gaia || smb
bool
DetailsResolver::Impl::isVersionEqualOrAboveR8110()
DetailsResolver::Impl::isVersionAboveR8110()
{
#if defined(gaia) || defined(smb)
return compareCheckpointVersion(8110, std::greater_equal<int>());
#if defined(gaia)
return compareCheckpointVersion(8110, std::greater<int>());
#elif defined(smb)
return true;
#endif
return false;
}

19
components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
View File

@@ -20,7 +20,7 @@
#if defined(gaia)
Maybe<string>
checkHasSupportedBlade(const string &command_output)
checkSAMLSupportedBlade(const string &command_output)
{
string supportedBlades[3] = {"identityServer", "vpn", "cvpn"};
for(const string &blade : supportedBlades) {
@@ -29,11 +29,11 @@ checkHasSupportedBlade(const string &command_output)
}
}
return genError("Current host does not have IDA capability");
return genError("Current host does not have SAML capability");
}
Maybe<string>
checkSamlPortal(const string &command_output)
checkSAMLPortal(const string &command_output)
{
if (command_output.find("Portal is running") != string::npos) {
return string("true");
@@ -43,9 +43,9 @@ checkSamlPortal(const string &command_output)
}
Maybe<string>
getIDAGaia(const string &command_output)
getIDASSamlGaia(const string &command_output)
{
return string("ida_gaia");
return string("idaSaml_gaia");
}
Maybe<string>
@@ -211,6 +211,15 @@ getClusterObjectIP(const string &command_output)
return getAttr(command_output, "Cluster object IP was not found");
}
Maybe<string>
getFecApplicable(const string &command_output)
{
if (command_output == "0") return string("true");
if (command_output == "1") return string("false");
return genError("Could not determine if fec applicable");
}
Maybe<string>
getSmbObjectName(const string &command_output)
{

37
components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
View File

@@ -27,6 +27,15 @@
// use SHELL_CMD_HANDLER(key as string, shell command as string, ptr to Maybe<string> handler(const string&))
// to return a string value for an attribute key based on a logic executed in a handler that receives
// shell command execution output as its input
#ifdef SHELL_PRE_CMD
#if defined(gaia) || defined(smb)
SHELL_PRE_CMD("read sdwan data",
"(cpsdwan get_data > /tmp/cpsdwan_getdata_orch.json~) "
"&& (mv /tmp/cpsdwan_getdata_orch.json~ /tmp/cpsdwan_getdata_orch.json)")
#endif
#endif
#ifdef SHELL_CMD_HANDLER
#if defined(gaia) || defined(smb)
SHELL_CMD_HANDLER("cpProductIntegrationMgmtObjectType", "cpprod_util CPPROD_IsMgmtMachine", getMgmtObjType)
@@ -41,7 +50,7 @@ SHELL_CMD_HANDLER("isCPotelcolGRET64",
SHELL_CMD_HANDLER("hasSDWan", "[ -f $FWDIR/bin/sdwan_steering ] && echo '1' || echo '0'", checkHasSDWan)
SHELL_CMD_HANDLER(
"canUpdateSDWanData",
"CPSDWAN_NOLOGS=1 cpsdwan get_data -f can_update_sdwan_data | jq -r .can_update_sdwan_data",
"jq -r .can_update_sdwan_data /tmp/cpsdwan_getdata_orch.json",
checkCanUpdateSDWanData
)
SHELL_CMD_HANDLER(
@@ -50,7 +59,8 @@ SHELL_CMD_HANDLER(
checkIfSdwanRunning)
SHELL_CMD_HANDLER(
"IP Address",
"cpsdwan get_data | jq -r .main_ip",
"[ $(cpprod_util FWisDAG) -eq 1 ] && echo \"Dynamic Address\" "
"|| (jq -r .main_ip /tmp/cpsdwan_getdata_orch.json)",
getGWIPAddress
)
SHELL_CMD_HANDLER(
@@ -60,18 +70,23 @@ SHELL_CMD_HANDLER(
)
SHELL_CMD_HANDLER(
"cpProductIntegrationMgmtParentObjectIP",
"obj=\"$(cpsdwan get_data | jq -r .cluster_name)\";"
"obj=\"$(jq -r .cluster_name /tmp/cpsdwan_getdata_orch.json)\";"
" awk -v obj=\"$obj\" '$1 == \":\" && $2 == \"(\" obj, $1 == \":ip_address\" { if ($1 == \":ip_address\")"
" { gsub(/[()]/, \"\", $2); print $2; exit; } }'"
" $FWDIR/state/local/FW1/local.gateway_cluster",
getClusterObjectIP
)
SHELL_CMD_HANDLER(
"isFecApplicable",
"fw ctl get int support_fec |& grep -sq \"support_fec =\";echo $?",
getFecApplicable
)
#endif //gaia || smb
#if defined(gaia)
SHELL_CMD_HANDLER("hasSupportedBlade", "enabled_blades", checkHasSupportedBlade)
SHELL_CMD_HANDLER("hasSamlPortal", "mpclient status saml-vpn", checkSamlPortal)
SHELL_CMD_HANDLER("requiredNanoServices", "ida_gaia", getIDAGaia)
SHELL_CMD_HANDLER("hasSAMLSupportedBlade", "enabled_blades", checkSAMLSupportedBlade)
SHELL_CMD_HANDLER("hasSAMLPortal", "mpclient status saml-vpn", checkSAMLPortal)
SHELL_CMD_HANDLER("requiredNanoServices", "ida_saml_gaia", getIDASSamlGaia)
SHELL_CMD_HANDLER(
"cpProductIntegrationMgmtParentObjectName",
"cat $FWDIR/database/myself_objects.C "
@@ -109,12 +124,12 @@ SHELL_CMD_HANDLER(
#if defined(smb)
SHELL_CMD_HANDLER(
"cpProductIntegrationMgmtParentObjectName",
"cpsdwan get_data | jq -r .cluster_name",
"jq -r .cluster_name /tmp/cpsdwan_getdata_orch.json",
getSmbMgmtParentObjName
)
SHELL_CMD_HANDLER(
"cpProductIntegrationMgmtParentObjectUid",
"cpsdwan get_data | jq -r .cluster_uuid",
"jq -r .cluster_uuid /tmp/cpsdwan_getdata_orch.json",
getSmbMgmtParentObjUid
)
SHELL_CMD_HANDLER(
@@ -150,7 +165,11 @@ SHELL_CMD_OUTPUT("helloWorld", "cat /tmp/agentHelloWorld 2>/dev/null")
#if defined(gaia)
FILE_CONTENT_HANDLER("hasIdpConfigured", "/opt/CPSamlPortal/phpincs/spPortal/idpPolicy.xml", checkIDP)
FILE_CONTENT_HANDLER(
"hasIdpConfigured",
(getenv("SAMLPORTAL_HOME") ? string(getenv("SAMLPORTAL_HOME")) : "") + "/phpincs/spPortal/idpPolicy.xml",
checkIDP
)
FILE_CONTENT_HANDLER(
"cpProductIntegrationMgmtObjectName",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",

22
components/security_apps/orchestration/details_resolver/details_resolving_handler.cc
View File

@@ -43,6 +43,12 @@ public:
static Maybe<string> getCommandOutput(const string &cmd);
private:
#define SHELL_PRE_CMD(NAME, COMMAND) {NAME, COMMAND},
map<string, string> shell_pre_commands = {
#include "details_resolver_impl.h"
};
#undef SHELL_PRE_CMD
#define SHELL_CMD_OUTPUT(ATTRIBUTE, COMMAND) SHELL_CMD_HANDLER(ATTRIBUTE, COMMAND, [](const string &s) { return s; })
#define SHELL_CMD_HANDLER(ATTRIBUTE, COMMAND, HANDLER) {ATTRIBUTE, {COMMAND, ShellCommandHandler(HANDLER)}},
map<string, pair<string, ShellCommandHandler>> shell_command_handlers = {
@@ -61,6 +67,21 @@ private:
map<string, string>
DetailsResolvingHanlder::Impl::getResolvedDetails() const
{
I_ShellCmd *shell = Singleton::Consume<I_ShellCmd>::by<DetailsResolvingHanlder>();
uint32_t timeout = getConfigurationWithDefault<uint32_t>(5000, "orchestration", "Details resolver time out");
for (auto &shell_pre_command : shell_pre_commands) {
const string &name = shell_pre_command.first;
const string &command = shell_pre_command.second;
Maybe<int> command_ret = shell->getExecReturnCode(command, timeout);
if (!command_ret.ok()) {
dbgWarning(D_AGENT_DETAILS) << "Failed to run pre-command " << name;
} else if (*command_ret) {
dbgWarning(D_AGENT_DETAILS) << "Pre-command " << name << " failed (rc: " << *command_ret << ")";
}
}
map<string, string> resolved_details;
for (auto shell_handler : shell_command_handlers) {
const string &attr = shell_handler.first;
@@ -116,7 +137,6 @@ DetailsResolvingHanlder::Impl::getCommandOutput(const string &cmd)
DetailsResolvingHanlder::DetailsResolvingHanlder() : pimpl(make_unique<Impl>()) {}
DetailsResolvingHanlder::~DetailsResolvingHanlder() {}
map<string, string>
DetailsResolvingHanlder::getResolvedDetails() const
{

16
components/security_apps/orchestration/downloader/curl_client.cc
View File

@@ -55,7 +55,7 @@ HttpCurl::HttpCurl(
const string &_bearer,
const Maybe<string> &proxy_url,
const Maybe<uint16_t> &proxy_port,
const Maybe<string> &proxy_auth)
const Maybe<string> &_proxy_auth)
:
url(_url),
out_file(_out_file),
@@ -85,10 +85,10 @@ HttpCurl::HttpCurl(
proxy = proxy_url.unpack() + ":" + to_string(proxy_port.unpack());
}
}
if (proxy_auth.ok())
if (_proxy_auth.ok())
{
I_Encryptor *encryptor = Singleton::Consume<I_Encryptor>::by<HttpCurl>();
proxy_credentials = "Proxy-Authorization: Basic " + encryptor->base64Encode(proxy_auth.unpack());
proxy_auth = "Proxy-Authorization: Basic " + encryptor->base64Encode(_proxy_auth.unpack());
}
}
@@ -98,7 +98,7 @@ HttpCurl::HttpCurl(const HttpCurl &other)
out_file(other.out_file),
bearer(other.bearer),
proxy(other.proxy),
proxy_credentials(other.proxy_credentials),
proxy_auth(other.proxy_auth),
curl(unique_ptr<CURL, function<void(CURL *)>>(curl_easy_init(), curl_easy_cleanup))
{
}
@@ -133,9 +133,9 @@ HttpCurl::setCurlOpts(long timeout, HTTP_VERSION http_version)
if (!proxy.empty())
{
curl_easy_setopt(curl_handle, CURLOPT_PROXY, proxy.c_str());
if (!proxy_credentials.empty())
if (!proxy_auth.empty())
{
proxy_headers = curl_slist_append(proxy_headers, proxy_credentials.c_str());
proxy_headers = curl_slist_append(proxy_headers, proxy_auth.c_str());
//Apply proxy headers
curl_easy_setopt(curl_handle, CURLOPT_PROXYHEADER, proxy_headers);
}
@@ -330,9 +330,9 @@ HttpsCurl::setCurlOpts(long timeout, HTTP_VERSION http_version)
if (!proxy.empty())
{
curl_easy_setopt(curl_handle, CURLOPT_PROXY, proxy.c_str());
if (!proxy_credentials.empty())
if (!proxy_auth.empty())
{
proxy_headers = curl_slist_append(proxy_headers, proxy_credentials.c_str());
proxy_headers = curl_slist_append(proxy_headers, proxy_auth.c_str());
//Apply proxy headers
curl_easy_setopt(curl_handle, CURLOPT_PROXYHEADER, proxy_headers);
}

2
components/security_apps/orchestration/downloader/curl_client.h
View File

@@ -83,7 +83,7 @@ protected:
std::ofstream &out_file;
std::string bearer;
std::string proxy;
std::string proxy_credentials;
std::string proxy_auth;
std::unique_ptr<CURL, std::function<void(CURL *)>> curl;
std::string curl_url;
};

39
components/security_apps/orchestration/downloader/downloader.cc
View File

@@ -81,6 +81,8 @@ public:
const string &service_name
) const override;
Maybe<string> checkIfFileExists(const Package &package) const override;
void removeDownloadFile(const string &file_name) const override;
void createTenantProfileMap();
string getProfileFromMap(const string &tenant_id) const override;
@@ -194,12 +196,18 @@ Downloader::Impl::downloadVirtualFileFromFog(
static const string error_text = "error";
map<pair<string, string>, string> res;
string general_file_path = dir_path + "/" + resourse_file.getFileName() + "_general.download";
I_UpdateCommunication *update_communication = Singleton::Consume<I_UpdateCommunication>::by<Downloader>();
auto downloaded_data = update_communication->downloadAttributeFile(resourse_file);
auto downloaded_data = update_communication->downloadAttributeFile(resourse_file, general_file_path);
if (!downloaded_data.ok()) return downloaded_data.passErr();
I_OrchestrationTools *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<Downloader>();
Maybe<string> file_content = orchestration_tools->readFile(general_file_path);
if (!file_content.ok()) return file_content.passErr();
Document document;
document.Parse(downloaded_data.unpack().c_str());
document.Parse(file_content.unpack().c_str());
if (document.HasParseError()) {
dbgWarning(D_ORCHESTRATOR) << "JSON file is not valid";
return genError("JSON file is not valid.");
@@ -241,7 +249,6 @@ Downloader::Impl::downloadVirtualFileFromFog(
rapidjson::Writer<rapidjson::StringBuffer> writer(buffer);
artifact_data->value.Accept(writer);
I_OrchestrationTools *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<Downloader>();
if (orchestration_tools->writeFile(buffer.GetString(), file_path)) {
res.insert({{tenant_id, profile_id}, file_path});
}
@@ -324,6 +331,24 @@ Downloader::Impl::downloadFileFromURL(
return file_path;
}
Maybe<string>
Downloader::Impl::checkIfFileExists(const Package &package) const
{
string file_name = package.getName() + ".download";
Maybe<string> maybe_path = dir_path + "/" + file_name;
return validateChecksum(package.getChecksum(), package.getChecksumType(), maybe_path);
}
void
Downloader::Impl::removeDownloadFile(const string &file_name) const
{
string file_path = dir_path + "/" + file_name + ".download";
dbgInfo(D_ORCHESTRATOR) << "Removing download file " << file_path;
I_OrchestrationTools *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<Downloader>();
orchestration_tools->removeFile(file_path);
}
Maybe<string>
Downloader::Impl::validateChecksum(
const string &checksum,
@@ -355,13 +380,11 @@ Downloader::Impl::downloadFileFromFogByHTTP(const GetResourceFile &resourse_file
dbgInfo(D_ORCHESTRATOR) << "Downloading file from fog. File: " << resourse_file.getFileName();
I_UpdateCommunication *update_communication = Singleton::Consume<I_UpdateCommunication>::by<Downloader>();
auto downloaded_file = update_communication->downloadAttributeFile(resourse_file);
auto downloaded_file = update_communication->downloadAttributeFile(resourse_file, file_path);
if (!downloaded_file.ok()) return genError(downloaded_file.getErr());
dbgInfo(D_ORCHESTRATOR) << "Download completed. File: " << resourse_file.getFileName();
I_OrchestrationTools *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<Downloader>();
if (orchestration_tools->writeFile(downloaded_file.unpack(), file_path)) return file_path;
return genError("Failed to write the attribute file. File: " + file_name);
dbgInfo(D_ORCHESTRATOR) << "Download completed. File: " << resourse_file.getFileName();
return file_path;
}
Maybe<string>

81
components/security_apps/orchestration/downloader/downloader_ut/downloader_ut.cc
View File

@@ -18,6 +18,7 @@ class DownloaderTest : public Test
public:
DownloaderTest()
{
Debug::setUnitTestFlag(D_ORCHESTRATOR, Debug::DebugLevel::TRACE);
setConfiguration<string>("/tmp", "orchestration", "Default file download path");
EXPECT_CALL(mock_orchestration_tools, createDirectory("/tmp")).WillOnce(Return(true));
downloader.init();
@@ -44,15 +45,14 @@ TEST_F(DownloaderTest, downloadFileFromFog)
GetResourceFile resourse_file(GetResourceFile::ResourceFileType::VIRTUAL_SETTINGS);
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file)).WillOnce(Return(fog_response));
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file, "/tmp/virtualSettings.download"))
.WillOnce(Return(fog_response));
EXPECT_CALL(
mock_orchestration_tools,
calculateChecksum(Package::ChecksumTypes::SHA256, "/tmp/virtualSettings.download")
).WillOnce(Return(string("123")));
EXPECT_CALL(mock_orchestration_tools, writeFile(fog_response, "/tmp/virtualSettings.download", false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile("/tmp/virtualSettings.download")).WillOnce(Return(true));
Maybe<string> downloaded_file = i_downloader->downloadFileFromFog(
@@ -71,7 +71,10 @@ TEST_F(DownloaderTest, downloadFileFromFogFailure)
Maybe<string> fog_response(genError("Failed to download"));
GetResourceFile resourse_file(GetResourceFile::ResourceFileType::SETTINGS);
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file)).WillOnce(Return(fog_response));
EXPECT_CALL(
mock_communication,
downloadAttributeFile(resourse_file, "/tmp/settings.download")
).WillOnce(Return(fog_response));
Maybe<string> downloaded_file = i_downloader->downloadFileFromFog(
checksum,
@@ -124,6 +127,53 @@ TEST_F(DownloaderTest, registerConfig)
env.fini();
}
TEST_F(DownloaderTest, checkIfFileExists)
{
string local_file_path = "/tmp/test_file.sh";
string url = "file://" + local_file_path;
string dir_path = getConfigurationWithDefault<string>(
"/tmp/orchestration_downloads",
"orchestration",
"Default file download path"
);
string manifest =
"{"
" \"packages\": ["
" {"
" \"name\": \"test\","
" \"version\": \"c\","
" \"download-path\": \"http://172.23.92.135/my.sh\","
" \"relative-path\": \"\","
" \"checksum-type\": \"sha1sum\","
" \"checksum\": \"1234\","
" \"package-type\": \"service\","
" \"require\": []"
" }"
" ]"
"}";
vector<Package> manifest_services;
std::stringstream os(manifest);
cereal::JSONInputArchive archive_in(os);
archive_in(manifest_services);
string service_name = "test";
string file_name = service_name + ".download";
string file_path = dir_path + "/" + file_name;
string checksum = "1234";
Package::ChecksumTypes checksum_type = Package::ChecksumTypes::SHA1;
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(checksum_type, file_path)).WillOnce(Return(checksum));
i_downloader->checkIfFileExists(manifest_services[0]);
}
TEST_F(DownloaderTest, removeDownloadFile)
{
string file_path = "/tmp/package.download";
EXPECT_CALL(mock_orchestration_tools, removeFile(file_path)).WillOnce(Return(true));
i_downloader->removeDownloadFile("package");
}
TEST_F(DownloaderTest, downloadWithBadChecksum)
{
string local_file_path = "/tmp/test_file.sh";
@@ -181,10 +231,9 @@ TEST_F(DownloaderTest, downloadEmptyFileFromFog)
GetResourceFile resourse_file(GetResourceFile::ResourceFileType::MANIFEST);
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file)).WillOnce(Return(fog_response));
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file, "/tmp/manifest.download"))
.WillOnce(Return(fog_response));
EXPECT_CALL(mock_orchestration_tools, writeFile(fog_response, "/tmp/manifest.download", false))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile("/tmp/manifest.download")).WillOnce(Return(false));
EXPECT_CALL(
@@ -340,7 +389,13 @@ TEST_F(DownloaderTest, download_virtual_policy)
" ]\n"
"}";
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file)).WillOnce(Return(fog_response));
EXPECT_CALL(
mock_communication,
downloadAttributeFile(resourse_file, "/tmp/virtualPolicy_general.download"))
.WillOnce(Return(fog_response));
EXPECT_CALL(mock_orchestration_tools, readFile("/tmp/virtualPolicy_general.download"))
.WillOnce(Return(fog_response));
EXPECT_CALL(
mock_orchestration_tools,
@@ -428,7 +483,15 @@ TEST_F(DownloaderTest, download_virtual_settings)
" ]\n"
"}";
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file)).WillOnce(Return(fog_response));
EXPECT_CALL(
mock_communication,
downloadAttributeFile(resourse_file, "/tmp/virtualSettings_general.download"))
.WillOnce(Return(fog_response));
EXPECT_CALL(
mock_orchestration_tools,
readFile("/tmp/virtualSettings_general.download")
).WillOnce(Return(fog_response));
stringstream tenant_0000_path;
tenant_0000_path << "/tmp/virtualSettings_4c721b40-85df-4364-be3d-303a10ee9789"

4
components/security_apps/orchestration/downloader/http_client.cc
View File

@@ -221,7 +221,7 @@ HTTPClient::curlGetFileOverHttp(const URLParser &url, ofstream &out_file, const
token,
proxy_config->getProxyDomain(ProxyProtocol::HTTPS),
proxy_config->getProxyPort(ProxyProtocol::HTTPS),
proxy_config->getProxyCredentials(ProxyProtocol::HTTPS));
proxy_config->getProxyAuthentication(ProxyProtocol::HTTPS));
http_curl_client.setCurlOpts();
bool connection_ok = http_curl_client.connect();
@@ -251,7 +251,7 @@ HTTPClient::getFileHttp(const URLParser &url, ofstream &out_file, const string &
url,
proxy_config->getProxyDomain(ProxyProtocol::HTTP),
proxy_config->getProxyPort(ProxyProtocol::HTTP),
proxy_config->getProxyCredentials(ProxyProtocol::HTTP),
proxy_config->getProxyAuthentication(ProxyProtocol::HTTP),
token
);
auto handle_connect_res = client_connection.handleConnect();

2
components/security_apps/orchestration/downloader/http_client.h
View File

@@ -17,14 +17,12 @@
#include <string>
#include "maybe_res.h"
#include "url_parser.h"
#include "i_messaging.h"
#include "i_agent_details.h"
#include "i_proxy_configuration.h"
// LCOV_EXCL_START Reason: Depends on real download server.
class HTTPClient
:
public Singleton::Consume<I_Messaging>,
public Singleton::Consume<I_AgentDetails>,
public Singleton::Consume<I_ProxyConfiguration>
{

4
components/security_apps/orchestration/downloader/https_client.cc
View File

@@ -544,7 +544,7 @@ HTTPClient::getFileSSL(const URLParser &url, ofstream &out_file, const string &t
url,
proxy_config->getProxyDomain(ProxyProtocol::HTTPS),
proxy_config->getProxyPort(ProxyProtocol::HTTPS),
proxy_config->getProxyCredentials(ProxyProtocol::HTTPS),
proxy_config->getProxyAuthentication(ProxyProtocol::HTTPS),
token
);
@@ -589,7 +589,7 @@ HTTPClient::curlGetFileOverSSL(const URLParser &url, ofstream &out_file, const s
token,
proxy_config->getProxyDomain(ProxyProtocol::HTTPS),
proxy_config->getProxyPort(ProxyProtocol::HTTPS),
proxy_config->getProxyCredentials(ProxyProtocol::HTTPS),
proxy_config->getProxyAuthentication(ProxyProtocol::HTTPS),
cert_file_path);
ssl_curl_client.setCurlOpts();

2
components/security_apps/orchestration/health_check/health_check_ut/CMakeLists.txt
View File

@@ -3,5 +3,5 @@ link_directories(${BOOST_ROOT}/lib)
add_unit_test(
health_check_ut
"health_check_ut.cc"
"health_check;mainloop;singleton;agent_details;config;logging;metric;event_is;health_check_manager;-lboost_regex;-lboost_system"
"health_check;messaging;mainloop;singleton;agent_details;config;logging;metric;event_is;health_check_manager;-lboost_regex;-lboost_system"
)

5
components/security_apps/orchestration/include/fog_communication.h
View File

@@ -40,7 +40,10 @@ class FogCommunication : public FogAuthenticator
public:
void init() override;
Maybe<void> getUpdate(CheckUpdateRequest &request) override;
Maybe<std::string> downloadAttributeFile(const GetResourceFile &resourse_file) override;
Maybe<std::string> downloadAttributeFile(
const GetResourceFile &resourse_file,
const std::string &file_path
) override;
Maybe<void> sendPolicyVersion(
const std::string &policy_version,
const std::string &policy_versions

1
components/security_apps/orchestration/include/get_status_rest.h
View File

@@ -14,7 +14,6 @@
#ifndef __GET_STATUS_RES_H__
#define __GET_STATUS_RES_H__
#include "i_messaging.h"
#include "i_mainloop.h"
#include "i_shell_cmd.h"
#include "i_encryptor.h"

5
components/security_apps/orchestration/include/hybrid_communication.h
View File

@@ -45,7 +45,10 @@ class HybridCommunication
public:
void init() override;
Maybe<void> getUpdate(CheckUpdateRequest &request) override;
Maybe<std::string> downloadAttributeFile(const GetResourceFile &resourse_file) override;
Maybe<std::string> downloadAttributeFile(
const GetResourceFile &resourse_file,
const std::string &file_path
) override;
Maybe<void> sendPolicyVersion(
const std::string &policy_version,
const std::string &policy_versions

5
components/security_apps/orchestration/include/local_communication.h
View File

@@ -31,7 +31,10 @@ public:
Maybe<void> authenticateAgent() override;
Maybe<void> getUpdate(CheckUpdateRequest &request) override;
Maybe<std::string> downloadAttributeFile(const GetResourceFile &resourse_file) override;
Maybe<std::string> downloadAttributeFile(
const GetResourceFile &resourse_file,
const std::string &file_path
) override;
void setAddressExtenesion(const std::string &extension) override;
Maybe<void> sendPolicyVersion(
const std::string &policy_version,

2
components/security_apps/orchestration/include/mock/mock_details_resolver.h
View File

@@ -39,7 +39,7 @@ public:
MOCK_METHOD0(isKernelVersion3OrHigher, bool());
MOCK_METHOD0(isGwNotVsx, bool());
MOCK_METHOD0(getResolvedDetails, std::map<std::string, std::string>());
MOCK_METHOD0(isVersionEqualOrAboveR8110, bool());
MOCK_METHOD0(isVersionAboveR8110, bool());
MOCK_METHOD0(parseNginxMetadata, Maybe<std::tuple<std::string, std::string, std::string>>());
};

10
components/security_apps/orchestration/include/mock/mock_downloader.h
View File

@@ -41,6 +41,16 @@ public:
Maybe<std::string>(const std::string &, const std::string &, Package::ChecksumTypes, const std::string &)
);
MOCK_CONST_METHOD1(
checkIfFileExists,
Maybe<std::string>(const Package &)
);
MOCK_CONST_METHOD1(
removeDownloadFile,
void(const std::string &)
);
MOCK_CONST_METHOD1(
getProfileFromMap,
std::string(const std::string &)

125
components/security_apps/orchestration/manifest_controller/manifest_controller.cc
View File

@@ -13,6 +13,8 @@
#include "manifest_controller.h"
#include <algorithm>
#include "config.h"
#include "debug.h"
#include "environment.h"
@@ -80,9 +82,8 @@ private:
bool
handlePackage(
const Package &updated_package,
const pair<Package, string> &package_downloaded_file,
map<string, Package> &current_packages,
const map<string, Package> &new_packages,
map<string, Package> &corrupted_packages
);
@@ -179,6 +180,34 @@ ManifestController::Impl::updateIgnoreListForNSaaS()
return true;
}
static vector<pair<Package, string>>::const_iterator
findPackage(const vector<pair<Package, string>> &packages, const string &name)
{
using Pair = pair<Package, string>;
return find_if(packages.begin(), packages.end(), [&] (const Pair &pair) { return pair.first.getName() == name; });
}
static vector<pair<Package, string>>
sortByInstallationQueue(
const vector<pair<Package, string>> &downloaded_files,
const vector<Package> &installation_queue)
{
vector<pair<Package, string>> sorted_queue;
for (auto &package_file : installation_queue) {
if (package_file.getName() == "accessControlApp" || package_file.getName() == "accessControlKernel") continue;
auto package_it = findPackage(downloaded_files, package_file.getName());
if (package_it != downloaded_files.end()) sorted_queue.push_back(*package_it);
}
auto ac_app_it = findPackage(downloaded_files, "accessControlApp");
auto ac_kernel_it = findPackage(downloaded_files, "accessControlKernel");
if (ac_app_it != downloaded_files.end()) sorted_queue.push_back(*ac_app_it);
if (ac_kernel_it != downloaded_files.end()) sorted_queue.push_back(*ac_kernel_it);
return sorted_queue;
}
bool
ManifestController::Impl::updateManifest(const string &new_manifest_file)
{
@@ -220,6 +249,7 @@ ManifestController::Impl::updateManifest(const string &new_manifest_file)
}
map<string, Package> new_packages = parsed_manifest.unpack();
map<string, Package> all_packages = parsed_manifest.unpack();
map<string, Package> current_packages;
parsed_manifest = orchestration_tools->loadPackagesFromJson(manifest_file_path);
@@ -256,13 +286,14 @@ ManifestController::Impl::updateManifest(const string &new_manifest_file)
auto packages_to_remove = manifest_diff_calc.filterUntrackedPackages(current_packages, new_packages);
for (auto remove_package = packages_to_remove.begin(); remove_package != packages_to_remove.end();) {
bool uninstall_response = true;
if (remove_package->second.isInstallable().ok()) {
if (remove_package->second.isInstallable()) {
uninstall_response = manifest_handler.uninstallPackage(remove_package->second);
}
if (!uninstall_response) {
dbgWarning(D_ORCHESTRATOR)
<< "Failed to uninstall package. Package: " << remove_package->second.getName();
<< "Failed to uninstall package. Package: "
<< remove_package->second.getName();
all_cleaned = false;
remove_package++;
} else {
@@ -284,42 +315,40 @@ ManifestController::Impl::updateManifest(const string &new_manifest_file)
bool no_change = new_packages.size() == 0;
// Both new_packages & corrupted_packages will be updated based on updated manifest
bool no_corrupted_package = manifest_diff_calc.filterCorruptedPackages(new_packages, corrupted_packages);
auto orchestration_service = new_packages.find("orchestration");
if (orchestration_service != new_packages.end()) {
// Orchestration needs special handling as manifest should be backup differently
return handlePackage(
orchestration_service->second,
current_packages,
new_packages,
corrupted_packages
);
const auto &download_packages_res = manifest_handler.downloadPackages(new_packages);
if (!download_packages_res.ok()) {
dbgWarning(D_ORCHESTRATOR)
<< "Failed to download required packages. Error: "
<< download_packages_res.getErr();
return false;
}
auto wlp_standalone_service = new_packages.find("wlpStandalone");
if (wlp_standalone_service != new_packages.end()) {
// wlpStandalone needs special handling as manifest should be backup differently
return handlePackage(
wlp_standalone_service->second,
const vector<pair<Package, string>> &downloaded_files = download_packages_res.unpack();
const auto &installation_queue_res = manifest_diff_calc.buildInstallationQueue(
current_packages,
new_packages,
corrupted_packages
);
new_packages
);
if (!installation_queue_res.ok()) {
dbgWarning(D_ORCHESTRATOR)
<< "Failed building installation queue. Error: "
<< installation_queue_res.getErr();
return false;
}
const vector<Package> &installation_queue = installation_queue_res.unpack();
const auto &sortd_downloaded_files = sortByInstallationQueue(downloaded_files, installation_queue);
bool all_installed = true;
bool any_installed = false;
dbgDebug(D_ORCHESTRATOR) << "Starting to handle " << new_packages.size() <<" new packages";
for (auto &new_package : new_packages) {
if (new_package.second.getType() != Package::PackageType::Service) continue;
dbgDebug(D_ORCHESTRATOR) << "Starting to handle " << downloaded_files.size() << " new packages";
for (auto &package : sortd_downloaded_files) {
if (package.first.getType() != Package::PackageType::Service) continue;
size_t prev_size = corrupted_packages.size();
bool handling_response = handlePackage(
new_package.second,
package,
current_packages,
new_packages,
corrupted_packages
);
@@ -331,7 +360,10 @@ ManifestController::Impl::updateManifest(const string &new_manifest_file)
}
// Orchestration needs special handling as manifest should be backup differently
if (new_package.first.compare(orch_service_name) == 0) {
if (package.first.getName().compare(orch_service_name) == 0) {
return handling_response;
}
if (package.first.getName().compare("wlpStandalone") == 0) {
return handling_response;
}
@@ -341,14 +373,22 @@ ManifestController::Impl::updateManifest(const string &new_manifest_file)
bool manifest_file_update = true;
if (all_installed && (any_installed || no_change) && no_corrupted_package) {
if (all_installed && (any_installed || no_change)) {
manifest_file_update = changeManifestFile(new_manifest_file);
// In NSaaS - set ignore packages to any
ignore_packages_update = updateIgnoreListForNSaaS();
} else if (any_installed) {
manifest_file_update = orchestration_tools->packagesToJsonFile(current_packages, manifest_file_path);
}
return all_installed && manifest_file_update && no_corrupted_package && all_cleaned;
if (all_installed) {
auto orchestration_downloader = Singleton::Consume<I_Downloader>::by<ManifestHandler>();
for (auto &package : all_packages) {
dbgDebug(D_ORCHESTRATOR)
<< "Removing temp Download file after successfull installation : " << package.second.getName();
orchestration_downloader->removeDownloadFile(package.second.getName());
}
}
return all_installed && manifest_file_update && all_cleaned;
}
// Orchestration package needs a special handling. Old service will die during the upgrade
@@ -425,35 +465,26 @@ ManifestController::Impl::changeManifestFile(const string &new_manifest_file)
bool
ManifestController::Impl::handlePackage(
const Package &package,
const pair<Package, string> &package_downloaded_file,
map<string, Package> &current_packages,
const map<string, Package> &new_packages,
map<string, Package> &corrupted_packages)
{
auto &package = package_downloaded_file.first;
auto i_env = Singleton::Consume<I_Environment>::by<ManifestController>();
auto span_scope = i_env->startNewSpanScope(Span::ContextType::CHILD_OF);
dbgDebug(D_ORCHESTRATOR) << "Handling package. Package: " << package.getName();
if (!package.isInstallable().ok()) {
if (!package.isInstallable()) {
string report_msg =
"Skipping installation of package: " + package.getName() + ". Reason: " + package.isInstallable().getErr();
"Skipping installation of package: " + package.getName() + ". Reason: " + package.getErrorMessage();
dbgWarning(D_ORCHESTRATOR) << report_msg;
LogGen(report_msg, Audience::SECURITY, Severity::CRITICAL, Priority::HIGH, Tags::ORCHESTRATOR);
current_packages.insert(make_pair(package.getName(), package));
return true;
}
vector<Package> installation_queue;
if (!manifest_diff_calc.buildInstallationQueue(package, installation_queue, current_packages, new_packages)) {
dbgWarning(D_ORCHESTRATOR) << "Failed building installation queue. Package: " << package.getName();
return false;
}
vector<pair<Package, string>> downloaded_files;
if (!manifest_handler.downloadPackages(installation_queue, downloaded_files)) return false;
if (!manifest_handler.installPackages(downloaded_files, current_packages, corrupted_packages)) {
if (!manifest_handler.installPackage(package_downloaded_file, current_packages, corrupted_packages)) {
LogGen(
"Failed to install package: " + package.getName(),
Audience::SECURITY,

395
components/security_apps/orchestration/manifest_controller/manifest_controller_ut/manifest_controller_ut.cc
View File

@@ -91,6 +91,16 @@ public:
archive_in(ret);
}
void checkIfFileExistsCall(const Package &package)
{
Maybe<string> checksum_validation(
genError("File /tmp/orchestration_downloads/" + package.getName() + ".download does not exist.")
);
EXPECT_CALL(
mock_downloader,
checkIfFileExists(package)).WillRepeatedly(Return(checksum_validation));
}
string manifest_file_path;
string corrupted_file_list;
string temp_ext;
@@ -171,6 +181,10 @@ TEST_F(ManifestControllerTest, createNewManifest)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my"));
//mock_downloader
EXPECT_CALL(
mock_downloader,
@@ -187,6 +201,8 @@ TEST_F(ManifestControllerTest, createNewManifest)
EXPECT_CALL(mock_package_handler, preInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("my", "/tmp/temp_file", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
load(manifest, new_services);
@@ -237,6 +253,10 @@ TEST_F(ManifestControllerTest, badChecksum)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my"));
//mock_downloader
Maybe<string> err(genError("Empty"));
EXPECT_CALL(
@@ -300,6 +320,11 @@ TEST_F(ManifestControllerTest, updateManifest)
" }"
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my"));
//mock_downloader
EXPECT_CALL(
mock_downloader,
@@ -316,6 +341,8 @@ TEST_F(ManifestControllerTest, updateManifest)
EXPECT_CALL(mock_package_handler, preInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("my", "/tmp/temp_file", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("my")).Times(2);
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration")).Times(2);
EXPECT_CALL(mock_package_handler, updateSavedPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
load(manifest, new_services);
@@ -366,6 +393,9 @@ TEST_F(ManifestControllerTest, updateManifest)
" ]"
"}";
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -412,6 +442,10 @@ TEST_F(ManifestControllerTest, selfUpdate)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("orchestration"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -491,63 +525,6 @@ TEST_F(ManifestControllerTest, successLoadAfteSelfUpdate)
EXPECT_TRUE(i_manifest_controller->loadAfterSelfUpdate());
}
TEST_F(ManifestControllerTest, updateWhileErrorPackageExist)
{
new_services.clear();
old_services.clear();
string manifest =
"{"
" \"packages\": ["
" {"
" \"name\": \"my\","
" \"version\": \"c\","
" \"download-path\": \"http://172.23.92.135/my.sh\","
" \"relative-path\": \"\","
" \"checksum-type\": \"sha1sum\","
" \"checksum\": \"a58bbab8020b0e6d08568714b5e582a3adf9c805\","
" \"package-type\": \"service\","
" \"require\": []"
" },"
" {"
" \"name\": \"orchestration\","
" \"version\": \"c\","
" \"download-path\": \"http://172.23.92.135/my.sh\","
" \"relative-path\": \"\","
" \"checksum-type\": \"sha1sum\","
" \"checksum\": \"a58bbab8020b0e6d08568714b5e582a3adf9c805\","
" \"package-type\": \"service\","
" \"require\": []"
" }"
" ]"
"}";
string corrupted_packages_manifest =
"{"
" \"packages\": ["
" {"
" \"name\": \"my\","
" \"version\": \"c\","
" \"download-path\": \"http://172.23.92.135/my.sh\","
" \"relative-path\": \"\","
" \"checksum-type\": \"sha1sum\","
" \"checksum\": \"a58bbab8020b0e6d08568714b5e582a3adf9c805\","
" \"package-type\": \"service\","
" \"require\": []"
" }"
" ]"
"}";
load(manifest, new_services);
load(old_manifest, old_services);
load(corrupted_packages_manifest, corrupted_packages);
EXPECT_CALL(mock_orchestration_tools,
loadPackagesFromJson(corrupted_file_list)).WillOnce(Return(corrupted_packages));
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(file_name)).WillOnce(Return(new_services));
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(manifest_file_path)).WillOnce(Return(old_services));
EXPECT_FALSE(i_manifest_controller->updateManifest(file_name));
}
TEST_F(ManifestControllerTest, removeCurrentErrorPackage)
{
new_services.clear();
@@ -598,6 +575,8 @@ TEST_F(ManifestControllerTest, removeCurrentErrorPackage)
load(old_manifest, old_services);
load(corrupted_packages_manifest, corrupted_packages);
checkIfFileExistsCall(new_services.at("my"));
//mock_downloader
EXPECT_CALL(
mock_downloader,
@@ -613,6 +592,8 @@ TEST_F(ManifestControllerTest, removeCurrentErrorPackage)
EXPECT_CALL(mock_package_handler, preInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("my", "/tmp/temp_file", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(file_name)).WillOnce(Return(new_services));
@@ -629,8 +610,6 @@ TEST_F(ManifestControllerTest, removeCurrentErrorPackage)
EXPECT_CALL(mock_orchestration_tools, removeFile(file_name)).WillOnce(Return(true));
corrupted_packages.clear();
EXPECT_CALL(mock_orchestration_tools, packagesToJsonFile(corrupted_packages,
corrupted_file_list)).WillOnce(Return(true));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
}
@@ -656,6 +635,10 @@ TEST_F(ManifestControllerTest, selfUpdateWithOldCopy)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("orchestration"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -710,6 +693,10 @@ TEST_F(ManifestControllerTest, selfUpdateWithOldCopyWithError)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("orchestration"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -775,6 +762,10 @@ TEST_F(ManifestControllerTest, installAndRemove)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my"));
//mock_downloader
EXPECT_CALL(
mock_downloader,
@@ -791,6 +782,8 @@ TEST_F(ManifestControllerTest, installAndRemove)
EXPECT_CALL(mock_package_handler, preInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("my", "/tmp/temp_file", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
load(manifest, new_services);
@@ -839,6 +832,9 @@ TEST_F(ManifestControllerTest, installAndRemove)
" ]"
"}";
load(new_manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my1"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -854,6 +850,8 @@ TEST_F(ManifestControllerTest, installAndRemove)
EXPECT_CALL(mock_package_handler, preInstallPackage("my1", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("my1", "/tmp/temp_file", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("my1", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("my1"));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("my1", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, packagesToJsonFile(old_services, manifest_file_path)).WillOnce(Return(true));
@@ -900,6 +898,10 @@ TEST_F(ManifestControllerTest, badInstall)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my"));
//mock_downloader
EXPECT_CALL(
mock_downloader,
@@ -979,6 +981,10 @@ TEST_F(ManifestControllerTest, failToDownloadWithselfUpdate)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("orchestration"));
Maybe<string> err(genError("Empty"));
EXPECT_CALL(
mock_downloader,
@@ -1019,7 +1025,7 @@ TEST_F(ManifestControllerTest, requireUpdate)
"{"
" \"packages\": ["
" {"
" \"name\": \"orchestration\","
" \"name\": \"orchestration1\","
" \"version\": \"c\","
" \"download-path\": \"http://172.23.92.135/my.sh\","
" \"relative-path\": \"\","
@@ -1040,16 +1046,22 @@ TEST_F(ManifestControllerTest, requireUpdate)
" }"
" ]"
"}";
EXPECT_CALL(mock_status, writeStatusToFile());
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("orchestration1"));
checkIfFileExistsCall(manifest_services.at("pre_orchestration"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
"http://172.23.92.135/my.sh",
"a58bbab8020b0e6d08568714b5e582a3adf9c805",
Package::ChecksumTypes::SHA1,
"orchestration"
"orchestration1"
)
).WillOnce(Return(string("/tmp/temp_file1")));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -1059,10 +1071,16 @@ TEST_F(ManifestControllerTest, requireUpdate)
"pre_orchestration"
)
).WillOnce(Return(string("/tmp/temp_file2")));
string temp_orc_file = "/etc/cp/packages/orchestration/orchestration_temp";
EXPECT_CALL(mock_package_handler, preInstallPackage(orch_service_name, temp_orc_file))
EXPECT_CALL(mock_package_handler, preInstallPackage("orchestration1", "/tmp/temp_file1"))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage(orch_service_name, temp_orc_file, _))
EXPECT_CALL(mock_package_handler, installPackage("orchestration1", "/tmp/temp_file1", _))
.WillOnce(Return(true));
EXPECT_CALL(
mock_package_handler,
shouldInstallPackage("orchestration1", "/tmp/temp_file1")
).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("orchestration1", "/tmp/temp_file1"))
.WillOnce(Return(true));
EXPECT_CALL(
@@ -1075,8 +1093,12 @@ TEST_F(ManifestControllerTest, requireUpdate)
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("pre_orchestration", "/tmp/temp_file2"))
.WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("pre_orchestration"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("pre_orchestration", "/tmp/temp_file2"))
.WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration1"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("orchestration1", "/tmp/temp_file1"))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(corrupted_file_list))
@@ -1088,20 +1110,24 @@ TEST_F(ManifestControllerTest, requireUpdate)
.WillOnce(Return(new_services));
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(manifest_file_path))
.WillOnce(Return(old_services));
string temp_manifest_path = manifest_file_path + temp_ext;
EXPECT_CALL(mock_orchestration_tools, packagesToJsonFile(new_services, temp_manifest_path))
EXPECT_CALL(mock_orchestration_tools, doesFileExist(manifest_file_path))
.WillOnce(Return(true));
string path = packages_dir + "/" + orch_service_name + "/" +
orch_service_name;
string temp_manifest_path = manifest_file_path + temp_ext;
string path = packages_dir + "/orchestration1/" + "orchestration1";
EXPECT_CALL(mock_orchestration_tools, doesFileExist(path)).Times(2).WillOnce(Return(false));
EXPECT_CALL(
mock_orchestration_tools,
doesFileExist("/etc/cp/packages/pre_orchestration/pre_orchestration")
).Times(2).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, copyFile("/tmp/temp_file1", path + temp_ext))
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, manifest_file_path))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, copyFile(manifest_file_path, "/etc/cp/conf/manifest.json.bk"))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile(manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile("new_manifest.json")).WillOnce(Return(true));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
}
@@ -1141,6 +1167,11 @@ TEST_F(ManifestControllerTest, sharedObjectNotInstalled)
EXPECT_CALL(mock_orchestration_tools,
loadPackagesFromJson(corrupted_file_list)).WillOnce(Return(corrupted_packages));
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("orchestration"));
checkIfFileExistsCall(manifest_services.at("pre_orchestration"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -1151,6 +1182,16 @@ TEST_F(ManifestControllerTest, sharedObjectNotInstalled)
)
).WillOnce(Return(string("/tmp/temp_file1")));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
"http://172.23.92.135/my.sh",
"a58bbab8020b0e6d08568714b5e582a3adf9c806",
Package::ChecksumTypes::SHA1,
"pre_orchestration"
)
).WillOnce(Return(string("/tmp/temp_file2")));
string temp_manifest_path = manifest_file_path + temp_ext;
string writen_manifest =
"{"
@@ -1181,7 +1222,10 @@ TEST_F(ManifestControllerTest, sharedObjectNotInstalled)
string path = packages_dir + "/" + orch_service_name + "/" +
orch_service_name;
EXPECT_CALL(mock_orchestration_tools, doesFileExist(path)).Times(2).WillOnce(Return(false));
EXPECT_CALL(
mock_orchestration_tools,
doesFileExist("/etc/cp/packages/pre_orchestration/pre_orchestration")
).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, copyFile("/tmp/temp_file1", path +
temp_ext)).WillOnce(Return(true));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
@@ -1195,7 +1239,7 @@ TEST_F(ManifestControllerTest, requireSharedObjectUpdate)
"{"
" \"packages\": ["
" {"
" \"name\": \"orchestration\","
" \"name\": \"orchestration1\","
" \"version\": \"c\","
" \"download-path\": \"http://172.23.92.135/my.sh\","
" \"relative-path\": \"\","
@@ -1211,21 +1255,27 @@ TEST_F(ManifestControllerTest, requireSharedObjectUpdate)
" \"relative-path\": \"\","
" \"checksum-type\": \"sha1sum\","
" \"checksum\": \"a58bbab8020b0e6d08568714b5e582a3adf9c806\","
" \"package-type\": \"shared objects\","
" \"package-type\": \"service\","
" \"require\": []"
" }"
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("orchestration1"));
checkIfFileExistsCall(manifest_services.at("pre_orchestration"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
"http://172.23.92.135/my.sh",
"a58bbab8020b0e6d08568714b5e582a3adf9c805",
Package::ChecksumTypes::SHA1,
"orchestration"
"orchestration1"
)
).WillOnce(Return(string("/tmp/temp_file1")));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -1235,15 +1285,26 @@ TEST_F(ManifestControllerTest, requireSharedObjectUpdate)
"pre_orchestration"
)
).WillOnce(Return(string("/tmp/temp_file2")));
EXPECT_CALL(mock_status, writeStatusToFile());
string temp_orc_file = "/etc/cp/packages/orchestration/orchestration_temp";
string temp_orc_file = "/etc/cp/packages/orchestration1/orchestration_temp";
EXPECT_CALL(mock_package_handler, shouldInstallPackage(_, _)).WillRepeatedly(Return(true));
EXPECT_CALL(mock_package_handler, preInstallPackage(orch_service_name,
temp_orc_file)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage(orch_service_name,
temp_orc_file, _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("orchestration1", "/tmp/temp_file1", _))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("pre_orchestration",
"/tmp/temp_file2", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, preInstallPackage("orchestration1", "/tmp/temp_file1"))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("orchestration1", "/tmp/temp_file1"))
.WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration1"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("orchestration1", "/tmp/temp_file1"))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, preInstallPackage("pre_orchestration", "/tmp/temp_file2"))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("pre_orchestration", "/tmp/temp_file2"))
.WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("pre_orchestration"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("pre_orchestration", "/tmp/temp_file2"))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools,
loadPackagesFromJson(corrupted_file_list)).WillOnce(Return(corrupted_packages));
@@ -1252,18 +1313,22 @@ TEST_F(ManifestControllerTest, requireSharedObjectUpdate)
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(file_name)).WillOnce(Return(new_services));
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(manifest_file_path)).WillOnce(Return(old_services));
string temp_manifest_path = manifest_file_path + temp_ext;
EXPECT_CALL(mock_orchestration_tools, packagesToJsonFile(new_services, temp_manifest_path)).WillOnce(Return(true));
string path = packages_dir + "/" + orch_service_name + "/" +
orch_service_name;
string path = packages_dir + "/" + "orchestration1" + "/" + "orchestration1";
EXPECT_CALL(mock_orchestration_tools, doesFileExist(path)).Times(2).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, doesFileExist("/etc/cp/conf/manifest.json"))
.WillOnce(Return(false));
EXPECT_CALL(
mock_orchestration_tools,
doesFileExist("/etc/cp/packages/pre_orchestration/pre_orchestration")
).Times(2).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, copyFile("/tmp/temp_file1", path +
temp_ext)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, copyFile("new_manifest.json", "/etc/cp/conf/manifest.json"))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile("/etc/cp/conf/manifest.json"))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile("new_manifest.json"))
.WillOnce(Return(true));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
}
@@ -1297,6 +1362,21 @@ TEST_F(ManifestControllerTest, failureOnDownloadSharedObject)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("orchestration"));
checkIfFileExistsCall(manifest_services.at("pre_orchestration"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
"http://172.23.92.135/my.sh",
"a58bbab8020b0e6d08568714b5e582a3adf9c805",
Package::ChecksumTypes::SHA1,
"orchestration"
)
).WillOnce(Return(string("/tmp/temp_file1")));
Maybe<string> err = genError("error");
EXPECT_CALL(
mock_downloader,
@@ -1314,11 +1394,16 @@ TEST_F(ManifestControllerTest, failureOnDownloadSharedObject)
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(file_name)).WillOnce(Return(new_services));
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(manifest_file_path)).WillOnce(Return(old_services));
EXPECT_CALL(
mock_orchestration_tools,
doesFileExist("/etc/cp/packages/orchestration/orchestration")
).WillOnce(Return(false));
EXPECT_CALL(
mock_orchestration_tools,
doesFileExist("/etc/cp/packages/pre_orchestration/pre_orchestration")
).WillOnce(Return(false));
EXPECT_CALL(mock_details_resolver, getHostname()).WillOnce(Return(string("hostname")));
EXPECT_CALL(mock_orchestration_tools, removeFile("/tmp/temp_file1")).WillOnce(Return(true));
EXPECT_CALL(
mock_status,
setFieldStatus(OrchestrationStatusFieldType::MANIFEST, OrchestrationStatusResult::FAILED, _)
@@ -1337,7 +1422,7 @@ TEST_F(ManifestControllerTest, multiRequireUpdate)
"{"
" \"packages\": ["
" {"
" \"name\": \"orchestration\","
" \"name\": \"orchestration1\","
" \"version\": \"c\","
" \"download-path\": \"http://172.23.92.135/my.sh\","
" \"relative-path\": \"\","
@@ -1353,7 +1438,7 @@ TEST_F(ManifestControllerTest, multiRequireUpdate)
" \"relative-path\": \"\","
" \"checksum-type\": \"sha1sum\","
" \"checksum\": \"a58bbab8020b0e6d08568714b5e582a3adf9c806\","
" \"package-type\": \"shared objects\","
" \"package-type\": \"service\","
" \"require\": []"
" },"
" {"
@@ -1363,19 +1448,25 @@ TEST_F(ManifestControllerTest, multiRequireUpdate)
" \"relative-path\": \"\","
" \"checksum-type\": \"sha1sum\","
" \"checksum\": \"a58bbab8020b0e6d08568714b5e582a3adf9c807\","
" \"package-type\": \"shared objects\","
" \"package-type\": \"service\","
" \"require\": [ \"pre_orchestration001\" ]"
" }"
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("orchestration1"));
checkIfFileExistsCall(manifest_services.at("pre_orchestration001"));
checkIfFileExistsCall(manifest_services.at("pre_orchestration002"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
"http://172.23.92.135/my.sh",
"a58bbab8020b0e6d08568714b5e582a3adf9c805",
Package::ChecksumTypes::SHA1,
"orchestration"
"orchestration1"
)
).WillOnce(Return(string("/tmp/temp_file1")));
EXPECT_CALL(
@@ -1396,13 +1487,9 @@ TEST_F(ManifestControllerTest, multiRequireUpdate)
"pre_orchestration002"
)
).WillOnce(Return(string("/tmp/temp_file3")));
EXPECT_CALL(mock_status, writeStatusToFile());
string temp_orc_file = "/etc/cp/packages/orchestration/orchestration_temp";
EXPECT_CALL(mock_package_handler, shouldInstallPackage(_, _)).WillRepeatedly(Return(true));
EXPECT_CALL(mock_package_handler, preInstallPackage(orch_service_name,
temp_orc_file)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage(orch_service_name,
temp_orc_file, _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("orchestration1",
"/tmp/temp_file1", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("pre_orchestration001",
"/tmp/temp_file2", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("pre_orchestration002",
@@ -1410,15 +1497,37 @@ TEST_F(ManifestControllerTest, multiRequireUpdate)
EXPECT_CALL(mock_orchestration_tools,
loadPackagesFromJson(corrupted_file_list)).WillOnce(Return(corrupted_packages));
EXPECT_CALL(mock_package_handler, preInstallPackage("orchestration1", "/tmp/temp_file1"))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, preInstallPackage("pre_orchestration001", "/tmp/temp_file2"))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, preInstallPackage("pre_orchestration002", "/tmp/temp_file3"))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("orchestration1", "/tmp/temp_file1"))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("pre_orchestration001", "/tmp/temp_file2"))
.WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("pre_orchestration002", "/tmp/temp_file3"))
.WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration1"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("orchestration1", "/tmp/temp_file1"))
.WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("pre_orchestration001"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("pre_orchestration001", "/tmp/temp_file2"))
.WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("pre_orchestration002"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("pre_orchestration002", "/tmp/temp_file3"))
.WillOnce(Return(true));
load(manifest, new_services);
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(file_name)).WillOnce(Return(new_services));
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson(manifest_file_path)).WillOnce(Return(old_services));
string temp_manifest_path = manifest_file_path + temp_ext;
EXPECT_CALL(mock_orchestration_tools, packagesToJsonFile(new_services, temp_manifest_path)).WillOnce(Return(true));
string path = packages_dir + "/" + orch_service_name + "/" +
orch_service_name;
string path = packages_dir + "/" + "orchestration1" + "/" + "orchestration1";
EXPECT_CALL(mock_orchestration_tools, doesFileExist(path)).Times(2).WillOnce(Return(false));
EXPECT_CALL(
mock_orchestration_tools,
@@ -1429,8 +1538,14 @@ TEST_F(ManifestControllerTest, multiRequireUpdate)
doesFileExist("/etc/cp/packages/pre_orchestration002/pre_orchestration002")
).Times(2).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, copyFile("/tmp/temp_file1", path +
temp_ext)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, doesFileExist("/etc/cp/conf/manifest.json"))
.WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, copyFile("new_manifest.json", "/etc/cp/conf/manifest.json"))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile("/etc/cp/conf/manifest.json"))
.WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile("new_manifest.json"))
.WillOnce(Return(true));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
}
@@ -1476,6 +1591,10 @@ TEST_F(ManifestControllerTest, createNewManifestWithUninstallablePackage)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my"));
//mock_downloader
EXPECT_CALL(
mock_downloader,
@@ -1492,6 +1611,9 @@ TEST_F(ManifestControllerTest, createNewManifestWithUninstallablePackage)
EXPECT_CALL(mock_package_handler, preInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("my", "/tmp/temp_file", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("waap"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
load(manifest, new_services);
@@ -1552,15 +1674,17 @@ TEST_F(ManifestControllerTest, updateUninstallPackage)
EXPECT_CALL(mock_orchestration_tools,
loadPackagesFromJson(corrupted_file_list)).Times(2).WillRepeatedly(Return(corrupted_packages));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(manifest_file_path)).Times(2).WillRepeatedly(Return(true));
EXPECT_CALL(mock_orchestration_tools, doesFileExist(manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools,
copyFile(manifest_file_path, "/etc/cp/conf/manifest.json.bk")).Times(2).WillRepeatedly(Return(true));
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, manifest_file_path))
copyFile(manifest_file_path, "/etc/cp/conf/manifest.json.bk")).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile(manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile(file_name)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, doesFileExist("/etc/cp/packages/my/my"))
.Times(2).WillRepeatedly(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile(manifest_file_path)).Times(2).WillRepeatedly(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile(file_name)).Times(2).WillRepeatedly(Return(true));
EXPECT_CALL(mock_orchestration_tools, doesFileExist("/etc/cp/packages/my/my")).Times(2).WillOnce(Return(true));
string hostname = "hostname";
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
@@ -1590,6 +1714,10 @@ TEST_F(ManifestControllerTest, updateUninstallPackage)
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -1605,6 +1733,8 @@ TEST_F(ManifestControllerTest, updateUninstallPackage)
EXPECT_CALL(mock_package_handler, preInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("my", "/tmp/temp_file", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
//mock_orchestration_tools
@@ -1673,6 +1803,16 @@ public:
archive_in(ret);
}
void checkIfFileExistsCall(const Package &package)
{
Maybe<string> checksum_validation(
genError("File /tmp/orchestration_downloads/" + package.getName() + ".download does not exist.")
);
EXPECT_CALL(
mock_downloader,
checkIfFileExists(package)).WillRepeatedly(Return(checksum_validation));
}
string manifest_file_path;
string corrupted_file_list;
string temp_ext;
@@ -1801,6 +1941,9 @@ TEST_F(ManifestControllerIgnorePakckgeTest, addAndUpdateIgnorePackage)
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile(manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile(file_name)).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("dummy_service"));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
@@ -1855,11 +1998,13 @@ TEST_F(ManifestControllerIgnorePakckgeTest, addAndUpdateIgnorePackage)
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile(manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile(file_name)).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("dummy_service"));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
}
TEST_F(ManifestControllerIgnorePakckgeTest, addIgnorePackageAndUpdateNormal)
{
init();
@@ -1916,6 +2061,9 @@ TEST_F(ManifestControllerIgnorePakckgeTest, addIgnorePackageAndUpdateNormal)
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile(manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile(file_name)).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("dummy_service"));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
@@ -1958,6 +2106,7 @@ TEST_F(ManifestControllerIgnorePakckgeTest, addIgnorePackageAndUpdateNormal)
//mock_orchestration_tools
load(manifest, new_services);
checkIfFileExistsCall(new_services.at("my"));
//mock_downloader
EXPECT_CALL(
@@ -1975,6 +2124,9 @@ TEST_F(ManifestControllerIgnorePakckgeTest, addIgnorePackageAndUpdateNormal)
EXPECT_CALL(mock_package_handler, preInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("my", "/tmp/temp_file", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("dummy_service"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
load(manifest, new_services);
@@ -2050,6 +2202,9 @@ TEST_F(ManifestControllerIgnorePakckgeTest, removeIgnoredPackage)
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile(manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile(file_name)).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("dummy_service"));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
@@ -2094,6 +2249,8 @@ TEST_F(ManifestControllerIgnorePakckgeTest, removeIgnoredPackage)
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile(manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile(file_name)).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
}
@@ -2147,6 +2304,8 @@ TEST_F(ManifestControllerIgnorePakckgeTest, freezeIgnoredPackage)
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, isNonEmptyFile(manifest_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, removeFile(file_name)).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_TRUE(i_manifest_controller->updateManifest(file_name));
@@ -2210,6 +2369,10 @@ TEST_F(ManifestControllerIgnorePakckgeTest, overrideIgnoredPackageFromProfileSet
" ]"
"}";
map<string, Package> manifest_services;
load(manifest, manifest_services);
checkIfFileExistsCall(manifest_services.at("my"));
//mock_downloader
EXPECT_CALL(
mock_downloader,
@@ -2226,6 +2389,8 @@ TEST_F(ManifestControllerIgnorePakckgeTest, overrideIgnoredPackageFromProfileSet
EXPECT_CALL(mock_package_handler, preInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, installPackage("my", "/tmp/temp_file", _)).WillOnce(Return(true));
EXPECT_CALL(mock_package_handler, postInstallPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
EXPECT_CALL(mock_downloader, removeDownloadFile("my"));
EXPECT_CALL(mock_downloader, removeDownloadFile("orchestration"));
EXPECT_CALL(mock_package_handler, updateSavedPackage("my", "/tmp/temp_file")).WillOnce(Return(true));
load(manifest, new_services);
@@ -2270,6 +2435,17 @@ public:
manifest_controller.init();
}
void checkIfFileExistsCall(const Package &package)
{
Maybe<string> checksum_validation(
genError("File /tmp/orchestration_downloads/" + package.getName() + ".download does not exist.")
);
EXPECT_CALL(
mock_downloader,
checkIfFileExists(package)).WillRepeatedly(Return(checksum_validation));
}
::Environment env;
ConfigComponent config;
@@ -2335,6 +2511,9 @@ TEST_F(ManifestDownloadTest, download_relative_path)
EXPECT_CALL(mock_orchestration_tools, loadPackagesFromJson("/etc/cp/conf/corrupted_packages.json"))
.WillOnce(Return(corrupted_packages));
EXPECT_CALL(agent_details, getFogDomain()).WillOnce(Return(fog_domain));
checkIfFileExistsCall(new_packages.at("orchestration"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(
@@ -2413,6 +2592,8 @@ TEST_F(ManifestDownloadTest, download_relative_path_no_fog_domain)
string not_error;
EXPECT_CALL(mock_status, getManifestError()).WillOnce(ReturnRef(not_error));
checkIfFileExistsCall(new_packages.at("orchestration"));
EXPECT_CALL(
mock_downloader,
downloadFileFromURL(

79
components/security_apps/orchestration/manifest_controller/manifest_diff_calculator.cc
View File

@@ -13,6 +13,8 @@
#include "manifest_diff_calculator.h"
#include <algorithm>
#include "debug.h"
#include "config.h"
@@ -59,6 +61,8 @@ ManifestDiffCalculator::filterUntrackedPackages(
return packages_to_remove;
}
// LCOV_EXCL_START Reason: temp disabling corrupted packages mechanism
// If one of the new packages is already known as corrupted, new_packages map is
// updated accordingly.
// Otherwise, corrupted_packages is updated and old corrupted package is deleted.
@@ -102,38 +106,71 @@ ManifestDiffCalculator::filterCorruptedPackages(
}
return no_corrupted_package_exist;
}
// LCOV_EXCL_STOP
// This function build the installation queue recursively and return true if succeeded, false otherwise
// At the beginning, installation_queue is empty and will be filled according package dependences
bool
ManifestDiffCalculator::buildInstallationQueue(
const Package &updated_package,
Maybe<void>
ManifestDiffCalculator::buildRecInstallationQueue(
const Package &package,
vector<Package> &installation_queue,
const map<string, Package> &current_packages,
const map<string, Package> &new_packages)
{
vector<string> requires = updated_package.getRequire();
const vector<string> &requires = package.getRequire();
for (size_t i = 0; i < requires.size(); i++) {
auto installed_package = current_packages.find(requires[i]);
auto new_package = new_packages.find(requires[i]);
for (const auto &require : requires) {
auto installed_package = current_packages.find(require);
auto new_package = new_packages.find(require);
if (installed_package == current_packages.end() ||
(new_package != new_packages.end() && *installed_package != *new_package)) {
if(!buildInstallationQueue(new_package->second,
installation_queue,
current_packages,
new_packages)) {
return false;
}
auto rec_res = buildRecInstallationQueue(
new_package->second,
installation_queue,
current_packages,
new_packages
);
if (!rec_res.ok()) return rec_res.passErr();
} else if (installed_package != current_packages.end()) {
dbgDebug(D_ORCHESTRATOR) << "Package is already installed. Package: " << installed_package->first;
dbgDebug(D_ORCHESTRATOR) << "Package is already in the queue. Package: " << installed_package->first;
} else if (new_package == new_packages.end()) {
dbgWarning(D_ORCHESTRATOR) << "One of the requested dependencies is corrupted or doesn't exist."
<< " Package: "<< requires[i];
return false;
return genError(
"One of the requested dependencies is corrupted or doesn't exist. Package: " + require
);
}
}
installation_queue.push_back(updated_package);
return true;
if (find(installation_queue.begin(), installation_queue.end(), package) == installation_queue.end()) {
installation_queue.push_back(package);
}
return Maybe<void>();
}
// This function build the installation queue recursively and return true if succeeded, false otherwise
// At the beginning, installation_queue is empty and will be filled according package dependences
Maybe<vector<Package>>
ManifestDiffCalculator::buildInstallationQueue(
const map<string, Package> &current_packages,
const map<string, Package> &new_packages)
{
vector<Package> installation_queue;
installation_queue.reserve(new_packages.size());
auto orchestration_it = new_packages.find("orchestration");
if (orchestration_it != new_packages.end()) {
installation_queue.push_back(orchestration_it->second);
}
auto wlp_standalone_it = new_packages.find("wlpStandalone");
if (wlp_standalone_it != new_packages.end()){
installation_queue.push_back(wlp_standalone_it->second);
}
for (auto &package_pair : new_packages) {
auto build_queue_res = buildRecInstallationQueue(
package_pair.second,
installation_queue,
current_packages,
new_packages
);
if (!build_queue_res.ok()) return build_queue_res.passErr();
}
return installation_queue;
}

234
components/security_apps/orchestration/manifest_controller/manifest_handler.cc
View File

@@ -13,6 +13,8 @@
#include "manifest_handler.h"
#include <algorithm>
#include "debug.h"
#include "config.h"
#include "agent_details.h"
@@ -57,6 +59,10 @@ ManifestHandler::downloadPackage(const Package &package, bool is_clean_installat
fog_domain = Singleton::Consume<I_AgentDetails>::by<ManifestHandler>()->getFogDomain();
}
auto orchestration_downloader = Singleton::Consume<I_Downloader>::by<ManifestHandler>();
auto maybe_package_exists = orchestration_downloader->checkIfFileExists(package);
if (maybe_package_exists.ok()) return maybe_package_exists;
if (!is_clean_installation) {
I_MainLoop *i_mainloop = Singleton::Consume<I_MainLoop>::by<ManifestHandler>();
auto pending_time_frame_seconds = getConfigurationWithDefault<int>(
@@ -76,11 +82,10 @@ ManifestHandler::downloadPackage(const Package &package, bool is_clean_installat
dbgTrace(D_ORCHESTRATOR) << "Proceeding to package downloading. Package name " << package.getName();
}
auto orchestration_downloader = Singleton::Consume<I_Downloader>::by<ManifestHandler>();
if (!package.getRelativeDownloadPath().empty() && fog_domain.ok()) {
string download_path =
"<JWT>https://" + fog_domain.unpack() + "/download" + package.getRelativeDownloadPath();
package_download_file= orchestration_downloader->downloadFileFromURL(
package_download_file = orchestration_downloader->downloadFileFromURL(
download_path,
package.getChecksum(),
package.getChecksumType(),
@@ -99,15 +104,22 @@ ManifestHandler::downloadPackage(const Package &package, bool is_clean_installat
return package_download_file;
}
bool
ManifestHandler::downloadPackages(
const vector<Package> &packages_to_download,
vector<pair<Package, packageFilePath>> &downloaded_packages)
Maybe<vector<pair<Package, packageFilePath>>>
ManifestHandler::downloadPackages(const map<string, Package> &new_packages_to_download)
{
auto i_env = Singleton::Consume<I_Environment>::by<ManifestHandler>();
auto i_orch_tools = Singleton::Consume<I_OrchestrationTools>::by<ManifestHandler>();
auto span_scope = i_env->startNewSpanScope(Span::ContextType::CHILD_OF);
for (auto &package : packages_to_download) {
vector<pair<Package, packageFilePath>> downloaded_packages;
for (auto &package_pair : new_packages_to_download) {
const Package &package = package_pair.second;
if (!package.isInstallable()) {
dbgTrace(D_ORCHESTRATOR)
<< "Skipping package download, package isn't installable. Package: "
<< package.getName() << ". Reason: " << package.getErrorMessage();
continue;
}
dbgInfo(D_ORCHESTRATOR) << "Downloading package file." << " Package: " << package.getName();
string packages_dir = getConfigurationWithDefault<string>(
@@ -170,133 +182,42 @@ ManifestHandler::downloadPackages(
install_error
);
}
return false;
return genError(
"Failed to download installation package. Package: " +
package.getName() +
", Error: " + package_download_file.getErr());
}
}
return true;
return downloaded_packages;
}
bool
ManifestHandler::installPackages(
const vector<pair<Package, packageFilePath>> &downloaded_package_files,
ManifestHandler::installPackage(
const pair<Package, string> &package_downloaded_file,
map<packageFilePath, Package> &current_packages,
map<packageFilePath, Package> &corrupted_packages)
{
auto i_env = Singleton::Consume<I_Environment>::by<ManifestHandler>();
auto span_scope = i_env->startNewSpanScope(Span::ContextType::CHILD_OF);
// Patch - reorder packages so that accessControlApp is installed before accessControlKernel
vector<pair<Package, packageFilePath>> patched_downloaded_package_files;
patched_downloaded_package_files.reserve(downloaded_package_files.size());
int ac_kernel_package_idx = -1;
int ac_app_package_idx = -1;
int i = 0;
for (auto &downloaded_package : downloaded_package_files) {
if (downloaded_package.first.getName() == "accessControlApp") {
ac_app_package_idx = i;
} else if (downloaded_package.first.getName() == "accessControlKernel") {
ac_kernel_package_idx = i;
} else {
patched_downloaded_package_files.push_back(downloaded_package);
}
i++;
}
if (ac_app_package_idx != -1) {
patched_downloaded_package_files.push_back(downloaded_package_files.at(ac_app_package_idx));
}
if (ac_kernel_package_idx != -1) {
patched_downloaded_package_files.push_back(downloaded_package_files.at(ac_kernel_package_idx));
}
auto orchestration_status = Singleton::Consume<I_OrchestrationStatus>::by<ManifestHandler>();
for (auto &downloaded_package : patched_downloaded_package_files) {
auto package = downloaded_package.first;
auto package_name = package.getName();
auto package_handler_path = downloaded_package.second;
dbgInfo(D_ORCHESTRATOR) << "Handling package installation. Package: " << package_name;
auto &package = package_downloaded_file.first;
auto &package_name = package.getName();
auto &package_handler_path = package_downloaded_file.second;
if (package_name.compare(orch_service_name) == 0) {
orchestration_status->writeStatusToFile();
bool self_update_status = selfUpdate(package, current_packages, package_handler_path);
if (!self_update_status) {
auto details = Singleton::Consume<I_AgentDetails>::by<ManifestHandler>();
auto hostname = Singleton::Consume<I_DetailsResolver>::by<ManifestHandler>()->getHostname();
string err_hostname = (hostname.ok() ? "on host '" + *hostname : "'" + details->getAgentId()) + "'";
string install_error =
"Warning: Agent/Gateway " +
err_hostname +
" software update failed. Agent is running previous software. Contact Check Point support.";
if (orchestration_status->getManifestError().find("Gateway was not fully deployed") == string::npos) {
orchestration_status->setFieldStatus(
OrchestrationStatusFieldType::MANIFEST,
OrchestrationStatusResult::FAILED,
install_error
);
}
}
dbgInfo(D_ORCHESTRATOR) << "Handling package installation. Package: " << package_name;
return self_update_status;
}
string packages_dir = getConfigurationWithDefault<string>(
"/etc/cp/packages",
"orchestration",
"Packages directory"
);
string current_installation_file = packages_dir + "/" + package_name + "/" + package_name;
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<ManifestHandler>();
bool is_clean_installation = !orchestration_tools->doesFileExist(current_installation_file);
auto package_handler = Singleton::Consume<I_PackageHandler>::by<ManifestHandler>();
if (!package_handler->shouldInstallPackage(package_name, package_handler_path)) {
current_packages.insert(make_pair(package_name, package));
dbgInfo(D_ORCHESTRATOR)
<< "Skipping installation of new package with the same version as current. Package: "
<< package_name;
continue;
}
bool current_result = true;
bool is_service = package.getType() == Package::PackageType::Service;
if (is_service) {
current_result = package_handler->preInstallPackage(package_name, package_handler_path);
}
current_result = current_result && package_handler->installPackage(
package_name,
package_handler_path,
false
);
if (current_result && is_service) {
current_result = package_handler->postInstallPackage(package_name, package_handler_path);
}
if (current_result && is_service) {
current_result = package_handler->updateSavedPackage(package_name, package_handler_path);
}
if (!current_result) {
auto agent_details = Singleton::Consume<I_AgentDetails>::by<ManifestHandler>();
if (package_name.compare(orch_service_name) == 0) {
orchestration_status->writeStatusToFile();
bool self_update_status = selfUpdate(package, current_packages, package_handler_path);
if (!self_update_status) {
auto details = Singleton::Consume<I_AgentDetails>::by<ManifestHandler>();
auto hostname = Singleton::Consume<I_DetailsResolver>::by<ManifestHandler>()->getHostname();
string err_hostname = (hostname.ok() ? "on host '" + *hostname : "'" +agent_details->getAgentId()) + "'";
string install_error;
if (is_clean_installation) {
install_error =
"Critical Error: Agent/Gateway was not fully deployed " +
err_hostname +
" and is not enforcing a security policy. Retry installation or contact Check Point support.";
} else {
install_error =
"Warning: Agent/Gateway " +
err_hostname +
" software update failed. Agent is running previous software. Contact Check Point support.";
}
corrupted_packages.insert(make_pair(package_name, package));
dbgWarning(D_ORCHESTRATOR) << "Failed to install package. Package: " << package_name;
auto orchestration_status = Singleton::Consume<I_OrchestrationStatus>::by<ManifestHandler>();
string err_hostname = (hostname.ok() ? "on host '" + *hostname : "'" + details->getAgentId()) + "'";
string install_error =
"Warning: Agent/Gateway " +
err_hostname +
" software update failed. Agent is running previous software. Contact Check Point support.";
if (orchestration_status->getManifestError().find("Gateway was not fully deployed") == string::npos) {
orchestration_status->setFieldStatus(
OrchestrationStatusFieldType::MANIFEST,
@@ -304,11 +225,80 @@ ManifestHandler::installPackages(
install_error
);
}
return false;
}
current_packages.insert(make_pair(package_name, package));
return self_update_status;
}
string packages_dir = getConfigurationWithDefault<string>(
"/etc/cp/packages",
"orchestration",
"Packages directory"
);
auto package_handler = Singleton::Consume<I_PackageHandler>::by<ManifestHandler>();
if (!package_handler->shouldInstallPackage(package_name, package_handler_path)) {
current_packages.insert(make_pair(package_name, package));
dbgInfo(D_ORCHESTRATOR)
<< "Skipping installation of new package with the same version as current. Package: "
<< package_name;
return true;
}
string current_installation_file = packages_dir + "/" + package_name + "/" + package_name;
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<ManifestHandler>();
bool is_clean_installation = !orchestration_tools->doesFileExist(current_installation_file);
bool current_result = true;
bool is_service = package.getType() == Package::PackageType::Service;
if (is_service) {
current_result = package_handler->preInstallPackage(package_name, package_handler_path);
}
current_result = current_result && package_handler->installPackage(
package_name,
package_handler_path,
false
);
if (current_result && is_service) {
current_result = package_handler->postInstallPackage(package_name, package_handler_path);
}
if (current_result && is_service) {
current_result = package_handler->updateSavedPackage(package_name, package_handler_path);
}
if (!current_result) {
auto agent_details = Singleton::Consume<I_AgentDetails>::by<ManifestHandler>();
auto hostname = Singleton::Consume<I_DetailsResolver>::by<ManifestHandler>()->getHostname();
string err_hostname = (hostname.ok() ? "on host '" + *hostname : "'" +agent_details->getAgentId()) + "'";
string install_error;
if (is_clean_installation) {
install_error =
"Critical Error: Agent/Gateway was not fully deployed " +
err_hostname +
" and is not enforcing a security policy. Retry installation or contact Check Point support.";
} else {
install_error =
"Warning: Agent/Gateway " +
err_hostname +
" software update failed. Agent is running previous software. Contact Check Point support.";
}
corrupted_packages.insert(make_pair(package_name, package));
dbgWarning(D_ORCHESTRATOR) << "Failed to install package. Package: " << package_name;
auto orchestration_status = Singleton::Consume<I_OrchestrationStatus>::by<ManifestHandler>();
if (orchestration_status->getManifestError().find("Gateway was not fully deployed") == string::npos) {
orchestration_status->setFieldStatus(
OrchestrationStatusFieldType::MANIFEST,
OrchestrationStatusResult::FAILED,
install_error
);
}
return false;
}
current_packages.insert(make_pair(package_name, package));
return true;
}

10
components/security_apps/orchestration/modules/modules_ut/package_ut.cc
View File

@@ -73,7 +73,7 @@ TEST_F(PackageTest, serializationFromString)
EXPECT_EQ("orchestration", package.getName());
EXPECT_EQ("c", package.getVersion());
EXPECT_EQ(Package::PackageType::Service, package.getType());
EXPECT_TRUE(package.isInstallable().ok());
EXPECT_TRUE(package.isInstallable());
}
TEST_F(PackageTest, writeAsJson)
@@ -86,7 +86,8 @@ TEST_F(PackageTest, writeAsJson)
" \"name\": \"orchestration\",\n"
" \"checksum-type\": \"sha1sum\",\n"
" \"checksum\": \"8d4a5709673a05b380ba7d6567e28910019118f5\",\n"
" \"package-type\": \"service\"\n"
" \"package-type\": \"service\",\n"
" \"status\": true\n"
"}";
Package package;
EXPECT_EQ(true, load(string_stream, package));
@@ -99,7 +100,7 @@ TEST_F(PackageTest, writeAsJson)
EXPECT_EQ("orchestration", package.getName());
EXPECT_EQ("c", package.getVersion());
EXPECT_EQ(Package::PackageType::Service, package.getType());
EXPECT_TRUE(package.isInstallable().ok());
EXPECT_TRUE(package.isInstallable());
write("service.json", package);
string data = readFile("service.json");
@@ -232,5 +233,6 @@ TEST_F(PackageTest, uninstallablePackage)
"}";
Package package;
EXPECT_TRUE(load(string_stream, package));
EXPECT_THAT(package.isInstallable(), IsError("This security app isn't valid for this agent"));
EXPECT_FALSE(package.isInstallable());
EXPECT_EQ(package.getErrorMessage(), "This security app isn't valid for this agent");
}

13
components/security_apps/orchestration/modules/package.cc
View File

@@ -59,9 +59,9 @@ Package::serialize(JSONOutputArchive & out_archive) const
out_archive(make_nvp("require", require_packages));
}
if (!installable.ok()) {
out_archive(make_nvp("status", installable.ok()));
out_archive(make_nvp("message", installable.getErr()));
out_archive(make_nvp("status", installable));
if (!installable) {
out_archive(make_nvp("message", error_message));
}
}
@@ -89,21 +89,18 @@ Package::serialize(JSONInputArchive & in_archive)
in_archive.setNextName(nullptr);
}
bool is_installable = true;
try {
in_archive(make_nvp("status", is_installable));
in_archive(make_nvp("status", installable));
} catch (...) {
in_archive.setNextName(nullptr);
}
if (!is_installable) {
string error_message;
if (!installable) {
try {
in_archive(make_nvp("message", error_message));
} catch (...) {
in_archive.setNextName(nullptr);
}
installable = genError(error_message);
}
for (auto &character : name) {

88
components/security_apps/orchestration/orchestration_comp.cc
View File

@@ -29,7 +29,6 @@
#include "service_controller.h"
#include "manifest_controller.h"
#include "url_parser.h"
#include "i_messaging.h"
#include "agent_details_report.h"
#include "maybe_res.h"
#include "customized_cereal_map.h"
@@ -227,7 +226,6 @@ private:
Maybe<OrchestrationPolicy> maybe_policy = genError("Empty policy");
string policy_version = "";
auto orchestration_policy_file = getPolicyConfigPath("orchestration", Config::ConfigFileType::Policy);
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<OrchestrationComp>();
if (orchestration_tools->doesFileExist(orchestration_policy_file)) {
maybe_policy = loadOrchestrationPolicy();
@@ -296,7 +294,10 @@ private:
}
}
if (declarative) Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>()->turnOnApplyPolicyFlag();
if (declarative) {
Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>()->turnOnApplyPolicyFlag();
}
return authentication_res;
}
@@ -769,13 +770,11 @@ private:
LogRest policy_update_message_client_rest(policy_update_message);
Singleton::Consume<I_Messaging>::by<OrchestrationComp>()->sendObjectWithPersistence(
policy_update_message_client_rest,
I_Messaging::Method::POST,
Singleton::Consume<I_Messaging>::by<OrchestrationComp>()->sendAsyncMessage(
HTTPMethod::POST,
"/api/v1/agents/events",
"",
true,
MessageTypeTag::REPORT
policy_update_message_client_rest,
MessageCategory::LOG
);
},
"Send policy update report"
@@ -1471,8 +1470,8 @@ private:
agent_data_report << AgentReportFieldWithLabel("isGwNotVsx", "true");
}
if (i_details_resolver->isVersionEqualOrAboveR8110()) {
agent_data_report << AgentReportFieldWithLabel("isVersionEqualOrAboveR8110", "true");
if (i_details_resolver->isVersionAboveR8110()) {
agent_data_report << AgentReportFieldWithLabel("isVersionAboveR8110", "true");
}
auto i_agent_details = Singleton::Consume<I_AgentDetails>::by<OrchestrationComp>();
@@ -1528,25 +1527,45 @@ private:
encryptToFile(data3, data_path + data6_file_name);
}
int
calcSleepInterval(int sleep_interval)
{
failure_count++;
int failure_multiplier = 1;
if (failure_count >= 10) {
failure_multiplier = 10;
} else if (failure_count >= 3) {
failure_multiplier = 2;
}
return sleep_interval * failure_multiplier;
}
void
run()
{
int sleep_interval = policy.getErrorSleepInterval();
Maybe<void> start_state(genError("Not running yet."));
while (!(start_state = start()).ok()) {
dbgDebug(D_ORCHESTRATOR) << "Orchestration not started yet. Status: " << start_state.getErr();
health_check_status_listener.setStatus(
HealthCheckStatus::UNHEALTHY,
OrchestrationStatusFieldType::REGISTRATION,
start_state.getErr()
);
sleep_interval = getConfigurationWithDefault<int>(
20,
30,
"orchestration",
"Default sleep interval"
);
sleep_interval = calcSleepInterval(sleep_interval);
dbgWarning(D_ORCHESTRATOR)
<< "Orchestration not started yet. Status: "
<< start_state.getErr()
<< " Next attempt to start the orchestration will be in: "
<< sleep_interval
<< " seconds";
Singleton::Consume<I_MainLoop>::by<OrchestrationComp>()->yield(seconds(sleep_interval));
}
failure_count = 0;
Singleton::Consume<I_MainLoop>::by<OrchestrationComp>()->yield(chrono::seconds(1));
@@ -1589,24 +1608,14 @@ private:
bool is_new_success = false;
while (true) {
static int failure_count = 0;
Singleton::Consume<I_Environment>::by<OrchestrationComp>()->startNewTrace(false);
if (shouldReportAgentDetailsMetadata()) {
reportAgentDetailsMetaData();
}
auto check_update_result = checkUpdate();
if (!check_update_result.ok()) {
failure_count++;
is_new_success = false;
sleep_interval = policy.getErrorSleepInterval();
int failure_multiplier = 1;
if (failure_count >= 10) {
failure_count = 10;
failure_multiplier = 10;
} else if (failure_count >= 3) {
failure_multiplier = 2;
}
sleep_interval *= failure_multiplier;
sleep_interval = calcSleepInterval(policy.getErrorSleepInterval());
dbgWarning(D_ORCHESTRATOR)
<< "Failed during check update from Fog. Error: "
<< check_update_result.getErr()
@@ -1690,13 +1699,11 @@ private:
if (email != "") registration_report << LogField("userDefinedId", email);
LogRest registration_report_rest(registration_report);
Singleton::Consume<I_Messaging>::by<OrchestrationComp>()->sendObjectWithPersistence(
registration_report_rest,
I_Messaging::Method::POST,
Singleton::Consume<I_Messaging>::by<OrchestrationComp>()->sendAsyncMessage(
HTTPMethod::POST,
"/api/v1/agents/events",
"",
true,
MessageTypeTag::REPORT
registration_report_rest,
MessageCategory::LOG
);
}
@@ -1764,6 +1771,7 @@ private:
{
auto agent_details = Singleton::Consume<I_AgentDetails>::by<OrchestrationComp>();
return
agent_details->getAccessToken().empty() ||
agent_details->getSSLFlag() != is_secure ||
!agent_details->getFogPort().ok() || agent_details->getFogPort().unpack() != port ||
!agent_details->getFogDomain().ok() || agent_details->getFogDomain().unpack() != fog;
@@ -1772,6 +1780,7 @@ private:
bool
updateFogAddress(const string &fog_addr)
{
dbgFlow(D_ORCHESTRATOR) << "Setting a fog address: " << fog_addr;
auto orch_status = Singleton::Consume<I_OrchestrationStatus>::by<OrchestrationComp>();
auto agent_details = Singleton::Consume<I_AgentDetails>::by<OrchestrationComp>();
auto orchestration_mode = getOrchestrationMode();
@@ -1783,7 +1792,7 @@ private:
if (agent_details->writeAgentDetails()) {
dbgDebug(D_ORCHESTRATOR) << "Agent details was successfully saved";
} else {
dbgWarning(D_COMMUNICATION) << "Failed to save agent details to a file";
dbgWarning(D_ORCHESTRATOR) << "Failed to save agent details to a file";
}
return true;
}
@@ -1803,16 +1812,12 @@ private:
auto message = Singleton::Consume<I_Messaging>::by<OrchestrationComp>();
if (!shouldReconnectToFog(
fog_domain,
fog_port,
encrypted_fog_connection
)) {
if (!shouldReconnectToFog(fog_domain, fog_port, encrypted_fog_connection)) {
dbgDebug(D_ORCHESTRATOR) << "Skipping reconnection to the Fog - Fog details did not change";
return true;
}
if (message->setActiveFog(fog_domain, fog_port, encrypted_fog_connection, MessageTypeTag::GENERIC)) {
if (message->setFogConnection(fog_domain, fog_port, encrypted_fog_connection, MessageCategory::GENERIC)) {
agent_details->setFogPort(fog_port);
agent_details->setFogDomain(fog_domain);
agent_details->setSSLFlag(encrypted_fog_connection);
@@ -1820,7 +1825,7 @@ private:
if (agent_details->writeAgentDetails()) {
dbgDebug(D_ORCHESTRATOR) << "Agent details was successfully saved";
} else {
dbgWarning(D_COMMUNICATION) << "Failed to save agent details to a file";
dbgWarning(D_ORCHESTRATOR) << "Failed to save agent details to a file";
}
auto update_communication = Singleton::Consume<I_UpdateCommunication>::by<OrchestrationComp>();
@@ -1894,7 +1899,11 @@ private:
auto result = i_shell_cmd->getExecOutput(openssl_dir_cmd);
if (result.ok()) {
string val_openssl_dir = result.unpack();
if (val_openssl_dir.empty()) return;
if (val_openssl_dir.empty()) {
dbgWarning(D_ORCHESTRATOR)
<< "Failed to load OpenSSL default certificate authority. Error: no OpenSSL directory found";
return;
}
if (val_openssl_dir.back() == '\n') val_openssl_dir.pop_back();
dbgTrace(D_ORCHESTRATOR)
<< "Adding OpenSSL default directory to agent details. Directory: "
@@ -1953,6 +1962,7 @@ private:
};
const uint16_t default_fog_dport = 443;
int failure_count = 0;
OrchestrationPolicy policy;
HealthCheckStatusListener health_check_status_listener;
HybridModeMetric hybrid_mode_metric;

22
components/security_apps/orchestration/orchestration_tools/orchestration_tools.cc
View File

@@ -147,21 +147,21 @@ getNamespaceDataFromCluster(const string &path)
{
NamespaceData name_space;
string token = Singleton::Consume<I_EnvDetails>::by<OrchestrationTools>()->getToken();
Flags<MessageConnConfig> conn_flags;
conn_flags.setFlag(MessageConnConfig::SECURE_CONN);
conn_flags.setFlag(MessageConnConfig::IGNORE_SSL_VALIDATION);
auto messaging = Singleton::Consume<I_Messaging>::by<OrchestrationTools>();
bool res = messaging->sendObject(
name_space,
I_Messaging::Method::GET,
"kubernetes.default.svc",
443,
conn_flags,
MessageMetadata get_ns_md("kubernetes.default.svc", 443);
get_ns_md.insertHeader("Authorization", "Bearer " + token);
get_ns_md.insertHeader("Connection", "close");
get_ns_md.setConnectioFlag(MessageConnectionConfig::IGNORE_SSL_VALIDATION);
auto res = messaging->sendSyncMessage(
HTTPMethod::GET,
path,
"Authorization: Bearer " + token + "\nConnection: close"
name_space,
MessageCategory::GENERIC,
get_ns_md
);
if (res) return name_space;
if (res.ok()) return name_space;
return genError(string("Was not able to get object form k8s cluser in path: " + path));
}

14
components/security_apps/orchestration/orchestration_tools/orchestration_tools_ut/orchestration_tools_ut.cc
View File

@@ -90,19 +90,15 @@ TEST_F(OrchestrationToolsTest, getClusterId)
string namespaces = getResource("k8s_namespaces.json");
EXPECT_CALL(
mock_messaging,
sendMessage(
true,
"",
I_Messaging::Method::GET,
"kubernetes.default.svc",
443,
_,
sendSyncMessage(
HTTPMethod::GET,
"/api/v1/namespaces/",
"Authorization: Bearer 123\nConnection: close",
_,
_,
_
)
).WillRepeatedly(Return(Maybe<string>(namespaces)));
).WillOnce(Return(HTTPResponse(HTTPStatusCode::HTTP_OK, namespaces)));
i_orchestration_tools->getClusterId();
routine();
}

5
components/security_apps/orchestration/orchestration_ut/orchestration_multitenant_ut.cc
View File

@@ -110,7 +110,7 @@ public:
EXPECT_CALL(mock_details_resolver, isReverseProxy()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, isKernelVersion3OrHigher()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, isGwNotVsx()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, isVersionEqualOrAboveR8110()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, isVersionAboveR8110()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, parseNginxMetadata()).WillRepeatedly(Return(no_nginx));
EXPECT_CALL(mock_details_resolver, getAgentVersion()).WillRepeatedly(Return("1.1.1"));
@@ -250,7 +250,8 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource)
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, readFile(orchestration_policy_file_path)).WillOnce(Return(response));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC))
.WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion(""));
EXPECT_CALL(mock_update_communication, authenticateAgent()).WillOnce(Return(Maybe<void>()));
EXPECT_CALL(mock_manifest_controller, loadAfterSelfUpdate()).WillOnce(Return(false));

45
components/security_apps/orchestration/orchestration_ut/orchestration_ut.cc
View File

@@ -85,15 +85,13 @@ public:
mockRestCall(RestAction::SET, "agent-uninstall", _)
).WillOnce(WithArg<2>(Invoke(this, &OrchestrationTest::restHandlerAgentUninstall)));
EXPECT_CALL(mock_message, mockSendPersistentMessage(
false,
_,
I_Messaging::Method::POST,
EXPECT_CALL(mock_message, sendAsyncMessage(
HTTPMethod::POST,
"/api/v1/agents/events",
_,
_,
MessageTypeTag::REPORT
)).WillRepeatedly(DoAll(SaveArg<1>(&message_body), Return(Maybe<string>(string("")))));
MessageCategory::LOG,
_
)).WillRepeatedly(SaveArg<2>(&message_body));
doEncrypt();
EXPECT_CALL(mock_orchestration_tools, loadTenantsFromDir(_)).Times(1);
@@ -137,7 +135,7 @@ public:
EXPECT_CALL(mock_details_resolver, isReverseProxy()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, isKernelVersion3OrHigher()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, isGwNotVsx()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, isVersionEqualOrAboveR8110()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, isVersionAboveR8110()).WillRepeatedly(Return(false));
EXPECT_CALL(mock_details_resolver, parseNginxMetadata()).WillRepeatedly(Return(no_nginx));
EXPECT_CALL(mock_details_resolver, getAgentVersion()).WillRepeatedly(Return("1.1.1"));
EXPECT_CALL(mock_details_resolver, getHostname()).WillRepeatedly(Return(string("hostname")));
@@ -505,7 +503,7 @@ TEST_F(OrchestrationTest, check_sending_registration_data)
EXPECT_CALL(mock_orchestration_tools, readFile(_)).WillOnce(Return(response));
EXPECT_CALL(mock_service_controller, updateServiceConfiguration(_, _, _, _, _, _))
.WillOnce(Return(Maybe<void>()));
EXPECT_CALL(mock_message, setActiveFog(_, _, _, _)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setFogConnection(_, _, _, _)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(_, _)).WillRepeatedly(Return(string()));
EXPECT_CALL(mock_service_controller, getPolicyVersion()).WillRepeatedly(ReturnRef(first_policy_version));
EXPECT_CALL(mock_shell_cmd, getExecOutput(_, _, _)).WillRepeatedly(Return(string()));
@@ -630,7 +628,7 @@ TEST_F(OrchestrationTest, orchestrationPolicyUpdatRollback)
.WillOnce(Return(policy_response));
EXPECT_CALL(mock_orchestration_tools, copyFile(new_policy_path, policy_file_path + ".last"))
.WillOnce(Return(true));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC))
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC))
.Times(2).WillRepeatedly(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion("")).Times(2);
EXPECT_CALL(mock_update_communication, authenticateAgent()).WillOnce(Return(Maybe<void>()));
@@ -699,7 +697,7 @@ TEST_F(OrchestrationTest, orchestrationPolicyUpdatRollback)
EXPECT_CALL(
mock_message,
setActiveFog(new_host_address, 443, true, MessageTypeTag::GENERIC)
setFogConnection(new_host_address, 443, true, MessageCategory::GENERIC)
).WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion("/test"));
EXPECT_CALL(mock_status, setLastUpdateAttempt());
@@ -829,7 +827,8 @@ TEST_F(OrchestrationTest, orchestrationPolicyUpdate)
.WillOnce(Return(new_policy_response));
EXPECT_CALL(mock_orchestration_tools, copyFile(new_policy_path, policy_file_path + ".last"))
.WillOnce(Return(true));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC))
.WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion(""));
EXPECT_CALL(mock_update_communication, authenticateAgent()).WillOnce(Return(Maybe<void>()));
expectDetailsResolver();
@@ -892,7 +891,7 @@ TEST_F(OrchestrationTest, orchestrationPolicyUpdate)
EXPECT_CALL(
mock_message,
setActiveFog(new_host_address, 443, true, MessageTypeTag::GENERIC)
setFogConnection(new_host_address, 443, true, MessageCategory::GENERIC)
).WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion("/test"));
EXPECT_CALL(mock_status, setLastUpdateAttempt());
@@ -989,7 +988,8 @@ TEST_F(OrchestrationTest, startOrchestrationPoliceWithFailures)
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "", "", _)
).Times(2).WillRepeatedly(Return(Maybe<void>()));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC))
.WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion(""));
EXPECT_CALL(mock_update_communication, authenticateAgent()).WillOnce(Return(Maybe<void>()));
expectDetailsResolver();
@@ -1117,7 +1117,8 @@ TEST_F(OrchestrationTest, loadOrchestrationPolicyFromBackup)
mock_orchestration_tools,
copyFile(orchestration_policy_file_path_bk, orchestration_policy_file_path)
).WillOnce(Return(true));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC))
.WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion(""));
EXPECT_CALL(mock_update_communication, authenticateAgent()).WillOnce(Return(Maybe<void>()));
expectDetailsResolver();
@@ -1245,7 +1246,8 @@ TEST_F(OrchestrationTest, manifestUpdate)
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, readFile(orchestration_policy_file_path)).WillOnce(Return(response));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC))
.WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion(""));
EXPECT_CALL(mock_update_communication, authenticateAgent()).WillOnce(Return(Maybe<void>()));
expectDetailsResolver();
@@ -1381,7 +1383,8 @@ TEST_F(OrchestrationTest, getBadPolicyUpdate)
EXPECT_CALL(mock_orchestration_tools, readFile(orchestration_policy_file_path)).WillOnce(Return(response));
EXPECT_CALL(mock_orchestration_tools, copyFile(new_policy_path, policy_file_path + ".last"))
.WillOnce(Return(true));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC))
.WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion(""));
EXPECT_CALL(mock_update_communication, authenticateAgent()).WillOnce(Return(Maybe<void>()));
@@ -1527,7 +1530,8 @@ TEST_F(OrchestrationTest, failedDownloadSettings)
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_orchestration_tools, readFile(orchestration_policy_file_path)).WillOnce(Return(response));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC))
.WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion(""));
EXPECT_CALL(mock_update_communication, authenticateAgent()).WillOnce(Return(Maybe<void>()));
@@ -1679,7 +1683,7 @@ TEST_P(OrchestrationTest, orchestrationFirstRun)
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_file_path)).WillOnce(Return(false));
EXPECT_CALL(mock_orchestration_tools, readFile(orchestration_policy_file_path))
.WillOnce(Return(response));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC)).
Times(1).
WillRepeatedly(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion(""));
@@ -1929,7 +1933,8 @@ TEST_F(OrchestrationTest, dataUpdate)
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_file_path)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).WillOnce(Return(true));
EXPECT_CALL(mock_message, setFogConnection(host_address, 443, true, MessageCategory::GENERIC))
.WillOnce(Return(true));
EXPECT_CALL(mock_update_communication, setAddressExtenesion(""));
EXPECT_CALL(mock_update_communication, authenticateAgent()).WillOnce(Return(Maybe<void>()));
EXPECT_CALL(mock_manifest_controller, loadAfterSelfUpdate()).WillOnce(Return(false));

65
components/security_apps/orchestration/service_controller/service_controller.cc
View File

@@ -17,12 +17,13 @@
#include <algorithm>
#include <sstream>
#include <unistd.h>
#include <boost/uuid/uuid_generators.hpp>
#include <boost/uuid/uuid_io.hpp>
#include "config.h"
#include "debug.h"
#include "rest.h"
#include "connkey.h"
#include "i_messaging.h"
#include "common.h"
#include "log_generator.h"
#include "i_orchestration_tools.h"
@@ -165,7 +166,7 @@ ServiceDetails::isServiceActive() const
bool is_registered = status.find("not-registered") == string::npos && status.find("registered") != string::npos;
bool is_running = status.find("not-running") == string::npos && status.find("running") != string::npos;
dbgInfo(D_ORCHESTRATOR)
dbgTrace(D_ORCHESTRATOR)
<< "Successfully set service status. Service name: "
<< service_name
<< ", Status: "
@@ -195,19 +196,25 @@ ServiceDetails::sendNewConfigurations(int configuration_id, const string &policy
SendConfigurations new_config(configuration_id, policy_version);
I_Messaging *messaging = Singleton::Consume<I_Messaging>::by<ServiceController>();
Flags<MessageConnConfig> conn_flags;
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
bool res = messaging->sendObject(
MessageMetadata new_config_req_md("127.0.0.1", service_port);
new_config_req_md.setConnectioFlag(MessageConnectionConfig::ONE_TIME_CONN);
new_config_req_md.setConnectioFlag(MessageConnectionConfig::UNSECURE_CONN);
auto res = messaging->sendSyncMessage(
HTTPMethod::POST,
"/set-new-configuration",
new_config,
I_Messaging::Method::POST,
"127.0.0.1",
service_port,
conn_flags,
"/set-new-configuration"
MessageCategory::GENERIC,
new_config_req_md
);
if (!res) {
dbgDebug(D_ORCHESTRATOR) << "Service " << service_name << " didn't respond to new configuration request";
if (!res.ok()) {
auto err = res.getErr();
dbgDebug(D_ORCHESTRATOR)
<< "Service: "
<< service_name
<< " didn't get new configuration. Error: "
<< err.getBody();
return ReconfStatus::FAILED;
}
@@ -322,7 +329,7 @@ private:
Maybe<void> updateServiceConfigurationFile(
const string &configuration_name,
const string &configuration_file_path,
const string &new_configuration_path);
const string &new_configuration);
ReconfStatus getUpdatedReconfStatus();
Maybe<ServiceDetails> getServiceDetails(const string &service_name);
@@ -694,6 +701,26 @@ ServiceController::Impl::createDirectoryForChildTenant(
return true;
}
static string
getChecksum(const string &file_path)
{
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<ServiceController>();
Maybe<string> file_checksum = orchestration_tools->calculateChecksum(
Package::ChecksumTypes::MD5,
file_path
);
if (file_checksum.ok()) return file_checksum.unpack();
string checksum = "unknown version";
try {
checksum = to_string(boost::uuids::random_generator()());
} catch (const boost::uuids::entropy_error &e) {
dbgDebug(D_ORCHESTRATOR) << "Couldn't generate random checksum";
}
return checksum;
}
Maybe<void>
ServiceController::Impl::updateServiceConfiguration(
const string &new_policy_path,
@@ -869,7 +896,8 @@ ServiceController::Impl::updateServiceConfiguration(
// In a multi-tenant env, we send the signal to the services only on the last iteration
if (!is_multi_tenant_env || last_iteration) {
auto is_send_signal_for_services = sendSignalForServices(nano_services_to_update, version_value);
auto is_send_signal_for_services =
sendSignalForServices(nano_services_to_update, version_value + ',' + getChecksum(new_policy_path));
was_policy_updated &= is_send_signal_for_services.ok();
if (!is_send_signal_for_services.ok()) send_signal_for_services_err = is_send_signal_for_services.getErr();
}
@@ -1003,21 +1031,20 @@ Maybe<void>
ServiceController::Impl::updateServiceConfigurationFile(
const string &configuration_name,
const string &configuration_file_path,
const string &new_configuration_path)
const string &new_configuration)
{
dbgFlow(D_ORCHESTRATOR) << "Updating configuration. Config Name: " << configuration_name;
if (orchestration_tools->doesFileExist(configuration_file_path)) {
Maybe<string> old_configuration = orchestration_tools->readFile(configuration_file_path);
if (old_configuration.ok()) {
bool service_changed = old_configuration.unpack().compare(new_configuration_path) != 0;
bool service_changed = old_configuration.unpack().compare(new_configuration) != 0;
if (service_changed == false) {
dbgDebug(D_ORCHESTRATOR) << "There is no update for policy file: " << configuration_file_path;
return Maybe<void>();
}
dbgDebug(D_ORCHESTRATOR)
<< "Starting to update " << configuration_file_path << " to " << new_configuration_path;
<< "Starting to update " << configuration_file_path << " to " << new_configuration;
string old_configuration_backup_path = configuration_file_path + getConfigurationWithDefault<string>(
".bk",
"orchestration",
@@ -1045,7 +1072,7 @@ ServiceController::Impl::updateServiceConfigurationFile(
}
}
if (orchestration_tools->writeFile(new_configuration_path, configuration_file_path)) {
if (orchestration_tools->writeFile(new_configuration, configuration_file_path)) {
dbgDebug(D_ORCHESTRATOR) << "New policy file has been saved in: " << configuration_file_path;
} else {
dbgWarning(D_ORCHESTRATOR) << "Failed to save new policy file";

51
components/security_apps/orchestration/update_communication/fog_authenticator.cc
View File

@@ -17,6 +17,7 @@
#include "log_generator.h"
#include "agent_details.h"
#include "version.h"
#include "i_messaging.h"
#include <algorithm>
#include <map>
@@ -24,7 +25,6 @@
using namespace std;
using namespace cereal;
using HTTPMethod = I_Messaging::Method;
USE_DEBUG_FLAG(D_ORCHESTRATOR);
@@ -141,7 +141,7 @@ FogAuthenticator::registerAgent(
const string &platform,
const string &architecture) const
{
dbgInfo(D_ORCHESTRATOR) << "Starting agent registration to fog";
dbgFlow(D_ORCHESTRATOR) << "Starting agent registration to fog";
auto details_resolver = Singleton::Consume<I_DetailsResolver>::by<FogAuthenticator>();
RegistrationRequest request(
@@ -201,8 +201,8 @@ FogAuthenticator::registerAgent(
request << make_pair("isGwNotVsx", "true");
}
if (details_resolver->isVersionEqualOrAboveR8110()) {
request << make_pair("isVersionEqualOrAboveR8110", "true");
if (details_resolver->isVersionAboveR8110()) {
request << make_pair("isVersionAboveR8110", "true");
}
#if defined(gaia) || defined(smb)
@@ -214,8 +214,13 @@ FogAuthenticator::registerAgent(
}
#endif // gaia || smb
auto fog_messaging = Singleton::Consume<I_Messaging>::by<FogAuthenticator>();
if (fog_messaging->sendObject(request, HTTPMethod::POST, fog_address_ex + "/agents")) {
dbgDebug(D_ORCHESTRATOR) << "Sending registration request to fog";
auto request_status = Singleton::Consume<I_Messaging>::by<FogAuthenticator>()->sendSyncMessage(
HTTPMethod::POST,
"/agents",
request
);
if (request_status.ok()) {
dbgDebug(D_ORCHESTRATOR) << "Agent has registered successfully.";
i_agent_details->setAgentId(request.getAgentId());
i_agent_details->setProfileId(request.getProfileId());
@@ -236,7 +241,12 @@ FogAuthenticator::registerAgent(
ReportIS::Tags::ORCHESTRATOR
);
return genError("Failed to register agent with the Fog");
return genError(
"Failed to register agent with the Fog. " +
request_status.getErr().getBody() +
" " +
request_status.getErr().toString()
);
}
Maybe<FogAuthenticator::AccessToken>
@@ -246,15 +256,20 @@ FogAuthenticator::getAccessToken(const UserCredentials &user_credentials) const
static const string grant_type_string = "/oauth/token?grant_type=client_credentials";
TokenRequest request = TokenRequest();
auto fog_messaging = Singleton::Consume<I_Messaging>::by<FogAuthenticator>();
auto sending_result = fog_messaging->sendObject(
request,
HTTPMethod::POST,
fog_address_ex + grant_type_string,
MessageMetadata request_token_md;
request_token_md.insertHeader(
"Authorization",
buildBasicAuthHeader(user_credentials.getClientId(), user_credentials.getSharedSecret())
);
auto request_token_status = Singleton::Consume<I_Messaging>::by<FogAuthenticator>()->sendSyncMessage(
HTTPMethod::POST,
grant_type_string,
request,
MessageCategory::GENERIC,
request_token_md
);
if (sending_result) {
if (request_token_status.ok()) {
auto data_path = getConfigurationWithDefault<string>(
filesystem_prefix + "/data/",
"encryptor",
@@ -371,6 +386,7 @@ FogAuthenticator::getCredentials()
return maybe_credentials;
}
dbgTrace(D_ORCHESTRATOR) << "Credentials were not not receoived from the file. Getting registration data.";
auto reg_data = getRegistrationData();
if (!reg_data.ok()) {
return genError("Failed to load a valid registration token, Error: " + reg_data.getErr());
@@ -436,13 +452,7 @@ FogAuthenticator::buildBasicAuthHeader(const string &username, const string &pas
{
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<FogAuthenticator>();
auto auth_encode = orchestration_tools->base64Encode(username + ":" + pass);
return "Authorization: Basic " + auth_encode + "\r\n";
}
string
FogAuthenticator::buildOAuth2Header(const string &token) const
{
return "Authorization: Bearer " + token + "\r\n";
return "Basic " + auth_encode;
}
void
@@ -455,6 +465,7 @@ FogAuthenticator::setAddressExtenesion(const std::string &extension)
Maybe<void>
FogAuthenticator::authenticateAgent()
{
dbgFlow(D_ORCHESTRATOR) << "Authenticating the agent";
const int min_expiration_time = 10;
if (!credentials.ok()) {
dbgDebug(D_ORCHESTRATOR) << "Getting Agent credentials.";

44
components/security_apps/orchestration/update_communication/fog_communication.cc
View File

@@ -24,7 +24,6 @@
using namespace std;
using namespace cereal;
using HTTPMethod = I_Messaging::Method;
USE_DEBUG_FLAG(D_ORCHESTRATOR);
@@ -43,16 +42,16 @@ FogCommunication::getUpdate(CheckUpdateRequest &request)
auto unpacked_access_token = access_token.unpack().getToken();
static const string check_update_str = "/api/v2/agents/resources";
auto request_status = Singleton::Consume<I_Messaging>::by<FogCommunication>()->sendObject(
request,
auto response = Singleton::Consume<I_Messaging>::by<FogCommunication>()->sendSyncMessage(
HTTPMethod::POST,
fog_address_ex + check_update_str,
buildOAuth2Header(unpacked_access_token)
check_update_str,
request
);
if (!request_status) {
dbgDebug(D_ORCHESTRATOR) << "Failed to get response after check update request.";
return genError("Failed to request updates");
if (!response.ok()) {
const auto &fog_err = response.getErr();
dbgDebug(D_ORCHESTRATOR) << "Check update request fail. Error: " << fog_err.getBody();
return genError(fog_err.getBody());
}
string policy_mgmt_mode = getSettingWithDefault<string>("management", "profileManagedMode");
@@ -93,7 +92,7 @@ FogCommunication::getUpdate(CheckUpdateRequest &request)
}
Maybe<string>
FogCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
FogCommunication::downloadAttributeFile(const GetResourceFile &resourse_file, const string &file_path)
{
if (!access_token.ok()) return genError("Acccess Token not available.");
@@ -105,27 +104,34 @@ FogCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
return i_declarative_policy->getCurrPolicy();
}
static const string file_attribute_str = "/api/v2/agents/resources/";
Maybe<string> attribute_file = Singleton::Consume<I_Messaging>::by<FogCommunication>()->downloadFile(
resourse_file,
resourse_file.getRequestMethod(),
fog_address_ex + file_attribute_str + resourse_file.getFileName(),
buildOAuth2Header(unpacked_access_token) // Header
);
return attribute_file;
auto attribute_file = Singleton::Consume<I_Messaging>::by<FogCommunication>()->downloadFile(
resourse_file.getRequestMethod(),
file_attribute_str + resourse_file.getFileName(),
file_path
);
if (!attribute_file.ok()) {
const auto &fog_err = attribute_file.getErr();
return genError(fog_err.getBody());
}
return file_path;
}
Maybe<void>
FogCommunication::sendPolicyVersion(const string &policy_version, const string &policy_versions) const
{
PolicyVersionPatchRequest request(policy_version, policy_versions);
auto fog_messaging = Singleton::Consume<I_Messaging>::by<FogCommunication>();
dbgTrace(D_ORCHESTRATOR)
<< "Sending patch request to the fog. Policy version: "
<< policy_version
<< " , Policy versions: "
<< policy_versions;
if (fog_messaging->sendNoReplyObject(request, HTTPMethod::PATCH, fog_address_ex + "/agents")) {
PolicyVersionPatchRequest request(policy_version, policy_versions);
auto request_status = Singleton::Consume<I_Messaging>::by<FogCommunication>()->sendSyncMessageWithoutResponse(
HTTPMethod::PATCH,
"/agents",
request
);
if (request_status) {
dbgTrace(D_ORCHESTRATOR)
<< "Patch request was sent successfully to the fog."
<< " Policy versions: "

68
components/security_apps/orchestration/update_communication/hybrid_communication.cc
View File

@@ -24,7 +24,6 @@
#include <vector>
using namespace std;
using HTTPMethod = I_Messaging::Method;
USE_DEBUG_FLAG(D_ORCHESTRATOR);
@@ -51,16 +50,17 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
dbgTrace(D_ORCHESTRATOR) << "Getting updates in Hybrid Communication";
if (access_token.ok()) {
static const string check_update_str = "/api/v2/agents/resources";
auto request_status = Singleton::Consume<I_Messaging>::by<HybridCommunication>()->sendObject(
request,
auto request_status = Singleton::Consume<I_Messaging>::by<HybridCommunication>()->sendSyncMessage(
HTTPMethod::POST,
fog_address_ex + check_update_str,
buildOAuth2Header((*access_token).getToken())
check_update_str,
request
);
if (!request_status) {
dbgWarning(D_ORCHESTRATOR) << "Failed to get response after check update request.";
return genError("Failed to request updates");
if (!request_status.ok()) {
auto fog_err = request_status.getErr();
dbgDebug(D_ORCHESTRATOR) << "Check update request fail. Error: " << fog_err.getBody();
return genError(fog_err.getBody());
}
Maybe<string> maybe_new_manifest = request.getManifest();
@@ -82,14 +82,6 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
if (env == EnvType::K8S && !policy_response.empty()) {
dbgDebug(D_ORCHESTRATOR) << "Policy has changes, sending notification to tuning host";
I_AgentDetails *agentDetails = Singleton::Consume<I_AgentDetails>::by<HybridCommunication>();
I_Messaging *messaging = Singleton::Consume<I_Messaging>::by<HybridCommunication>();
UpdatePolicyCrdObject policy_change_object(policy_response);
Flags<MessageConnConfig> conn_flags;
conn_flags.setFlag(MessageConnConfig::EXTERNAL);
string tenant_header = "X-Tenant-Id: " + agentDetails->getTenantId();
auto get_tuning_host = []()
{
@@ -107,18 +99,22 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
return tuning_host;
};
bool ok = messaging->sendNoReplyObject(
policy_change_object,
I_Messaging::Method::POST,
get_tuning_host(),
80,
conn_flags,
MessageMetadata update_policy_crd_md(get_tuning_host(), 80);
update_policy_crd_md.insertHeader("X-Tenant-Id", agentDetails->getTenantId());
UpdatePolicyCrdObject policy_change_object(policy_response);
auto i_messaging = Singleton::Consume<I_Messaging>::by<HybridCommunication>();
bool tuning_req_status = i_messaging->sendSyncMessageWithoutResponse(
HTTPMethod::POST,
"/api/update-policy-crd",
tenant_header
policy_change_object,
MessageCategory::GENERIC,
update_policy_crd_md
);
dbgDebug(D_ORCHESTRATOR) << "sent tuning policy update notification ok: " << ok;
if (!ok) {
dbgWarning(D_ORCHESTRATOR) << "failed to send tuning notification";
if (!tuning_req_status) {
dbgWarning(D_ORCHESTRATOR) << "Failed to send tuning notification";
} else {
dbgDebug(D_ORCHESTRATOR) << "Successfully sent tuning policy update notification";
}
}
@@ -128,14 +124,17 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
}
Maybe<string>
HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file, const string &file_path)
{
dbgTrace(D_ORCHESTRATOR)
<< "Downloading attribute file on hybrid mode, file name: "
<< resourse_file.getFileName();
if (resourse_file.getFileName() =="policy") {
return i_declarative_policy->getCurrPolicy();
string downloaded_file = i_declarative_policy->getCurrPolicy();
auto *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<HybridCommunication>();
if (orchestration_tools->writeFile(downloaded_file, file_path)) return downloaded_file;
return genError("Failed to write the attribute file in hybrid mode. File: " + downloaded_file);
}
if (resourse_file.getFileName() == "manifest") {
if (!access_token.ok()) return genError("Acccess Token not available.");
@@ -143,13 +142,16 @@ HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
auto unpacked_access_token = access_token.unpack().getToken();
static const string file_attribute_str = "/api/v2/agents/resources/";
Maybe<string> attribute_file = Singleton::Consume<I_Messaging>::by<HybridCommunication>()->downloadFile(
resourse_file,
auto attribute_file = Singleton::Consume<I_Messaging>::by<HybridCommunication>()->downloadFile(
resourse_file.getRequestMethod(),
fog_address_ex + file_attribute_str + resourse_file.getFileName(),
buildOAuth2Header((*access_token).getToken()) // Header
file_attribute_str + resourse_file.getFileName(),
file_path
);
return attribute_file;
if (!attribute_file.ok()) {
auto fog_err = attribute_file.getErr();
return genError(fog_err.getBody());
}
return file_path;
}
dbgTrace(D_ORCHESTRATOR) << "Unnecessary attribute files downloading on hybrid mode";
return string("");

7
components/security_apps/orchestration/update_communication/local_communication.cc
View File

@@ -122,9 +122,14 @@ LocalCommunication::getUpdate(CheckUpdateRequest &request)
}
Maybe<string>
LocalCommunication::downloadAttributeFile(const GetResourceFile &resource_file)
LocalCommunication::downloadAttributeFile(const GetResourceFile &resource_file, const string &file_path)
{
auto file_name = resource_file.getFileName();
dbgTrace(D_ORCHESTRATOR)
<< "Download "
<< file_name
<< " file in local communication, file path is redundant: "
<< file_path;
I_OrchestrationTools *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<LocalCommunication>();
if (file_name.compare("policy") == 0) {

4
components/security_apps/orchestration/update_communication/update_communication.cc
View File

@@ -82,9 +82,9 @@ public:
}
Maybe<string>
downloadAttributeFile(const GetResourceFile &resourse_file) override
downloadAttributeFile(const GetResourceFile &resourse_file, const string &file_path) override
{
return i_update_comm_impl->downloadAttributeFile(resourse_file);
return i_update_comm_impl->downloadAttributeFile(resourse_file, file_path);
}
void

6
components/security_apps/orchestration/update_communication/update_communication_ut/local_communication_ut.cc
View File

@@ -45,9 +45,9 @@ public:
}
Maybe<string>
downloadAttributeFile(const GetResourceFile &resourse_file)
downloadAttributeFile(const GetResourceFile &resourse_file, const string &file_path)
{
return local_communication.downloadAttributeFile(resourse_file);
return local_communication.downloadAttributeFile(resourse_file, file_path);
}
void
@@ -127,7 +127,7 @@ TEST_F(LocalCommunicationTest, downloadManifest)
string new_manifest_string = "new manifest";
EXPECT_CALL(mock_orc_tools, readFile("/etc/cp/conf/offline_manifest.json")).WillOnce(Return(new_manifest_string));
GetResourceFile resourse_file(GetResourceFile::ResourceFileType::MANIFEST);
auto downloaded_string = downloadAttributeFile(resourse_file);
auto downloaded_string = downloadAttributeFile(resourse_file, "/tmp/orch_files");
EXPECT_TRUE(downloaded_string.ok());
EXPECT_EQ(downloaded_string.unpack(), new_manifest_string);
}