github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-29 19:24:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

Jan_31_2024-Dev

Browse Source
This commit is contained in:
Ned Wright
2024-01-31 17:34:53 +00:00
parent 752a5785f0
commit 6d67818a94
376 changed files with 8101 additions and 7064 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
components/security_apps/orchestration/update_communication/fog_authenticator.cc
View File

@@ -17,6 +17,7 @@
#include "log_generator.h"
#include "agent_details.h"
#include "version.h"
#include "i_messaging.h"
#include <algorithm>
#include <map>
@@ -24,7 +25,6 @@
using namespace std;
using namespace cereal;
using HTTPMethod = I_Messaging::Method;
USE_DEBUG_FLAG(D_ORCHESTRATOR);
@@ -141,7 +141,7 @@ FogAuthenticator::registerAgent(
const string &platform,
const string &architecture) const
{
dbgInfo(D_ORCHESTRATOR) << "Starting agent registration to fog";
dbgFlow(D_ORCHESTRATOR) << "Starting agent registration to fog";
auto details_resolver = Singleton::Consume<I_DetailsResolver>::by<FogAuthenticator>();
RegistrationRequest request(
@@ -201,8 +201,8 @@ FogAuthenticator::registerAgent(
request << make_pair("isGwNotVsx", "true");
}
if (details_resolver->isVersionEqualOrAboveR8110()) {
request << make_pair("isVersionEqualOrAboveR8110", "true");
if (details_resolver->isVersionAboveR8110()) {
request << make_pair("isVersionAboveR8110", "true");
}
#if defined(gaia) || defined(smb)
@@ -214,8 +214,13 @@ FogAuthenticator::registerAgent(
}
#endif // gaia || smb
auto fog_messaging = Singleton::Consume<I_Messaging>::by<FogAuthenticator>();
if (fog_messaging->sendObject(request, HTTPMethod::POST, fog_address_ex + "/agents")) {
dbgDebug(D_ORCHESTRATOR) << "Sending registration request to fog";
auto request_status = Singleton::Consume<I_Messaging>::by<FogAuthenticator>()->sendSyncMessage(
HTTPMethod::POST,
"/agents",
request
);
if (request_status.ok()) {
dbgDebug(D_ORCHESTRATOR) << "Agent has registered successfully.";
i_agent_details->setAgentId(request.getAgentId());
i_agent_details->setProfileId(request.getProfileId());
@@ -236,7 +241,12 @@ FogAuthenticator::registerAgent(
ReportIS::Tags::ORCHESTRATOR
);
return genError("Failed to register agent with the Fog");
return genError(
"Failed to register agent with the Fog. " +
request_status.getErr().getBody() +
" " +
request_status.getErr().toString()
);
}
Maybe<FogAuthenticator::AccessToken>
@@ -246,15 +256,20 @@ FogAuthenticator::getAccessToken(const UserCredentials &user_credentials) const
static const string grant_type_string = "/oauth/token?grant_type=client_credentials";
TokenRequest request = TokenRequest();
auto fog_messaging = Singleton::Consume<I_Messaging>::by<FogAuthenticator>();
auto sending_result = fog_messaging->sendObject(
request,
HTTPMethod::POST,
fog_address_ex + grant_type_string,
MessageMetadata request_token_md;
request_token_md.insertHeader(
"Authorization",
buildBasicAuthHeader(user_credentials.getClientId(), user_credentials.getSharedSecret())
);
auto request_token_status = Singleton::Consume<I_Messaging>::by<FogAuthenticator>()->sendSyncMessage(
HTTPMethod::POST,
grant_type_string,
request,
MessageCategory::GENERIC,
request_token_md
);
if (sending_result) {
if (request_token_status.ok()) {
auto data_path = getConfigurationWithDefault<string>(
filesystem_prefix + "/data/",
"encryptor",
@@ -371,6 +386,7 @@ FogAuthenticator::getCredentials()
return maybe_credentials;
}
dbgTrace(D_ORCHESTRATOR) << "Credentials were not not receoived from the file. Getting registration data.";
auto reg_data = getRegistrationData();
if (!reg_data.ok()) {
return genError("Failed to load a valid registration token, Error: " + reg_data.getErr());
@@ -436,13 +452,7 @@ FogAuthenticator::buildBasicAuthHeader(const string &username, const string &pas
{
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<FogAuthenticator>();
auto auth_encode = orchestration_tools->base64Encode(username + ":" + pass);
return "Authorization: Basic " + auth_encode + "\r\n";
}
string
FogAuthenticator::buildOAuth2Header(const string &token) const
{
return "Authorization: Bearer " + token + "\r\n";
return "Basic " + auth_encode;
}
void
@@ -455,6 +465,7 @@ FogAuthenticator::setAddressExtenesion(const std::string &extension)
Maybe<void>
FogAuthenticator::authenticateAgent()
{
dbgFlow(D_ORCHESTRATOR) << "Authenticating the agent";
const int min_expiration_time = 10;
if (!credentials.ok()) {
dbgDebug(D_ORCHESTRATOR) << "Getting Agent credentials.";

44
components/security_apps/orchestration/update_communication/fog_communication.cc
View File

@@ -24,7 +24,6 @@
using namespace std;
using namespace cereal;
using HTTPMethod = I_Messaging::Method;
USE_DEBUG_FLAG(D_ORCHESTRATOR);
@@ -43,16 +42,16 @@ FogCommunication::getUpdate(CheckUpdateRequest &request)
auto unpacked_access_token = access_token.unpack().getToken();
static const string check_update_str = "/api/v2/agents/resources";
auto request_status = Singleton::Consume<I_Messaging>::by<FogCommunication>()->sendObject(
request,
auto response = Singleton::Consume<I_Messaging>::by<FogCommunication>()->sendSyncMessage(
HTTPMethod::POST,
fog_address_ex + check_update_str,
buildOAuth2Header(unpacked_access_token)
check_update_str,
request
);
if (!request_status) {
dbgDebug(D_ORCHESTRATOR) << "Failed to get response after check update request.";
return genError("Failed to request updates");
if (!response.ok()) {
const auto &fog_err = response.getErr();
dbgDebug(D_ORCHESTRATOR) << "Check update request fail. Error: " << fog_err.getBody();
return genError(fog_err.getBody());
}
string policy_mgmt_mode = getSettingWithDefault<string>("management", "profileManagedMode");
@@ -93,7 +92,7 @@ FogCommunication::getUpdate(CheckUpdateRequest &request)
}
Maybe<string>
FogCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
FogCommunication::downloadAttributeFile(const GetResourceFile &resourse_file, const string &file_path)
{
if (!access_token.ok()) return genError("Acccess Token not available.");
@@ -105,27 +104,34 @@ FogCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
return i_declarative_policy->getCurrPolicy();
}
static const string file_attribute_str = "/api/v2/agents/resources/";
Maybe<string> attribute_file = Singleton::Consume<I_Messaging>::by<FogCommunication>()->downloadFile(
resourse_file,
resourse_file.getRequestMethod(),
fog_address_ex + file_attribute_str + resourse_file.getFileName(),
buildOAuth2Header(unpacked_access_token) // Header
);
return attribute_file;
auto attribute_file = Singleton::Consume<I_Messaging>::by<FogCommunication>()->downloadFile(
resourse_file.getRequestMethod(),
file_attribute_str + resourse_file.getFileName(),
file_path
);
if (!attribute_file.ok()) {
const auto &fog_err = attribute_file.getErr();
return genError(fog_err.getBody());
}
return file_path;
}
Maybe<void>
FogCommunication::sendPolicyVersion(const string &policy_version, const string &policy_versions) const
{
PolicyVersionPatchRequest request(policy_version, policy_versions);
auto fog_messaging = Singleton::Consume<I_Messaging>::by<FogCommunication>();
dbgTrace(D_ORCHESTRATOR)
<< "Sending patch request to the fog. Policy version: "
<< policy_version
<< " , Policy versions: "
<< policy_versions;
if (fog_messaging->sendNoReplyObject(request, HTTPMethod::PATCH, fog_address_ex + "/agents")) {
PolicyVersionPatchRequest request(policy_version, policy_versions);
auto request_status = Singleton::Consume<I_Messaging>::by<FogCommunication>()->sendSyncMessageWithoutResponse(
HTTPMethod::PATCH,
"/agents",
request
);
if (request_status) {
dbgTrace(D_ORCHESTRATOR)
<< "Patch request was sent successfully to the fog."
<< " Policy versions: "

68
components/security_apps/orchestration/update_communication/hybrid_communication.cc
View File

@@ -24,7 +24,6 @@
#include <vector>
using namespace std;
using HTTPMethod = I_Messaging::Method;
USE_DEBUG_FLAG(D_ORCHESTRATOR);
@@ -51,16 +50,17 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
dbgTrace(D_ORCHESTRATOR) << "Getting updates in Hybrid Communication";
if (access_token.ok()) {
static const string check_update_str = "/api/v2/agents/resources";
auto request_status = Singleton::Consume<I_Messaging>::by<HybridCommunication>()->sendObject(
request,
auto request_status = Singleton::Consume<I_Messaging>::by<HybridCommunication>()->sendSyncMessage(
HTTPMethod::POST,
fog_address_ex + check_update_str,
buildOAuth2Header((*access_token).getToken())
check_update_str,
request
);
if (!request_status) {
dbgWarning(D_ORCHESTRATOR) << "Failed to get response after check update request.";
return genError("Failed to request updates");
if (!request_status.ok()) {
auto fog_err = request_status.getErr();
dbgDebug(D_ORCHESTRATOR) << "Check update request fail. Error: " << fog_err.getBody();
return genError(fog_err.getBody());
}
Maybe<string> maybe_new_manifest = request.getManifest();
@@ -82,14 +82,6 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
if (env == EnvType::K8S && !policy_response.empty()) {
dbgDebug(D_ORCHESTRATOR) << "Policy has changes, sending notification to tuning host";
I_AgentDetails *agentDetails = Singleton::Consume<I_AgentDetails>::by<HybridCommunication>();
I_Messaging *messaging = Singleton::Consume<I_Messaging>::by<HybridCommunication>();
UpdatePolicyCrdObject policy_change_object(policy_response);
Flags<MessageConnConfig> conn_flags;
conn_flags.setFlag(MessageConnConfig::EXTERNAL);
string tenant_header = "X-Tenant-Id: " + agentDetails->getTenantId();
auto get_tuning_host = []()
{
@@ -107,18 +99,22 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
return tuning_host;
};
bool ok = messaging->sendNoReplyObject(
policy_change_object,
I_Messaging::Method::POST,
get_tuning_host(),
80,
conn_flags,
MessageMetadata update_policy_crd_md(get_tuning_host(), 80);
update_policy_crd_md.insertHeader("X-Tenant-Id", agentDetails->getTenantId());
UpdatePolicyCrdObject policy_change_object(policy_response);
auto i_messaging = Singleton::Consume<I_Messaging>::by<HybridCommunication>();
bool tuning_req_status = i_messaging->sendSyncMessageWithoutResponse(
HTTPMethod::POST,
"/api/update-policy-crd",
tenant_header
policy_change_object,
MessageCategory::GENERIC,
update_policy_crd_md
);
dbgDebug(D_ORCHESTRATOR) << "sent tuning policy update notification ok: " << ok;
if (!ok) {
dbgWarning(D_ORCHESTRATOR) << "failed to send tuning notification";
if (!tuning_req_status) {
dbgWarning(D_ORCHESTRATOR) << "Failed to send tuning notification";
} else {
dbgDebug(D_ORCHESTRATOR) << "Successfully sent tuning policy update notification";
}
}
@@ -128,14 +124,17 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
}
Maybe<string>
HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file, const string &file_path)
{
dbgTrace(D_ORCHESTRATOR)
<< "Downloading attribute file on hybrid mode, file name: "
<< resourse_file.getFileName();
if (resourse_file.getFileName() =="policy") {
return i_declarative_policy->getCurrPolicy();
string downloaded_file = i_declarative_policy->getCurrPolicy();
auto *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<HybridCommunication>();
if (orchestration_tools->writeFile(downloaded_file, file_path)) return downloaded_file;
return genError("Failed to write the attribute file in hybrid mode. File: " + downloaded_file);
}
if (resourse_file.getFileName() == "manifest") {
if (!access_token.ok()) return genError("Acccess Token not available.");
@@ -143,13 +142,16 @@ HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
auto unpacked_access_token = access_token.unpack().getToken();
static const string file_attribute_str = "/api/v2/agents/resources/";
Maybe<string> attribute_file = Singleton::Consume<I_Messaging>::by<HybridCommunication>()->downloadFile(
resourse_file,
auto attribute_file = Singleton::Consume<I_Messaging>::by<HybridCommunication>()->downloadFile(
resourse_file.getRequestMethod(),
fog_address_ex + file_attribute_str + resourse_file.getFileName(),
buildOAuth2Header((*access_token).getToken()) // Header
file_attribute_str + resourse_file.getFileName(),
file_path
);
return attribute_file;
if (!attribute_file.ok()) {
auto fog_err = attribute_file.getErr();
return genError(fog_err.getBody());
}
return file_path;
}
dbgTrace(D_ORCHESTRATOR) << "Unnecessary attribute files downloading on hybrid mode";
return string("");

7
components/security_apps/orchestration/update_communication/local_communication.cc
View File

@@ -122,9 +122,14 @@ LocalCommunication::getUpdate(CheckUpdateRequest &request)
}
Maybe<string>
LocalCommunication::downloadAttributeFile(const GetResourceFile &resource_file)
LocalCommunication::downloadAttributeFile(const GetResourceFile &resource_file, const string &file_path)
{
auto file_name = resource_file.getFileName();
dbgTrace(D_ORCHESTRATOR)
<< "Download "
<< file_name
<< " file in local communication, file path is redundant: "
<< file_path;
I_OrchestrationTools *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<LocalCommunication>();
if (file_name.compare("policy") == 0) {

4
components/security_apps/orchestration/update_communication/update_communication.cc
View File

@@ -82,9 +82,9 @@ public:
}
Maybe<string>
downloadAttributeFile(const GetResourceFile &resourse_file) override
downloadAttributeFile(const GetResourceFile &resourse_file, const string &file_path) override
{
return i_update_comm_impl->downloadAttributeFile(resourse_file);
return i_update_comm_impl->downloadAttributeFile(resourse_file, file_path);
}
void

6
components/security_apps/orchestration/update_communication/update_communication_ut/local_communication_ut.cc
View File

@@ -45,9 +45,9 @@ public:
}
Maybe<string>
downloadAttributeFile(const GetResourceFile &resourse_file)
downloadAttributeFile(const GetResourceFile &resourse_file, const string &file_path)
{
return local_communication.downloadAttributeFile(resourse_file);
return local_communication.downloadAttributeFile(resourse_file, file_path);
}
void
@@ -127,7 +127,7 @@ TEST_F(LocalCommunicationTest, downloadManifest)
string new_manifest_string = "new manifest";
EXPECT_CALL(mock_orc_tools, readFile("/etc/cp/conf/offline_manifest.json")).WillOnce(Return(new_manifest_string));
GetResourceFile resourse_file(GetResourceFile::ResourceFileType::MANIFEST);
auto downloaded_string = downloadAttributeFile(resourse_file);
auto downloaded_string = downloadAttributeFile(resourse_file, "/tmp/orch_files");
EXPECT_TRUE(downloaded_string.ok());
EXPECT_EQ(downloaded_string.unpack(), new_manifest_string);
}