Jul 4th update

2025-09-29 19:24:26 +03:00 · 2024-07-04 14:10:34 +00:00
parent 01770475ec
commit 962bd31d46
17 changed files with 152 additions and 62 deletions
--- a/components/security_apps/orchestration/details_resolver/details_resolver.cc
+++ b/components/security_apps/orchestration/details_resolver/details_resolver.cc
@@ -152,6 +152,7 @@ DetailsResolver::Impl::isCloudStorageEnabled()
 bool
 DetailsResolver::Impl::isKernelVersion3OrHigher()
 {
+#if defined(gaia) || defined(smb)
    static const string cmd =
        "clish -c 'show version os kernel' | awk '{print $4}' "
        "| cut -d '.' -f 1 | awk -F: '{ if ( $1 >= 3 ) {print 1} else {print 0}}'";
@@ -160,12 +161,14 @@ DetailsResolver::Impl::isKernelVersion3OrHigher()
    if (is_gogo.ok() && !is_gogo.unpack().empty()) {
        return is_gogo.unpack().front() == '1';
    }
+#endif
    return false;
 }

 bool
 DetailsResolver::Impl::isGwNotVsx()
 {
+#if defined(gaia) || defined(smb)
    static const string is_gw_cmd = "cpprod_util FwIsFirewallModule";
    static const string is_vsx_cmd = "cpprod_util FWisVSX";
    auto is_gw = DetailsResolvingHanlder::getCommandOutput(is_gw_cmd);
@@ -173,6 +176,7 @@ DetailsResolver::Impl::isGwNotVsx()
    if (is_gw.ok() && is_vsx.ok() && !is_gw.unpack().empty() && !is_vsx.unpack().empty()) {
        return is_gw.unpack().front() == '1' && is_vsx.unpack().front() == '0';
    }
+#endif
    return false;
 }

--- a/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
+++ b/components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
@@ -24,14 +24,16 @@
 Maybe<string>
 checkSAMLSupportedBlade(const string &command_output)
 {
-    string supportedBlades[3] = {"identityServer", "vpn", "cvpn"};
+    // uncomment when vpn will support SAML authentication
+    // string supportedBlades[3] = {"identityServer", "vpn", "cvpn"};
+    string supportedBlades[1] = {"identityServer"};
    for(const string &blade : supportedBlades) {
        if (command_output.find(blade) != string::npos) {
            return string("true");
        }
    }

-    return genError("Current host does not have SAML capability");
+    return string("false");
 }

 Maybe<string>
@@ -42,7 +44,7 @@ checkIDABlade(const string &command_output)
        return string("true");
    }

-    return genError("Current host does not have IDA installed");
+    return string("false");
 }

 Maybe<string>
@@ -52,7 +54,7 @@ checkSAMLPortal(const string &command_output)
        return string("true");
    }

-    return genError("Current host does not have SAML Portal configured");
+    return string("false");
 }

 Maybe<string>
@@ -61,7 +63,7 @@ checkPepIdaIdnStatus(const string &command_output)
    if (command_output.find("nac_pep_scaled_sharing_enabled = 1") != string::npos) {
        return string("true");
    }
-    return genError("Current host does not have PEP control scaled_sharing enabled");
+    return string("false");
 }

 Maybe<string>
@@ -87,7 +89,7 @@ checkIDP(shared_ptr<istream> file_stream)
        }
    }

-    return genError("Identity Provider was not found");
+    return string("false");
 }

 #endif // gaia
--- a/components/security_apps/orchestration/include/fog_communication.h
+++ b/components/security_apps/orchestration/include/fog_communication.h
@@ -51,6 +51,7 @@ public:

 private:
    I_DeclarativePolicy *i_declarative_policy = nullptr;
+    std::string profile_mode;
 };

 #endif // __FOG_COMMUNICATION_H__
--- a/components/security_apps/orchestration/update_communication/declarative_policy_utils.cc
+++ b/components/security_apps/orchestration/update_communication/declarative_policy_utils.cc
@@ -141,7 +141,7 @@ DeclarativePolicyUtils::sendUpdatesToFog(
    auto shell_cmd = Singleton::Consume<I_ShellCmd>::by<DeclarativePolicyUtils>();
    string exec_command =
        getFilesystemPathConfig()
-        + "/scripts/open-appsec-cloud-mgmt --upload_policy_only"
+        + "/scripts/open-appsec-cloud-mgmt --config-upload-only"
        + " --access_token " + access_token
        + " --tenant_id " + tenant_id
        + " --profile_id " + profile_id;
--- a/components/security_apps/orchestration/update_communication/fog_communication.cc
+++ b/components/security_apps/orchestration/update_communication/fog_communication.cc
@@ -32,6 +32,7 @@ FogCommunication::init()
 {
    FogAuthenticator::init();
    i_declarative_policy = Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>();
+    profile_mode = getSettingWithDefault<string>("management", "profileManagedMode");
 }

 Maybe<void>
@@ -66,6 +67,16 @@ FogCommunication::getUpdate(CheckUpdateRequest &request)
        Maybe<string> maybe_new_data = request.getData();
        string data_checksum = maybe_new_data.ok() ? maybe_new_data.unpack() : "";

+        if (profile_mode != policy_mgmt_mode) {
+            dbgTrace(D_ORCHESTRATOR)
+                << "The profile managed mode was changed from: "
+                << profile_mode
+                << " to: "
+                << policy_mgmt_mode;
+            profile_mode = policy_mgmt_mode;
+            i_declarative_policy->turnOnApplyPolicyFlag();
+        }
+
        if (i_declarative_policy->shouldApplyPolicy()) {
            string policy_response = i_declarative_policy->getUpdate(request);
            if (!policy_response.empty()) {