mirror of
https://github.com/openappsec/openappsec.git
synced 2025-09-29 11:16:30 +03:00
Updating local policy, metrics, and local update trigger
This commit is contained in:
Ned Wright
@@ -14,7 +14,6 @@
|
||||
#include "i_orchestration_tools.h"
|
||||
#include "i_agent_details.h"
|
||||
#include "i_orchestration_status.h"
|
||||
#include "i_messaging.h"
|
||||
#include "i_mainloop.h"
|
||||
#include "i_encryptor.h"
|
||||
#include "i_details_resolver.h"
|
||||
@@ -23,6 +22,7 @@
|
||||
#include "i_shell_cmd.h"
|
||||
#include "i_encryptor.h"
|
||||
#include "i_env_details.h"
|
||||
#include "i_declarative_policy.h"
|
||||
#include "maybe_res.h"
|
||||
#include "event.h"
|
||||
#include "rest.h"
|
||||
@@ -43,6 +43,7 @@ private:
|
||||
|
||||
class DeclarativePolicyUtils
|
||||
:
|
||||
public Singleton::Provide<I_DeclarativePolicy>::SelfInterface,
|
||||
public Singleton::Consume<I_ShellCmd>,
|
||||
Singleton::Consume<I_LocalPolicyMgmtGen>,
|
||||
Singleton::Consume<I_EnvDetails>,
|
||||
@@ -75,13 +76,12 @@ public:
|
||||
const std::string &tenant_id,
|
||||
const std::string &profile_id,
|
||||
const std::string &fog_address
|
||||
);
|
||||
std::string getUpdate(CheckUpdateRequest &request);
|
||||
bool shouldApplyPolicy();
|
||||
void turnOffApplyPolicyFlag();
|
||||
) override;
|
||||
std::string getUpdate(CheckUpdateRequest &request) override;
|
||||
bool shouldApplyPolicy() override;
|
||||
void turnOffApplyPolicyFlag() override;
|
||||
|
||||
std::string getCurrVersion() { return curr_version; }
|
||||
std::string getCurrPolicy() { return curr_policy; }
|
||||
std::string getCurrPolicy() override { return curr_policy; }
|
||||
|
||||
void upon(const ApplyPolicyEvent &event) override;
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@ public:
|
||||
) const override;
|
||||
|
||||
private:
|
||||
DeclarativePolicyUtils declarative_policy_utils;
|
||||
I_DeclarativePolicy *i_declarative_policy = nullptr;
|
||||
};
|
||||
|
||||
#endif // __FOG_COMMUNICATION_H__
|
||||
|
||||
@@ -54,7 +54,7 @@ public:
|
||||
private:
|
||||
Maybe<std::string> getNewVersion();
|
||||
|
||||
DeclarativePolicyUtils declarative_policy_utils;
|
||||
I_DeclarativePolicy *i_declarative_policy = nullptr;
|
||||
};
|
||||
|
||||
#endif // __HYBRID_COMMUNICATION_H__
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
#ifndef __I_DECLARATIVE_POLICY__
|
||||
#define __I_DECLARATIVE_POLICY__
|
||||
|
||||
#include <string>
|
||||
|
||||
#include "singleton.h"
|
||||
#include "orchestrator/rest_api/orchestration_check_update.h"
|
||||
|
||||
class I_DeclarativePolicy
|
||||
{
|
||||
public:
|
||||
virtual bool shouldApplyPolicy() = 0;
|
||||
|
||||
virtual std::string getUpdate(CheckUpdateRequest &request) = 0;
|
||||
|
||||
virtual void sendUpdatesToFog(
|
||||
const std::string &access_token,
|
||||
const std::string &tenant_id,
|
||||
const std::string &profile_id,
|
||||
const std::string &fog_address
|
||||
) = 0;
|
||||
|
||||
virtual std::string getCurrPolicy() = 0;
|
||||
|
||||
virtual void turnOffApplyPolicyFlag() = 0;
|
||||
|
||||
protected:
|
||||
virtual ~I_DeclarativePolicy() {}
|
||||
};
|
||||
|
||||
|
||||
#endif // __I_DECLARATIVE_POLICY__
|
||||
@@ -27,9 +27,13 @@ class MockUpdateCommunication :
|
||||
public Singleton::Provide<I_UpdateCommunication>::From<MockProvider<I_UpdateCommunication>>
|
||||
{
|
||||
public:
|
||||
void init() {}
|
||||
MOCK_METHOD0(authenticateAgent, Maybe<void>());
|
||||
MOCK_METHOD1(getUpdate, Maybe<void>(CheckUpdateRequest &));
|
||||
MOCK_METHOD1(downloadAttributeFile, Maybe<std::string>(const GetResourceFile &));
|
||||
MOCK_METHOD2(
|
||||
downloadAttributeFile,
|
||||
Maybe<std::string>(const GetResourceFile &, const std::string &)
|
||||
);
|
||||
MOCK_METHOD1(setAddressExtenesion, void(const std::string &));
|
||||
MOCK_CONST_METHOD2(sendPolicyVersion, Maybe<void>(const std::string &, const std::string &));
|
||||
};
|
||||
|
||||
@@ -1668,6 +1668,7 @@ private:
|
||||
|
||||
if (getAttribute("no-setting", "CROWDSEC_ENABLED") == "true") tags.insert(Tags::CROWDSEC);
|
||||
if (getAttribute("no-setting", "PLAYGROUND") == "true") tags.insert(Tags::PLAYGROUND);
|
||||
if (getAttribute("no-setting", "nginxproxymanager") == "true") tags.insert(Tags::NGINX_PROXY_MANAGER);
|
||||
|
||||
Report registration_report(
|
||||
"Local Agent Data",
|
||||
|
||||
@@ -27,6 +27,7 @@
|
||||
#include "log_generator.h"
|
||||
#include "i_orchestration_tools.h"
|
||||
#include "customized_cereal_map.h"
|
||||
#include "declarative_policy_utils.h"
|
||||
|
||||
using namespace std;
|
||||
using namespace ReportIS;
|
||||
@@ -745,6 +746,7 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
dbgDebug(D_ORCHESTRATOR) << "Policy file was not updated. Sending reload command regarding settings and data";
|
||||
auto signal_services = sendSignalForServices(nano_services_to_update, "");
|
||||
if (!signal_services.ok()) return signal_services.passErr();
|
||||
Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>()->turnOffApplyPolicyFlag();
|
||||
return Maybe<void>();
|
||||
}
|
||||
|
||||
@@ -888,6 +890,7 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
if (new_policy_path.compare(config_file_path) == 0) {
|
||||
dbgDebug(D_ORCHESTRATOR) << "Enforcing the default policy file";
|
||||
policy_version = version_value;
|
||||
Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>()->turnOffApplyPolicyFlag();
|
||||
return Maybe<void>();
|
||||
}
|
||||
|
||||
@@ -906,6 +909,7 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
}
|
||||
|
||||
if (!was_policy_updated && !send_signal_for_services_err.empty()) return genError(send_signal_for_services_err);
|
||||
Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>()->turnOffApplyPolicyFlag();
|
||||
return Maybe<void>();
|
||||
}
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@
|
||||
#include "service_controller.h"
|
||||
#include "config.h"
|
||||
#include "config_component.h"
|
||||
#include "declarative_policy_utils.h"
|
||||
#include "mock/mock_orchestration_tools.h"
|
||||
#include "mock/mock_orchestration_status.h"
|
||||
#include "mock/mock_time_get.h"
|
||||
@@ -158,10 +159,26 @@ public:
|
||||
return string_stream.str();
|
||||
}
|
||||
|
||||
void
|
||||
expectNewConfigRequest(const string &req_body, const string &response)
|
||||
{
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendSyncMessage(
|
||||
HTTPMethod::POST,
|
||||
"/set-new-configuration",
|
||||
req_body,
|
||||
_,
|
||||
_
|
||||
)
|
||||
).WillOnce(Return(HTTPResponse(HTTPStatusCode::HTTP_OK, response)));
|
||||
}
|
||||
|
||||
const uint16_t l4_firewall_service_port = 8888;
|
||||
const uint16_t waap_service_port = 7777;
|
||||
::Environment env;
|
||||
ConfigComponent config;
|
||||
DeclarativePolicyUtils declarative_policy_utils;
|
||||
string configuration_dir;
|
||||
string policy_extension;
|
||||
string settings_extension;
|
||||
@@ -176,7 +193,7 @@ public:
|
||||
string services_port;
|
||||
StrictMock<MockTimeGet> time;
|
||||
StrictMock<MockRestApi> mock_rest_api;
|
||||
StrictMock<MockMessaging> mock_message;
|
||||
StrictMock<MockMessaging> mock_message;
|
||||
StrictMock<MockMainLoop> mock_ml;
|
||||
StrictMock<MockShellCmd> mock_shell_cmd;
|
||||
StrictMock<MockOrchestrationStatus> mock_orchestration_status;
|
||||
@@ -254,6 +271,9 @@ TEST_F(ServiceControllerTest, UpdateConfiguration)
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersions(), "");
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
@@ -262,23 +282,7 @@ TEST_F(ServiceControllerTest, UpdateConfiguration)
|
||||
string general_settings_path = "/my/settings/path";
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_shell_cmd,
|
||||
@@ -369,6 +373,9 @@ TEST_F(ServiceControllerTest, supportVersions)
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersions(), "");
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
@@ -377,23 +384,7 @@ TEST_F(ServiceControllerTest, supportVersions)
|
||||
string general_settings_path = "/my/settings/path";
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_shell_cmd,
|
||||
@@ -464,6 +455,9 @@ TEST_F(ServiceControllerTest, TimeOutUpdateConfiguration)
|
||||
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
@@ -493,24 +487,7 @@ TEST_F(ServiceControllerTest, TimeOutUpdateConfiguration)
|
||||
|
||||
string general_settings_path = "/my/settings/path";
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
|
||||
@@ -585,6 +562,9 @@ TEST_F(ServiceControllerTest, writeRegisteredServicesFromFile)
|
||||
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
@@ -593,23 +573,7 @@ TEST_F(ServiceControllerTest, writeRegisteredServicesFromFile)
|
||||
string general_settings_path = "/my/settings/path";
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_shell_cmd,
|
||||
@@ -732,24 +696,11 @@ TEST_F(ServiceControllerTest, noPolicyUpdate)
|
||||
EXPECT_CALL(mock_orchestration_status,
|
||||
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_shell_cmd,
|
||||
@@ -818,6 +769,9 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)
|
||||
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
@@ -835,24 +789,7 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)
|
||||
|
||||
string general_settings_path = "/my/settings/path";
|
||||
string reply_msg1 = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg1)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg1);
|
||||
|
||||
// both policy and settings now being updated
|
||||
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
|
||||
@@ -871,26 +808,14 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_status,
|
||||
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
general_settings_path += "/new";
|
||||
|
||||
string reply_msg2 = "{\"id\": 2, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
Flags<MessageConnConfig> conn_flags2;
|
||||
conn_flags2.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 2,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags2,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillRepeatedly(Return(Maybe<string>(reply_msg2)));
|
||||
expectNewConfigRequest("{\n \"id\": 2,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg2);
|
||||
|
||||
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path).ok());
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
|
||||
@@ -964,6 +889,9 @@ TEST_F(ServiceControllerTest, backup)
|
||||
EXPECT_CALL(mock_orchestration_status,
|
||||
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
copyFile(l4_firewall_policy_path, l4_firewall_policy_path + backup_extension)
|
||||
@@ -988,21 +916,8 @@ TEST_F(ServiceControllerTest, backup)
|
||||
).WillRepeatedly(Return(string("registered and running")));
|
||||
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
_,
|
||||
_,
|
||||
_,
|
||||
"127.0.0.1",
|
||||
l4_firewall_service_port,
|
||||
_,
|
||||
"/set-new-configuration",
|
||||
_,
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
EXPECT_CALL(mock_message, sendSyncMessage(_, "/set-new-configuration", _, _, _))
|
||||
.WillOnce(Return(HTTPResponse(HTTPStatusCode::HTTP_OK, reply_msg)));
|
||||
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
|
||||
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
|
||||
@@ -1077,6 +992,9 @@ TEST_F(ServiceControllerTest, backup_file_doesnt_exist)
|
||||
EXPECT_CALL(mock_orchestration_status,
|
||||
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
copyFile(l4_firewall_policy_path, l4_firewall_policy_path + backup_extension)
|
||||
@@ -1103,21 +1021,7 @@ TEST_F(ServiceControllerTest, backup_file_doesnt_exist)
|
||||
).WillRepeatedly(Return(string("registered and running")));
|
||||
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
_,
|
||||
_,
|
||||
_,
|
||||
"127.0.0.1",
|
||||
l4_firewall_service_port,
|
||||
_,
|
||||
"/set-new-configuration",
|
||||
_,
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
|
||||
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
|
||||
@@ -1192,6 +1096,9 @@ TEST_F(ServiceControllerTest, backupAttempts)
|
||||
EXPECT_CALL(mock_orchestration_status,
|
||||
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
copyFile(l4_firewall_policy_path, l4_firewall_policy_path + backup_extension)
|
||||
@@ -1218,21 +1125,7 @@ TEST_F(ServiceControllerTest, backupAttempts)
|
||||
).WillRepeatedly(Return(string("registered and running")));
|
||||
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
_,
|
||||
_,
|
||||
_,
|
||||
"127.0.0.1",
|
||||
l4_firewall_service_port,
|
||||
_,
|
||||
"/set-new-configuration",
|
||||
_,
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
EXPECT_CALL(mock_ml, yield(false)).Times(2);
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
@@ -1316,6 +1209,9 @@ TEST_F(ServiceControllerTest, MultiUpdateConfiguration)
|
||||
EXPECT_CALL(mock_orchestration_status,
|
||||
setServiceConfiguration("orchestration", orchestration_policy_path, OrchestrationStatusConfigType::POLICY));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path, false))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(orchestration, orchestration_policy_path, false))
|
||||
@@ -1336,23 +1232,7 @@ TEST_F(ServiceControllerTest, MultiUpdateConfiguration)
|
||||
).WillRepeatedly(Return(string("registered and running")));
|
||||
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
|
||||
set<string> changed_policies = {
|
||||
@@ -1389,6 +1269,9 @@ TEST_F(ServiceControllerTest, emptyServices)
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(policy_file_path)).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
|
||||
}
|
||||
|
||||
@@ -1440,6 +1323,9 @@ TEST_F(ServiceControllerTest, failingWhileLoadingCurrentConfiguration)
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(err));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
EXPECT_FALSE(i_service_controller->updateServiceConfiguration(file_name, "").ok());
|
||||
}
|
||||
|
||||
@@ -1509,6 +1395,8 @@ TEST_F(ServiceControllerTest, failingWhileCopyingCurrentConfiguration)
|
||||
);
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(old_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
copyFile(l4_firewall_policy_path, l4_firewall_policy_path + backup_extension)
|
||||
@@ -1578,6 +1466,9 @@ TEST_F(ServiceControllerTest, ErrorUpdateConfigurationRest)
|
||||
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY)
|
||||
);
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
|
||||
|
||||
EXPECT_TRUE(i_service_controller->isServiceInstalled("family1_id2"));
|
||||
@@ -1672,6 +1563,8 @@ TEST_F(ServiceControllerTest, errorWhileWrtingNewConfiguration)
|
||||
);
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(old_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
copyFile(l4_firewall_policy_path, l4_firewall_policy_path + backup_extension)
|
||||
@@ -1710,21 +1603,7 @@ TEST_F(ServiceControllerTest, testMultitenantConfFiles)
|
||||
EXPECT_CALL(tenant_manager, getInstances("tenant2", "1235")).WillOnce(Return(empty_ids));
|
||||
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
_,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
_,
|
||||
string("/set-new-configuration"),
|
||||
_,
|
||||
_,
|
||||
_
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
for(auto entry : tenant_files_input) {
|
||||
auto tenant = entry.first.first;
|
||||
@@ -1801,6 +1680,9 @@ TEST_F(ServiceControllerTest, testMultitenantConfFiles)
|
||||
"l4_firewall", l4_firewall_policy_path_new, OrchestrationStatusConfigType::POLICY)
|
||||
);
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, conf_file_name))
|
||||
.WillRepeatedly(Return(version_value));
|
||||
|
||||
string new_policy_file_path = "/etc/cp/conf/tenant_" + tenant + "_profile_" + profile + "/" + "policy.json";
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(new_policy_file_path, new_policy_file_path + backup_extension))
|
||||
.WillOnce(Return(true));
|
||||
@@ -1906,6 +1788,9 @@ TEST_F(ServiceControllerTest, test_delayed_reconf)
|
||||
EXPECT_CALL(mock_orchestration_status,
|
||||
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(Package::ChecksumTypes::MD5, file_name))
|
||||
.WillOnce(Return(version_value));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(policy_file_path, policy_file_path + backup_extension))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
@@ -1934,23 +1819,7 @@ TEST_F(ServiceControllerTest, test_delayed_reconf)
|
||||
<< " \"error_message\": \"\""
|
||||
<< "}";
|
||||
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
expectNewConfigRequest("{\n \"id\": 1,\n \"policy_version\": \"1.0.2,1.0.2\"\n}", reply_msg);
|
||||
|
||||
auto func = [&] (chrono::microseconds) { set_reconf_status->performRestCall(reconf_status); };
|
||||
EXPECT_CALL(mock_ml, yield(chrono::microseconds(2000000))).WillOnce(Invoke(func));
|
||||
|
||||
2
components/security_apps/orchestration/update_communication/declarative_policy_utils.cc
Executable file → Normal file
2
components/security_apps/orchestration/update_communication/declarative_policy_utils.cc
Executable file → Normal file
@@ -27,7 +27,7 @@ DeclarativePolicyUtils::init()
|
||||
auto mainloop = Singleton::Consume<I_MainLoop>::by<DeclarativePolicyUtils>();
|
||||
mainloop->addRecurringRoutine(
|
||||
I_MainLoop::RoutineType::Offline,
|
||||
chrono::minutes(1),
|
||||
chrono::seconds(30),
|
||||
[&] () { periodicPolicyLoad(); },
|
||||
"Automatic Policy Loading"
|
||||
);
|
||||
|
||||
@@ -32,7 +32,7 @@ void
|
||||
FogCommunication::init()
|
||||
{
|
||||
FogAuthenticator::init();
|
||||
declarative_policy_utils.init();
|
||||
i_declarative_policy = Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>();
|
||||
}
|
||||
|
||||
Maybe<void>
|
||||
@@ -67,15 +67,15 @@ FogCommunication::getUpdate(CheckUpdateRequest &request)
|
||||
Maybe<string> maybe_new_data = request.getData();
|
||||
string data_checksum = maybe_new_data.ok() ? maybe_new_data.unpack() : "";
|
||||
|
||||
if (declarative_policy_utils.shouldApplyPolicy()) {
|
||||
string policy_response = declarative_policy_utils.getUpdate(request);
|
||||
if (i_declarative_policy->shouldApplyPolicy()) {
|
||||
string policy_response = i_declarative_policy->getUpdate(request);
|
||||
if (!policy_response.empty()) {
|
||||
dbgTrace(D_ORCHESTRATOR) << "Apply policy - declarative mode";
|
||||
auto agent_details = Singleton::Consume<I_AgentDetails>::by<DeclarativePolicyUtils>();
|
||||
auto maybe_fog_address = agent_details->getFogDomain();
|
||||
string fog_address = maybe_fog_address.ok() ? maybe_fog_address.unpack() : "";
|
||||
|
||||
declarative_policy_utils.sendUpdatesToFog(
|
||||
i_declarative_policy->sendUpdatesToFog(
|
||||
unpacked_access_token,
|
||||
agent_details->getTenantId(),
|
||||
agent_details->getProfileId(),
|
||||
@@ -83,7 +83,6 @@ FogCommunication::getUpdate(CheckUpdateRequest &request)
|
||||
);
|
||||
}
|
||||
request = CheckUpdateRequest(manifest_checksum, policy_response, settings_checksum, data_checksum, "", "");
|
||||
declarative_policy_utils.turnOffApplyPolicyFlag();
|
||||
} else {
|
||||
request = CheckUpdateRequest(manifest_checksum, "", settings_checksum, data_checksum, "", "");
|
||||
}
|
||||
@@ -103,7 +102,7 @@ FogCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
|
||||
string policy_mgmt_mode = getSettingWithDefault<string>("management", "profileManagedMode");
|
||||
if (policy_mgmt_mode == "declarative" && resourse_file.getFileName() =="policy") {
|
||||
dbgDebug(D_ORCHESTRATOR) << "Download policy on declarative mode - returnig the local policy";
|
||||
return declarative_policy_utils.getCurrPolicy();
|
||||
return i_declarative_policy->getCurrPolicy();
|
||||
}
|
||||
static const string file_attribute_str = "/api/v2/agents/resources/";
|
||||
Maybe<string> attribute_file = Singleton::Consume<I_Messaging>::by<FogCommunication>()->downloadFile(
|
||||
|
||||
@@ -35,7 +35,7 @@ void
|
||||
HybridCommunication::init()
|
||||
{
|
||||
FogAuthenticator::init();
|
||||
declarative_policy_utils.init();
|
||||
i_declarative_policy = Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>();
|
||||
dbgTrace(D_ORCHESTRATOR) << "Initializing the Hybrid Communication Component";
|
||||
if (getConfigurationFlag("otp") != "") {
|
||||
otp = getConfigurationFlag("otp");
|
||||
@@ -69,14 +69,14 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
|
||||
dbgWarning(D_ORCHESTRATOR) << "Acccess Token not available.";
|
||||
}
|
||||
|
||||
if (!declarative_policy_utils.shouldApplyPolicy()) {
|
||||
if (!i_declarative_policy->shouldApplyPolicy()) {
|
||||
request = CheckUpdateRequest(manifest_checksum, "", "", "", "", "");
|
||||
return Maybe<void>();
|
||||
}
|
||||
|
||||
dbgTrace(D_ORCHESTRATOR) << "Getting policy update in Hybrid Communication";
|
||||
|
||||
string policy_response = declarative_policy_utils.getUpdate(request);
|
||||
string policy_response = i_declarative_policy->getUpdate(request);
|
||||
|
||||
auto env = Singleton::Consume<I_EnvDetails>::by<HybridCommunication>()->getEnvType();
|
||||
if (env == EnvType::K8S && !policy_response.empty()) {
|
||||
@@ -123,7 +123,6 @@ HybridCommunication::getUpdate(CheckUpdateRequest &request)
|
||||
}
|
||||
|
||||
request = CheckUpdateRequest(manifest_checksum, policy_response, "", "", "", "");
|
||||
declarative_policy_utils.turnOffApplyPolicyFlag();
|
||||
|
||||
return Maybe<void>();
|
||||
}
|
||||
@@ -136,7 +135,7 @@ HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
|
||||
<< resourse_file.getFileName();
|
||||
|
||||
if (resourse_file.getFileName() =="policy") {
|
||||
return declarative_policy_utils.getCurrPolicy();
|
||||
return i_declarative_policy->getCurrPolicy();
|
||||
}
|
||||
if (resourse_file.getFileName() == "manifest") {
|
||||
if (!access_token.ok()) return genError("Acccess Token not available.");
|
||||
|
||||
@@ -57,6 +57,7 @@ public:
|
||||
void
|
||||
init()
|
||||
{
|
||||
declarative_policy_utils.init();
|
||||
auto rest = Singleton::Consume<I_RestApi>::by<UpdateCommunication>();
|
||||
rest->addRestCall<UpdateCommunication::Impl>(RestAction::SET, "orchestration-mode");
|
||||
setMode();
|
||||
@@ -104,22 +105,17 @@ private:
|
||||
{
|
||||
if (getConfigurationFlag("orchestration-mode") == "offline_mode") {
|
||||
i_update_comm_impl = make_unique<LocalCommunication>();
|
||||
LocalCommunication *local_comm = static_cast<LocalCommunication*>(i_update_comm_impl.get());
|
||||
local_comm->init();
|
||||
return;
|
||||
} else if (getConfigurationFlag("orchestration-mode") == "hybrid_mode") {
|
||||
i_update_comm_impl = make_unique<HybridCommunication>();
|
||||
HybridCommunication *local_comm = static_cast<HybridCommunication*>(i_update_comm_impl.get());
|
||||
local_comm->init();
|
||||
return;
|
||||
} else {
|
||||
i_update_comm_impl = make_unique<FogCommunication>();
|
||||
}
|
||||
|
||||
i_update_comm_impl = make_unique<FogCommunication>();
|
||||
FogCommunication *fog_comm = static_cast<FogCommunication*>(i_update_comm_impl.get());
|
||||
fog_comm->init();
|
||||
i_update_comm_impl->init();
|
||||
}
|
||||
|
||||
std::unique_ptr<I_UpdateCommunication> i_update_comm_impl = nullptr;
|
||||
DeclarativePolicyUtils declarative_policy_utils;
|
||||
S2C_LABEL_PARAM(string, status, "status");
|
||||
};
|
||||
|
||||
|
||||
@@ -2,6 +2,6 @@ link_directories(${BOOST_ROOT}/lib)
|
||||
|
||||
add_unit_test(
|
||||
update_communication_ut
|
||||
"local_communication_ut.cc"
|
||||
"local_communication_ut.cc;fog_communication_ut.cc"
|
||||
"rest;version;orchestration_modules;update_communication;singleton;config;metric;event_is;logging;agent_details;-lboost_regex;local_policy_mgmt_gen;connkey;"
|
||||
)
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user