mirror of
https://github.com/openappsec/openappsec.git
synced 2025-11-16 01:12:18 +03:00
Jun 16th update
This commit is contained in:
noam
@@ -17,7 +17,51 @@
|
||||
#include <algorithm>
|
||||
#include <boost/regex.hpp>
|
||||
|
||||
#if defined(gaia)
|
||||
|
||||
Maybe<string>
|
||||
checkHasSupportedBlade(const string &command_output)
|
||||
{
|
||||
string supportedBlades[3] = {"identityServer", "vpn", "cvpn"};
|
||||
for(const string &blade : supportedBlades) {
|
||||
if (command_output.find(blade) != string::npos) {
|
||||
return string("true");
|
||||
}
|
||||
}
|
||||
|
||||
return genError("Current host does not have IDA capability");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
checkSamlPortal(const string &command_output)
|
||||
{
|
||||
if (command_output.find("Portal is running") != string::npos) {
|
||||
return string("true");
|
||||
}
|
||||
|
||||
return genError("Current host does not have SAML Portal configured");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
checkIDP(shared_ptr<istream> file_stream)
|
||||
{
|
||||
string line;
|
||||
while (getline(*file_stream, line)) {
|
||||
if (line.find("<identity_portal/>") != string::npos) {
|
||||
return string("false");
|
||||
}
|
||||
if (line.find("identity_provider") != string::npos) {
|
||||
return string("true");
|
||||
}
|
||||
}
|
||||
|
||||
return genError("Identity Provider was not found");
|
||||
}
|
||||
|
||||
#endif // gaia
|
||||
|
||||
#if defined(gaia) || defined(smb)
|
||||
|
||||
Maybe<string>
|
||||
checkHasSDWan(const string &command_output)
|
||||
{
|
||||
@@ -72,6 +116,23 @@ getMgmtObjName(shared_ptr<istream> file_stream)
|
||||
return getMgmtObjAttr(file_stream, "name ");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
getSmbObjectName(const string &command_output)
|
||||
{
|
||||
static const char centrally_managed_comd_output = '0';
|
||||
|
||||
if (command_output.empty() || command_output[0] != centrally_managed_comd_output) {
|
||||
return genError("Object name was not found");
|
||||
}
|
||||
|
||||
static const string obj_path = (getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C";
|
||||
auto ifs = std::make_shared<std::ifstream>(obj_path);
|
||||
if (!ifs->is_open()) {
|
||||
return genError("Failed to open the object file");
|
||||
}
|
||||
return getMgmtObjAttr(ifs, "name ");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
getMgmtParentObjAttr(shared_ptr<istream> file_stream, const string &parent_obj, const string &attr)
|
||||
{
|
||||
@@ -89,7 +150,9 @@ getMgmtParentObjAttr(shared_ptr<istream> file_stream, const string &parent_obj,
|
||||
}
|
||||
return genError("Parent object attribute was not found. Attr: " + attr);
|
||||
}
|
||||
#endif // gaia || smb
|
||||
|
||||
#if defined(gaia)
|
||||
Maybe<string>
|
||||
getMgmtParentObjUid(shared_ptr<istream> file_stream)
|
||||
{
|
||||
@@ -117,7 +180,26 @@ getMgmtParentObjName(shared_ptr<istream> file_stream)
|
||||
const string &unparsed_name = maybe_unparsed_name.unpack();
|
||||
return chopHeadAndTail(unparsed_name, "(", ")");
|
||||
}
|
||||
#endif // gaia || smb
|
||||
|
||||
#elif defined(smb)
|
||||
Maybe<string>
|
||||
getMgmtParentObjUid(const string &command_output)
|
||||
{
|
||||
if (!command_output.empty()) {
|
||||
return command_output;
|
||||
}
|
||||
return genError("Parent object uuid was not found.");
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
getMgmtParentObjName(const string &command_output)
|
||||
{
|
||||
if (!command_output.empty()) {
|
||||
return command_output;
|
||||
}
|
||||
return genError("Parent object name was not found.");
|
||||
}
|
||||
#endif // end if gaia/smb
|
||||
|
||||
Maybe<string>
|
||||
getOsRelease(shared_ptr<istream> file_stream)
|
||||
|
||||
@@ -19,12 +19,33 @@
|
||||
// to return a string value for an attribute key based on a logic executed in a handler that receives
|
||||
// shell command execution output as its input
|
||||
#ifdef SHELL_CMD_HANDLER
|
||||
|
||||
#if defined(gaia) || defined(smb)
|
||||
SHELL_CMD_HANDLER("cpProductIntegrationMgmtObjectType", "cpprod_util CPPROD_IsMgmtMachine", getMgmtObjType)
|
||||
SHELL_CMD_HANDLER("hasSDWan", "[ -f $FWDIR/bin/sdwan_steering ] && echo '1' || echo '0'", checkHasSDWan)
|
||||
#endif //gaia || smb
|
||||
|
||||
#if defined(gaia)
|
||||
SHELL_CMD_HANDLER("hasSupportedBlade", "enabled_blades", checkHasSupportedBlade)
|
||||
SHELL_CMD_HANDLER("hasSamlPortal", "mpclient status saml-vpn", checkSamlPortal)
|
||||
#endif //gaia
|
||||
|
||||
#if defined(smb)
|
||||
SHELL_CMD_HANDLER(
|
||||
"cpProductIntegrationMgmtParentObjectName",
|
||||
"cpsdwan get_data | jq -r .cluster_name",
|
||||
getMgmtParentObjName
|
||||
)
|
||||
SHELL_CMD_HANDLER(
|
||||
"cpProductIntegrationMgmtParentObjectUid",
|
||||
"cpsdwan get_data | jq -r .cluster_uuid",
|
||||
getMgmtParentObjUid
|
||||
)
|
||||
SHELL_CMD_HANDLER(
|
||||
"cpProductIntegrationMgmtObjectName",
|
||||
"cpprod_util FwIsLocalMgmt",
|
||||
getSmbObjectName
|
||||
)
|
||||
#endif//smb
|
||||
#endif // SHELL_CMD_HANDLER
|
||||
|
||||
|
||||
@@ -40,21 +61,10 @@ SHELL_CMD_OUTPUT("helloWorld", "cat /tmp/agentHelloWorld 2>/dev/null")
|
||||
// to return a string value for an attribute key based on a logic executed in a handler that receives file as input
|
||||
#ifdef FILE_CONTENT_HANDLER
|
||||
|
||||
#if defined(alpine)
|
||||
FILE_CONTENT_HANDLER("alpine_tag", "/usr/share/build/cp-alpine-tag", getCPAlpineTag)
|
||||
#endif // alpine
|
||||
#if defined(gaia) || defined(smb)
|
||||
FILE_CONTENT_HANDLER("os_release", "/etc/cp-release", getOsRelease)
|
||||
FILE_CONTENT_HANDLER(
|
||||
"cpProductIntegrationMgmtObjectUid",
|
||||
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
|
||||
getMgmtObjUid
|
||||
)
|
||||
FILE_CONTENT_HANDLER(
|
||||
"cpProductIntegrationMgmtObjectName",
|
||||
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
|
||||
getMgmtObjName
|
||||
)
|
||||
#if defined(gaia)
|
||||
|
||||
FILE_CONTENT_HANDLER("hasIdpConfigured", "/opt/CPSamlPortal/phpincs/spPortal/idpPolicy.xml", checkIDP)
|
||||
|
||||
FILE_CONTENT_HANDLER(
|
||||
"cpProductIntegrationMgmtParentObjectUid",
|
||||
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
|
||||
@@ -65,6 +75,23 @@ FILE_CONTENT_HANDLER(
|
||||
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
|
||||
getMgmtParentObjName
|
||||
)
|
||||
FILE_CONTENT_HANDLER(
|
||||
"cpProductIntegrationMgmtObjectName",
|
||||
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
|
||||
getMgmtObjName
|
||||
)
|
||||
#endif //gaia
|
||||
|
||||
#if defined(alpine)
|
||||
FILE_CONTENT_HANDLER("alpine_tag", "/usr/share/build/cp-alpine-tag", getCPAlpineTag)
|
||||
#endif // alpine
|
||||
#if defined(gaia) || defined(smb)
|
||||
FILE_CONTENT_HANDLER("os_release", "/etc/cp-release", getOsRelease)
|
||||
FILE_CONTENT_HANDLER(
|
||||
"cpProductIntegrationMgmtObjectUid",
|
||||
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
|
||||
getMgmtObjUid
|
||||
)
|
||||
#else // !(gaia || smb)
|
||||
FILE_CONTENT_HANDLER("os_release", "/etc/os-release", getOsRelease)
|
||||
#endif // gaia || smb
|
||||
|
||||
@@ -92,7 +92,7 @@ DetailsResolvingHanlder::Impl::getResolvedDetails() const
|
||||
}
|
||||
|
||||
I_AgentDetailsReporter *reporter = Singleton::Consume<I_AgentDetailsReporter>::by<DetailsResolvingHanlder>();
|
||||
reporter->addAttr(resolved_details);
|
||||
reporter->addAttr(resolved_details, true);
|
||||
|
||||
return resolved_details;
|
||||
}
|
||||
|
||||
@@ -33,14 +33,12 @@
|
||||
#include "config.h"
|
||||
#include "url_parser.h"
|
||||
#include "debug.h"
|
||||
#include "sasal.h"
|
||||
#include "scope_exit.h"
|
||||
|
||||
USE_DEBUG_FLAG(D_HTTP_REQUEST);
|
||||
|
||||
using namespace std;
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
// LCOV_EXCL_START Reason: Depends on real download server.
|
||||
|
||||
class CurlGlobalInit
|
||||
@@ -434,5 +432,3 @@ TraceIdGenerator::generateTraceId()
|
||||
string part5 = generateRandomString(12);
|
||||
return string(part1 + "-" + part2 + "-" + part3 + "-" + part4 + "-" + part5);
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -28,11 +28,9 @@
|
||||
#include "i_encryptor.h"
|
||||
#include "scope_exit.h"
|
||||
#include "url_parser.h"
|
||||
#include "sasal.h"
|
||||
|
||||
USE_DEBUG_FLAG(D_HTTP_REQUEST);
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
// LCOV_EXCL_START Reason: Depends on real download server.
|
||||
|
||||
enum class HTTP_VERSION
|
||||
@@ -111,5 +109,3 @@ public:
|
||||
private:
|
||||
std::string ca_path;
|
||||
};
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -19,7 +19,6 @@
|
||||
#include "debug.h"
|
||||
#include "config.h"
|
||||
#include "rest.h"
|
||||
#include "sasal.h"
|
||||
#include "cereal/external/rapidjson/document.h"
|
||||
|
||||
#include <fstream>
|
||||
@@ -27,8 +26,6 @@
|
||||
using namespace std;
|
||||
using namespace rapidjson;
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
|
||||
class Downloader::Impl : Singleton::Provide<I_Downloader>::From<Downloader>
|
||||
@@ -42,7 +39,7 @@ public:
|
||||
const GetResourceFile &resourse_file
|
||||
) const override;
|
||||
|
||||
Maybe<map<string, string>> downloadVirtualFileFromFog(
|
||||
Maybe<map<pair<string, string>, string>> downloadVirtualFileFromFog(
|
||||
const GetResourceFile &resourse_file,
|
||||
Package::ChecksumTypes checksum_type
|
||||
) const override;
|
||||
@@ -114,18 +111,19 @@ Downloader::Impl::downloadFileFromFog(
|
||||
return file_path;
|
||||
}
|
||||
|
||||
Maybe<map<string, string>>
|
||||
Maybe<map<pair<string, string>, string>>
|
||||
Downloader::Impl::downloadVirtualFileFromFog(
|
||||
const GetResourceFile &resourse_file,
|
||||
Package::ChecksumTypes) const
|
||||
{
|
||||
static const string tenand_id_key = "tenantId";
|
||||
static const string policy_key = "policy";
|
||||
static const string settings_key = "settings";
|
||||
static const string tenants_key = "tenants";
|
||||
static const string error_text = "error";
|
||||
static const string tenand_id_key = "tenantId";
|
||||
static const string profile_id_key = "profileId";
|
||||
static const string policy_key = "policy";
|
||||
static const string settings_key = "settings";
|
||||
static const string tenants_key = "tenants";
|
||||
static const string error_text = "error";
|
||||
|
||||
map<string, string> res;
|
||||
map<pair<string, string>, string> res;
|
||||
I_UpdateCommunication *update_communication = Singleton::Consume<I_UpdateCommunication>::by<Downloader>();
|
||||
auto downloaded_data = update_communication->downloadAttributeFile(resourse_file);
|
||||
if (!downloaded_data.ok()) return downloaded_data.passErr();
|
||||
@@ -146,7 +144,14 @@ Downloader::Impl::downloadVirtualFileFromFog(
|
||||
if (artifact_data == itr->MemberEnd()) artifact_data = itr->FindMember(settings_key.c_str());
|
||||
|
||||
if (artifact_data != itr->MemberEnd()) {
|
||||
string file_path = dir_path + "/" + resourse_file.getFileName() + "_" + tenant_id + ".download";
|
||||
auto profile_id_obj = itr->FindMember(profile_id_key.c_str());
|
||||
if (profile_id_obj == itr->MemberEnd()) continue;
|
||||
|
||||
string profile_id = profile_id_obj->value.GetString();
|
||||
|
||||
string file_path =
|
||||
dir_path + "/" + resourse_file.getFileName() + "_" +
|
||||
tenant_id + "_profile_" + profile_id + ".download";
|
||||
|
||||
rapidjson::StringBuffer buffer;
|
||||
rapidjson::Writer<rapidjson::StringBuffer> writer(buffer);
|
||||
@@ -154,7 +159,7 @@ Downloader::Impl::downloadVirtualFileFromFog(
|
||||
|
||||
I_OrchestrationTools *orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<Downloader>();
|
||||
if (orchestration_tools->writeFile(buffer.GetString(), file_path)) {
|
||||
res.insert({tenant_id, file_path});
|
||||
res.insert({{tenant_id, profile_id}, file_path});
|
||||
}
|
||||
continue;
|
||||
}
|
||||
@@ -383,5 +388,3 @@ Downloader::preload()
|
||||
registerExpectedConfiguration<string>("orchestration", "Self signed certificates acceptable");
|
||||
registerExpectedConfiguration<bool>("orchestration", "Add tenant suffix");
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -295,8 +295,8 @@ TEST_F(DownloaderTest, download_virtual_policy)
|
||||
{
|
||||
GetResourceFile resourse_file(GetResourceFile::ResourceFileType::VIRTUAL_POLICY);
|
||||
|
||||
resourse_file.addTenant("0000", "1", "checksum0000");
|
||||
resourse_file.addTenant("1111", "2", "checksum1111");
|
||||
resourse_file.addTenant("0000", "1234", "1", "checksum0000");
|
||||
resourse_file.addTenant("1111", "1235", "2", "checksum1111");
|
||||
|
||||
string tenant_0000_file =
|
||||
"{"
|
||||
@@ -319,6 +319,7 @@ TEST_F(DownloaderTest, download_virtual_policy)
|
||||
" \"tenants\": [\n"
|
||||
" {\n"
|
||||
" \"tenantId\": \"0000\",\n"
|
||||
" \"profileId\": \"1234\",\n"
|
||||
" \"policy\": {\n"
|
||||
" \"waap\": \"108-005\",\n"
|
||||
" \"accessControl\": \"Internal error, check logs\",\n"
|
||||
@@ -328,6 +329,7 @@ TEST_F(DownloaderTest, download_virtual_policy)
|
||||
" },\n"
|
||||
" {\n"
|
||||
" \"tenantId\": \"1111\",\n"
|
||||
" \"profileId\": \"1235\",\n"
|
||||
" \"policy\": {\n"
|
||||
" \"messageId\": \"108-005\",\n"
|
||||
" \"message\": \"Internal error, check logs\",\n"
|
||||
@@ -340,16 +342,16 @@ TEST_F(DownloaderTest, download_virtual_policy)
|
||||
|
||||
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file)).WillOnce(Return(fog_response));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(tenant_0000_file, "/tmp/virtualPolicy_0000.download"))
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(tenant_0000_file, "/tmp/virtualPolicy_0000_profile_1234.download"))
|
||||
.WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(tenant_1111_file, "/tmp/virtualPolicy_1111.download"))
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(tenant_1111_file, "/tmp/virtualPolicy_1111_profile_1235.download"))
|
||||
.WillOnce(Return(true));
|
||||
|
||||
map<string, string> expected_downloaded_files =
|
||||
map<pair<string, string>, string> expected_downloaded_files =
|
||||
{
|
||||
{ "0000", "/tmp/virtualPolicy_0000.download" },
|
||||
{ "1111", "/tmp/virtualPolicy_1111.download" }
|
||||
{ {"0000", "1234" }, "/tmp/virtualPolicy_0000_profile_1234.download" },
|
||||
{ {"1111", "1235" }, "/tmp/virtualPolicy_1111_profile_1235.download" }
|
||||
};
|
||||
|
||||
EXPECT_EQ(
|
||||
@@ -365,7 +367,12 @@ TEST_F(DownloaderTest, download_virtual_settings)
|
||||
{
|
||||
GetResourceFile resourse_file(GetResourceFile::ResourceFileType::VIRTUAL_SETTINGS);
|
||||
|
||||
resourse_file.addTenant("4c721b40-85df-4364-be3d-303a10ee9789", "1", "checksum0000");
|
||||
resourse_file.addTenant(
|
||||
"4c721b40-85df-4364-be3d-303a10ee9789",
|
||||
"4c721b40-85df-4364-be3d-303a10ee9780",
|
||||
"1",
|
||||
"checksum0000"
|
||||
);
|
||||
|
||||
string tenant_0000_file =
|
||||
"{"
|
||||
@@ -389,6 +396,7 @@ TEST_F(DownloaderTest, download_virtual_settings)
|
||||
" \"tenants\": [\n"
|
||||
" {\n"
|
||||
" \"tenantId\": \"4c721b40-85df-4364-be3d-303a10ee9789\",\n"
|
||||
" \"profileId\": \"4c721b40-85df-4364-be3d-303a10ee9780\",\n"
|
||||
" \"settings\": {\n"
|
||||
" \"agentSettings\": [\n"
|
||||
" {\n"
|
||||
@@ -410,14 +418,24 @@ TEST_F(DownloaderTest, download_virtual_settings)
|
||||
|
||||
EXPECT_CALL(mock_communication, downloadAttributeFile(resourse_file)).WillOnce(Return(fog_response));
|
||||
|
||||
stringstream tenant_0000_path;
|
||||
tenant_0000_path << "/tmp/virtualSettings_4c721b40-85df-4364-be3d-303a10ee9789"
|
||||
"_profile_4c721b40-85df-4364-be3d-303a10ee9780.download";
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
writeFile(tenant_0000_file, "/tmp/virtualSettings_4c721b40-85df-4364-be3d-303a10ee9789.download")
|
||||
writeFile(
|
||||
tenant_0000_file,
|
||||
tenant_0000_path.str()
|
||||
)
|
||||
).WillOnce(Return(true));
|
||||
|
||||
map<string, string> expected_downloaded_files = {
|
||||
{ "4c721b40-85df-4364-be3d-303a10ee9789",
|
||||
"/tmp/virtualSettings_4c721b40-85df-4364-be3d-303a10ee9789.download"
|
||||
stringstream file_path;
|
||||
file_path << "/tmp/virtualSettings_4c721b40-85df-4364-be3d-303a10ee9789"
|
||||
"_profile_4c721b40-85df-4364-be3d-303a10ee9780.download";
|
||||
|
||||
map<pair<string, string>, string> expected_downloaded_files = {
|
||||
{ {"4c721b40-85df-4364-be3d-303a10ee9789", "4c721b40-85df-4364-be3d-303a10ee9780"},
|
||||
file_path.str()
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
@@ -18,7 +18,6 @@
|
||||
#include "debug.h"
|
||||
#include "i_encryptor.h"
|
||||
#include "url_parser.h"
|
||||
#include "sasal.h"
|
||||
#include "config.h"
|
||||
#include "i_environment.h"
|
||||
#include "orchestration_comp.h"
|
||||
@@ -32,8 +31,6 @@
|
||||
using boost::asio::ip::tcp;
|
||||
using namespace std;
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
USE_DEBUG_FLAG(D_HTTP_REQUEST);
|
||||
|
||||
@@ -272,5 +269,3 @@ HTTPClient::getFileHttp(const URLParser &url, ofstream &out_file, const string &
|
||||
return Maybe<void>();
|
||||
}
|
||||
// LCOV_EXCL_STOP
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -19,7 +19,6 @@
|
||||
#include "i_encryptor.h"
|
||||
#include "downloader.h"
|
||||
#include "config.h"
|
||||
#include "sasal.h"
|
||||
#include "boost/uuid/uuid.hpp"
|
||||
#include "boost/uuid/uuid_generators.hpp"
|
||||
#include <boost/asio/deadline_timer.hpp>
|
||||
@@ -39,8 +38,6 @@ using namespace boost::placeholders;
|
||||
using boost::asio::ip::tcp;
|
||||
using namespace std;
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
|
||||
USE_DEBUG_FLAG(D_COMMUNICATION);
|
||||
USE_DEBUG_FLAG(D_HTTP_REQUEST);
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
@@ -615,5 +612,3 @@ HTTPClient::curlGetFileOverSSL(const URLParser &url, ofstream &out_file, const s
|
||||
}
|
||||
|
||||
// LCOV_EXCL_STOP
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -30,7 +30,10 @@ public:
|
||||
|
||||
MOCK_CONST_METHOD2(
|
||||
downloadVirtualFileFromFog,
|
||||
Maybe<std::map<std::string, std::string>>(const GetResourceFile &, Package::ChecksumTypes)
|
||||
Maybe<std::map<std::pair<std::string, std::string>, std::string>>(
|
||||
const GetResourceFile &,
|
||||
Package::ChecksumTypes
|
||||
)
|
||||
);
|
||||
|
||||
MOCK_CONST_METHOD4(
|
||||
|
||||
@@ -44,9 +44,9 @@ public:
|
||||
MOCK_CONST_METHOD1(removeFile, bool(const std::string &));
|
||||
MOCK_CONST_METHOD2(copyFile, bool(const std::string &, const std::string &));
|
||||
MOCK_CONST_METHOD2(calculateChecksum, Maybe<std::string>(Package::ChecksumTypes, const std::string &));
|
||||
MOCK_CONST_METHOD2(
|
||||
MOCK_CONST_METHOD3(
|
||||
jsonObjectSplitter,
|
||||
Maybe<std::map<std::string, std::string>>(const std::string &, const std::string &)
|
||||
Maybe<std::map<std::string, std::string>>(const std::string &, const std::string &, const std::string &)
|
||||
);
|
||||
MOCK_CONST_METHOD1(doesFileExist, bool(const std::string &));
|
||||
MOCK_CONST_METHOD1(createDirectory, bool(const std::string &));
|
||||
|
||||
@@ -28,13 +28,14 @@ public:
|
||||
|
||||
MOCK_CONST_METHOD0(getUpdatePolicyVersion, const std::string &());
|
||||
|
||||
MOCK_METHOD4(
|
||||
MOCK_METHOD5(
|
||||
updateServiceConfiguration,
|
||||
bool(
|
||||
const std::string &new_policy_path,
|
||||
const std::string &new_settings_path,
|
||||
const std::vector<std::string> &new_data_files,
|
||||
const std::string &tenant_id
|
||||
const std::string &tenant_id,
|
||||
const std::string &profile_id
|
||||
)
|
||||
);
|
||||
|
||||
|
||||
@@ -14,10 +14,7 @@
|
||||
#ifndef __APPSEC_PRACTICE_SECTION_H__
|
||||
#define __APPSEC_PRACTICE_SECTION_H__
|
||||
|
||||
#include <list>
|
||||
|
||||
#include <cereal/archives/json.hpp>
|
||||
#include <cereal/types/list.hpp>
|
||||
#include <boost/uuid/uuid.hpp>
|
||||
#include <boost/uuid/uuid_generators.hpp>
|
||||
#include <boost/uuid/uuid_io.hpp>
|
||||
@@ -119,9 +116,9 @@ public:
|
||||
load(cereal::JSONInputArchive &archive_in)
|
||||
{
|
||||
dbgTrace(D_K8S_POLICY) << "Loading AppSec Web Attack Protections";
|
||||
parseAppsecJSONKey<std::string>("csrf-enabled", csrf_protection, archive_in, "inactive");
|
||||
parseAppsecJSONKey<std::string>("error-disclosure-enabled", error_disclosure, archive_in, "inactive");
|
||||
parseAppsecJSONKey<std::string>("open-redirect-enabled", open_redirect, archive_in, "inactive");
|
||||
parseAppsecJSONKey<std::string>("csrf-protection", csrf_protection, archive_in, "Inactive");
|
||||
parseAppsecJSONKey<std::string>("error-disclosure", error_disclosure, archive_in, "Inactive");
|
||||
parseAppsecJSONKey<std::string>("open-redirect", open_redirect, archive_in, "Inactive");
|
||||
parseAppsecJSONKey<bool>("non-valid-http-methods", non_valid_http_methods, archive_in, false);
|
||||
}
|
||||
|
||||
@@ -185,12 +182,8 @@ public:
|
||||
{
|
||||
dbgTrace(D_K8S_POLICY) << "Loading AppSec practice spec";
|
||||
parseAppsecJSONKey<AppSecWebAttackProtections>("protections", protections, archive_in);
|
||||
parseAppsecJSONKey<std::string>("minimum-confidence", minimum_confidence, archive_in, "critical");
|
||||
parseAppsecJSONKey<std::string>("override-mode", mode, archive_in, "Unset");
|
||||
if (getMode() == "Prevent") {
|
||||
parseAppsecJSONKey<std::string>("minimum-confidence", minimum_confidence, archive_in, "critical");
|
||||
} else {
|
||||
minimum_confidence = "Transparent";
|
||||
}
|
||||
parseAppsecJSONKey<int>("max-body-size-kb", max_body_size_kb, archive_in, 1000000);
|
||||
parseAppsecJSONKey<int>("max-header-size-bytes", max_header_size_bytes, archive_in, 102400);
|
||||
parseAppsecJSONKey<int>("max-object-depth", max_object_depth, archive_in, 40);
|
||||
@@ -219,8 +212,8 @@ private:
|
||||
int max_header_size_bytes;
|
||||
int max_object_depth;
|
||||
int max_url_size_bytes;
|
||||
std::string minimum_confidence;
|
||||
std::string mode;
|
||||
std::string minimum_confidence;
|
||||
AppSecWebAttackProtections protections;
|
||||
};
|
||||
|
||||
@@ -253,7 +246,7 @@ public:
|
||||
{
|
||||
dbgTrace(D_K8S_POLICY) << "Loading AppSec Snort Signatures practice";
|
||||
parseAppsecJSONKey<std::string>("override-mode", override_mode, archive_in, "Inactive");
|
||||
parseAppsecJSONKey<std::vector<std::string>>("files", config_map, archive_in);
|
||||
parseAppsecJSONKey<std::vector<std::string>>("configmap", config_map, archive_in);
|
||||
}
|
||||
|
||||
const std::string & getOverrideMode() const { return override_mode; }
|
||||
@@ -285,7 +278,7 @@ public:
|
||||
{
|
||||
dbgTrace(D_K8S_POLICY) << "Loading AppSecPracticeOpenSchemaAPI practice";
|
||||
parseAppsecJSONKey<std::string>("override-mode", override_mode, archive_in, "Inactive");
|
||||
parseAppsecJSONKey<std::vector<std::string>>("files", config_map, archive_in);
|
||||
parseAppsecJSONKey<std::vector<std::string>>("configmap", config_map, archive_in);
|
||||
}
|
||||
|
||||
const std::string & getOverrideMode() const { return override_mode; }
|
||||
@@ -700,9 +693,7 @@ public:
|
||||
|
||||
const std::string & getMode() const { return mode; }
|
||||
|
||||
void setHost(const std::string &_host) { host = _host; }
|
||||
|
||||
void setMode(const std::string &_mode) { mode = _mode; }
|
||||
void setMode(const std::string &_mode) { mode = _mode; };
|
||||
|
||||
const std::string & getCustomResponse() const { return custom_response; }
|
||||
|
||||
@@ -754,18 +745,16 @@ public:
|
||||
if (default_mode_annot.ok() && !default_mode_annot.unpack().empty() && default_rule.getMode().empty()) {
|
||||
default_rule.setMode(default_mode_annot.unpack());
|
||||
}
|
||||
default_rule.setHost("*");
|
||||
parseAppsecJSONKey<std::list<ParsedRule>>("specific-rules", specific_rules, archive_in);
|
||||
specific_rules.push_front(default_rule);
|
||||
parseAppsecJSONKey<std::vector<ParsedRule>>("specific-rules", specific_rules, archive_in);
|
||||
}
|
||||
|
||||
const ParsedRule & getDefaultRule() const { return default_rule; }
|
||||
|
||||
const std::list<ParsedRule> & getSpecificRules() const { return specific_rules; }
|
||||
const std::vector<ParsedRule> & getSpecificRules() const { return specific_rules; }
|
||||
|
||||
private:
|
||||
ParsedRule default_rule;
|
||||
std::list<ParsedRule> specific_rules;
|
||||
std::vector<ParsedRule> specific_rules;
|
||||
};
|
||||
|
||||
class AppsecLinuxPolicy : Singleton::Consume<I_Environment>
|
||||
@@ -777,12 +766,12 @@ public:
|
||||
dbgTrace(D_K8S_POLICY) << "Loading AppSec policy spec";
|
||||
parseAppsecJSONKey<AppsecPolicySpec>("policies", policies, archive_in);
|
||||
parseAppsecJSONKey<std::vector<AppSecPracticeSpec>>("practices", practices, archive_in);
|
||||
parseAppsecJSONKey<std::vector<AppsecTriggerSpec>>("log-triggers", log_triggers, archive_in);
|
||||
parseAppsecJSONKey<std::vector<AppSecCustomResponseSpec>>("custom-responses", custom_responses, archive_in);
|
||||
parseAppsecJSONKey<std::vector<AppsecTriggerSpec>>("logtriggers", log_triggers, archive_in);
|
||||
parseAppsecJSONKey<std::vector<AppSecCustomResponseSpec>>("customresponses", custom_responses, archive_in);
|
||||
parseAppsecJSONKey<std::vector<AppsecExceptionSpec>>("exceptions", exceptions, archive_in);
|
||||
parseAppsecJSONKey<std::vector<TrustedSourcesSpec>>("trusted-sources", trusted_sources, archive_in);
|
||||
parseAppsecJSONKey<std::vector<TrustedSourcesSpec>>("trustedsources", trusted_sources, archive_in);
|
||||
parseAppsecJSONKey<std::vector<SourceIdentifierSpecWrapper>>(
|
||||
"source-identifier",
|
||||
"sourceidentifiers",
|
||||
sources_identifier,
|
||||
archive_in
|
||||
);
|
||||
|
||||
@@ -210,7 +210,6 @@ public:
|
||||
parseAppsecJSONKey<int>("http-response-code", httpResponseCode, archive_in, 403);
|
||||
parseAppsecJSONKey<std::string>("mode", mode, archive_in, "block-page");
|
||||
parseAppsecJSONKey<std::string>("name", name, archive_in);
|
||||
|
||||
if (mode == "block-page") {
|
||||
parseAppsecJSONKey<std::string>(
|
||||
"message-body",
|
||||
|
||||
@@ -34,7 +34,7 @@ public:
|
||||
{
|
||||
dbgTrace(D_K8S_POLICY) << "Loading trusted sources spec";
|
||||
parseAppsecJSONKey<int>("minNumOfSources", min_num_of_sources, archive_in, 3);
|
||||
parseAppsecJSONKey<std::vector<std::string>>("sources-identifiers", sources_identifiers, archive_in);
|
||||
parseAppsecJSONKey<std::vector<std::string>>("sourcesIdentifiers", sources_identifiers, archive_in);
|
||||
parseAppsecJSONKey<std::string>("name", name, archive_in);
|
||||
}
|
||||
|
||||
@@ -110,7 +110,7 @@ public:
|
||||
load(cereal::JSONInputArchive &archive_in)
|
||||
{
|
||||
dbgTrace(D_K8S_POLICY) << "Loading trusted sources spec";
|
||||
parseAppsecJSONKey<std::string>("source-identifier", source_identifier, archive_in);
|
||||
parseAppsecJSONKey<std::string>("sourceIdentifier", source_identifier, archive_in);
|
||||
parseAppsecJSONKey<std::vector<std::string>>("value", value, archive_in);
|
||||
}
|
||||
|
||||
|
||||
@@ -15,10 +15,10 @@
|
||||
|
||||
#include <algorithm>
|
||||
#include <cctype>
|
||||
#include <iostream>
|
||||
#include <map>
|
||||
#include <set>
|
||||
#include <string>
|
||||
#include <iostream>
|
||||
#include <fstream>
|
||||
#include <streambuf>
|
||||
#include <cereal/types/vector.hpp>
|
||||
@@ -28,7 +28,6 @@
|
||||
#include <boost/uuid/uuid_generators.hpp>
|
||||
|
||||
#include "rest.h"
|
||||
#include "report/report.h"
|
||||
#include "debug.h"
|
||||
#include "config.h"
|
||||
#include "connkey.h"
|
||||
@@ -290,7 +289,7 @@ public:
|
||||
return appsec_policy;
|
||||
});
|
||||
|
||||
list<ParsedRule> specific_rules = appsec_policy.getAppsecPolicySpec().getSpecificRules();
|
||||
vector<ParsedRule> specific_rules = appsec_policy.getAppsecPolicySpec().getSpecificRules();
|
||||
ParsedRule default_rule = appsec_policy.getAppsecPolicySpec().getDefaultRule();
|
||||
|
||||
string asset;
|
||||
@@ -673,7 +672,7 @@ public:
|
||||
AppsecSpecParser<AppsecPolicySpec> appsec_policy = maybe_appsec_policy.unpack();
|
||||
dbgTrace(D_K8S_POLICY) << "Succeessfully retrieved AppSec policy: " << appsec_policy.getSpec();
|
||||
|
||||
list<ParsedRule> specific_rules = appsec_policy.getSpec().getSpecificRules();
|
||||
vector<ParsedRule> specific_rules = appsec_policy.getSpec().getSpecificRules();
|
||||
ParsedRule default_rule = appsec_policy.getSpec().getDefaultRule();
|
||||
|
||||
for (const ParsedRule &parsed_rule : specific_rules) {
|
||||
@@ -1227,10 +1226,30 @@ private:
|
||||
LocalPolicyEnv env_type;
|
||||
map<string, string> practice_name_to_id_map;
|
||||
|
||||
bool
|
||||
isPlaygroundEnv()
|
||||
{
|
||||
string playground_variable = "PLAYGROUND";
|
||||
const char *env_string = getenv(playground_variable.c_str());
|
||||
|
||||
if (env_string) {
|
||||
string env_value = env_string;
|
||||
transform(
|
||||
env_value.begin(),
|
||||
env_value.end(),
|
||||
env_value.begin(),
|
||||
[](unsigned char c) { return std::tolower(c); }
|
||||
);
|
||||
return env_value == "true";
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
bool
|
||||
getClusterId()
|
||||
{
|
||||
string playground_uid = Report::isPlaygroundEnv() ? "playground-" : "";
|
||||
string playground_uid = isPlaygroundEnv() ? "playground-" : "";
|
||||
|
||||
dbgTrace(D_K8S_POLICY) << "Getting cluster UID";
|
||||
auto maybe_namespaces_data = getObjectFromCluster<NamespaceData>("/api/v1/namespaces/");
|
||||
|
||||
@@ -15,7 +15,6 @@
|
||||
|
||||
#include "config.h"
|
||||
#include "debug.h"
|
||||
#include "sasal.h"
|
||||
#include "environment.h"
|
||||
#include "version.h"
|
||||
#include "log_generator.h"
|
||||
@@ -24,8 +23,6 @@
|
||||
using namespace std;
|
||||
using namespace ReportIS;
|
||||
|
||||
SASAL_START // Orchestration - Manifest Handler
|
||||
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
|
||||
class IgnoredPackages
|
||||
@@ -441,5 +438,3 @@ ManifestController::init()
|
||||
{
|
||||
pimpl->init();
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -15,12 +15,9 @@
|
||||
|
||||
#include "debug.h"
|
||||
#include "config.h"
|
||||
#include "sasal.h"
|
||||
|
||||
using namespace std;
|
||||
|
||||
SASAL_START // Orchestration - Manifest Handler
|
||||
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
|
||||
void
|
||||
@@ -140,5 +137,3 @@ ManifestDiffCalculator::buildInstallationQueue(
|
||||
installation_queue.push_back(updated_package);
|
||||
return true;
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -15,14 +15,11 @@
|
||||
|
||||
#include "debug.h"
|
||||
#include "config.h"
|
||||
#include "sasal.h"
|
||||
#include "agent_details.h"
|
||||
#include "orchestration_comp.h"
|
||||
|
||||
using namespace std;
|
||||
|
||||
SASAL_START // Orchestration - Manifest Handler
|
||||
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
|
||||
void
|
||||
@@ -380,5 +377,3 @@ ManifestHandler::selfUpdate(
|
||||
package_handler->preInstallPackage(orch_service_name, current_installation_file) &&
|
||||
package_handler->installPackage(orch_service_name, current_installation_file, false);
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -15,10 +15,6 @@
|
||||
|
||||
#include <map>
|
||||
|
||||
#include "sasal.h"
|
||||
|
||||
SASAL_START // Orchestration - Modules
|
||||
|
||||
using namespace std;
|
||||
using namespace cereal;
|
||||
|
||||
@@ -48,5 +44,3 @@ Data::serialize(JSONInputArchive &in_archive)
|
||||
make_nvp("version", version)
|
||||
);
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -13,10 +13,6 @@
|
||||
|
||||
#include "orchestration_policy.h"
|
||||
|
||||
#include "sasal.h"
|
||||
|
||||
SASAL_START // Orchestration - Modules
|
||||
|
||||
using namespace std;
|
||||
using namespace cereal;
|
||||
|
||||
@@ -60,5 +56,3 @@ OrchestrationPolicy::operator!=(const OrchestrationPolicy &other) const
|
||||
{
|
||||
return !((*this) == other);
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -19,7 +19,6 @@
|
||||
|
||||
#include "debug.h"
|
||||
#include "config.h"
|
||||
#include "sasal.h"
|
||||
|
||||
using namespace cereal;
|
||||
using namespace std;
|
||||
@@ -27,8 +26,6 @@ using namespace chrono;
|
||||
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
|
||||
SASAL_START // Orchestration - Modules
|
||||
|
||||
class RegistrationDetails
|
||||
{
|
||||
public:
|
||||
@@ -681,5 +678,3 @@ OrchestrationStatus::init() { pimpl->init(); }
|
||||
OrchestrationStatus::OrchestrationStatus() : Component("OrchestrationStatus"), pimpl(make_unique<Impl>()) {}
|
||||
|
||||
OrchestrationStatus::~OrchestrationStatus() {}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -15,10 +15,6 @@
|
||||
|
||||
#include <map>
|
||||
|
||||
#include "sasal.h"
|
||||
|
||||
SASAL_START // Orchestration - Modules
|
||||
|
||||
using namespace std;
|
||||
using namespace cereal;
|
||||
|
||||
@@ -129,5 +125,3 @@ Package::serialize(JSONInputArchive & in_archive)
|
||||
}
|
||||
package_type = package_type_value->second;
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -18,12 +18,9 @@
|
||||
#include "singleton.h"
|
||||
#include "common.h"
|
||||
#include "maybe_res.h"
|
||||
#include "sasal.h"
|
||||
|
||||
using namespace std;
|
||||
|
||||
SASAL_START // Orchestration - Modules
|
||||
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
|
||||
ostream &
|
||||
@@ -145,5 +142,3 @@ URLParser::toString() const
|
||||
s_build << protocol << base_url << query << ":" << port;
|
||||
return s_build.str();
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -29,7 +29,6 @@
|
||||
#include "manifest_controller.h"
|
||||
#include "url_parser.h"
|
||||
#include "i_messaging.h"
|
||||
#include "sasal.h"
|
||||
#include "agent_details_report.h"
|
||||
#include "maybe_res.h"
|
||||
#include "customized_cereal_map.h"
|
||||
@@ -38,8 +37,7 @@
|
||||
#include "get_status_rest.h"
|
||||
#include "hybrid_mode_telemetry.h"
|
||||
#include "telemetry.h"
|
||||
|
||||
SASAL_START // Orchestration - Main
|
||||
#include "tenant_profile_pair.h"
|
||||
|
||||
using namespace std;
|
||||
using namespace chrono;
|
||||
@@ -596,10 +594,6 @@ private:
|
||||
auto team = i_env->get<AudienceTeam>("Audience Team");
|
||||
if (team.ok()) audience_team = *team;
|
||||
|
||||
string agent_uid =
|
||||
(Report::isPlaygroundEnv() ? "playground-" : "") +
|
||||
Singleton::Consume<I_AgentDetails>::by<OrchestrationComp>()->getAgentId();
|
||||
|
||||
Report policy_update_message(
|
||||
"Agent's policy has been updated",
|
||||
curr_time,
|
||||
@@ -611,7 +605,7 @@ private:
|
||||
Severity::INFO,
|
||||
Priority::LOW,
|
||||
chrono::seconds(0),
|
||||
LogField("agentId", agent_uid),
|
||||
LogField("agentId", Singleton::Consume<I_AgentDetails>::by<OrchestrationComp>()->getAgentId()),
|
||||
Tags::ORCHESTRATOR
|
||||
);
|
||||
policy_update_message.addToOrigin(LogField("policyVersion", new_policy_version));
|
||||
@@ -808,14 +802,22 @@ private:
|
||||
auto greedy_update = getProfileAgentSettingWithDefault<bool>(false, "orchestration.multitenancy.greedymode");
|
||||
greedy_update = getConfigurationWithDefault<bool>(greedy_update, "orchestration", "Multitenancy Greedy mode");
|
||||
|
||||
if (!greedy_update) {
|
||||
auto tenant_manager = Singleton::Consume<I_TenantManager>::by<OrchestrationComp>();
|
||||
for (auto const &active_tenant: tenant_manager->fetchActiveTenants()) {
|
||||
auto virtual_policy_data = getPolicyTenantData(active_tenant);
|
||||
auto tenant_manager = Singleton::Consume<I_TenantManager>::by<OrchestrationComp>();
|
||||
for (auto const &active_tenant: tenant_manager->fetchActiveTenants()) {
|
||||
for (auto const &profile_id: tenant_manager->fetchProfileIds(active_tenant)) {
|
||||
auto virtual_policy_data = getPolicyTenantData(active_tenant, profile_id);
|
||||
request.addTenantPolicy(virtual_policy_data);
|
||||
request.addTenantSettings(getSettingsTenantData(active_tenant, virtual_policy_data.getVersion()));
|
||||
request.addTenantSettings(
|
||||
getSettingsTenantData(
|
||||
active_tenant,
|
||||
profile_id,
|
||||
virtual_policy_data.getVersion()
|
||||
)
|
||||
);
|
||||
}
|
||||
} else {
|
||||
}
|
||||
|
||||
if (greedy_update) {
|
||||
request.setGreedyMode();
|
||||
}
|
||||
|
||||
@@ -980,10 +982,11 @@ private:
|
||||
const Maybe<vector<CheckUpdateRequest::Tenants>> &updated_policy_tenants,
|
||||
const vector<string> &new_data_files)
|
||||
{
|
||||
dbgFlow(D_ORCHESTRATOR) << "Hanlding virtual files";
|
||||
if (!updated_policy_tenants.ok()) return;
|
||||
|
||||
// Sorting files by tenant id;
|
||||
unordered_map<string, vector<string>> sorted_files;
|
||||
unordered_map<TenantProfilePair, vector<string>> sorted_files;
|
||||
|
||||
// Download virtual policy
|
||||
bool is_empty = true;
|
||||
@@ -991,7 +994,17 @@ private:
|
||||
for (const auto &tenant: *updated_policy_tenants) {
|
||||
if (!tenant.getVersion().empty()) {
|
||||
is_empty = false;
|
||||
resource_v_policy_file.addTenant(tenant.getTenantID(), tenant.getVersion(), tenant.getChecksum());
|
||||
dbgTrace(D_ORCHESTRATOR)
|
||||
<< "Adding a tenant to the multi-tenant list. Tenant: "
|
||||
<< tenant.getTenantID();
|
||||
auto tenant_manager = Singleton::Consume<I_TenantManager>::by<OrchestrationComp>();
|
||||
tenant_manager->addActiveTenantAndProfile(tenant.getTenantID(), tenant.getProfileID());
|
||||
resource_v_policy_file.addTenant(
|
||||
tenant.getTenantID(),
|
||||
tenant.getProfileID(),
|
||||
tenant.getVersion(),
|
||||
tenant.getChecksum()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1003,7 +1016,8 @@ private:
|
||||
);
|
||||
if (new_virtual_policy_files.ok()) {
|
||||
for (const auto &tenant_file: *new_virtual_policy_files) {
|
||||
sorted_files[tenant_file.first].push_back(tenant_file.second);
|
||||
auto tenant_profile = TenantProfilePair(tenant_file.first.first, tenant_file.first.second);
|
||||
sorted_files[tenant_profile].push_back(tenant_file.second);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1017,6 +1031,7 @@ private:
|
||||
is_empty = false;
|
||||
resource_v_settings_file.addTenant(
|
||||
tenant.getTenantID(),
|
||||
tenant.getProfileID(),
|
||||
tenant.getVersion(),
|
||||
tenant.getChecksum()
|
||||
);
|
||||
@@ -1031,7 +1046,8 @@ private:
|
||||
);
|
||||
if (new_virtual_settings_files.ok()) {
|
||||
for (const auto &tenant_file: *new_virtual_settings_files) {
|
||||
sorted_files[tenant_file.first].push_back(tenant_file.second);
|
||||
auto tenant_profile = TenantProfilePair(tenant_file.first.first, tenant_file.first.second);
|
||||
sorted_files[tenant_profile].push_back(tenant_file.second);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1043,7 +1059,11 @@ private:
|
||||
string setting_file = "";
|
||||
if (files.size() > 1) {
|
||||
setting_file = files[1];
|
||||
auto handled_settings = updateSettingsFile(setting_file, downloade_files.first);
|
||||
auto handled_settings = updateSettingsFile(
|
||||
setting_file,
|
||||
downloade_files.first.getTenantId(),
|
||||
downloade_files.first.getPfofileId()
|
||||
);
|
||||
if (handled_settings.ok()) setting_file = *handled_settings;
|
||||
}
|
||||
|
||||
@@ -1051,21 +1071,23 @@ private:
|
||||
policy_file,
|
||||
setting_file,
|
||||
new_data_files,
|
||||
downloade_files.first
|
||||
downloade_files.first.getTenantId(),
|
||||
downloade_files.first.getPfofileId()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Maybe<string>
|
||||
updateSettingsFile(const string &new_settings_file, const string &tenant_id = "")
|
||||
updateSettingsFile(const string &new_settings_file, const string &tenant_id = "", const string &profile_id = "")
|
||||
{
|
||||
// Handling settings update.
|
||||
auto conf_dir = getConfigurationWithDefault<string>(
|
||||
filesystem_prefix + "/conf/",
|
||||
"orchestration",
|
||||
"Conf dir"
|
||||
) + (tenant_id != "" ? "tenant_" + tenant_id + "_" : "");
|
||||
) + (tenant_id != "" ? "tenant_" + tenant_id + "_profile_" + profile_id + "_" : "");
|
||||
|
||||
dbgTrace(D_ORCHESTRATOR) << "The settings directory is " << conf_dir;
|
||||
auto orchestration_tools = Singleton::Consume<I_OrchestrationTools>::by<OrchestrationComp>();
|
||||
string settings_file_path = conf_dir + "settings.json";
|
||||
if (!orchestration_tools->copyFile(new_settings_file, settings_file_path)) {
|
||||
@@ -1077,7 +1099,7 @@ private:
|
||||
}
|
||||
|
||||
CheckUpdateRequest::Tenants
|
||||
getPolicyTenantData(const string &tenant_id)
|
||||
getPolicyTenantData(const string &tenant_id, const string &profile_id)
|
||||
{
|
||||
string dir = getConfigurationWithDefault<string>(
|
||||
filesystem_prefix + "/conf",
|
||||
@@ -1085,16 +1107,16 @@ private:
|
||||
"Configuration directory"
|
||||
);
|
||||
|
||||
string policy_file = dir + "/tenant_" + tenant_id + "/policy.json";
|
||||
string policy_file = dir + "/tenant_" + tenant_id + "_profile_" + profile_id + "/policy.json";
|
||||
|
||||
string policy_file_checksum = getChecksum(policy_file);
|
||||
string policy_file_version= getVersion(policy_file);
|
||||
|
||||
return CheckUpdateRequest::Tenants(tenant_id, policy_file_checksum, policy_file_version);
|
||||
return CheckUpdateRequest::Tenants(tenant_id, profile_id, policy_file_checksum, policy_file_version);
|
||||
}
|
||||
|
||||
CheckUpdateRequest::Tenants
|
||||
getSettingsTenantData(const string &tenant_id, const string &policy_version)
|
||||
getSettingsTenantData(const string &tenant_id, const string &profile_id, const string &policy_version)
|
||||
{
|
||||
string dir = getConfigurationWithDefault<string>(
|
||||
filesystem_prefix + "/conf",
|
||||
@@ -1102,10 +1124,10 @@ private:
|
||||
"Configuration directory"
|
||||
);
|
||||
|
||||
string settings_file = dir + "/tenant_" + tenant_id + "_settings.json";
|
||||
string settings_file = dir + "/tenant_" + tenant_id + "_profile_" + profile_id + "_settings.json";
|
||||
string settings_file_checksum = getChecksum(settings_file);
|
||||
|
||||
return CheckUpdateRequest::Tenants(tenant_id, settings_file_checksum, policy_version);
|
||||
return CheckUpdateRequest::Tenants(tenant_id, profile_id, settings_file_checksum, policy_version);
|
||||
}
|
||||
|
||||
string
|
||||
@@ -1629,5 +1651,3 @@ OrchestrationComp::preload()
|
||||
registerExpectedSetting<string>("upgradeMode");
|
||||
registerExpectedConfigFile("orchestration", Config::ConfigFileType::Policy);
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -23,10 +23,6 @@
|
||||
#include <arpa/inet.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include "sasal.h"
|
||||
|
||||
SASAL_START // Orchestration - Tools
|
||||
|
||||
using namespace std;
|
||||
using namespace rapidjson;
|
||||
|
||||
@@ -41,7 +37,8 @@ public:
|
||||
Maybe<map<packageName, packageDetails>>
|
||||
jsonObjectSplitter(
|
||||
const string &json,
|
||||
const string &tenant_id) const override;
|
||||
const string &tenant_id,
|
||||
const string &profile_id) const override;
|
||||
|
||||
Maybe<string> readFile(const string &path) const override;
|
||||
bool writeFile(const string &text, const string &path) const override;
|
||||
@@ -238,7 +235,10 @@ OrchestrationTools::Impl::copyFile(const string &src_path, const string &dst_pat
|
||||
}
|
||||
|
||||
Maybe<map<packageName, packageDetails>>
|
||||
OrchestrationTools::Impl::jsonObjectSplitter(const string &json, const string &tenant_id) const
|
||||
OrchestrationTools::Impl::jsonObjectSplitter(
|
||||
const string &json,
|
||||
const string &tenant_id,
|
||||
const string &profile_id) const
|
||||
{
|
||||
Document document;
|
||||
map<string, string> parsed;
|
||||
@@ -247,14 +247,18 @@ OrchestrationTools::Impl::jsonObjectSplitter(const string &json, const string &t
|
||||
if (document.HasParseError()) return genError("JSON file is not valid.");
|
||||
|
||||
for (Value::MemberIterator itr = document.MemberBegin(); itr != document.MemberEnd(); ++itr) {
|
||||
|
||||
if (!tenant_id.empty() && itr->value.IsObject()) {
|
||||
|
||||
itr->value.AddMember(
|
||||
Value("tenantID"),
|
||||
Value(tenant_id.c_str(), tenant_id.size()),
|
||||
document.GetAllocator()
|
||||
);
|
||||
|
||||
itr->value.AddMember(
|
||||
Value("profileID"),
|
||||
Value(profile_id.c_str(), profile_id.size()),
|
||||
document.GetAllocator()
|
||||
);
|
||||
}
|
||||
|
||||
rapidjson::StringBuffer buffer;
|
||||
@@ -471,5 +475,3 @@ OrchestrationTools::Impl::base64Decode(const string &input) const
|
||||
OrchestrationTools::OrchestrationTools() : Component("OrchestrationTools"), pimpl(make_unique<Impl>()) {}
|
||||
|
||||
OrchestrationTools::~OrchestrationTools() {}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -158,7 +158,7 @@ TEST_F(OrchestrationToolsTest, jsonObjectSplitter)
|
||||
" ]"
|
||||
" }";
|
||||
|
||||
Maybe<map<string, string>> parsed = i_orchestration_tools->jsonObjectSplitter(update_text, "");
|
||||
Maybe<map<string, string>> parsed = i_orchestration_tools->jsonObjectSplitter(update_text, "", "");
|
||||
EXPECT_TRUE(parsed.ok());
|
||||
cleanSpaces(manifest);
|
||||
EXPECT_EQ(manifest, parsed.unpack().find("manifest")->second);
|
||||
@@ -174,7 +174,7 @@ TEST_F(OrchestrationToolsTest, jsonObjectSplitter)
|
||||
" \"download-options\": ["
|
||||
" \"http://172.23.92.135/manifest_file.txt\""
|
||||
" ]";
|
||||
parsed = i_orchestration_tools->jsonObjectSplitter(invalid_json, "");
|
||||
parsed = i_orchestration_tools->jsonObjectSplitter(invalid_json, "", "");
|
||||
EXPECT_FALSE(parsed.ok());
|
||||
}
|
||||
|
||||
|
||||
@@ -65,7 +65,7 @@ public:
|
||||
|
||||
EXPECT_CALL(rest, mockRestCall(RestAction::SHOW, "orchestration-status", _)).WillOnce(
|
||||
WithArg<2>(Invoke(this, &OrchestrationMultitenancyTest::setRestStatus)));
|
||||
|
||||
|
||||
doEncrypt();
|
||||
orchestration_comp.init();
|
||||
}
|
||||
@@ -83,9 +83,12 @@ public:
|
||||
Maybe<string> err = genError("No file exist");
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile("/etc/cp/conf/user-cred.json")).WillOnce(Return(err));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("This is fake", "/etc/cp/data/data1.a")).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("0000 is fake", "/etc/cp/data/data4.a")).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("This is 3333", "/etc/cp/data/data6.a")).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("This is fake", "/etc/cp/data/data1.a")).WillOnce(
|
||||
Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("0000 is fake", "/etc/cp/data/data4.a")).WillOnce(
|
||||
Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("This is 3333", "/etc/cp/data/data6.a")).WillOnce(
|
||||
Return(true));
|
||||
}
|
||||
|
||||
void
|
||||
@@ -182,7 +185,8 @@ private:
|
||||
return true;
|
||||
}
|
||||
|
||||
bool setRestStatus(const unique_ptr<RestInit> &p)
|
||||
bool
|
||||
setRestStatus(const unique_ptr<RestInit> &p)
|
||||
{
|
||||
rest_status = p->getRest();
|
||||
return true;
|
||||
@@ -256,23 +260,38 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource)
|
||||
vector<string> active_tenants = { "1236", "1235" };
|
||||
EXPECT_CALL(tenant_manager, fetchActiveTenants()).WillOnce(Return(active_tenants));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(_, "/etc/cp/conf/tenant_1236/policy.json"))
|
||||
EXPECT_CALL(tenant_manager, addActiveTenantAndProfile("1235", "2311"));
|
||||
EXPECT_CALL(tenant_manager, addActiveTenantAndProfile("1236", "2611"));
|
||||
|
||||
vector<string> first_tenant_profiles = { "2611" };
|
||||
vector<string> second_tenant_profiles = { "2311"};
|
||||
EXPECT_CALL(
|
||||
tenant_manager,
|
||||
fetchProfileIds("1236")).WillRepeatedly(Return(first_tenant_profiles)
|
||||
);
|
||||
|
||||
EXPECT_CALL(
|
||||
tenant_manager,
|
||||
fetchProfileIds("1235")).WillRepeatedly(Return(second_tenant_profiles)
|
||||
);
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(_, "/etc/cp/conf/tenant_1236_profile_2611/policy.json"))
|
||||
.WillOnce(Return(string("checksum_policy_tenant_1236")));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(_, "/etc/cp/conf/tenant_1235/policy.json"))
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(_, "/etc/cp/conf/tenant_1235_profile_2311/policy.json"))
|
||||
.WillOnce(Return(string("checksum_policy_tenant_1235")));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile("/etc/cp/conf/tenant_1236/policy.json"))
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile("/etc/cp/conf/tenant_1236_profile_2611/policy.json"))
|
||||
.WillOnce(Return(string("{}")));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile("/etc/cp/conf/tenant_1235/policy.json"))
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile("/etc/cp/conf/tenant_1235_profile_2311/policy.json"))
|
||||
.WillOnce(Return(string("{}")));
|
||||
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(_, "/etc/cp/conf/tenant_1236_settings.json"))
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(_, "/etc/cp/conf/tenant_1236_profile_2611_settings.json"))
|
||||
.WillOnce(Return(string("checksum_settings_tenant_1236")));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(_, "/etc/cp/conf/tenant_1235_settings.json"))
|
||||
EXPECT_CALL(mock_orchestration_tools, calculateChecksum(_, "/etc/cp/conf/tenant_1235_profile_2311_settings.json"))
|
||||
.WillOnce(Return(string("checksum_settings_tenant_1235")));
|
||||
|
||||
EXPECT_CALL(mock_update_communication, getUpdate(_)).WillOnce(
|
||||
@@ -294,11 +313,13 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource)
|
||||
" \"tenants\": [\n"
|
||||
" {\n"
|
||||
" \"tenantId\": \"1236\",\n"
|
||||
" \"profileId\": \"2611\",\n"
|
||||
" \"checksum\": \"new_checksum_policy_tenant_1236\",\n"
|
||||
" \"version\": \"1\"\n"
|
||||
" },\n"
|
||||
" {\n"
|
||||
" \"tenantId\": \"1235\",\n"
|
||||
" \"profileId\": \"2311\",\n"
|
||||
" \"checksum\": \"new_checksum_policy_tenant_1235\",\n"
|
||||
" \"version\": \"1\"\n"
|
||||
" }\n"
|
||||
@@ -308,11 +329,13 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource)
|
||||
" \"tenants\": [\n"
|
||||
" {\n"
|
||||
" \"tenantId\": \"1236\",\n"
|
||||
" \"profileId\": \"2611\",\n"
|
||||
" \"checksum\": \"new_checksum_settings_tenant_1236\",\n"
|
||||
" \"version\": \"1\"\n"
|
||||
" },\n"
|
||||
" {\n"
|
||||
" \"tenantId\": \"1235\",\n"
|
||||
" \"profileId\": \"2311\",\n"
|
||||
" \"checksum\": \"new_checksum_settings_tenant_1235\",\n"
|
||||
" \"version\": \"1\"\n"
|
||||
" }\n"
|
||||
@@ -328,21 +351,21 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource)
|
||||
);
|
||||
|
||||
GetResourceFile policy_file(GetResourceFile::ResourceFileType::VIRTUAL_POLICY);
|
||||
policy_file.addTenant("1236", "1", "new_checksum_policy_tenant_1236");
|
||||
policy_file.addTenant("1235", "1", "new_checksum_policy_tenant_1235");
|
||||
policy_file.addTenant("1236", "2611", "1", "new_checksum_policy_tenant_1236");
|
||||
policy_file.addTenant("1235", "2311", "1", "new_checksum_policy_tenant_1235");
|
||||
|
||||
map<string, string> download_policy_res = {
|
||||
{ "1236", "/tmp/orchestration_downloads/virtualPolicy_1236.download" },
|
||||
{ "1235", "/tmp/orchestration_downloads/virtualPolicy_1235.download" }
|
||||
map<pair<string, string>, string> download_policy_res = {
|
||||
{ {"1236", "2611" }, "/tmp/orchestration_downloads/virtualPolicy_1236_profile_2611.download" },
|
||||
{ {"1235", "2311" }, "/tmp/orchestration_downloads/virtualPolicy_1235_profile_2311.download" }
|
||||
};
|
||||
|
||||
GetResourceFile settings_file(GetResourceFile::ResourceFileType::VIRTUAL_SETTINGS);
|
||||
settings_file.addTenant("1236", "1", "new_checksum_settings_tenant_1236");
|
||||
settings_file.addTenant("1235", "1", "new_checksum_settings_tenant_1235");
|
||||
settings_file.addTenant("1236", "2611", "1", "new_checksum_settings_tenant_1236");
|
||||
settings_file.addTenant("1235", "2311", "1", "new_checksum_settings_tenant_1235");
|
||||
|
||||
map<string, string> download_settings_res = {
|
||||
{ "1236", "/tmp/orchestration_downloads/virtualSettings_1236.download" },
|
||||
{ "1235", "/tmp/orchestration_downloads/virtualSettings_1235.download" }
|
||||
map<pair<string, string>, string> download_settings_res = {
|
||||
{ {"1236", "2611" }, "/tmp/orchestration_downloads/virtualSettings_1236_profile_2611.download" },
|
||||
{ {"1235", "2311" }, "/tmp/orchestration_downloads/virtualSettings_1235_profile_2311.download" }
|
||||
};
|
||||
|
||||
EXPECT_CALL(
|
||||
@@ -373,16 +396,16 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource)
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
copyFile(
|
||||
"/tmp/orchestration_downloads/virtualSettings_1236.download",
|
||||
"/etc/cp/conf/tenant_1236_settings.json"
|
||||
"/tmp/orchestration_downloads/virtualSettings_1236_profile_2611.download",
|
||||
"/etc/cp/conf/tenant_1236_profile_2611_settings.json"
|
||||
)
|
||||
).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
copyFile(
|
||||
"/tmp/orchestration_downloads/virtualSettings_1235.download",
|
||||
"/etc/cp/conf/tenant_1235_settings.json"
|
||||
"/tmp/orchestration_downloads/virtualSettings_1235_profile_2311.download",
|
||||
"/etc/cp/conf/tenant_1235_profile_2311_settings.json"
|
||||
)
|
||||
).WillOnce(Return(true));
|
||||
|
||||
@@ -393,6 +416,7 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource)
|
||||
"/etc/cp/conf/policy.json",
|
||||
"/etc/cp/conf/settings.json",
|
||||
expected_data_types,
|
||||
"",
|
||||
""
|
||||
)
|
||||
).WillOnce(Return(true));
|
||||
@@ -400,20 +424,22 @@ TEST_F(OrchestrationMultitenancyTest, handle_virtual_resource)
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(
|
||||
"/tmp/orchestration_downloads/virtualPolicy_1236.download",
|
||||
"/etc/cp/conf/tenant_1236_settings.json",
|
||||
"/tmp/orchestration_downloads/virtualPolicy_1236_profile_2611.download",
|
||||
"/etc/cp/conf/tenant_1236_profile_2611_settings.json",
|
||||
expected_data_types,
|
||||
"1236"
|
||||
"1236",
|
||||
"2611"
|
||||
)
|
||||
).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(
|
||||
"/tmp/orchestration_downloads/virtualPolicy_1235.download",
|
||||
"/etc/cp/conf/tenant_1235_settings.json",
|
||||
"/tmp/orchestration_downloads/virtualPolicy_1235_profile_2311.download",
|
||||
"/etc/cp/conf/tenant_1235_profile_2311_settings.json",
|
||||
expected_data_types,
|
||||
"1235"
|
||||
"1235",
|
||||
"2311"
|
||||
)
|
||||
).WillOnce(Return(true));
|
||||
|
||||
|
||||
@@ -101,15 +101,19 @@ public:
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
doEncrypt()
|
||||
{
|
||||
Maybe<string> err = genError("No file exist");
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile("/etc/cp/conf/user-cred.json")).WillOnce(Return(err));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("This is fake", "/etc/cp/data/data1.a")).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("0000 is fake", "/etc/cp/data/data4.a")).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("This is 3333", "/etc/cp/data/data6.a")).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("This is fake", "/etc/cp/data/data1.a")).WillOnce(
|
||||
Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("0000 is fake", "/etc/cp/data/data4.a")).WillOnce(
|
||||
Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile("This is 3333", "/etc/cp/data/data6.a")).WillOnce(
|
||||
Return(true));
|
||||
}
|
||||
|
||||
void
|
||||
@@ -526,12 +530,12 @@ TEST_F(OrchestrationTest, orchestrationPolicyUpdate)
|
||||
vector<string> expected_data_types = {};
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "")
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "", "")
|
||||
).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(new_policy_path, "", expected_data_types, "")
|
||||
updateServiceConfiguration(new_policy_path, "", expected_data_types, "", "")
|
||||
).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(
|
||||
@@ -629,7 +633,7 @@ TEST_F(OrchestrationTest, startOrchestrationPoliceWithFailures)
|
||||
vector<string> expected_data_types = {};
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "")
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "", "")
|
||||
).Times(2).WillRepeatedly(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_message, setActiveFog(host_address, 443, true, MessageTypeTag::GENERIC)).WillOnce(Return(true));
|
||||
@@ -749,7 +753,7 @@ TEST_F(OrchestrationTest, loadOrchestrationPolicyFromBackup)
|
||||
vector<string> expected_data_types = {};
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "")
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "", "")
|
||||
).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_file_path)).WillOnce(Return(true));
|
||||
@@ -883,7 +887,7 @@ TEST_F(OrchestrationTest, manifestUpdate)
|
||||
vector<string> expected_data_types = {};
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "")
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "", "")
|
||||
).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_file_path)).WillOnce(Return(true));
|
||||
@@ -1033,7 +1037,7 @@ TEST_F(OrchestrationTest, getBadPolicyUpdate)
|
||||
vector<string> expected_data_types = {};
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "")
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "", "")
|
||||
).Times(2).WillRepeatedly(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_file_path)).WillOnce(Return(true));
|
||||
@@ -1114,7 +1118,7 @@ TEST_F(OrchestrationTest, getBadPolicyUpdate)
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(string("policy path"), "", expected_data_types, "")).WillOnce(Return(false)
|
||||
updateServiceConfiguration(string("policy path"), "", expected_data_types, "", "")).WillOnce(Return(false)
|
||||
);
|
||||
|
||||
EXPECT_CALL(mock_ml, yield(A<chrono::microseconds>()))
|
||||
@@ -1179,7 +1183,7 @@ TEST_F(OrchestrationTest, failedDownloadSettings)
|
||||
vector<string> expected_data_types = {};
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "")
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "", "")
|
||||
).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_file_path)).WillOnce(Return(true));
|
||||
@@ -1397,7 +1401,7 @@ TEST_P(OrchestrationTest, orchestrationFirstRun)
|
||||
vector<string> expected_data_types = {};
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "")
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_data_types, "", "")
|
||||
).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_ml, yield(A<chrono::microseconds>()))
|
||||
@@ -1578,13 +1582,13 @@ TEST_F(OrchestrationTest, dataUpdate)
|
||||
vector<string> expected_empty_data_types = {};
|
||||
ExpectationSet expectation_set = EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_empty_data_types, "")
|
||||
updateServiceConfiguration(policy_file_path, setting_file_path, expected_empty_data_types, "", "")
|
||||
).WillOnce(Return(true));
|
||||
|
||||
vector<string> expected_ips_data_types = { "ips" };
|
||||
EXPECT_CALL(
|
||||
mock_service_controller,
|
||||
updateServiceConfiguration("", "", expected_ips_data_types, "")
|
||||
updateServiceConfiguration("", "", expected_ips_data_types, "", "")
|
||||
).After(expectation_set).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, doesDirectoryExist("/etc/cp/conf/data")).WillOnce(Return(true));
|
||||
|
||||
@@ -13,14 +13,11 @@
|
||||
|
||||
#include "package_handler.h"
|
||||
#include "config.h"
|
||||
#include "sasal.h"
|
||||
#include "i_shell_cmd.h"
|
||||
|
||||
#include <sys/stat.h>
|
||||
#include <vector>
|
||||
|
||||
SASAL_START // Orchestration - Updates Control
|
||||
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
|
||||
using namespace std;
|
||||
@@ -504,5 +501,3 @@ PackageHandler::Impl::updateSavedPackage(const string &package_name, const strin
|
||||
PackageHandler::PackageHandler() : Component("PackageHandler"), pimpl(make_unique<Impl>()) {}
|
||||
|
||||
PackageHandler::~PackageHandler() {}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -20,7 +20,6 @@
|
||||
|
||||
#include "config.h"
|
||||
#include "debug.h"
|
||||
#include "sasal.h"
|
||||
#include "rest.h"
|
||||
#include "connkey.h"
|
||||
#include "i_messaging.h"
|
||||
@@ -29,8 +28,6 @@
|
||||
#include "i_orchestration_tools.h"
|
||||
#include "customized_cereal_map.h"
|
||||
|
||||
SASAL_START // Orchestration - Updates Control
|
||||
|
||||
using namespace std;
|
||||
using namespace ReportIS;
|
||||
|
||||
@@ -117,10 +114,36 @@ ServiceDetails::isServiceActive() const
|
||||
I_ShellCmd *shell_cmd = Singleton::Consume<I_ShellCmd>::by<ServiceController>();
|
||||
Maybe<string> service_status = shell_cmd->getExecOutput(watchdog_status_cmd.str());
|
||||
|
||||
int max_retry_attempts = getConfigurationWithDefault<int>(
|
||||
5,
|
||||
"orchestration",
|
||||
"service controller attempts before timeout"
|
||||
);
|
||||
|
||||
uint default_ms_tmout = 200;
|
||||
uint ms_tmout = default_ms_tmout;
|
||||
|
||||
for (int current_attempt = 0; current_attempt < max_retry_attempts; ++current_attempt) {
|
||||
if (service_status.ok() || service_status.getErr().find("Reached timeout") == string::npos) break;
|
||||
|
||||
dbgWarning(D_ORCHESTRATOR)
|
||||
<< "Retrying to execute service status check via watchdog API after getting timeout. Service name: "
|
||||
<< service_name
|
||||
<< ", Watchdog command: "
|
||||
<< watchdog_status_cmd.str()
|
||||
<< ", retry number: "
|
||||
<< (current_attempt + 1);
|
||||
|
||||
ms_tmout = default_ms_tmout*(current_attempt + 2);
|
||||
service_status = shell_cmd->getExecOutput(watchdog_status_cmd.str(), ms_tmout);
|
||||
}
|
||||
|
||||
if (!service_status.ok()) {
|
||||
dbgWarning(D_ORCHESTRATOR)
|
||||
<< "Changing service status to inactive after failure to its status from watchdog. Service name: "
|
||||
<< service_name;
|
||||
<< service_name
|
||||
<< ", Watchdog output: "
|
||||
<< service_status.getErr();
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -248,7 +271,8 @@ public:
|
||||
const string &new_policy_path,
|
||||
const string &new_settings_path,
|
||||
const vector<string> &new_data_files,
|
||||
const string &tenant_id
|
||||
const string &tenant_id,
|
||||
const string &profile_id
|
||||
) override;
|
||||
|
||||
bool isServiceInstalled(const string &service_name) override;
|
||||
@@ -567,7 +591,8 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
const string &new_policy_path,
|
||||
const string &new_settings_path,
|
||||
const vector<string> &new_data_files,
|
||||
const string &tenant_id)
|
||||
const string &tenant_id,
|
||||
const string &profile_id)
|
||||
{
|
||||
dbgFlow(D_ORCHESTRATOR)
|
||||
<< "new_policy_path: "
|
||||
@@ -577,7 +602,9 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
<< ", new_data_files: "
|
||||
<< makeSeparatedStr(new_data_files, ",")
|
||||
<< ". tenant_id: "
|
||||
<< tenant_id;
|
||||
<< tenant_id
|
||||
<< ". profile_id: "
|
||||
<< profile_id;
|
||||
|
||||
if (!new_settings_path.empty()) {
|
||||
settings_path = new_settings_path;
|
||||
@@ -622,7 +649,7 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
return false;
|
||||
}
|
||||
|
||||
auto all_security_policies = orchestration_tools->jsonObjectSplitter(loaded_json.unpack(), tenant_id);
|
||||
auto all_security_policies = orchestration_tools->jsonObjectSplitter(loaded_json.unpack(), tenant_id, profile_id);
|
||||
|
||||
if (!all_security_policies.ok()) {
|
||||
dbgWarning(D_ORCHESTRATOR)
|
||||
@@ -655,7 +682,7 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
);
|
||||
|
||||
if (tenant_id != "") {
|
||||
dir = dir + "/tenant_" + tenant_id;
|
||||
dir = dir + "/tenant_" + tenant_id + "_profile_" + profile_id;
|
||||
if (!orchestration_tools->doesDirectoryExist(dir)) {
|
||||
if (orchestration_tools->createDirectory(dir)) {
|
||||
dbgTrace(D_ORCHESTRATOR) << "Created new configuration directory for tenant " << tenant_id;
|
||||
@@ -666,7 +693,13 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
}
|
||||
}
|
||||
|
||||
string policy_file_path = getPolicyConfigPath(single_policy.first, Config::ConfigFileType::Policy, tenant_id);
|
||||
string policy_file_path =
|
||||
getPolicyConfigPath(
|
||||
single_policy.first,
|
||||
Config::ConfigFileType::Policy,
|
||||
tenant_id,
|
||||
profile_id
|
||||
);
|
||||
|
||||
auto update_config_result = updateServiceConfigurationFile(
|
||||
single_policy.first,
|
||||
@@ -690,7 +723,10 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
);
|
||||
|
||||
if (tenant_id != "") {
|
||||
auto instances = Singleton::Consume<I_TenantManager>::by<ServiceController>()->getInstances(tenant_id);
|
||||
auto instances = Singleton::Consume<I_TenantManager>::by<ServiceController>()->getInstances(
|
||||
tenant_id,
|
||||
profile_id
|
||||
);
|
||||
for (const auto &instance_id: instances) {
|
||||
auto relevant_service = registered_services.find(instance_id);
|
||||
if (relevant_service == registered_services.end()) {
|
||||
@@ -716,7 +752,9 @@ ServiceController::Impl::updateServiceConfiguration(
|
||||
|
||||
if (was_policy_updated) {
|
||||
string config_file_path;
|
||||
string base_path = filesystem_prefix + "/conf/" + (tenant_id != "" ? "tenant_" + tenant_id + "/" : "");
|
||||
string base_path =
|
||||
filesystem_prefix + "/conf/" +
|
||||
(tenant_id != "" ? "tenant_" + tenant_id + "_profile_" + profile_id + "/" : "");
|
||||
config_file_path = getConfigurationWithDefault<string>(
|
||||
base_path + "policy.json",
|
||||
"orchestration",
|
||||
@@ -793,7 +831,15 @@ ServiceController::Impl::sendSignalForServices(
|
||||
}
|
||||
}
|
||||
|
||||
int reconf_timeout = getConfigurationWithDefault(600, "orchestration", "Reconfiguration timeout seconds");
|
||||
int profile_tmo_conf = getProfileAgentSettingWithDefault<int>(
|
||||
600,
|
||||
"orchestration.configTimeoutSeconds"
|
||||
);
|
||||
int reconf_timeout = getConfigurationWithDefault<int>(
|
||||
profile_tmo_conf,
|
||||
"orchestration",
|
||||
"Reconfiguration timeout seconds"
|
||||
);
|
||||
auto timer = Singleton::Consume<I_TimeGet>::by<ServiceController>();
|
||||
auto current_timeout = timer->getMonotonicTime() + chrono::seconds(reconf_timeout);
|
||||
while(timer->getMonotonicTime() < current_timeout) {
|
||||
@@ -933,5 +979,3 @@ ServiceController::Impl::startReconfStatus(
|
||||
services_reconf_names.emplace(id, service_name);
|
||||
services_reconf_ids.emplace(id, service_id);
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -245,7 +245,7 @@ TEST_F(ServiceControllerTest, UpdateConfiguration)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
@@ -294,6 +294,110 @@ TEST_F(ServiceControllerTest, UpdateConfiguration)
|
||||
EXPECT_EQ(i_service_controller->getUpdatePolicyVersion(), version_value);
|
||||
}
|
||||
|
||||
TEST_F(ServiceControllerTest, TimeOutUpdateConfiguration)
|
||||
{
|
||||
string new_configuration = "{"
|
||||
" \"version\": \"" + version_value + "\""
|
||||
" \"l4_firewall\":"
|
||||
" {"
|
||||
" \"app\": \"netfilter\","
|
||||
" \"l4_firewall_rules\": ["
|
||||
" {"
|
||||
" \"name\": \"allow_statefull_conns\","
|
||||
" \"flags\": [\"established\"],"
|
||||
" \"action\": \"accept\""
|
||||
" },"
|
||||
" {"
|
||||
" \"name\": \"icmp drop\","
|
||||
" \"flags\": [\"log\"],"
|
||||
" \"services\": [{\"name\":\"icmp\"}],"
|
||||
" \"action\": \"drop\""
|
||||
" }"
|
||||
" ]"
|
||||
" }"
|
||||
"}";
|
||||
|
||||
string l4_firewall = "{"
|
||||
" \"app\": \"netfilter\","
|
||||
" \"l4_firewall_rules\": ["
|
||||
" {"
|
||||
" \"name\": \"allow_statefull_conns\","
|
||||
" \"flags\": [\"established\"],"
|
||||
" \"action\": \"accept\""
|
||||
" },"
|
||||
" {"
|
||||
" \"name\": \"icmp drop\","
|
||||
" \"flags\": [\"log\"],"
|
||||
" \"services\": [{\"name\":\"icmp\"}],"
|
||||
" \"action\": \"drop\""
|
||||
" }"
|
||||
" ]"
|
||||
"}";
|
||||
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_status,
|
||||
setServiceConfiguration("l4_firewall", l4_firewall_policy_path, OrchestrationStatusConfigType::POLICY));
|
||||
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), "");
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path + backup_extension))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(file_name, policy_file_path)).WillOnce(Return(true));
|
||||
|
||||
string general_settings_path = "/my/settings/path";
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
|
||||
Flags<MessageConnConfig> conn_flags;
|
||||
conn_flags.setFlag(MessageConnConfig::ONE_TIME_CONN);
|
||||
EXPECT_CALL(
|
||||
mock_message,
|
||||
sendMessage(
|
||||
true,
|
||||
"{\n \"id\": 1,\n \"policy_version\": \"1.0.2\"\n}",
|
||||
I_Messaging::Method::POST,
|
||||
string("127.0.0.1"),
|
||||
l4_firewall_service_port,
|
||||
conn_flags,
|
||||
string("/set-new-configuration"),
|
||||
string(),
|
||||
_,
|
||||
MessageTypeTag::GENERIC
|
||||
)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
|
||||
EXPECT_CALL(
|
||||
mock_shell_cmd,
|
||||
getExecOutput(
|
||||
"/etc/cp/watchdog/cp-nano-watchdog --status --verbose --service mock access control"
|
||||
" --family family1 --id id2",
|
||||
_,
|
||||
_
|
||||
)
|
||||
).Times(3).WillRepeatedly(
|
||||
InvokeWithoutArgs(
|
||||
[&]() -> Maybe<string>
|
||||
{
|
||||
static int counter = 0;
|
||||
if (counter++ < 2) {
|
||||
return genError("Reached timeout while executing shell command:");
|
||||
}
|
||||
|
||||
return string("registered and running");
|
||||
}
|
||||
)
|
||||
);
|
||||
|
||||
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(file_name, general_settings_path));
|
||||
EXPECT_EQ(i_service_controller->getPolicyVersion(), version_value);
|
||||
EXPECT_EQ(i_service_controller->getUpdatePolicyVersion(), version_value);
|
||||
}
|
||||
|
||||
TEST_F(ServiceControllerTest, writeRegisteredServicesFromFile)
|
||||
{
|
||||
EXPECT_EQ(orchestrationRegisteredServicesFileToString(registered_services_file_path), string(""));
|
||||
@@ -352,7 +456,7 @@ TEST_F(ServiceControllerTest, writeRegisteredServicesFromFile)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
@@ -498,7 +602,7 @@ TEST_F(ServiceControllerTest, noPolicyUpdate)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(l4_firewall));
|
||||
@@ -584,7 +688,7 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
@@ -635,7 +739,7 @@ TEST_F(ServiceControllerTest, SettingsAndPolicyUpdateCombinations)
|
||||
|
||||
// Only settings now being updated
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(l4_firewall));
|
||||
@@ -730,7 +834,7 @@ TEST_F(ServiceControllerTest, backup)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(old_configuration));
|
||||
@@ -842,7 +946,7 @@ TEST_F(ServiceControllerTest, backupAttempts)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(old_configuration));
|
||||
@@ -963,7 +1067,7 @@ TEST_F(ServiceControllerTest, MultiUpdateConfiguration)
|
||||
string orchestration_settings_path = configuration_dir + "/orchestration/orchestration" + settings_extension;
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(orchestration_policy_path)).WillOnce(Return(false));
|
||||
@@ -1028,7 +1132,7 @@ TEST_F(ServiceControllerTest, emptyServices)
|
||||
Maybe<map<string, string>> json_parser_return = map<string, string>();
|
||||
string empty_string = "";
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).Times(1).WillRepeatedly(Return(empty_string));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(empty_string, _)).Times(1).WillRepeatedly(
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(empty_string, _, _)).Times(1).WillRepeatedly(
|
||||
Return(json_parser_return)
|
||||
);
|
||||
|
||||
@@ -1083,7 +1187,7 @@ TEST_F(ServiceControllerTest, failingWhileLoadingCurrentConfiguration)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(l4_firewall_policy_path)).WillOnce(Return(err));
|
||||
@@ -1151,7 +1255,7 @@ TEST_F(ServiceControllerTest, failingWhileCopyingCurrentConfiguration)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).Times(1).WillRepeatedly(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _)).Times(1).WillRepeatedly(
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _)).Times(1).WillRepeatedly(
|
||||
Return(json_parser_return)
|
||||
);
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
@@ -1211,7 +1315,7 @@ TEST_F(ServiceControllerTest, ErrorUpdateConfigurationRest)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
@@ -1328,7 +1432,7 @@ TEST_F(ServiceControllerTest, errorWhileWrtingNewConfiguration)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).Times(1).WillRepeatedly(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _)).Times(1).WillRepeatedly(
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _)).Times(1).WillRepeatedly(
|
||||
Return(json_parser_return)
|
||||
);
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(true));
|
||||
@@ -1357,16 +1461,18 @@ TEST_F(ServiceControllerTest, testPortsRest)
|
||||
|
||||
TEST_F(ServiceControllerTest, testMultitenantConfFiles)
|
||||
{
|
||||
map<string, pair<string, string>> tenant_files_input = {
|
||||
{"tenant1", make_pair("/etc/cp/conf/tenant1_policy.json", "/etc/cp/conf/tenant1_settings.json")},
|
||||
{"tenant2", make_pair("/etc/cp/conf/tenant2_policy.json", "")}
|
||||
map<pair<string, string>, pair<string, string>> tenant_files_input = {
|
||||
{make_pair("tenant1", "1234"),
|
||||
make_pair("/etc/cp/conf/tenant1_profile_1234_policy.json", "/etc/cp/conf/tenant1_profile_1234_settings.json")},
|
||||
{make_pair("tenant2", "1235"),
|
||||
make_pair("/etc/cp/conf/tenant2_profile_1235_policy.json", "")}
|
||||
};
|
||||
|
||||
vector<string> ids = {"family1_id2"};
|
||||
vector<string> empty_ids;
|
||||
|
||||
EXPECT_CALL(tenant_manager, getInstances("tenant1")).WillOnce(Return(ids));
|
||||
EXPECT_CALL(tenant_manager, getInstances("tenant2")).WillOnce(Return(empty_ids));
|
||||
EXPECT_CALL(tenant_manager, getInstances("tenant1", "1234")).WillOnce(Return(ids));
|
||||
EXPECT_CALL(tenant_manager, getInstances("tenant2", "1235")).WillOnce(Return(empty_ids));
|
||||
|
||||
string reply_msg = "{\"id\": 1, \"error\": false, \"finished\": true, \"error_message\": \"\"}";
|
||||
EXPECT_CALL(
|
||||
@@ -1386,7 +1492,8 @@ TEST_F(ServiceControllerTest, testMultitenantConfFiles)
|
||||
).WillOnce(Return(Maybe<string>(reply_msg)));
|
||||
|
||||
for(auto entry : tenant_files_input) {
|
||||
auto tenant = entry.first;
|
||||
auto tenant = entry.first.first;
|
||||
auto profile = entry.first.second;
|
||||
auto files = entry.second;
|
||||
string conf_file_name = files.first;
|
||||
string settings_file_name = files.second;
|
||||
@@ -1430,20 +1537,25 @@ TEST_F(ServiceControllerTest, testMultitenantConfFiles)
|
||||
"}";
|
||||
|
||||
string l4_firewall_policy_path_new =
|
||||
configuration_dir + "/tenant_" + tenant + "/l4_firewall/l4_firewall" + policy_extension;
|
||||
configuration_dir + "/tenant_" + tenant +
|
||||
"_profile_" + profile +"/l4_firewall/l4_firewall" + policy_extension;
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(conf_file_name)).WillOnce(Return(new_configuration));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, tenant))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, tenant, profile))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, doesDirectoryExist(configuration_dir + "/tenant_" + tenant))
|
||||
.WillOnce(Return(false));
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
doesDirectoryExist(configuration_dir + "/tenant_" + tenant + "_profile_" + profile)
|
||||
).WillOnce(Return(false));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, createDirectory(configuration_dir + "/tenant_" + tenant))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(
|
||||
mock_orchestration_tools,
|
||||
createDirectory(configuration_dir + "/tenant_" + tenant + "_profile_" + profile)
|
||||
).WillOnce(Return(true));
|
||||
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path_new)).WillOnce(Return(false));
|
||||
|
||||
@@ -1454,7 +1566,7 @@ TEST_F(ServiceControllerTest, testMultitenantConfFiles)
|
||||
"l4_firewall", l4_firewall_policy_path_new, OrchestrationStatusConfigType::POLICY)
|
||||
);
|
||||
|
||||
string new_policy_file_path = "/etc/cp/conf/tenant_" + tenant + "/" + "policy.json";
|
||||
string new_policy_file_path = "/etc/cp/conf/tenant_" + tenant + "_profile_" + profile + "/" + "policy.json";
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(conf_file_name, new_policy_file_path + backup_extension))
|
||||
.WillOnce(Return(true));
|
||||
EXPECT_CALL(mock_orchestration_tools, copyFile(conf_file_name, new_policy_file_path)).WillOnce(Return(true));
|
||||
@@ -1469,7 +1581,9 @@ TEST_F(ServiceControllerTest, testMultitenantConfFiles)
|
||||
)
|
||||
).WillRepeatedly(Return(string("registered and running")));
|
||||
|
||||
EXPECT_TRUE(i_service_controller->updateServiceConfiguration(conf_file_name, settings_file_name, {}, tenant));
|
||||
EXPECT_TRUE(
|
||||
i_service_controller->updateServiceConfiguration(conf_file_name, settings_file_name, {}, tenant, profile)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1542,7 +1656,7 @@ TEST_F(ServiceControllerTest, test_delayed_reconf)
|
||||
Maybe<map<string, string>> json_parser_return =
|
||||
map<string, string>({{"l4_firewall", l4_firewall}, {"version", version_value}});
|
||||
EXPECT_CALL(mock_orchestration_tools, readFile(file_name)).WillOnce(Return(new_configuration));
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _))
|
||||
EXPECT_CALL(mock_orchestration_tools, jsonObjectSplitter(new_configuration, _, _))
|
||||
.WillOnce(Return(json_parser_return));
|
||||
EXPECT_CALL(mock_orchestration_tools, doesFileExist(l4_firewall_policy_path)).WillOnce(Return(false));
|
||||
EXPECT_CALL(mock_orchestration_tools, writeFile(l4_firewall, l4_firewall_policy_path)).
|
||||
|
||||
@@ -17,14 +17,11 @@
|
||||
#include "log_generator.h"
|
||||
#include "agent_details.h"
|
||||
#include "version.h"
|
||||
#include "sasal.h"
|
||||
|
||||
#include <algorithm>
|
||||
#include <map>
|
||||
#include <vector>
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
|
||||
using namespace std;
|
||||
using namespace cereal;
|
||||
using HTTPMethod = I_Messaging::Method;
|
||||
@@ -319,6 +316,7 @@ FogAuthenticator::saveCredentialsToFile(const UserCredentials &user_credentials)
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
return orchestration_tools->writeFile(cred_str.unpack(), data_path + user_cred_file_name);
|
||||
}
|
||||
|
||||
@@ -347,6 +345,7 @@ FogAuthenticator::getCredentialsFromFile() const
|
||||
if (!encrypted_cred.ok()) return genError(encrypted_cred.getErr());
|
||||
|
||||
dbgTrace(D_ORCHESTRATOR) << "Read the user credentials from the file";
|
||||
|
||||
return orchestration_tools->jsonStringToObject<UserCredentials>(encrypted_cred.unpack());
|
||||
}
|
||||
|
||||
@@ -568,5 +567,3 @@ FogAuthenticator::init()
|
||||
loadRequiredSecurityApps();
|
||||
initRestAPI();
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -17,14 +17,11 @@
|
||||
#include "log_generator.h"
|
||||
#include "agent_details.h"
|
||||
#include "version.h"
|
||||
#include "sasal.h"
|
||||
|
||||
#include <algorithm>
|
||||
#include <map>
|
||||
#include <vector>
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
|
||||
using namespace std;
|
||||
using namespace cereal;
|
||||
using HTTPMethod = I_Messaging::Method;
|
||||
@@ -133,5 +130,3 @@ FogCommunication::sendPolicyVersion(const string &policy_version) const
|
||||
}
|
||||
return genError("Failed to patch policy version");
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -18,14 +18,11 @@
|
||||
#include "log_generator.h"
|
||||
#include "agent_details.h"
|
||||
#include "version.h"
|
||||
#include "sasal.h"
|
||||
|
||||
#include <algorithm>
|
||||
#include <map>
|
||||
#include <vector>
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
|
||||
using namespace std;
|
||||
using HTTPMethod = I_Messaging::Method;
|
||||
|
||||
@@ -138,10 +135,9 @@ HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
|
||||
<< "Downloading attribute file on hybrid mode, file name: "
|
||||
<< resourse_file.getFileName();
|
||||
|
||||
if (resourse_file.getFileName() == "policy") {
|
||||
if (resourse_file.getFileName() =="policy") {
|
||||
return declarative_policy_utils.getCurrPolicy();
|
||||
}
|
||||
|
||||
if (resourse_file.getFileName() == "manifest") {
|
||||
if (!access_token.ok()) return genError("Acccess Token not available.");
|
||||
|
||||
@@ -156,7 +152,6 @@ HybridCommunication::downloadAttributeFile(const GetResourceFile &resourse_file)
|
||||
);
|
||||
return attribute_file;
|
||||
}
|
||||
|
||||
dbgTrace(D_ORCHESTRATOR) << "Unnecessary attribute files downloading on hybrid mode";
|
||||
return string("");
|
||||
}
|
||||
@@ -168,5 +163,3 @@ HybridCommunication::sendPolicyVersion(const string &policy_version) const
|
||||
policy_version.empty();
|
||||
return Maybe<void>();
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -13,9 +13,6 @@
|
||||
|
||||
#include "local_communication.h"
|
||||
#include "config.h"
|
||||
#include "sasal.h"
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
|
||||
using namespace std;
|
||||
|
||||
@@ -183,5 +180,3 @@ LocalCommunication::sendPolicyVersion(const string &) const
|
||||
dbgTrace(D_ORCHESTRATOR) << "Agent in offline mode, no need to send policy version";
|
||||
return Maybe<void>();
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
@@ -22,15 +22,12 @@
|
||||
#include "log_generator.h"
|
||||
#include "agent_details.h"
|
||||
#include "version.h"
|
||||
#include "sasal.h"
|
||||
#include "i_encryptor.h"
|
||||
#include "fog_authenticator.h"
|
||||
#include "fog_communication.h"
|
||||
#include "local_communication.h"
|
||||
#include "hybrid_communication.h"
|
||||
|
||||
SASAL_START // Orchestration - Communication
|
||||
|
||||
using namespace std;
|
||||
|
||||
USE_DEBUG_FLAG(D_ORCHESTRATOR);
|
||||
@@ -145,5 +142,3 @@ UpdateCommunication::fini()
|
||||
{
|
||||
pimpl->fini();
|
||||
}
|
||||
|
||||
SASAL_END
|
||||
|
||||
Reference in New Issue
Block a user