diff --git a/attachments/nginx/nginx_attachment_util/nginx_attachment_util.cc b/attachments/nginx/nginx_attachment_util/nginx_attachment_util.cc index 32e66cd..5135c72 100644 --- a/attachments/nginx/nginx_attachment_util/nginx_attachment_util.cc +++ b/attachments/nginx/nginx_attachment_util/nginx_attachment_util.cc @@ -155,6 +155,24 @@ getWaitingForVerdictThreadTimeout() return conf_data.getNumericalValue("waiting_for_verdict_thread_timeout_msec"); } +unsigned int +getMinRetriesForVerdict() +{ + return conf_data.getNumericalValue("min_retries_for_verdict"); +} + +unsigned int +getMaxRetriesForVerdict() +{ + return conf_data.getNumericalValue("max_retries_for_verdict"); +} + +unsigned int +getReqBodySizeTrigger() +{ + return conf_data.getNumericalValue("body_size_trigger"); +} + int isIPAddress(c_str ip_str) { diff --git a/attachments/nginx/nginx_attachment_util/nginx_attachment_util_ut/nginx_attachment_util_ut.cc b/attachments/nginx/nginx_attachment_util/nginx_attachment_util_ut/nginx_attachment_util_ut.cc index f99d400..7fafff6 100644 --- a/attachments/nginx/nginx_attachment_util/nginx_attachment_util_ut/nginx_attachment_util_ut.cc +++ b/attachments/nginx/nginx_attachment_util/nginx_attachment_util_ut/nginx_attachment_util_ut.cc @@ -63,7 +63,10 @@ TEST_F(HttpAttachmentUtilTest, GetValidAttachmentConfiguration) "\"waiting_for_verdict_thread_timeout_msec\": 75,\n" "\"req_header_thread_timeout_msec\": 10,\n" "\"ip_ranges\": " + createIPRangesString(ip_ranges) + ",\n" - "\"static_resources_path\": \"" + static_resources_path + "\"" + "\"static_resources_path\": \"" + static_resources_path + "\",\n" + "\"min_retries_for_verdict\": 1,\n" + "\"max_retries_for_verdict\": 3,\n" + "\"body_size_trigger\": 777\n" "}\n"; ofstream valid_configuration_file(attachment_configuration_file_name); valid_configuration_file << valid_configuration; @@ -87,6 +90,9 @@ TEST_F(HttpAttachmentUtilTest, GetValidAttachmentConfiguration) EXPECT_EQ(getReqBodyThreadTimeout(), 155); EXPECT_EQ(getResHeaderThreadTimeout(), 1); EXPECT_EQ(getResBodyThreadTimeout(), 0); + EXPECT_EQ(getMinRetriesForVerdict(), 1); + EXPECT_EQ(getMaxRetriesForVerdict(), 3); + EXPECT_EQ(getReqBodySizeTrigger(), 777); EXPECT_EQ(getWaitingForVerdictThreadTimeout(), 75); EXPECT_EQ(getInspectionMode(), ngx_http_inspection_mode::BLOCKING_THREAD); diff --git a/components/attachment-intakers/nginx_attachment/nginx_attachment_config.cc b/components/attachment-intakers/nginx_attachment/nginx_attachment_config.cc index d26a83d..f378c3f 100755 --- a/components/attachment-intakers/nginx_attachment/nginx_attachment_config.cc +++ b/components/attachment-intakers/nginx_attachment/nginx_attachment_config.cc @@ -42,6 +42,7 @@ HttpAttachmentConfig::init() setNumOfNginxIpcElements(); setDebugByContextValues(); setKeepAliveIntervalMsec(); + setRetriesForVerdict(); } bool @@ -215,6 +216,31 @@ HttpAttachmentConfig::setFailOpenTimeout() conf_data.setNumericalValue("nginx_inspection_mode", inspection_mode); } +void +HttpAttachmentConfig::setRetriesForVerdict() +{ + conf_data.setNumericalValue("min_retries_for_verdict", getAttachmentConf( + 3, + "agent.minRetriesForVerdict.nginxModule", + "HTTP manager", + "Min retries for verdict" + )); + + conf_data.setNumericalValue("max_retries_for_verdict", getAttachmentConf( + 15, + "agent.maxRetriesForVerdict.nginxModule", + "HTTP manager", + "Max retries for verdict" + )); + + conf_data.setNumericalValue("body_size_trigger", getAttachmentConf( + 200000, + "agent.reqBodySizeTrigger.nginxModule", + "HTTP manager", + "Request body size trigger" + )); +} + void HttpAttachmentConfig::setFailOpenWaitMode() { diff --git a/components/attachment-intakers/nginx_attachment/nginx_attachment_config.h b/components/attachment-intakers/nginx_attachment/nginx_attachment_config.h index e7f23ca..df7ae6e 100755 --- a/components/attachment-intakers/nginx_attachment/nginx_attachment_config.h +++ b/components/attachment-intakers/nginx_attachment/nginx_attachment_config.h @@ -70,6 +70,8 @@ private: void setDebugByContextValues(); + void setRetriesForVerdict(); + WebTriggerConf web_trigger_conf; HttpAttachmentConfiguration conf_data; }; diff --git a/components/security_apps/local_policy_mgmt_gen/triggers_section.cc b/components/security_apps/local_policy_mgmt_gen/triggers_section.cc index fc510c0..e12b323 100755 --- a/components/security_apps/local_policy_mgmt_gen/triggers_section.cc +++ b/components/security_apps/local_policy_mgmt_gen/triggers_section.cc @@ -96,8 +96,8 @@ LogTriggerSection::save(cereal::JSONOutputArchive &out_ar) const cereal::make_nvp("acDrop", acDrop), cereal::make_nvp("complianceViolations", false), cereal::make_nvp("complianceWarnings", false), - cereal::make_nvp("extendloggingMinSeverity", extendloggingMinSeverity), - cereal::make_nvp("extendlogging", extendlogging), + cereal::make_nvp("extendLoggingMinSeverity", extendloggingMinSeverity), + cereal::make_nvp("extendLogging", extendlogging), cereal::make_nvp("logToAgent", logToAgent), cereal::make_nvp("logToCef", logToCef), cereal::make_nvp("logToCloud", logToCloud), diff --git a/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc b/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc index b7e5a3e..604cec9 100755 --- a/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc +++ b/components/security_apps/orchestration/details_resolver/details_resolving_handler.cc @@ -99,6 +99,7 @@ map DetailsResolvingHanlder::Impl::getResolvedDetails() const { I_ShellCmd *shell = Singleton::Consume::by(); + I_AgentDetailsReporter *reporter = Singleton::Consume::by(); uint32_t timeout = getConfigurationWithDefault(5000, "orchestration", "Details resolver time out"); for (auto &shell_pre_command : shell_pre_commands) { @@ -122,7 +123,15 @@ DetailsResolvingHanlder::Impl::getResolvedDetails() const Maybe shell_command_output = getCommandOutput(command); if (!shell_command_output.ok()) continue; Maybe handler_ret = handler(*shell_command_output); - if (handler_ret.ok()) resolved_details[attr] = *handler_ret; + + if (handler_ret.ok()) { + resolved_details[attr] = *handler_ret; + } else { + if (reporter->isPersistantAttr(attr)) { + dbgTrace(D_AGENT_DETAILS)<< "Persistent attribute changed, removing old value"; + reporter->deleteAttr(attr); + } + } } for (auto file_handler : file_content_handlers) { @@ -157,7 +166,6 @@ DetailsResolvingHanlder::Impl::getResolvedDetails() const } } - I_AgentDetailsReporter *reporter = Singleton::Consume::by(); reporter->addAttr(resolved_details, true); return resolved_details; diff --git a/components/utils/generic_rulebase/evaluators/parameter_eval.cc b/components/utils/generic_rulebase/evaluators/parameter_eval.cc index 2430ba6..2649133 100644 --- a/components/utils/generic_rulebase/evaluators/parameter_eval.cc +++ b/components/utils/generic_rulebase/evaluators/parameter_eval.cc @@ -22,6 +22,8 @@ using namespace std; +USE_DEBUG_FLAG(D_RULEBASE_CONFIG); + string ParameterMatcher::ctx_key = "parameters"; ParameterMatcher::ParameterMatcher(const vector ¶ms) @@ -33,6 +35,17 @@ ParameterMatcher::ParameterMatcher(const vector ¶ms) Maybe ParameterMatcher::evalVariable() const { + I_Environment *env = Singleton::Consume::by(); + auto bc_param_id_ctx = env->get>(ParameterMatcher::ctx_key); + dbgTrace(D_RULEBASE_CONFIG) + << "Trying to match parameter. ID: " + << parameter_id << ", Current set IDs: " + << makeSeparatedStr(bc_param_id_ctx.ok() ? *bc_param_id_ctx : set(), ", "); + if (bc_param_id_ctx.ok()) return bc_param_id_ctx.unpack().count(parameter_id) > 0; + + dbgTrace(D_RULEBASE_CONFIG) + << "Did not find current parameter in context." + << " Match parameter from current rule"; auto rule = getConfiguration("rulebase", "rulesConfig"); return rule.ok() && rule.unpack().isParameterActive(parameter_id); } diff --git a/core/agent_details_reporter/agent_details_reporter.cc b/core/agent_details_reporter/agent_details_reporter.cc index c433c58..7c8725c 100644 --- a/core/agent_details_reporter/agent_details_reporter.cc +++ b/core/agent_details_reporter/agent_details_reporter.cc @@ -71,6 +71,7 @@ public: bool addAttr(const string &key, const string &val, bool allow_override = false) override; bool addAttr(const map &attr, bool allow_override = false) override; void deleteAttr(const string &key) override; + bool isPersistantAttr(const string &key) override; bool sendAttributes() override; @@ -130,6 +131,7 @@ private: map persistant_attributes; map new_attributes; map attributes; + bool is_attr_deleted = false; I_Messaging *messaging = nullptr; bool is_server; @@ -207,6 +209,13 @@ AgentDetailsReporter::Impl::deleteAttr(const string &key) attributes.erase(key); new_attributes.erase(key); persistant_attributes.erase(key); + is_attr_deleted = true; +} + +bool +AgentDetailsReporter::Impl::isPersistantAttr(const std::string &key) +{ + return persistant_attributes.count(key) > 0; } bool @@ -214,7 +223,7 @@ AgentDetailsReporter::Impl::sendAttributes() { dbgDebug(D_AGENT_DETAILS) << "Trying to send attributes"; - if (new_attributes.empty()) { + if (new_attributes.empty() && !is_attr_deleted) { dbgDebug(D_AGENT_DETAILS) << "Skipping current attempt since no new attributes were added"; return true; } @@ -261,6 +270,7 @@ AgentDetailsReporter::Impl::sendAttributes() if (add_agent_details_status.ok()) { dbgDebug(D_AGENT_DETAILS) << "Successfully sent attributes to the Orchestrator"; new_attributes.clear(); + is_attr_deleted = false; return true; } diff --git a/core/agent_details_reporter/agent_details_reporter_ut/agent_details_reporter_ut.cc b/core/agent_details_reporter/agent_details_reporter_ut/agent_details_reporter_ut.cc index 37bca7b..6d4a7f6 100644 --- a/core/agent_details_reporter/agent_details_reporter_ut/agent_details_reporter_ut.cc +++ b/core/agent_details_reporter/agent_details_reporter_ut/agent_details_reporter_ut.cc @@ -213,6 +213,7 @@ TEST_F(AgentReporterTest, basicAttrTest) EXPECT_TRUE(report->addAttr({{"c", "d"}, {"1", "2"}, {"delete", "me"}})); EXPECT_FALSE(report->addAttr("a", "d")); EXPECT_TRUE(report->addAttr("a", "1", true)); + EXPECT_TRUE(report->isPersistantAttr("a")); report->deleteAttr("delete"); { AgentDataReport agent_data; diff --git a/core/attachments/http_configuration/http_configuration.cc b/core/attachments/http_configuration/http_configuration.cc index f88ebbb..896c01e 100644 --- a/core/attachments/http_configuration/http_configuration.cc +++ b/core/attachments/http_configuration/http_configuration.cc @@ -108,7 +108,10 @@ HttpAttachmentConfiguration::save(cereal::JSONOutputArchive &archive) const ), cereal::make_nvp("nginx_inspection_mode", getNumericalValue("inspection_mode")), cereal::make_nvp("num_of_nginx_ipc_elements", getNumericalValue("num_of_nginx_ipc_elements")), - cereal::make_nvp("keep_alive_interval_msec", getNumericalValue("keep_alive_interval_msec")) + cereal::make_nvp("keep_alive_interval_msec", getNumericalValue("keep_alive_interval_msec")), + cereal::make_nvp("min_retries_for_verdict", getNumericalValue("min_retries_for_verdict")), + cereal::make_nvp("max_retries_for_verdict", getNumericalValue("max_retries_for_verdict")), + cereal::make_nvp("body_size_trigger", getNumericalValue("body_size_trigger")) ); } @@ -161,6 +164,9 @@ HttpAttachmentConfiguration::load(cereal::JSONInputArchive &archive) loadNumericalValue(archive, "nginx_inspection_mode", 0); loadNumericalValue(archive, "num_of_nginx_ipc_elements", 200); loadNumericalValue(archive, "keep_alive_interval_msec", DEFAULT_KEEP_ALIVE_INTERVAL_MSEC); + loadNumericalValue(archive, "min_retries_for_verdict", 3); + loadNumericalValue(archive, "max_retries_for_verdict", 15); + loadNumericalValue(archive, "body_size_trigger", 200000); } bool diff --git a/core/include/attachments/nginx_attachment_util.h b/core/include/attachments/nginx_attachment_util.h index b3240f4..5f0c533 100644 --- a/core/include/attachments/nginx_attachment_util.h +++ b/core/include/attachments/nginx_attachment_util.h @@ -54,6 +54,9 @@ unsigned int getReqBodyThreadTimeout(); unsigned int getResProccessingTimeout(); unsigned int getResHeaderThreadTimeout(); unsigned int getResBodyThreadTimeout(); +unsigned int getMinRetriesForVerdict(); +unsigned int getMaxRetriesForVerdict(); +unsigned int getReqBodySizeTrigger(); unsigned int getWaitingForVerdictThreadTimeout(); diff --git a/core/include/services_sdk/interfaces/i_agent_details_reporter.h b/core/include/services_sdk/interfaces/i_agent_details_reporter.h index f85193a..3a44c88 100644 --- a/core/include/services_sdk/interfaces/i_agent_details_reporter.h +++ b/core/include/services_sdk/interfaces/i_agent_details_reporter.h @@ -48,6 +48,7 @@ public: virtual bool addAttr(const std::map &attr, bool allow_override = false) = 0; virtual void deleteAttr(const std::string &key) = 0; virtual bool sendAttributes() = 0; + virtual bool isPersistantAttr(const std::string &key) = 0; protected: ~I_AgentDetailsReporter() = default; diff --git a/core/include/services_sdk/interfaces/mock/mock_agent_details_reporter.h b/core/include/services_sdk/interfaces/mock/mock_agent_details_reporter.h index 56d5eac..848b682 100644 --- a/core/include/services_sdk/interfaces/mock/mock_agent_details_reporter.h +++ b/core/include/services_sdk/interfaces/mock/mock_agent_details_reporter.h @@ -26,6 +26,7 @@ public: MOCK_METHOD3(addAttr, bool(const std::string &key, const std::string &val, bool allow_override)); MOCK_METHOD2(addAttr, bool(const std::map &attr, bool allow_override)); MOCK_METHOD1(deleteAttr, void(const std::string &key)); + MOCK_METHOD1(isPersistantAttr, bool(const std::string &key)); MOCK_METHOD0(sendAttributes, bool()); }; diff --git a/nodes/orchestration/package/k8s-check-update-listener.sh b/nodes/orchestration/package/k8s-check-update-listener.sh index fd7f9b1..1eff510 100644 --- a/nodes/orchestration/package/k8s-check-update-listener.sh +++ b/nodes/orchestration/package/k8s-check-update-listener.sh @@ -69,7 +69,7 @@ while true; do exception_pid=$! saveRuningPids fi - if [ ! -d /proc/${exception_pid} ]; then + if [ ! -d /proc/${policy_pid} ]; then runGetResourceListener policies policy_pid=$! saveRuningPids diff --git a/nodes/orchestration/package/open-appsec-cloud-mgmt-k8s b/nodes/orchestration/package/open-appsec-cloud-mgmt-k8s index f2a59a5..7a873b8 100755 --- a/nodes/orchestration/package/open-appsec-cloud-mgmt-k8s +++ b/nodes/orchestration/package/open-appsec-cloud-mgmt-k8s @@ -15,11 +15,13 @@ latest_policy_version=1 load_agent_details() { - tenant_id=$(cat /etc/cp/conf/agent_details.json | sed "s|Tenant ID|TenantID|g" | /etc/cp/bin/yq -P '.TenantID') - agent_id=$(cat /etc/cp/conf/agent_details.json | sed "s|Agent ID|AgentID|g" | /etc/cp/bin/yq -P '.AgentID') - profile_id=$(cat /etc/cp/conf/agent_details.json | sed "s|Profile ID|ProfileID|g" | /etc/cp/bin/yq -P '.ProfileID') + tenant_id=$(awk -F\" '/Tenant ID/{print $4}' /etc/cp/conf/agent_details.json) + agent_id=$(awk -F\" '/Agent ID/{print $4}' /etc/cp/conf/agent_details.json) + profile_id=$(awk -F\" '/Profile ID/{print $4}' /etc/cp/conf/agent_details.json) cluster_id=$(echo $(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/ ) \ - | /etc/cp/bin/yq .items | /etc/cp/bin/yq '.[] | select(.metadata.name | contains("kube-system"))' | /etc/cp/bin/yq .metadata.uid) + | /etc/cp/bin/yq eval '.items' - \ + | /etc/cp/bin/yq eval '.[] | select(.metadata.name | contains("kube-system"))' - \ + | /etc/cp/bin/yq eval '.metadata.uid' -) } get_latest_policy_version() @@ -44,15 +46,16 @@ get_latest_policy_version() concat_to_policy() { - crd_to_concat="$1" - is_first=$2 + api_version="$1" + crd_to_concat="$2" + is_first=$3 if [ ! -z $is_first ]; then - POLICY="$POLICY \"$1\": " + POLICY="$POLICY \"$crd_to_concat\": " else - POLICY="$POLICY, \"$1\": " + POLICY="$POLICY, \"$crd_to_concat\": " fi CRD=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \ - -X GET ${APISERVER}/apis/openappsec.io/v1beta1/$crd_to_concat) + -X GET ${APISERVER}/apis/openappsec.io/$api_version/$crd_to_concat) CRD=$(echo $CRD|tr -d '\n') if [ -z "$CRD" ]; then CRD="{}" @@ -60,28 +63,49 @@ concat_to_policy() POLICY="$POLICY $CRD" } +get_api_version() +{ + CRD=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \ + -X GET ${APISERVER}/apis/openappsec.io/v1beta2/policies) + CRD=$(echo $CRD|tr -d '\n') + # if CRD is not empty and does not contain "page not found" then it is v1beta2 + if [ ! -z "$CRD" ] && ! echo "$CRD" | grep -q "page not found"; then + echo "v1beta2" + else + echo "v1beta1" + fi +} + generate_policy() { POLICY="{ \"Policy\": {" - concat_to_policy policies true - concat_to_policy practices - concat_to_policy logtriggers - concat_to_policy customresponses - concat_to_policy exceptions - concat_to_policy sourcesidentifiers - concat_to_policy trustedsources + + api_version=$(get_api_version) + + concat_to_policy $api_version "policies" true + if [ "$api_version" = "v1beta2" ]; then + concat_to_policy $api_version "threatpreventionpractices" + concat_to_policy $api_version "accesscontrolpractices" + else + concat_to_policy $api_version "practices" + fi + concat_to_policy $api_version "logtriggers" + concat_to_policy $api_version "customresponses" + concat_to_policy $api_version "exceptions" + concat_to_policy $api_version "sourcesidentifiers" + concat_to_policy $api_version "trustedsources" POLICY="$POLICY, \"assets\": { \"items\":[ " FIRST="1" all_ingresses=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \ -X GET ${APISERVER}/apis/networking.k8s.io/v1/ingresses) - namespaces=$(echo $all_ingresses | /etc/cp/bin/yq -P '.items[].metadata.namespace') + namespaces=$(echo $all_ingresses | /etc/cp/bin/yq eval '.items[].metadata.namespace' -) for ns in ${namespaces}; do ingress_in_ns=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \ -X GET ${APISERVER}/apis/networking.k8s.io/v1/namespaces/${ns}/ingresses) - ingress_list=$(echo $ingress_in_ns | /etc/cp/bin/yq -P '.items[].metadata.name') + ingress_list=$(echo $ingress_in_ns | /etc/cp/bin/yq eval '.items[].metadata.name' -) for ingress_name in ${ingress_list}; do ingress_crd=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \ -X GET ${APISERVER}/apis/networking.k8s.io/v1/namespaces/${ns}/ingresses/${ingress_name}) @@ -273,7 +297,7 @@ while true; do done if [ -z "$var_fog" ]; then - var_fog=$(cat /etc/cp/conf/agent_details.json | sed "s|Fog domain|Fogdomain|g" | /etc/cp/bin/yq -P '.Fogdomain') + var_fog=$(awk -F\" '/Fog domain/{print $4}' /etc/cp/conf/agent_details.json) var_fog="https://$var_fog" fi diff --git a/nodes/orchestration/package/open-appsec-ctl.sh b/nodes/orchestration/package/open-appsec-ctl.sh index a867216..0572f05 100644 --- a/nodes/orchestration/package/open-appsec-ctl.sh +++ b/nodes/orchestration/package/open-appsec-ctl.sh @@ -1363,9 +1363,12 @@ run_ai() # Initials - ra exit 1 fi if [ "$ra_upload_to_fog" = "true" ]; then - ra_token_data=$(curl_to_orchestration "show-access-token") - ra_token_hex=$(echo "$ra_token_data" | grep "token" | cut -d '"' -f4 | base64 -d | od -t x1 -An) - ra_token_hex_formatted=$(echo $ra_token_hex | tr -d ' ') + ra_token_data=$(curl_to_orchestration "show-access-token" | grep "token" | cut -d '"' -f4) + if [ -z "${ra_token_data}" ]; then + echo "Failed to get crediantials to upload the file to the cloud." + exit 1; + fi + ra_token_hex_formatted=$(echo $ra_token_data | base64 -d | od -t x1 -An | tr -d '[:space:]') ra_token="$(xor_decrypt "${ra_token_hex_formatted}")" ra_proxy_val="" diff --git a/nodes/orchestration/package/orchestration_package.sh b/nodes/orchestration/package/orchestration_package.sh index 85fdf1d..92cd4c5 100755 --- a/nodes/orchestration/package/orchestration_package.sh +++ b/nodes/orchestration/package/orchestration_package.sh @@ -302,13 +302,15 @@ while true; do echo "Filesystem paths: ${FILESYSTEM_PATH}" elif [ "$1" = "--vs_id" ]; then shift - VS_ID=$1 - export FILESYSTEM_PATH="/etc/cp/vs${VS_ID}" - NANO_AGENT_SERVICE_NAME="nano_agent_${VS_ID}" - NANO_AGENT_SERVICE_FILE="${NANO_AGENT_SERVICE_NAME}.service" - VS_LIB_SUB_FOLDER="/vs${VS_ID}" - LOG_FILE_PATH="${LOG_FILE_PATH}/vs${VS_ID}" - TMP_FOLDER="${TMP_FOLDER}/vs${VS_ID}" + if [ "$1" != "0" ]; then + VS_ID=$1 + export FILESYSTEM_PATH="/etc/cp/vs${VS_ID}" + NANO_AGENT_SERVICE_NAME="nano_agent_${VS_ID}" + NANO_AGENT_SERVICE_FILE="${NANO_AGENT_SERVICE_NAME}.service" + VS_LIB_SUB_FOLDER="/vs${VS_ID}" + LOG_FILE_PATH="${LOG_FILE_PATH}/vs${VS_ID}" + TMP_FOLDER="${TMP_FOLDER}/vs${VS_ID}" + fi elif [ "$1" = "--log_files_path" ]; then shift var=$1 @@ -360,6 +362,16 @@ if [ -z "$VS_ID" ]; then fi fi +if [ -n "${VS_ID}" ]; then + if [ "$VS_ID" != "$INSTANCE_VSID" ]; then + echo "Error: Incorrect context, switch to VS${VS_ID} context first." + exit 1 + fi +elif [ -n "$INSTANCE_VSID" ] && [ "$INSTANCE_VSID" != "0" ]; then + echo "Error: Incorrect context, exit vs${INSTANCE_VSID} first." + exit 1 +fi + if [ "$RUN_MODE" = "install" ] && [ $var_offline_mode = false ]; then if [ -n "$OTP_TOKEN" ] && [ -z "$var_token" ] && [ "$var_no_otp" = "false" ]; then var_token=$OTP_TOKEN @@ -846,7 +858,7 @@ install_public_key() fog_address=${var_fog_address} if [ -n "${var_upgrade_mode}" ]; then - # Upgradde - look in policy.json + # Upgrade - look in policy.json fog_address=$(cat ${FILESYSTEM_PATH}/${CONF_PATH}/${SERVICE_PATH}/orchestration.policy) fi