Merge branch 'Dec-24-2023' of https://github.com/openappsec/openappsec into Dec-24-2023

AppSec mode fix

components/security_apps/orchestration/include/declarative_policy_utils.h

@@ -80,6 +80,7 @@ public:
     std::string getUpdate(CheckUpdateRequest &request) override;
     bool shouldApplyPolicy() override;
     void turnOffApplyPolicyFlag() override;
+    void turnOnApplyPolicyFlag() override;
 
     std::string getCurrPolicy() override { return curr_policy; }
 

components/security_apps/orchestration/include/i_declarative_policy.h

@@ -23,6 +23,7 @@ public:
     virtual std::string getCurrPolicy() = 0;
 
     virtual void turnOffApplyPolicyFlag() = 0;
+    virtual void turnOnApplyPolicyFlag() = 0;
 
 protected:
     virtual ~I_DeclarativePolicy() {}

components/security_apps/orchestration/orchestration_comp.cc

@@ -219,12 +219,9 @@ private:
     start()
     {
         auto update_communication = Singleton::Consume<I_UpdateCommunication>::by<OrchestrationComp>();
-        auto agent_mode = Singleton::Consume<I_AgentDetails>::by<OrchestrationComp>()->getOrchestrationMode();
+        auto agent_mode = getOrchestrationMode();
         auto policy_mgmt_mode = getSettingWithDefault<string>("management", "profileManagedMode");
-        if (agent_mode == OrchestrationMode::HYBRID || policy_mgmt_mode == "declarative") {
+        bool declarative = agent_mode == OrchestrationMode::HYBRID || policy_mgmt_mode == "declarative";
-            update_communication->authenticateAgent();
-            return Maybe<void>();
-        }
 
         bool enforce_policy_flag = false;
         Maybe<OrchestrationPolicy> maybe_policy = genError("Empty policy");
@@ -299,6 +296,7 @@ private:
             }
         }
 
+	if (declarative) Singleton::Consume<I_DeclarativePolicy>::from<DeclarativePolicyUtils>()->turnOnApplyPolicyFlag();
         return authentication_res;
     }
 

components/security_apps/orchestration/update_communication/declarative_policy_utils.cc

@@ -57,6 +57,12 @@ DeclarativePolicyUtils::turnOffApplyPolicyFlag()
     should_apply_policy = false;
 }
 
+void
+DeclarativePolicyUtils::turnOnApplyPolicyFlag()
+{
+    should_apply_policy = true;
+}
+
 Maybe<string>
 DeclarativePolicyUtils::getLocalPolicyChecksum()
 {

components/security_apps/rate_limit/rate_limit.cc

@@ -114,7 +114,7 @@ public:
             }
 
             string application_uri = maybe_uri.unpack();
-            if (application_uri.back() == '/') application_uri.pop_back();
+            if (!application_uri.empty() && application_uri.back() == '/') application_uri.pop_back();
 
             for (const auto &rule : rate_limit_config.getRateLimitRules()) {
                 string full_rule_uri = application_uri + rule.getRateLimitUri();
@@ -227,7 +227,7 @@ public:
             << " seconds";
 
         string unique_key = asset_id + ":" + source_identifier + ":" + uri;
-        if (unique_key.back() == '/') unique_key.pop_back();
+        if (!unique_key.empty() && unique_key.back() == '/') unique_key.pop_back();
 
         auto verdict = decide(unique_key);
         if (verdict == RateLimitVedict::ACCEPT) {

components/security_apps/waap/waap_clib/Waf2Engine.cc

@@ -1741,7 +1741,7 @@ Waf2Transaction::sendLog()
 
     static int cur_grace_logs = 0;
     bool grace_period = is_hybrid_mode && cur_grace_logs < max_grace_logs;
-    bool send_extended_log = grace_period || shouldSendExtendedLog(triggerLog);
+    bool send_extended_log = shouldSendExtendedLog(triggerLog);
     if (grace_period) {
         dbgTrace(D_WAAP)
             << "Waf2Transaction::sendLog: current grace log index: "
@@ -2339,7 +2339,7 @@ bool Waf2Transaction::shouldSendExtendedLog(const std::shared_ptr<Waap::Trigger:
     ReportIS::Severity severity = Waap::Util::computeSeverityFromThreatLevel(
         autonomousSecurityDecision->getThreatLevel());
 
-    if (trigger_log->extendLoggingMinSeverity == "Critical")
+    if (trigger_log->extendLoggingMinSeverity == "Critical" || trigger_log->extendLoggingMinSeverity == "critical")
     {
         if (severity == ReportIS::Severity::CRITICAL)
         {
@@ -2349,7 +2349,7 @@ bool Waf2Transaction::shouldSendExtendedLog(const std::shared_ptr<Waap::Trigger:
         dbgTrace(D_WAAP) << "Should not send extended logging. Min Severity Critical. Severity: " << (int) severity;
         return false;
     }
-    else if (trigger_log->extendLoggingMinSeverity == "High")
+    else if (trigger_log->extendLoggingMinSeverity == "High" || trigger_log->extendLoggingMinSeverity == "high")
     {
         if (severity == ReportIS::Severity::CRITICAL || severity == ReportIS::Severity::HIGH)
         {

core/debug_is/debug.cc

@@ -109,6 +109,7 @@ public:
     load(cereal::JSONInputArchive &ar)
     {
         ar(cereal::make_nvp("Output", stream_name));
+        if (stream_name.empty()) stream_name = "STDOUT";
         if (stream_name != "FOG" && stream_name != "STDOUT" && stream_name.front() != '/') {
             stream_name = getLogFilesPathConfig() + "/" + stream_name;
         }

nodes/orchestration/package/cpnano_debug/cpnano_debug.cc

@@ -577,6 +577,7 @@ public:
     {
         try {
             cereal::load(ar, streams);
+            if (streams["Output"].empty()) streams["Output"] = "STDOUT";
             if (streams["Output"] != "FOG" && streams["Output"] != "STDOUT" && streams["Output"].front() != '/') {
                 streams["Output"] = log_files_path + "/" + streams["Output"];
             }

nodes/orchestration/package/open-appsec-cloud-mgmt-k8s

@@ -1,285 +1,285 @@
-#!/bin/bash
+#!/bin/bash
-
+
-POLICY_CRDS_PATH="/tmp/policy_crds.json"
+POLICY_CRDS_PATH="/tmp/policy_crds.json"
-APISERVER=https://kubernetes.default.svc
+APISERVER=https://kubernetes.default.svc
-SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
+SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
-TOKEN=$(cat ${SERVICEACCOUNT}/token)
+TOKEN=$(cat ${SERVICEACCOUNT}/token)
-NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
+NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
-CACERT=${SERVICEACCOUNT}/ca.crt
+CACERT=${SERVICEACCOUNT}/ca.crt
-ra_token=
+ra_token=
-tenant_id=
+tenant_id=
-agent_id=
+agent_id=
-profile_id=
+profile_id=
-cluster_id=
+cluster_id=
-latest_policy_version=1
+latest_policy_version=1
-
+
-load_agent_details()
+load_agent_details()
-{
+{
-    tenant_id=$(cat /etc/cp/conf/agent_details.json | sed "s|Tenant ID|TenantID|g" | /etc/cp/bin/yq -P '.TenantID')
+    tenant_id=$(cat /etc/cp/conf/agent_details.json | sed "s|Tenant ID|TenantID|g" | /etc/cp/bin/yq -P '.TenantID')
-    agent_id=$(cat /etc/cp/conf/agent_details.json | sed "s|Agent ID|AgentID|g" | /etc/cp/bin/yq -P '.AgentID')
+    agent_id=$(cat /etc/cp/conf/agent_details.json | sed "s|Agent ID|AgentID|g" | /etc/cp/bin/yq -P '.AgentID')
-    profile_id=$(cat /etc/cp/conf/agent_details.json | sed "s|Profile ID|ProfileID|g" | /etc/cp/bin/yq -P '.ProfileID')
+    profile_id=$(cat /etc/cp/conf/agent_details.json | sed "s|Profile ID|ProfileID|g" | /etc/cp/bin/yq -P '.ProfileID')
-    cluster_id=$(echo $(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/ ) \
+    cluster_id=$(echo $(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/ ) \
-        | /etc/cp/bin/yq .items | /etc/cp/bin/yq  '.[] | select(.metadata.name  | contains("kube-system"))' | /etc/cp/bin/yq .metadata.uid)
+        | /etc/cp/bin/yq .items | /etc/cp/bin/yq  '.[] | select(.metadata.name  | contains("kube-system"))' | /etc/cp/bin/yq .metadata.uid)
-}
+}
-
+
-get_latest_policy_version()
+get_latest_policy_version()
-{
+{
-    bucket_list=$(curl -s -w "%{http_code}\n" --request GET \
+    bucket_list=$(curl -s -w "%{http_code}\n" --request GET \
-        -H "user-agent: Infinity Next (a7030abf93a4c13)" -H "Authorization: Bearer ${ra_token}" \
+        -H "user-agent: Infinity Next (a7030abf93a4c13)" -H "Authorization: Bearer ${ra_token}" \
-        "$var_fog/agents-core/storage/?list-type=2&prefix=${tenant_id}/${profile_id}")
+        "$var_fog/agents-core/storage/?list-type=2&prefix=${tenant_id}/${profile_id}")
-    paths_list=$(echo $bucket_list  | /etc/cp/bin/yq -p xml | grep "/policy")
+    paths_list=$(echo $bucket_list  | /etc/cp/bin/yq -p xml | grep "/policy")
-
+
-    prefix="${tenant_id}/${profile_id}"
+    prefix="${tenant_id}/${profile_id}"
-    paths=$(echo $paths_list | tr " " "\n" | grep / )
+    paths=$(echo $paths_list | tr " " "\n" | grep / )
-    for path in $paths; do
+    for path in $paths; do
-        new_path=$(echo ${path%/*})
+        new_path=$(echo ${path%/*})
-        version=$(echo ${new_path##*/})
+        version=$(echo ${new_path##*/})
-        if [[ $version =~ ^-?[0-9]+$ ]] && [  $latest_policy_version -lt $version  ]; then
+        if [[ $version =~ ^-?[0-9]+$ ]] && [  $latest_policy_version -lt $version  ]; then
-            latest_policy_version=$version
+            latest_policy_version=$version
-        fi
+        fi
-    done
+    done
-    latest_policy_version=$((latest_policy_version+1))
+    latest_policy_version=$((latest_policy_version+1))
-    echo "Policy version: $latest_policy_version"
+    echo "Policy version: $latest_policy_version"
-}
+}
-
+
-concat_to_policy()
+concat_to_policy()
-{
+{
-    crd_to_concat="$1"
+    crd_to_concat="$1"
-    is_first=$2
+    is_first=$2
-    if [ ! -z $is_first ]; then
+    if [ ! -z $is_first ]; then
-        POLICY="$POLICY \"$1\": "
+        POLICY="$POLICY \"$1\": "
-    else
+    else
-        POLICY="$POLICY, \"$1\": "
+        POLICY="$POLICY, \"$1\": "
-    fi
+    fi
-    CRD=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
+    CRD=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
-        -X GET ${APISERVER}/apis/openappsec.io/v1beta1/$crd_to_concat)
+        -X GET ${APISERVER}/apis/openappsec.io/v1beta1/$crd_to_concat)
-    CRD=$(echo $CRD|tr -d '\n')
+    CRD=$(echo $CRD|tr -d '\n')
-    if [ -z "$CRD" ]; then
+    if [ -z "$CRD" ]; then
-        CRD="{}"
+        CRD="{}"
-    fi
+    fi
-    POLICY="$POLICY $CRD"
+    POLICY="$POLICY $CRD"
-}
+}
-
+
-generate_policy()
+generate_policy()
-{
+{
-    POLICY="{ \"Policy\": {"
+    POLICY="{ \"Policy\": {"
-    concat_to_policy policies true
+    concat_to_policy policies true
-    concat_to_policy practices
+    concat_to_policy practices
-    concat_to_policy logtriggers
+    concat_to_policy logtriggers
-    concat_to_policy customresponses
+    concat_to_policy customresponses
-    concat_to_policy exceptions
+    concat_to_policy exceptions
-    concat_to_policy sourcesidentifiers
+    concat_to_policy sourcesidentifiers
-    concat_to_policy trustedsources
+    concat_to_policy trustedsources
-
+
-    POLICY="$POLICY, \"assets\": { \"items\":[ "
+    POLICY="$POLICY, \"assets\": { \"items\":[ "
-
+
-    FIRST="1"
+    FIRST="1"
-    all_ingresses=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
+    all_ingresses=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
-        -X GET ${APISERVER}/apis/networking.k8s.io/v1/ingresses)
+        -X GET ${APISERVER}/apis/networking.k8s.io/v1/ingresses)
-    namespaces=$(echo $all_ingresses | /etc/cp/bin/yq -P '.items[].metadata.namespace')
+    namespaces=$(echo $all_ingresses | /etc/cp/bin/yq -P '.items[].metadata.namespace')
-
+
-    for ns in ${namespaces}; do
+    for ns in ${namespaces}; do
-        ingress_in_ns=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
+        ingress_in_ns=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
-            -X GET ${APISERVER}/apis/networking.k8s.io/v1/namespaces/${ns}/ingresses)
+            -X GET ${APISERVER}/apis/networking.k8s.io/v1/namespaces/${ns}/ingresses)
-        ingress_list=$(echo $ingress_in_ns | /etc/cp/bin/yq -P '.items[].metadata.name')
+        ingress_list=$(echo $ingress_in_ns | /etc/cp/bin/yq -P '.items[].metadata.name')
-        for ingress_name in ${ingress_list}; do
+        for ingress_name in ${ingress_list}; do
-            ingress_crd=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
+            ingress_crd=$(curl -s --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
-                -X GET ${APISERVER}/apis/networking.k8s.io/v1/namespaces/${ns}/ingresses/${ingress_name})
+                -X GET ${APISERVER}/apis/networking.k8s.io/v1/namespaces/${ns}/ingresses/${ingress_name})
-
+
-            if echo $ingress_crd | grep -n "openappsec" 1>/dev/null; then
+            if echo $ingress_crd | grep -n "openappsec" 1>/dev/null; then
-                ingress_crd=$(echo $ingress_crd | tr -d '\n')
+                ingress_crd=$(echo $ingress_crd | tr -d '\n')
-            fi
+            fi
-            if [ "$FIRST" = "0" ]; then
+            if [ "$FIRST" = "0" ]; then
-                POLICY="$POLICY ,"
+                POLICY="$POLICY ,"
-            fi
+            fi
-            POLICY="$POLICY $ingress_crd"
+            POLICY="$POLICY $ingress_crd"
-            FIRST="0"
+            FIRST="0"
-        done
+        done
-    done
+    done
-
+
-    POLICY="$POLICY ] } } }"
+    POLICY="$POLICY ] } } }"
-    echo $POLICY > $POLICY_CRDS_PATH
+    echo $POLICY > $POLICY_CRDS_PATH
-}
+}
-
+
-upload_the_crds_to_s3()
+upload_the_crds_to_s3()
-{
+{
-    echo "Uploading local configuration to cloud..."
+    echo "Uploading local configuration to cloud..."
-    upload_res="$(curl -o /dev/null -s -w "%{http_code}\n" --progress-bar --request PUT -T "${POLICY_CRDS_PATH}" \
+    upload_res="$(curl -o /dev/null -s -w "%{http_code}\n" --progress-bar --request PUT -T "${POLICY_CRDS_PATH}" \
-        -H "user-agent: Infinity Next (a7030abf93a4c13)" -H "Content-Type: application/json" \
+        -H "user-agent: Infinity Next (a7030abf93a4c13)" -H "Content-Type: application/json" \
-        -H "Authorization: Bearer ${ra_token}" \
+        -H "Authorization: Bearer ${ra_token}" \
-        "$var_fog/agents-core/storage/$tenant_id/$profile_id/$latest_policy_version/policy-$cluster_id.json")"
+        "$var_fog/agents-core/storage/$tenant_id/$profile_id/$latest_policy_version/policy-$cluster_id.json")"
-
+
-    if test "$upload_res" != "200"; then
+    if test "$upload_res" != "200"; then
-        echo "Failed uploading CRDs to cloud: Failed Error code ${upload_res}"
+        echo "Failed uploading CRDs to cloud: Failed Error code ${upload_res}"
-        return 1
+        return 1
-    fi
+    fi
-
+
-    check_file_exists="$(curl -o /dev/null -s -w "%{http_code}\n" --request GET -H "user-agent: Infinity Next (a7030abf93a4c13)" \
+    check_file_exists="$(curl -o /dev/null -s -w "%{http_code}\n" --request GET -H "user-agent: Infinity Next (a7030abf93a4c13)" \
-        -H "Authorization: Bearer ${ra_token}" \
+        -H "Authorization: Bearer ${ra_token}" \
-        "$var_fog/agents-core/storage/$tenant_id/$profile_id/$latest_policy_version/policy-$cluster_id.json")"
+        "$var_fog/agents-core/storage/$tenant_id/$profile_id/$latest_policy_version/policy-$cluster_id.json")"
-    if test "$check_file_exists" != "200"; then
+    if test "$check_file_exists" != "200"; then
-        echo "Failed uploading CRD to cloud: Failed on checking the file.  Error code ${check_file_exists}"
+        echo "Failed uploading CRD to cloud: Failed on checking the file.  Error code ${check_file_exists}"
-        return 1
+        return 1
-    fi
+    fi
-}
+}
-
+
-send_notification_to_the_fog()
+send_notification_to_the_fog()
-{
+{
-    correlation_id=$(cat /proc/sys/kernel/random/uuid)
+    correlation_id=$(cat /proc/sys/kernel/random/uuid)
-    DATE=$(date "+%FT%T.000")
+    DATE=$(date "+%FT%T.000")
-    upload_res=$(curl -o /dev/null -s -w "%{http_code}\n" --request POST "$var_fog/api/v1/agents/events/bulk" \
+    upload_res=$(curl -o /dev/null -s -w "%{http_code}\n" --request POST "$var_fog/api/v1/agents/events/bulk" \
-        -H "X-Trace-Id:${correlation_id}" --header "Authorization: Bearer ${ra_token}" \
+        -H "X-Trace-Id:${correlation_id}" --header "Authorization: Bearer ${ra_token}" \
-        --header "user-agent: Infinity Next (a7030abf93a4c13)" --header "Content-Type: application/json" \
+        --header "user-agent: Infinity Next (a7030abf93a4c13)" --header "Content-Type: application/json" \
-        --data "{\"logs\": [{\"log\": {\"eventTime\": \"$DATE\",\"eventName\": \
+        --data "{\"logs\": [{\"log\": {\"eventTime\": \"$DATE\",\"eventName\": \
-        \"Agent started onboarding process to cloud management\",\"eventSeverity\": \"Info\",\"eventPriority\": \
+        \"Agent started onboarding process to cloud management\",\"eventSeverity\": \"Info\",\"eventPriority\": \
-        \"Urgent\",\"eventLogLevel\": \"info\",\"eventType\": \"Event Driven\",\"eventLevel\": \"Log\",\"eventAudience\": \
+        \"Urgent\",\"eventLogLevel\": \"info\",\"eventType\": \"Event Driven\",\"eventLevel\": \"Log\",\"eventAudience\": \
-        \"Internal\",\"eventAudienceTeam\": \"Agent Core\",\"eventFrequency\": 0,\"eventSource\": {\"serviceName\": \
+        \"Internal\",\"eventAudienceTeam\": \"Agent Core\",\"eventFrequency\": 0,\"eventSource\": {\"serviceName\": \
-        \"Orchestration\",\"agentId\": \"$agent_id\",\"tenantId\": \"$tenant_id\",\"serviceId\": \"1\",\"issuingEngineVersion\": \
+        \"Orchestration\",\"agentId\": \"$agent_id\",\"tenantId\": \"$tenant_id\",\"serviceId\": \"1\",\"issuingEngineVersion\": \
-        \"1.2229.123456\",\"issuingEngine\": \"onboardingInfoProvider\"},\"eventData\": {\"eventObject\": {\"onboardingInfo\": \
+        \"1.2229.123456\",\"issuingEngine\": \"onboardingInfoProvider\"},\"eventData\": {\"eventObject\": {\"onboardingInfo\": \
-        {\"policyVersion\": $latest_policy_version,\"clusterId\": \"$cluster_id\",\"profileId\": \"$profile_id\"}}},\
+        {\"policyVersion\": $latest_policy_version,\"clusterId\": \"$cluster_id\",\"profileId\": \"$profile_id\"}}},\
-        \"eventTags\": [\"Orchestration\"]}, \"tenantId\": \"$tenant_id\", \"id\": 1}]}")
+        \"eventTags\": [\"Orchestration\"]}, \"tenantId\": \"$tenant_id\", \"id\": 1}]}")
-
+
-    if test "$upload_res" != "200"; then
+    if test "$upload_res" != "200"; then
-        sleep 5
+        sleep 5
-        upload_res=$(curl -o /dev/null -s -w "%{http_code}\n" --request POST "$var_fog/api/v1/agents/events/bulk" \
+        upload_res=$(curl -o /dev/null -s -w "%{http_code}\n" --request POST "$var_fog/api/v1/agents/events/bulk" \
-            -H "X-Trace-Id:${correlation_id}" --header "Authorization: Bearer ${ra_token}" \
+            -H "X-Trace-Id:${correlation_id}" --header "Authorization: Bearer ${ra_token}" \
-            --header "user-agent: Infinity Next (a7030abf93a4c13)" --header "Content-Type: application/json" \
+            --header "user-agent: Infinity Next (a7030abf93a4c13)" --header "Content-Type: application/json" \
-            --data "{\"logs\": [{\"log\": {\"eventTime\": \"$DATE\",\"eventName\": \
+            --data "{\"logs\": [{\"log\": {\"eventTime\": \"$DATE\",\"eventName\": \
-            \"Agent started onboarding process to cloud management\",\"eventSeverity\": \"Info\",\"eventPriority\": \
+            \"Agent started onboarding process to cloud management\",\"eventSeverity\": \"Info\",\"eventPriority\": \
-            \"Urgent\",\"eventLogLevel\": \"info\",\"eventType\": \"Event Driven\",\"eventLevel\": \"Log\",\
+            \"Urgent\",\"eventLogLevel\": \"info\",\"eventType\": \"Event Driven\",\"eventLevel\": \"Log\",\
-            \"eventAudience\": \"Internal\",\"eventAudienceTeam\": \"Agent Core\",\"eventFrequency\": 0,\"eventSource\": \
+            \"eventAudience\": \"Internal\",\"eventAudienceTeam\": \"Agent Core\",\"eventFrequency\": 0,\"eventSource\": \
-            {\"serviceName\": \"Orchestration\",\"agentId\": \"$agent_id\",\"tenantId\": \"$tenant_id\",\
+            {\"serviceName\": \"Orchestration\",\"agentId\": \"$agent_id\",\"tenantId\": \"$tenant_id\",\
-            \"serviceId\": \"1\",\"issuingEngineVersion\": \"1.2229.123456\",\"issuingEngine\": \"onboardingInfoProvider\"},\
+            \"serviceId\": \"1\",\"issuingEngineVersion\": \"1.2229.123456\",\"issuingEngine\": \"onboardingInfoProvider\"},\
-            \"eventData\": {\"eventObject\": {\"onboardingInfo\": {\"policyVersion\": $latest_policy_version,\
+            \"eventData\": {\"eventObject\": {\"onboardingInfo\": {\"policyVersion\": $latest_policy_version,\
-            \"clusterId\": \"$cluster_id\",\"profileId\": \"$profile_id\"}}},\"eventTags\": [\"Orchestration\"]}, \
+            \"clusterId\": \"$cluster_id\",\"profileId\": \"$profile_id\"}}},\"eventTags\": [\"Orchestration\"]}, \
-            \"tenantId\": \"$tenant_id\", \"id\": 1}]}")
+            \"tenantId\": \"$tenant_id\", \"id\": 1}]}")
-        if test "$upload_res" != "200"; then
+        if test "$upload_res" != "200"; then
-            echo "Failed to notify the FOG on the new CRDs: Failed Error code ${upload_res}"
+            echo "Failed to notify the FOG on the new CRDs: Failed Error code ${upload_res}"
-            return 1
+            return 1
-        fi
+        fi
-    fi
+    fi
-}
+}
-
+
-poll_for_status_file()
+poll_for_status_file()
-{
+{
-    correlation_id=$(cat /proc/sys/kernel/random/uuid)
+    correlation_id=$(cat /proc/sys/kernel/random/uuid)
-
+
-    attempt_counter=0
+    attempt_counter=0
-    max_attempts=18
+    max_attempts=18
-
+
-    until [ ${attempt_counter} -eq ${max_attempts} ]; do
+    until [ ${attempt_counter} -eq ${max_attempts} ]; do
-        if [ ${attempt_counter} -eq ${max_attempts} ];then
+        if [ ${attempt_counter} -eq ${max_attempts} ];then
-            echo "Max attempts reached"
+            echo "Max attempts reached"
-            exit 1
+            exit 1
-        fi
+        fi
-        file_exists="$(curl -s -w "%{http_code}\n" --request GET -H "user-agent: Infinity Next (a7030abf93a4c13)" \
+        file_exists="$(curl -s -w "%{http_code}\n" --request GET -H "user-agent: Infinity Next (a7030abf93a4c13)" \
-            -H "Authorization: Bearer ${ra_token}" \
+            -H "Authorization: Bearer ${ra_token}" \
-            "$var_fog/agents-core/storage/$tenant_id/$profile_id/$latest_policy_version/status-$cluster_id.json")"
+            "$var_fog/agents-core/storage/$tenant_id/$profile_id/$latest_policy_version/status-$cluster_id.json")"
-
+
-        check_file_exists=$(echo $file_exists | grep 200)
+        check_file_exists=$(echo $file_exists | grep 200)
-        if [ ! -z "$check_file_exists" ]; then
+        if [ ! -z "$check_file_exists" ]; then
-            FAILURE=$(echo $file_exists | grep "false")
+            FAILURE=$(echo $file_exists | grep "false")
-            if [ ! -z "$FAILURE" ]; then
+            if [ ! -z "$FAILURE" ]; then
-                echo "Failed creating the Assets: $(echo $file_exists | cut -c27- | cut -d '"' -f 1)"
+                echo "Failed creating the Assets: $(echo $file_exists | cut -c27- | cut -d '"' -f 1)"
-                exit 1
+                exit 1
-            else
+            else
-                echo "."
+                echo "."
-                return 0
+                return 0
-            fi
+            fi
-        else
+        else
-            echo -n '.'
+            echo -n '.'
-            attempt_counter=$(($attempt_counter+1))
+            attempt_counter=$(($attempt_counter+1))
-            sleep 10
+            sleep 10
-        fi
+        fi
-    done
+    done
-    echo "Error: Status file was not generated"
+    echo "Error: Status file was not generated"
-    exit 1
+    exit 1
-}
+}
-
+
-upload_crds_to_the_cloud()
+upload_crds_to_the_cloud()
-{
+{
-    STATUS="FAILURE"
+    STATUS="FAILURE"
-    load_agent_details
+    load_agent_details
-    get_latest_policy_version
+    get_latest_policy_version
-    generate_policy
+    generate_policy
-
+
-    upload_the_crds_to_s3
+    upload_the_crds_to_s3
-    if [ "$?" = "1" ]; then
+    if [ "$?" = "1" ]; then
-        echo "Failed uploading the CRDs to S3"
+        echo "Failed uploading the CRDs to S3"
-        exit 1
+        exit 1
-    fi
+    fi
-
+
-    send_notification_to_the_fog
+    send_notification_to_the_fog
-    if [ "$?" = "1" ]; then
+    if [ "$?" = "1" ]; then
-        echo "Failed Notifying to FOG"
+        echo "Failed Notifying to FOG"
-        exit 1
+        exit 1
-    fi
+    fi
-
+
-    poll_for_status_file
+    poll_for_status_file
-    if [ "$?" = "0" ]; then
+    if [ "$?" = "0" ]; then
-        STATUS="SUCCESS"
+        STATUS="SUCCESS"
-    fi
+    fi
-
+
-    if [ "$STATUS" = "FAILURE" ]; then
+    if [ "$STATUS" = "FAILURE" ]; then
-        echo "Failed to upload CRDs to the cloud"
+        echo "Failed to upload CRDs to the cloud"
-        exit 1
+        exit 1
-    fi
+    fi
-}
+}
-
+
-usage()
+usage()
-{
+{
-    echo "Usage: $0 --token <token> [options...] ]"
+    echo "Usage: $0 --token <token> [options...] ]"
-    echo "    --token <token>                     : Registration token"
+    echo "    --token <token>                     : Registration token"
-    echo "Options:"
+    echo "Options:"
-    echo "    --fog       <fog address>          : Namespace with the relevant Helm Chart"
+    echo "    --fog       <fog address>          : Namespace with the relevant Helm Chart"
-    echo "    --upload_policy_only               : Upload policy to the fog, withput changing agent mode"
+    echo "    --upload_policy_only               : Upload policy to the fog, withput changing agent mode"
-    exit 255
+    exit 255
-}
+}
-
+
-validate_flags()
+validate_flags()
-{
+{
-    if [ -z $var_token ]; then
+    if [ -z $var_token ]; then
-        usage
+        usage
-        exit 1
+        exit 1
-    fi
+    fi
-}
+}
-
+
-validate_arg_value_exists()
+validate_arg_value_exists()
-{
+{
-    if test "$2" = "1"; then
+    if test "$2" = "1"; then
-        echo "Error: The script is missing value for '$1'"
+        echo "Error: The script is missing value for '$1'"
-        usage
+        usage
-        exit 1
+        exit 1
-    fi
+    fi
-}
+}
-
+
-while true; do
+while true; do
-    if [ "$1" = "--token" ]; then
+    if [ "$1" = "--token" ]; then
-        validate_arg_value_exists "$1" "$#"
+        validate_arg_value_exists "$1" "$#"
-        shift
+        shift
-        var_token="$1"
+        var_token="$1"
-    elif [ "$1" = "--fog" ]; then
+    elif [ "$1" = "--fog" ]; then
-        validate_arg_value_exists "$1" "$#"
+        validate_arg_value_exists "$1" "$#"
-        shift
+        shift
-        var_fog="$1"
+        var_fog="$1"
-    elif [ "$1" = "--access_token" ] || [ "$1" = "-at" ]; then
+    elif [ "$1" = "--access_token" ] || [ "$1" = "-at" ]; then
-        validate_arg_value_exists "$1" "$#"
+        validate_arg_value_exists "$1" "$#"
-        shift
+        shift
-        ra_token="$1"
+        ra_token="$1"
-    elif [ -z "$1" ]; then
+    elif [ -z "$1" ]; then
-        break
+        break
-    fi
+    fi
-    shift
+    shift
-done
+done
-
+
-if [ -z "$var_fog" ]; then
+if [ -z "$var_fog" ]; then
-    var_fog=$(cat /etc/cp/conf/agent_details.json | sed "s|Fog domain|Fogdomain|g" | /etc/cp/bin/yq -P '.Fogdomain')
+    var_fog=$(cat /etc/cp/conf/agent_details.json | sed "s|Fog domain|Fogdomain|g" | /etc/cp/bin/yq -P '.Fogdomain')
-    var_fog="https://$var_fog"
+    var_fog="https://$var_fog"
-fi
+fi
-
+
-upload_crds_to_the_cloud
+upload_crds_to_the_cloud
-if [ "$?" = "0" ]; then
+if [ "$?" = "0" ]; then
-    echo "SUCCESS"
+    echo "SUCCESS"
-fi
+fi
-
+
-exit 0
+exit 0