Add manifest to the image creation

2025-11-16 09:21:54 +03:00 · 2025-03-17 15:26:11 +02:00 · 2025-03-16 16:57:48 +02:00 · 2025-03-16 13:41:28 +02:00 · 2025-03-03 11:54:03 +02:00 · 2025-03-03 11:53:53 +02:00
12 changed files with 38 additions and 25 deletions
--- a/build_system/docker/CMakeLists.txt
+++ b/build_system/docker/CMakeLists.txt
@@ -1,4 +1,4 @@
-install(FILES Dockerfile entry.sh install-cp-agent-intelligence-service.sh install-cp-crowdsec-aux.sh DESTINATION .)
+install(FILES Dockerfile entry.sh install-cp-agent-intelligence-service.sh install-cp-crowdsec-aux.sh self_managed_openappsec_manifest.json DESTINATION .)

 add_custom_command(
    OUTPUT ${CMAKE_INSTALL_PREFIX}/agent-docker.img
--- a/build_system/docker/Dockerfile
+++ b/build_system/docker/Dockerfile
@@ -1,5 +1,7 @@
 FROM alpine

+ENV OPENAPPSEC_NANO_AGENT=TRUE
+
 RUN apk add --no-cache -u busybox
 RUN apk add --no-cache -u zlib
 RUN apk add --no-cache bash
@@ -13,6 +15,8 @@ RUN apk add --no-cache libxml2
 RUN apk add --no-cache pcre2
 RUN apk add --update coreutils

+COPY self_managed_openappsec_manifest.json /tmp/self_managed_openappsec_manifest.json
+
 COPY install*.sh /nano-service-installers/
 COPY entry.sh /entry.sh

--- a/build_system/docker/self_managed_openappsec_manifest.json
+++ b/build_system/docker/self_managed_openappsec_manifest.json
--- a/deployment/apisix/docker-compose.yaml
+++ b/deployment/apisix/docker-compose.yaml
@@ -37,7 +37,7 @@ services:
    environment:
      # adjust with your own email below
      - user_email=user@email.com
-      - registered_server="APISIX Server"
+      - registered_server="APISIX"
      - AGENT_TOKEN=<TOKEN>
    volumes:
      - ./appsec-config:/etc/cp/conf
--- a/deployment/docker-compose/apisix/docker-compose.yaml
+++ b/deployment/docker-compose/apisix/docker-compose.yaml
@@ -28,7 +28,7 @@ services:
      - user_email=${APPSEC_USER_EMAIL}
      - AGENT_TOKEN=${APPSEC_AGENT_TOKEN}
      - autoPolicyLoad=${APPSEC_AUTO_POLICY_LOAD}
-      - registered_server=APISIX Server
+      - registered_server=APISIX
    ipc: shareable
    restart: unless-stopped
    volumes:
@@ -128,4 +128,4 @@ services:
 #   driver_opts:
 #     type: nfs
 #     o: addr=fs-abcdef.efs.eu-west-1.amazonaws.com,rw,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport
-#     device: ":/"
+#     device: ":/"
--- a/deployment/docker-compose/kong/docker-compose.yaml
+++ b/deployment/docker-compose/kong/docker-compose.yaml
@@ -28,7 +28,7 @@ services:
      - user_email=${APPSEC_USER_EMAIL}
      - AGENT_TOKEN=${APPSEC_AGENT_TOKEN}
      - autoPolicyLoad=${APPSEC_AUTO_POLICY_LOAD}
-      - registered_server=Kong Server
+      - registered_server=Kong
    ipc: shareable
    restart: unless-stopped
    volumes:
--- a/deployment/docker-compose/nginx/docker-compose.yaml
+++ b/deployment/docker-compose/nginx/docker-compose.yaml
@@ -28,7 +28,7 @@ services:
      - user_email=${APPSEC_USER_EMAIL}
      - AGENT_TOKEN=${APPSEC_AGENT_TOKEN}
      - autoPolicyLoad=${APPSEC_AUTO_POLICY_LOAD}
-      - registered_server="NGINX Server"
+      - registered_server="NGINX"
    ipc: shareable
    restart: unless-stopped
    volumes:
--- a/deployment/docker-compose/swag/docker-compose.yaml
+++ b/deployment/docker-compose/swag/docker-compose.yaml
@@ -29,7 +29,7 @@ services:
      - user_email=${APPSEC_USER_EMAIL}
      - AGENT_TOKEN=${APPSEC_AGENT_TOKEN}
      - autoPolicyLoad=${APPSEC_AUTO_POLICY_LOAD}
-      - registered_server=SWAG Server
+      - registered_server=SWAG
    ipc: shareable
    volumes:
      - ${APPSEC_CONFIG}:/etc/cp/conf
--- a/deployment/nginx/docker-compose.yaml
+++ b/deployment/nginx/docker-compose.yaml
@@ -11,7 +11,7 @@ services:
      - user_email=${USER_EMAIL}
    # - AGENT_TOKEN=${APPSEC_AGENT_TOKEN}
      - autoPolicyLoad=${APPSEC_AUTO_POLICY_LOAD}
-      - registered_server="NGINX Server"
+      - registered_server="NGINX"
    ipc: shareable
    volumes:
      - ${APPSEC_CONFIG}:/etc/cp/conf
--- a/deployment/swag/docker-compose.yaml
+++ b/deployment/swag/docker-compose.yaml
@@ -30,7 +30,7 @@ services:
    restart: unless-stopped
    environment:
      - user_email=user@email.com # adjust with your own email
-      - registered_server=SWAG Server
+      - registered_server="SWAG"
      # if autoPolicyLoad is set to true, open-appsec will apply
      # changes in local_policy.yaml automatically
      - autoPolicyLoad=true
--- a/nodes/orchestration/package/orchestration_package.sh
+++ b/nodes/orchestration/package/orchestration_package.sh
@@ -353,7 +353,7 @@ done
 # VS ID argument is available only on install, for other actions, extract it from the package location
 if [ -z "$VS_ID" ]; then
    parent_pid=$PPID
-    parent_cmdline=$(ps -o cmd= -p "$parent_pid")
+    parent_cmdline=$(cat /proc/"$parent_pid"/cmdline | tr '\0' ' ')
    parent_dir=$(dirname "$parent_cmdline")
    packages_folder=$(dirname "$parent_dir")
    vs_folder=$(dirname "$packages_folder")
@@ -494,26 +494,26 @@ cp_copy() # Initials - cc
    cp_print "Destination md5, after the copy:\n$DEST_AFTER_COPY"
 }

-update_cloudguard_appsec_manifest()
+update_openappsec_manifest()
 {
-    if [ -z ${INFINITY_NEXT_NANO_AGENT} ] && { [ -z ${CLOUDGUARD_APPSEC_STANDALONE} ] || [ -z ${DOCKER_RPM_ENABLED} ]; }; then
+    if [ -z ${OPENAPPSEC_NANO_AGENT} ] && { [ -z ${CLOUDGUARD_APPSEC_STANDALONE} ] || [ -z ${DOCKER_RPM_ENABLED} ]; }; then
        return
    fi

-    selected_cloudguard_appsec_manifest_path="${TMP_FOLDER}/cloudguard_appsec_manifest.json"
-    if [ "${DOCKER_RPM_ENABLED}" = "false" ] || [ "${INFINITY_NEXT_NANO_AGENT}" = "TRUE" ]; then
-        selected_cloudguard_appsec_manifest_path="${TMP_FOLDER}/self_managed_cloudguard_appsec_manifest.json"
+    selected_openappsec_manifest_path="${TMP_FOLDER}/openappsec_manifest.json"
+    if [ "${DOCKER_RPM_ENABLED}" = "false" ] || [ "${OPENAPPSEC_NANO_AGENT}" = "TRUE" ]; then
+        selected_openappsec_manifest_path="${TMP_FOLDER}/self_managed_openappsec_manifest.json"
    fi

-    if [ ! -f "$selected_cloudguard_appsec_manifest_path" ]; then
+    if [ ! -f "$selected_openappsec_manifest_path" ]; then
        return
    fi

-    cloudguard_appsec_manifest_path="${selected_cloudguard_appsec_manifest_path}.used"
-    mv "$selected_cloudguard_appsec_manifest_path" "$cloudguard_appsec_manifest_path"
+    openappsec_manifest_path="${selected_openappsec_manifest_path}.used"
+    mv "$selected_openappsec_manifest_path" "$openappsec_manifest_path"
    fog_host=$(echo "$var_fog_address" | sed 's/https\?:\/\///')
    fog_host=${fog_host%/}
-    sed "s/namespace/${fog_host}/g" ${cloudguard_appsec_manifest_path} > "${FILESYSTEM_PATH}/${CONF_PATH}/manifest.json"
+    sed "s/namespace/${fog_host}/g" ${openappsec_manifest_path} > "${FILESYSTEM_PATH}/${CONF_PATH}/manifest.json"
 }

 set_cloud_storage()
@@ -779,8 +779,9 @@ upgrade_conf_if_needed()

        [ -f "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg" ] && . "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg"

-        previous_mode=$(cat ${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg | grep "orchestration-mode" | cut -d = -f 3 | sed 's/"//')
- 		if ! [ -z "$previous_mode" ]; then
+        [ -f "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg" ] && \
+	previous_mode=$(cat ${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg | grep "orchestration-mode" | cut -d = -f 3 | sed 's/"//')
+	if ! [ -z "$previous_mode" ]; then
            var_orchestration_mode=${previous_mode}
        fi

@@ -994,7 +995,9 @@ install_orchestration()
        fi

        [ -f "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg" ] && . "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg"
-        previous_mode=$(cat ${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg | grep "orchestration-mode" | cut -d = -f 3 | sed 's/"//')
+
+	[ -f "${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg" ] && \
+	previous_mode=$(cat ${FILESYSTEM_PATH}/${SERVICE_PATH}/${ORCHESTRATION_FILE_NAME}.cfg | grep "orchestration-mode" | cut -d = -f 3 | sed 's/"//')

        if ! [ -z "$previous_mode" ]; then
            var_orchestration_mode=${previous_mode}
@@ -1018,7 +1021,8 @@ install_orchestration()
            rm -f "${FILESYSTEM_PATH}/${CONF_PATH}/default_orchestration_flags"
        fi

-        upgrade_conf_if_needed
+        update_openappsec_manifest
+	upgrade_conf_if_needed

        cp_exec "${FILESYSTEM_PATH}/${WATCHDOG_PATH}/cp-nano-watchdog --un-register ${FILESYSTEM_PATH}/${SERVICE_PATH}/cp-nano-orchestration $var_arch_flag"
        if [ "$IS_K8S_ENV" = "true" ]; then
@@ -1073,7 +1077,7 @@ install_orchestration()
    cp_exec "mkdir -p ${LOG_FILE_PATH}/${LOG_PATH}"
    cp_exec "mkdir -p ${FILESYSTEM_PATH}/${DATA_PATH}"

-    update_cloudguard_appsec_manifest
+    update_openappsec_manifest

    if [ ! -f ${FILESYSTEM_PATH}/${DEFAULT_SETTINGS_PATH} ]; then
        echo "{\"agentSettings\": []}" >  ${FILESYSTEM_PATH}/${DEFAULT_SETTINGS_PATH}
--- a/nodes/orchestration/package/watchdog/watchdog
+++ b/nodes/orchestration/package/watchdog/watchdog
@@ -53,7 +53,12 @@ var_upgarde=false
 get_profile_agent_setting_with_default() {
    key="$1"
    default_value="$2"
-    value=$(grep -oP "\"key\":\s*\"$key\".*?\"value\":\s*\"[^\"]+\"" $SETTINGS_FILE | sed -E 's/.*"value":\s*"([^"]+)".*/\1/')
+
+    value=$(grep -o "\"key\":\s*\"$key\".*?\"value\":\s*\"[^\"]*\"" $SETTINGS_FILE | sed -E 's/.*"value":\s*"([^"]*)".*/\1/')
+    if [ -z "$value" ]; then
+        value=$(grep -o "\"$key\":\s*\"[^\"]*\"" $SETTINGS_FILE | sed -E 's/.*"'"$key"'":\s*"([^"]*)".*/\1/')
+    fi
+
    if [ "$value" = "null" ] || [ -z "$value" ]; then
        echo "$default_value"
    else
Author	SHA1	Message	Date
avigailo	919921f6d3	Add manifest to the image creation	2025-03-17 15:26:11 +02:00
avigailo	e9098e2845	Add manifest to the image creation	2025-03-16 16:57:48 +02:00
avigailo	97d042589b	Add manifest to the image creation	2025-03-16 13:41:28 +02:00
orianelou	448991ef75	Update docker-compose.yaml	2025-03-03 11:54:03 +02:00
orianelou	2b1ee84280	Update docker-compose.yaml	2025-03-03 11:53:53 +02:00
orianelou	77dd288eee	Update docker-compose.yaml	2025-03-03 11:52:47 +02:00
orianelou	3cb4def82e	Update docker-compose.yaml	2025-03-03 11:52:26 +02:00
orianelou	a0dd7dd614	Update docker-compose.yaml	2025-03-03 11:51:13 +02:00
orianelou	88eed946ec	Update docker-compose.yaml	2025-03-03 11:50:49 +02:00
orianelou	3e1ad8b0f7	Update docker-compose.yaml	2025-03-03 11:50:23 +02:00
Daniel-Eisenberg	bd35c421c6	Merge pull request #263 from openappsec/Feb_27_2025-Dev Feb 27 2025 dev	2025-03-02 18:23:10 +02:00