diff options
-rw-r--r-- | .gitignore | 10 | ||||
-rw-r--r-- | app/api/responders/resource/environment_configs.py | 4 | ||||
-rwxr-xr-x | app/discover/events/listeners/default_listener.py | 1 | ||||
-rw-r--r-- | app/install/calipso-installer.py | 2 | ||||
-rw-r--r-- | app/monitoring/setup/monitoring_handler.py | 4 | ||||
-rw-r--r-- | app/test/scan/test_data/configurations.py | 4 | ||||
-rw-r--r-- | app/utils/logging/full_logger.py | 10 | ||||
-rw-r--r-- | app/utils/mongo_access.py | 8 | ||||
-rw-r--r-- | app/utils/ssh_connection.py | 81 |
9 files changed, 64 insertions, 60 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..73e0e74 --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +*~ +*.pyc +*.swp +.idea/ +.ropeproject/ +mongo*.conf +mongo_access.log +.DS_Store + +app/test/event_based_scan/config/test_config.py diff --git a/app/api/responders/resource/environment_configs.py b/app/api/responders/resource/environment_configs.py index bee6a4d..32e70ad 100644 --- a/app/api/responders/resource/environment_configs.py +++ b/app/api/responders/resource/environment_configs.py @@ -55,7 +55,7 @@ class EnvironmentConfigs(ResponderBase): validate=DataValidate.REGEX, requirement=[regex.IP, regex.HOSTNAME], mandatory=True), - "password": self.require(str, mandatory=True), + "pwd": self.require(str, mandatory=True), "port": self.require(int, True, DataValidate.REGEX, @@ -96,7 +96,7 @@ class EnvironmentConfigs(ResponderBase): validate=DataValidate.REGEX, requirement=[regex.IP, regex.HOSTNAME], mandatory=True), - "password": self.require(str, mandatory=True), + "pwd": self.require(str, mandatory=True), "port": self.require(int, True, validate=DataValidate.REGEX, diff --git a/app/discover/events/listeners/default_listener.py b/app/discover/events/listeners/default_listener.py index 9261cf8..8ebc6cb 100755 --- a/app/discover/events/listeners/default_listener.py +++ b/app/discover/events/listeners/default_listener.py @@ -74,7 +74,6 @@ class DefaultListener(ListenerBase, ConsumerMixin): if self.inv.is_feature_supported(self.env_name, EnvironmentFeatures.MONITORING): self.inv.monitoring_setup_manager = \ MonitoringSetupManager(self.env_name) - self.inv.monitoring_setup_manager.server_setup() def get_consumers(self, consumer, channel): return [consumer(queues=self.event_queues, diff --git a/app/install/calipso-installer.py b/app/install/calipso-installer.py index bccddae..c088876 100644 --- a/app/install/calipso-installer.py +++ b/app/install/calipso-installer.py @@ -321,7 +321,7 @@ while container not in container_names: # starting the containers per arguments: if action == "start": # building /home/calipso/calipso_mongo_access.conf and /home/calipso/ldap.conf files, per the arguments: - calipso_mongo_access_text = "server " + args.hostname + "\nuser " + args.dbuser + "\npassword " + \ + calipso_mongo_access_text = "server " + args.hostname + "\nuser " + args.dbuser + "\npwd " + \ args.dbpassword + "\nauth_db calipso" ldap_text = "user admin" + "\npassword password" + "\nurl ldap://" + args.hostname + ":389" + \ "\nuser_id_attribute CN" + "\nuser_pass_attribute userpassword" + \ diff --git a/app/monitoring/setup/monitoring_handler.py b/app/monitoring/setup/monitoring_handler.py index 5b7cae0..f041264 100644 --- a/app/monitoring/setup/monitoring_handler.py +++ b/app/monitoring/setup/monitoring_handler.py @@ -211,8 +211,8 @@ class MonitoringHandler(MongoAccess, CliAccess, BinaryConverter): def get_ssh(self, host, is_container=False, for_sftp=False): ssh = SshConnection.get_ssh(host, for_sftp) if not ssh: - if is_container: - conf = self.env_monitoring_config + conf = self.env_monitoring_config + if is_container or host == conf['server_ip']: host = conf['server_ip'] port = int(conf['ssh_port']) user = conf['ssh_user'] diff --git a/app/test/scan/test_data/configurations.py b/app/test/scan/test_data/configurations.py index da68dd1..59ad649 100644 --- a/app/test/scan/test_data/configurations.py +++ b/app/test/scan/test_data/configurations.py @@ -15,7 +15,7 @@ CONFIGURATIONS = { "mock": "True", "host": "10.56.20.239", "name": "mysql", - "password": "102QreDdiD5sKcvNf9qbHrmr", + "pwd": "102QreDdiD5sKcvNf9qbHrmr", "port": 3307.0, "user": "root", "schema": "nova" @@ -40,7 +40,7 @@ CONFIGURATIONS = { "host": "10.56.20.239", "port": "5673", "user": "nova", - "password": "NF2nSv3SisooxPkCTr8fbfOa" + "pwd": "NF2nSv3SisooxPkCTr8fbfOa" }, { "config_folder": "/tmp/sensu_config", diff --git a/app/utils/logging/full_logger.py b/app/utils/logging/full_logger.py index a88f00e..411eceb 100644 --- a/app/utils/logging/full_logger.py +++ b/app/utils/logging/full_logger.py @@ -35,13 +35,9 @@ class FullLogger(Logger): def set_env(self, env): super().set_env(env) - defined_handler = next( - filter( - lambda handler: handler.__class__ == MongoLoggingHandler.__class__, - self.log.handlers - ), None) - + defined_handler = [h for h in self.log.handlers + if isinstance(h, MongoLoggingHandler)] if defined_handler: - defined_handler.env = env + defined_handler[0].env = env else: self.add_handler(MongoLoggingHandler(env, self.level)) diff --git a/app/utils/mongo_access.py b/app/utils/mongo_access.py index 1425017..6277ace 100644 --- a/app/utils/mongo_access.py +++ b/app/utils/mongo_access.py @@ -94,11 +94,13 @@ class MongoAccess(DictNamingConverter): def prepare_connect_uri(self): params = self.connect_params - self.log.debug('connecting to MongoDb server: {}' + self.log.debug('connecting to MongoDB server: {}' .format(params['server'])) uri = 'mongodb://' - if 'password' in params: - uri = uri + params['user'] + ':' + params['password'] + '@' + if 'pwd' in params: + uri = uri + params['user'] + ':' + params['pwd'] + '@' + else: + self.log.info('MongoDB credentials missing') uri = uri + params['server'] if 'auth_db' in params: uri = uri + '/' + params['auth_db'] diff --git a/app/utils/ssh_connection.py b/app/utils/ssh_connection.py index 0fa197a..b0f202a 100644 --- a/app/utils/ssh_connection.py +++ b/app/utils/ssh_connection.py @@ -15,11 +15,7 @@ from utils.binary_converter import BinaryConverter class SshConnection(BinaryConverter): - config = None - ssh = None connections = {} - cli_connections = {} - sftp_connections = {} max_call_count_per_con = 100 timeout = 15 # timeout for exec in seconds @@ -31,7 +27,7 @@ class SshConnection(BinaryConverter): for_sftp: bool = False): super().__init__() self.host = _host - self.ssh = None + self.ssh_client = None self.ftp = None self.for_sftp = for_sftp self.key = _key @@ -44,10 +40,7 @@ class SshConnection(BinaryConverter): self.call_count_limit = 0 if for_sftp \ else (SshConnection.max_call_count_per_con if _call_count_limit is None else _call_count_limit) - if for_sftp: - self.sftp_connections[_host] = self - else: - self.cli_connections[_host] = self + self.connections[self.get_connection_key(_host, for_sftp)] = self def check_definitions(self): if not self.host: @@ -62,28 +55,28 @@ class SshConnection(BinaryConverter): 'for CLI access to host {}'.format(self.host)) @staticmethod - def get_ssh(host, for_sftp=False): - if for_sftp: - return SshConnection.cli_connections.get(host) - return SshConnection.sftp_connections.get(host) + def get_ssh(host, _for_sftp=False): + return SshConnection.get_connection(host, for_sftp=_for_sftp) @staticmethod - def get_connection(host, for_sftp=False): + def get_connection_key(host, for_sftp=False): key = ('sftp-' if for_sftp else '') + host + return key + + @staticmethod + def get_connection(host, for_sftp=False): + key = SshConnection.get_connection_key(host, for_sftp) return SshConnection.connections.get(key) def disconnect(self): - if self.ssh: - self.ssh.close() + if self.ssh_client: + self.ssh_client.close() @staticmethod def disconnect_all(): - for ssh in SshConnection.cli_connections.values(): - ssh.disconnect() - SshConnection.cli_connections = {} - for ssh in SshConnection.sftp_connections.values(): + for ssh in SshConnection.connections.values(): ssh.disconnect() - SshConnection.sftp_connections = {} + SshConnection.connections = {} def get_host(self): return self.host @@ -96,8 +89,8 @@ class SshConnection(BinaryConverter): def connect(self, reconnect=False) -> bool: connection = self.get_connection(self.host, self.for_sftp) - if connection: - self.ssh = connection + if connection and connection.ssh_client: + self.ssh_client = connection.ssh_client if reconnect: self.log.info("SshConnection: " + "****** forcing reconnect: %s ******", @@ -109,31 +102,34 @@ class SshConnection(BinaryConverter): else: return True connection.close() - self.ssh = None - self.ssh = paramiko.SSHClient() - connection_key = ('sftp-' if self.for_sftp else '') + self.host - SshConnection.connections[connection_key] = self.ssh - self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) + self.ssh_client = None + self.ssh_client = paramiko.SSHClient() + connection_key = SshConnection.get_connection_key(self.host, + self.for_sftp) + SshConnection.connections[connection_key] = self + self.ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if self.key: k = paramiko.RSAKey.from_private_key_file(self.key) - self.ssh.connect(hostname=self.host, username=self.user, pkey=k, - port=self.port if self.port is not None - else self.DEFAULT_PORT, - password=self.pwd, timeout=30) + self.ssh_client.connect(hostname=self.host, + username=self.user, + pkey=k, + port=self.port if self.port is not None + else self.DEFAULT_PORT, + password=self.pwd, timeout=30) else: try: port = self.port if self.port is not None else self.DEFAULT_PORT - self.ssh.connect(self.host, - username=self.user, - password=self.pwd, - port=port, - timeout=30) + self.ssh_client.connect(self.host, + username=self.user, + password=self.pwd, + port=port, + timeout=30) except paramiko.ssh_exception.AuthenticationException: self.log.error('Failed SSH connect to host {}, port={}' .format(self.host, port)) - self.ssh = None + self.ssh_client = None self.call_count = 0 - return self.ssh is not None + return self.ssh_client is not None def exec(self, cmd): if not self.connect(): @@ -141,7 +137,8 @@ class SshConnection(BinaryConverter): self.call_count += 1 self.log.debug("call count: %s, running call:\n%s\n", str(self.call_count), cmd) - stdin, stdout, stderr = self.ssh.exec_command(cmd, timeout=self.timeout) + stdin, stdout, stderr = \ + self.ssh_client.exec_command(cmd, timeout=self.timeout) stdin.close() err = self.binary2str(stderr.read()) if err: @@ -164,7 +161,7 @@ class SshConnection(BinaryConverter): if not self.connect(): return if not self.ftp: - self.ftp = self.ssh.open_sftp() + self.ftp = self.ssh_client.open_sftp() try: self.ftp.put(local_path, remote_path) except IOError as e: @@ -200,7 +197,7 @@ class SshConnection(BinaryConverter): if not self.connect(): return if not self.ftp: - self.ftp = self.ssh.open_sftp() + self.ftp = self.ssh_client.open_sftp() try: self.ftp.get(remote_path, local_path) except IOError as e: |