AWS multi account
This commit is contained in:
fbsanchez
parent
c11cd556ce
commit
38f72bed8d
|
|
@ -699,7 +699,7 @@ class DiscoveryTaskList extends Wizard
|
|||
if ($script !== false) {
|
||||
switch ($script['type']) {
|
||||
case DISCOVERY_SCRIPT_CLOUD_AWS:
|
||||
return 'wiz=cloud&mode=amazonws&page=1';
|
||||
return 'wiz=cloud&mode=amazonws&ki='.$task['auth_strings'].'&page=1';
|
||||
|
||||
case DISCOVERY_SCRIPT_APP_VMWARE:
|
||||
return 'wiz=app&mode=vmware&page=0';
|
||||
|
|
@ -722,7 +722,7 @@ class DiscoveryTaskList extends Wizard
|
|||
|
||||
case DISCOVERY_CLOUD_AWS:
|
||||
case DISCOVERY_CLOUD_AWS_EC2:
|
||||
return 'wiz=cloud&mode=amazonws&page=1';
|
||||
return 'wiz=cloud&mode=amazonws&ki='.$task['auth_strings'].'&page=1';
|
||||
|
||||
case DISCOVERY_CLOUD_AWS_RDS:
|
||||
return 'wiz=cloud&mode=amazonws&sub=rds&page=0';
|
||||
|
|
|
|||
|
|
@ -265,3 +265,8 @@ a.tip {
|
|||
.discovery_interval_select_width {
|
||||
width: 90%;
|
||||
}
|
||||
|
||||
a.ext_link {
|
||||
margin-left: 1em;
|
||||
font-size: 8pt;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -185,6 +185,7 @@ our @EXPORT = qw(
|
|||
pandora_exec_forced_alerts
|
||||
pandora_generate_alerts
|
||||
pandora_get_config_value
|
||||
pandora_get_credential
|
||||
pandora_get_module_tags
|
||||
pandora_get_module_url_tags
|
||||
pandora_get_module_phone_tags
|
||||
|
|
@ -3122,6 +3123,19 @@ sub pandora_get_config_value ($$) {
|
|||
return (defined ($config_value) ? $config_value : "");
|
||||
}
|
||||
|
||||
|
||||
##########################################################################
|
||||
## Get credential from credential store
|
||||
##########################################################################
|
||||
sub pandora_get_credential ($$) {
|
||||
my ($dbh, $identifier) = @_;
|
||||
|
||||
my $key = get_db_single_row($dbh, 'SELECT * FROM tcredential_store WHERE identifier = ?', $identifier);
|
||||
|
||||
return $key;
|
||||
}
|
||||
|
||||
|
||||
##########################################################################
|
||||
=head2 C<< pandora_create_module_tags (I<$pa_config>, I<$dbh>, I<$id_agent_module>, I<$serialized_tags>) >>
|
||||
|
||||
|
|
|
|||
|
|
@ -113,10 +113,6 @@ sub run ($) {
|
|||
print_message ($pa_config, " [*] Starting " . $pa_config->{'rb_product_name'} . " Discovery Server.", 1);
|
||||
my $threads = $pa_config->{'recon_threads'};
|
||||
|
||||
# Prepare some environmental variables.
|
||||
$ENV{'AWS_ACCESS_KEY_ID'} = pandora_get_config_value($dbh, 'aws_access_key_id');
|
||||
$ENV{'AWS_SECRET_ACCESS_KEY'} = pandora_get_config_value($dbh, 'aws_secret_access_key');
|
||||
|
||||
# Use hightest value
|
||||
if ($pa_config->{'discovery_threads'} > $pa_config->{'recon_threads'}) {
|
||||
$threads = $pa_config->{'discovery_threads'};
|
||||
|
|
@ -193,42 +189,46 @@ sub data_consumer ($$) {
|
|||
my %cnf_extra;
|
||||
if ($task->{'type'} == DISCOVERY_CLOUD_AWS_EC2
|
||||
|| $task->{'type'} == DISCOVERY_CLOUD_AWS_RDS) {
|
||||
$cnf_extra{'aws_access_key_id'} = pandora_get_config_value($dbh, 'aws_access_key_id');
|
||||
$cnf_extra{'aws_secret_access_key'} = pandora_get_config_value($dbh, 'aws_secret_access_key');
|
||||
# auth_strings stores the crential identifier to be used.
|
||||
my $key = pandora_get_credential($dbh, $task->{'auth_strings'});
|
||||
|
||||
if (ref($key) eq "HASH") {
|
||||
$cnf_extra{'aws_access_key_id'} = $key->{'username'};
|
||||
$cnf_extra{'aws_secret_access_key'} = $key->{'password'};
|
||||
} else {
|
||||
# Invalid credential.
|
||||
return;
|
||||
}
|
||||
|
||||
$cnf_extra{'cloud_util_path'} = pandora_get_config_value($dbh, 'cloud_util_path');
|
||||
|
||||
if (!defined($ENV{'AWS_ACCESS_KEY_ID'}) || !defined($ENV{'AWS_SECRET_ACCESS_KEY'})
|
||||
|| $cnf_extra{'aws_secret_access_key'} ne $ENV{'AWS_ACCESS_KEY_ID'}
|
||||
|| $cnf_extra{'cloud_util_path'} ne $ENV{'AWS_SECRET_ACCESS_KEY'}) {
|
||||
# Environmental data is out of date. Create a tmp file to manage
|
||||
# credentials. Perl limitation. We cannot update ENV here.
|
||||
$cnf_extra{'creds_file'} = $pa_config->{'temporal'} . '/tmp_discovery.' . md5($task->{'id_rt'} . $task->{'name'} . time());
|
||||
eval {
|
||||
open(my $__file_cfg, '> '. $cnf_extra{'creds_file'}) or die($!);
|
||||
print $__file_cfg $cnf_extra{'aws_access_key_id'} . "\n";
|
||||
print $__file_cfg $cnf_extra{'aws_secret_access_key'} . "\n";
|
||||
close($__file_cfg);
|
||||
set_file_permissions(
|
||||
$pa_config,
|
||||
$cnf_extra{'creds_file'},
|
||||
"0600"
|
||||
);
|
||||
};
|
||||
if ($@) {
|
||||
logger(
|
||||
$pa_config,
|
||||
'Cannot instantiate configuration file for task: ' . safe_output($task->{'name'}),
|
||||
5
|
||||
);
|
||||
# A server restart will override ENV definition (see run)
|
||||
logger(
|
||||
$pa_config,
|
||||
'Cannot execute Discovery task: ' . safe_output($task->{'name'}) . '. Please restart the server.',
|
||||
1
|
||||
);
|
||||
# Skip this task.
|
||||
return;
|
||||
}
|
||||
# Pass credentials by file due Perl limitations. We cannot update ENV here.
|
||||
$cnf_extra{'creds_file'} = $pa_config->{'temporal'} . '/tmp_discovery.' . md5($task->{'id_rt'} . $task->{'name'} . time());
|
||||
eval {
|
||||
open(my $__file_cfg, '> '. $cnf_extra{'creds_file'}) or die($!);
|
||||
print $__file_cfg $cnf_extra{'aws_access_key_id'} . "\n";
|
||||
print $__file_cfg $cnf_extra{'aws_secret_access_key'} . "\n";
|
||||
close($__file_cfg);
|
||||
set_file_permissions(
|
||||
$pa_config,
|
||||
$cnf_extra{'creds_file'},
|
||||
"0600"
|
||||
);
|
||||
};
|
||||
if ($@) {
|
||||
logger(
|
||||
$pa_config,
|
||||
'Cannot instantiate configuration file for task: ' . safe_output($task->{'name'}),
|
||||
5
|
||||
);
|
||||
# A server restart will override ENV definition (see run)
|
||||
logger(
|
||||
$pa_config,
|
||||
'Cannot execute Discovery task: ' . safe_output($task->{'name'}) . '. Please restart the server.',
|
||||
1
|
||||
);
|
||||
# Skip this task.
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue