mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-30 01:05:39 +02:00
AWS multi account
This commit is contained in:
fbsanchez
parent
c11cd556ce
commit
38f72bed8d
@ -699,7 +699,7 @@ class DiscoveryTaskList extends Wizard
|
|||||||
if ($script !== false) {
|
if ($script !== false) {
|
||||||
switch ($script['type']) {
|
switch ($script['type']) {
|
||||||
case DISCOVERY_SCRIPT_CLOUD_AWS:
|
case DISCOVERY_SCRIPT_CLOUD_AWS:
|
||||||
return 'wiz=cloud&mode=amazonws&page=1';
|
return 'wiz=cloud&mode=amazonws&ki='.$task['auth_strings'].'&page=1';
|
||||||
|
|
||||||
case DISCOVERY_SCRIPT_APP_VMWARE:
|
case DISCOVERY_SCRIPT_APP_VMWARE:
|
||||||
return 'wiz=app&mode=vmware&page=0';
|
return 'wiz=app&mode=vmware&page=0';
|
||||||
@ -722,7 +722,7 @@ class DiscoveryTaskList extends Wizard
|
|||||||
|
|
||||||
case DISCOVERY_CLOUD_AWS:
|
case DISCOVERY_CLOUD_AWS:
|
||||||
case DISCOVERY_CLOUD_AWS_EC2:
|
case DISCOVERY_CLOUD_AWS_EC2:
|
||||||
return 'wiz=cloud&mode=amazonws&page=1';
|
return 'wiz=cloud&mode=amazonws&ki='.$task['auth_strings'].'&page=1';
|
||||||
|
|
||||||
case DISCOVERY_CLOUD_AWS_RDS:
|
case DISCOVERY_CLOUD_AWS_RDS:
|
||||||
return 'wiz=cloud&mode=amazonws&sub=rds&page=0';
|
return 'wiz=cloud&mode=amazonws&sub=rds&page=0';
|
||||||
|
|||||||
@ -265,3 +265,8 @@ a.tip {
|
|||||||
.discovery_interval_select_width {
|
.discovery_interval_select_width {
|
||||||
width: 90%;
|
width: 90%;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
a.ext_link {
|
||||||
|
margin-left: 1em;
|
||||||
|
font-size: 8pt;
|
||||||
|
}
|
||||||
|
|||||||
@ -185,6 +185,7 @@ our @EXPORT = qw(
|
|||||||
pandora_exec_forced_alerts
|
pandora_exec_forced_alerts
|
||||||
pandora_generate_alerts
|
pandora_generate_alerts
|
||||||
pandora_get_config_value
|
pandora_get_config_value
|
||||||
|
pandora_get_credential
|
||||||
pandora_get_module_tags
|
pandora_get_module_tags
|
||||||
pandora_get_module_url_tags
|
pandora_get_module_url_tags
|
||||||
pandora_get_module_phone_tags
|
pandora_get_module_phone_tags
|
||||||
@ -3122,6 +3123,19 @@ sub pandora_get_config_value ($$) {
|
|||||||
return (defined ($config_value) ? $config_value : "");
|
return (defined ($config_value) ? $config_value : "");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
##########################################################################
|
||||||
|
## Get credential from credential store
|
||||||
|
##########################################################################
|
||||||
|
sub pandora_get_credential ($$) {
|
||||||
|
my ($dbh, $identifier) = @_;
|
||||||
|
|
||||||
|
my $key = get_db_single_row($dbh, 'SELECT * FROM tcredential_store WHERE identifier = ?', $identifier);
|
||||||
|
|
||||||
|
return $key;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
##########################################################################
|
##########################################################################
|
||||||
=head2 C<< pandora_create_module_tags (I<$pa_config>, I<$dbh>, I<$id_agent_module>, I<$serialized_tags>) >>
|
=head2 C<< pandora_create_module_tags (I<$pa_config>, I<$dbh>, I<$id_agent_module>, I<$serialized_tags>) >>
|
||||||
|
|
||||||
|
|||||||
@ -113,10 +113,6 @@ sub run ($) {
|
|||||||
print_message ($pa_config, " [*] Starting " . $pa_config->{'rb_product_name'} . " Discovery Server.", 1);
|
print_message ($pa_config, " [*] Starting " . $pa_config->{'rb_product_name'} . " Discovery Server.", 1);
|
||||||
my $threads = $pa_config->{'recon_threads'};
|
my $threads = $pa_config->{'recon_threads'};
|
||||||
|
|
||||||
# Prepare some environmental variables.
|
|
||||||
$ENV{'AWS_ACCESS_KEY_ID'} = pandora_get_config_value($dbh, 'aws_access_key_id');
|
|
||||||
$ENV{'AWS_SECRET_ACCESS_KEY'} = pandora_get_config_value($dbh, 'aws_secret_access_key');
|
|
||||||
|
|
||||||
# Use hightest value
|
# Use hightest value
|
||||||
if ($pa_config->{'discovery_threads'} > $pa_config->{'recon_threads'}) {
|
if ($pa_config->{'discovery_threads'} > $pa_config->{'recon_threads'}) {
|
||||||
$threads = $pa_config->{'discovery_threads'};
|
$threads = $pa_config->{'discovery_threads'};
|
||||||
@ -193,42 +189,46 @@ sub data_consumer ($$) {
|
|||||||
my %cnf_extra;
|
my %cnf_extra;
|
||||||
if ($task->{'type'} == DISCOVERY_CLOUD_AWS_EC2
|
if ($task->{'type'} == DISCOVERY_CLOUD_AWS_EC2
|
||||||
|| $task->{'type'} == DISCOVERY_CLOUD_AWS_RDS) {
|
|| $task->{'type'} == DISCOVERY_CLOUD_AWS_RDS) {
|
||||||
$cnf_extra{'aws_access_key_id'} = pandora_get_config_value($dbh, 'aws_access_key_id');
|
# auth_strings stores the crential identifier to be used.
|
||||||
$cnf_extra{'aws_secret_access_key'} = pandora_get_config_value($dbh, 'aws_secret_access_key');
|
my $key = pandora_get_credential($dbh, $task->{'auth_strings'});
|
||||||
|
|
||||||
|
if (ref($key) eq "HASH") {
|
||||||
|
$cnf_extra{'aws_access_key_id'} = $key->{'username'};
|
||||||
|
$cnf_extra{'aws_secret_access_key'} = $key->{'password'};
|
||||||
|
} else {
|
||||||
|
# Invalid credential.
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$cnf_extra{'cloud_util_path'} = pandora_get_config_value($dbh, 'cloud_util_path');
|
$cnf_extra{'cloud_util_path'} = pandora_get_config_value($dbh, 'cloud_util_path');
|
||||||
|
|
||||||
if (!defined($ENV{'AWS_ACCESS_KEY_ID'}) || !defined($ENV{'AWS_SECRET_ACCESS_KEY'})
|
# Pass credentials by file due Perl limitations. We cannot update ENV here.
|
||||||
|| $cnf_extra{'aws_secret_access_key'} ne $ENV{'AWS_ACCESS_KEY_ID'}
|
$cnf_extra{'creds_file'} = $pa_config->{'temporal'} . '/tmp_discovery.' . md5($task->{'id_rt'} . $task->{'name'} . time());
|
||||||
|| $cnf_extra{'cloud_util_path'} ne $ENV{'AWS_SECRET_ACCESS_KEY'}) {
|
eval {
|
||||||
# Environmental data is out of date. Create a tmp file to manage
|
open(my $__file_cfg, '> '. $cnf_extra{'creds_file'}) or die($!);
|
||||||
# credentials. Perl limitation. We cannot update ENV here.
|
print $__file_cfg $cnf_extra{'aws_access_key_id'} . "\n";
|
||||||
$cnf_extra{'creds_file'} = $pa_config->{'temporal'} . '/tmp_discovery.' . md5($task->{'id_rt'} . $task->{'name'} . time());
|
print $__file_cfg $cnf_extra{'aws_secret_access_key'} . "\n";
|
||||||
eval {
|
close($__file_cfg);
|
||||||
open(my $__file_cfg, '> '. $cnf_extra{'creds_file'}) or die($!);
|
set_file_permissions(
|
||||||
print $__file_cfg $cnf_extra{'aws_access_key_id'} . "\n";
|
$pa_config,
|
||||||
print $__file_cfg $cnf_extra{'aws_secret_access_key'} . "\n";
|
$cnf_extra{'creds_file'},
|
||||||
close($__file_cfg);
|
"0600"
|
||||||
set_file_permissions(
|
);
|
||||||
$pa_config,
|
};
|
||||||
$cnf_extra{'creds_file'},
|
if ($@) {
|
||||||
"0600"
|
logger(
|
||||||
);
|
$pa_config,
|
||||||
};
|
'Cannot instantiate configuration file for task: ' . safe_output($task->{'name'}),
|
||||||
if ($@) {
|
5
|
||||||
logger(
|
);
|
||||||
$pa_config,
|
# A server restart will override ENV definition (see run)
|
||||||
'Cannot instantiate configuration file for task: ' . safe_output($task->{'name'}),
|
logger(
|
||||||
5
|
$pa_config,
|
||||||
);
|
'Cannot execute Discovery task: ' . safe_output($task->{'name'}) . '. Please restart the server.',
|
||||||
# A server restart will override ENV definition (see run)
|
1
|
||||||
logger(
|
);
|
||||||
$pa_config,
|
# Skip this task.
|
||||||
'Cannot execute Discovery task: ' . safe_output($task->{'name'}) . '. Please restart the server.',
|
return;
|
||||||
1
|
|
||||||
);
|
|
||||||
# Skip this task.
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user