nexpose 7.0.1 → 7.3.0

data/lib/eso/configuration/configuration.rb

@@ -0,0 +1,124 @@
+module Eso
+  # This class represents the Configuration that is sent to the server for new
+  # style Discovery Connections.
+  class Configuration
+    attr_accessor :service_name, :config_name, :config_id, :properties
+
+    def initialize(service_name:, config_name:, properties:[], config_id:)
+      @service_name = service_name
+      @config_name = config_name
+      @properties = properties
+      @config_id = config_id
+    end
+
+    # Convert the Configuration to a JSON string for sending to Nexpose
+    #
+    # @return [String] A JSON String representation of the Configuration
+    def to_json
+      self.to_hash.to_json
+    end
+
+    # Convert the Configuration to a Hash
+    #
+    # @return [Hash] A Hash representation of the Configuration
+    def to_hash
+      hash = {:configId => @config_id,
+              :serviceName => @service_name,
+              :configName => @config_name,
+              :configurationAttributes => {:valueClass => Eso::Values::OBJECT,
+                                           :objectType => 'service_configuration',
+                                           :properties => []}}
+      properties.each {|prop| hash[:configurationAttributes][:properties] << prop.to_hash}
+    end
+
+    # Retrieve a Configuration attribute property value given the name of the property
+    #
+    # @param [String] name The name of the property to retrieve
+    # @return [String] The value of the property
+    def property(name)
+      prop = properties.find{|attr| attr.property == name}
+      prop.value unless prop.nil?
+    end
+
+    # Update a Configuration attribute property value given the name of the property
+    #
+    # @param [String] name The name of the property to update
+    # @param [String] value The value of the property to update
+    # @return [String] The value of the property
+    def update_property(name, value)
+      properties.find{|attr| attr.property == name}.value = value
+    end
+
+    # Delete a Configuration attribute property value given the name of the property
+    #
+    # @param [String] name The name of the property to update
+    def delete_property(name)
+      properties.delete_if{|attr| attr.property == name}
+    end
+
+    # Load a Configuration object from a Hash
+    #
+    # @param [Hash] hash The Hash containing the Configuration object
+    # @return [Configuration] The Configuration object which was in the Hash
+    def self.load(hash)
+      configuration = self.new(service_name: hash[:serviceName],
+                               config_name: hash[:configName],
+                               config_id: hash[:configID])
+      hash[:configurationAttributes][:properties].each do |prop|
+        configuration.properties << ConfigurationAttribute.load(prop)
+      end
+      configuration
+    end
+  end
+
+  # The ConfigurationAttribute is a property of the Configuration
+  class ConfigurationAttribute
+    attr_accessor :property, :value_class, :value
+
+    def initialize(property, value_class, value)
+      @property = property
+      @value_class = value_class
+      @value = value
+    end
+
+    # Convert the ConfigurationAttribute to a JSON string for sending to Nexpose
+    #
+    # @return [String] A JSON String representation of the ConfigurationAttribute
+    def to_json
+      self.to_hash.to_json
+    end
+
+    # Convert the ConfigurationAttribute to a Hash
+    #
+    # @return [Hash] A Hash representation of the ConfigurationAttribute
+    def to_hash
+      prop = @property.to_sym
+      hash = {prop => {}}
+      hash[prop]['valueClass'] = @value_class
+      if @value_class == Eso::Values::ARRAY
+        items = []
+        @value.each{|v| items<< {'value' => v, 'valueClass' => Eso::Values::STRING}}
+        hash[prop]['items'] = items
+      else
+        hash[prop]['value'] = @value
+      end
+      hash
+    end
+
+    # Load a ConfigurationAttribute object from an Array
+    #
+    # @param [Array] array The Array containing the ConfigurationAttribute object
+    # @return [ConfigurationAttribute] The ConfigurationAttribute object which was in the Array
+    def self.load(array)
+      property = array.first
+      value_class = array.last['valueClass']
+      value =
+          if value_class == Eso::Values::ARRAY
+            array.last['items'].map{|item| item['value']}
+          else
+            array.last['value']
+          end
+      self.new(property, value_class, value)
+    end
+  end
+end

data/lib/eso/configuration/configuration_manager.rb

@@ -0,0 +1,145 @@
+module Eso
+##
+# This class represents a configuration manager service, which manages a number of configurations (ie a hostname,
+# port, username, and password) used to connect to services, and the services they connect to (ie, ePO, dxl, palo-alto).
+#
+  class ConfigurationManager
+    attr_accessor :url, :nexpose_console
+
+    ##
+    # Constructor for ConfigurationManager.
+    #
+    # @param [Nexpose::Connection] nsc A logged-in Nexpose::Connection object with a valid session used to authenticate.
+    # @return [Eso::ConfigurationManager] The newly created configurationManager object
+    #
+    def initialize(nsc)
+      @nexpose_console = nsc
+      @url = "https://#{nsc.host}:#{nsc.port}/eso/configuration-manager/api/"
+    end
+
+    ##
+    # Return all of the services that are currently supported by this configuration manager.
+    #
+    # @return [Array] An array containing all of services in the configuration manager in String object form.
+    #                 Returns an empty array if no services have been configured.
+    #
+    def services
+      json_data = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}service/", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(json_data)
+    end
+
+    ##
+    # Return all of the configurations of a particular service type.
+    #
+    # @param [String] service_name The name of a service to find configurations of.
+    # @return [Array] An array containing all the configurations of the given service type.
+    #
+    def service_configurations(service_name)
+      json_data = ::Nexpose::AJAX.get(@nexpose_console,
+                                    "#{@url}service/configuration/#{service_name}/",
+                                    ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(json_data, :symbolize_names => true)
+    end
+
+    ##
+    # Return the configuration of a particular service type with a particular name.
+    #
+    # @param [String] service_name The name of a service to find configurations of.
+    # @param [String] config_name The name of the Configuration.
+    # @return [Eso::Configuration] A Configuration object which matches the service name and config name requested.
+    def configuration_by_name(service_name, config_name)
+      service_configs_by_type =  service_configurations(service_name)
+      config_hash = service_configs_by_type.find { |config| config[:configName] == config_name }
+      Eso::Configuration.load(config_hash)
+    end
+
+    def configuration_type(service_name:)
+      json_data = ::Nexpose::AJAX.get(@nexpose_console,
+                                    "#{@url}service/configurationType/#{service_name.downcase}",
+                                    ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(json_data)
+    end
+
+    ##
+    # Get a configuration by id. Runs a GET call against the eso/configuration-manager/api/service/configuration/CONFIGURATION_ID endpoint
+    # @param [String] configuration_id The id of the configuration to get
+    # return [JSON] A json object representing a configuration
+    # TODO : Update to use an Eso::Configuration
+    def get_configuration(configuration_id)
+      json_data = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}/service/configuration/id/#{configuration_id}", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      JSON.parse(json_data, :symbolize_names => true)
+    end
+
+    ##
+    # Create a new configuration.
+    #
+    # @param [String] payload The JSON representation of a configuration.
+    # @return [Integer] The configID (>= 1) of the newly created configuration. Raises error on failure.
+    # TODO: Update to use an Eso::Configuration
+    def post_service_configuration(payload)
+      # TODO retry if the post fails on timeout
+      response_body = ::Nexpose::AJAX.post(@nexpose_console, "#{@url}service/configuration", payload, ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      config_id = Integer(JSON.parse(response_body)['data'])
+      raise Exception.new("API returned invalid configID (#{config_id}) while attempting to create configuration.") unless config_id >= 1
+      config_id
+    end
+
+    ##
+    # Test a configuration.
+    #
+    # @param [String] payload The JSON representation of a configuration.
+    # @return [String] The response from the call or an APIError
+    # TODO: Update to use an Eso::Configuration
+    def test_service_configuration(payload)
+      ::Nexpose::AJAX.post(@nexpose_console,
+                         "#{@url}service/configuration/test",
+                         payload,
+                         ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+    end
+
+    ##
+    # Delete a configuration. Runs a DELETE call against the eso/configuration-manager/api/service/configuration/CONFIGURATION_ID endpoint
+    #
+    # @param [String] configuration_id The id of the configuration to delete
+    # return [Boolean] Return true if the api reports a successful delete. Raises an error on failure.
+    def delete(configuration_id)
+      response_body = ::Nexpose::AJAX.delete(@nexpose_console, "#{@url}service/configuration/#{configuration_id}")
+      raise Exception.new("Failed to delete configuration with ID: #{configuration_id}") unless 'success' == response_body
+      true
+    end
+
+    ##
+    # Preview assets for a configuration. Calls a POST to the eso/configuration-manager/api/service/configuration/preview endpoint
+    #
+    # @param configuration The configuration to preview
+    # return [Array] previewed assets
+    # TODO: Update to use an Eso::Configuration
+    def preview_assets(configuration)
+      response_body = ::Nexpose::AJAX.post(@nexpose_console,
+                                         "#{@url}service/configuration/preview",
+                                         configuration,
+                                         ::Nexpose::AJAX::CONTENT_TYPE::JSON)
+      @preview_assets = JSON.parse(response_body)["previewAssets"]
+    end
+  end
+
+  module ConfigManagerMessages
+    module TestConfig
+      AUTH_FAILED_AWS       = 'Could not authenticate to Amazon Web Services.'
+      # Actual message will list out the bad ARNs
+      AUTH_FAILED_AWS_ARN   = /Could not authenticate to Amazon Web Services with the following ARNs/
+
+      CONNECTION_SUCCESSFUL = 'The connection to the external service was successful.'
+      # Applies to invalid user, password, wrong protocol, can't reach server, bad base or search query
+      CONNECTION_FAILED     = 'The connection to the external service failed.'
+
+      INVALID_FIELDS        = 'The configuration had invalid fields.'
+
+      RETRY_AD              = 'Failed to reach out to the Active Directory service, will try again.'
+      RETRY_AWS             = 'Failed to reach out to Amazon Web Services, will try again.'
+      RETRY_AZURE           = 'Failed to reach out to the Azure service, will try again.'
+      RETRY_DXL             = 'The DXL connection is currently down and the connection is in retry status.'
+      RETRY_EPO             = 'Failed to reach out to the ePO service, will try again.'
+    end
+  end
+end

data/lib/eso/filter.rb

@@ -0,0 +1,137 @@
+module Eso
+  class Filter
+    # These are defined in Eso::Filters which reside in the respective service they are related to.
+    attr_accessor :type
+
+    # These are the individual filter items
+    attr_accessor :filter_items
+
+    # Constructor for Filter.
+    #
+    # @param [String] type The type of filter this is. They are based on the service this filter exists in. These are defined in Eso::Filters which reside in the respective service they are related to.
+    # @param [Array] items Array of filters of this type
+    # @return [Eso::Filter] The newly created filter object
+    #
+    def initialize(type:, items: [])
+      @type = type
+      @filter_items = items
+     end
+
+    # Append a filter_item later
+    def <<(filter_item)
+      @filter_items << filter_item
+    end
+
+    def to_json
+      self.to_hash.to_json
+    end
+
+    def to_hash
+      hash = {}
+      hash[@type.to_sym] = {
+        valueClass: 'Array',
+        items: @filter_items.map{|item| item.to_hash}
+      }
+      hash
+    end
+    alias_method :to_h, :to_hash
+
+    class FilterItem
+      attr_accessor :type
+      # Examples are "OR", "IN", "CONTAINS". These should probably be constantized somewhere.
+      attr_accessor :operator
+      
+      # Array containing the values to filter on
+      attr_accessor :operands
+
+      def initialize(type:, operator:, operands:)
+        @type = "#{type}_ITEM"
+        @operator = operator
+        process_operands(operands)
+      end
+      
+      def process_operands(operands)
+        @operands =
+          if ["IS_EMPTY", "IS_NOT_EMPTY"].include? @operator
+            nil
+          elsif @type == "#{Eso::Filters::IP_ADDRESS}_ITEM" ||
+             @type == "#{Eso::Filters::IP_RANGE}_ITEM" ||
+             @type == "#{Eso::Filters::OPEN_PORT}_ITEM" ||
+             @type == "#{Eso::Filters::RISK_SCORE}_ITEM" ||
+             @type == "#{Eso::Filters::CVSS_SCORE}_ITEM"
+            operands.first.split('-')
+          else
+            operands
+          end
+
+        if @operands == nil
+          return
+        end
+        @operands.map! do |value|
+          # This regex is used to determine if the string is actually a float.
+          # http://stackoverflow.com/questions/1034418/determine-if-a-string-is-a-valid-float-value
+          if value =~ /^\s*[+-]?((\d+_?)*\d+(\.(\d+_?)*\d+)?|\.(\d+_?)*\d+)(\s*|([eE][+-]?(\d+_?)*\d+)\s*)$/
+            if (@type == "#{Eso::Filters::OPEN_PORT}_ITEM")
+              value.to_i
+            else
+              value.to_f
+            end
+            # If it's not a float, let's see if it's an integer.
+          elsif value.to_i.to_s == value
+            value.to_i
+            # Guess not, so lets keep the original value.
+          else
+            value
+          end
+        end
+      end
+      
+      def to_hash
+        hash = {
+          valueClass: "Object",
+          objectType: @type,
+          properties: {
+            operator: {
+              valueClass: "String",
+              value: @operator
+            }
+          }
+        }
+        # Currently there are no standards that say how many operands a filter can have
+        operand_hash = {}
+        operand_counter = 1
+        unless @operands.nil?
+          @operands.each do |operand|
+            label = "operand#{operand_counter}".to_sym
+          
+            # A correct value class is required because Jackson expects it.
+            # A Jackson processor for Ruby would probably make this much nicer
+            # Also, defaulting to Number is probably a bad idea, but based on current possible values in ESO this works.
+            case operand.class.to_s
+                
+            when "String"
+              value_class = "String"
+            when "Array"
+              value_class = "Array"
+            when "Fixnum"
+              value_class = "Integer"
+            else
+              value_class = "Number"
+            end
+            
+            operand_hash[label] = {
+              valueClass: value_class,
+              value: operand
+            }
+            operand_counter += 1
+          end
+
+          hash[:properties].merge! operand_hash
+        end
+
+        hash
+      end
+    end
+  end
+end
+

data/lib/eso/integration_option.rb

@@ -0,0 +1,88 @@
+module Eso
+
+  module IntegrationOptionNames
+    IMPORT_AD_ASSETS = 'import_ad_assets'
+    IMPORT_EPO_ASSETS = 'import_epo_assets'
+    SYNC_AZURE_ASSETS = 'sync_azure_assets'
+    SYNC_AZURE_ASSETS_WITH_TAGS = 'sync_azure_assets_with_tags'
+  end
+
+  # IntegrationOptionTypes is a way to categorize what various Integration Options do.
+  module IntegrationOptionTypes
+    # The IMPORT_TO_SITE Array tracks Integration Options which load Assets into a Site.
+    IMPORT_TO_SITE = [
+        IntegrationOptionNames::IMPORT_AD_ASSETS,
+        IntegrationOptionNames::IMPORT_EPO_ASSETS,
+        IntegrationOptionNames::SYNC_AZURE_ASSETS,
+        IntegrationOptionNames::SYNC_AZURE_ASSETS_WITH_TAGS
+    ]
+  end
+
+  class IntegrationOption
+    attr_accessor :name
+    attr_accessor :steps
+    attr_accessor :id
+
+    def initialize(id: nil, name:, steps: [])
+      @id = id
+      @name = name
+      @steps = steps
+    end
+
+    def site_id=(site_id)
+      # As of now, the site is always in the last Step of the IntegrationOption. Might change.
+      @steps.last.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id)
+    end
+
+    def site_id
+      # As of now, the site is always in the last Step of the IntegrationOption. Might change.
+      @steps.last.site_id
+    end
+
+    # Return this object and the associated steps in a digestible JSON format.
+    #
+    # @return [String] JSON interpretation of this workflow.
+    #
+    def to_json
+      # Convert Object to Hash
+      hash = self.to_hash
+
+      # Grab the Step objects and convert to Hashes
+      steps = hash['steps']
+      hashified_steps = []
+      steps.each {|step| hashified_steps << step.to_hash}
+      hash['steps'] = hashified_steps
+
+      # Convert Hash to JSON
+      hash.to_json
+    end
+
+    # Return this object as a Hash. The corresponding Steps will still be objects.
+    #
+    # @return [Hash] Hash interpretation of this IntegrationOption.
+    def to_hash
+      hash = {}
+      instance_variables.each {|var| hash[var.to_s.delete("@")] = instance_variable_get(var)}
+      hash
+    end
+
+    # Load a Hash of an IntegrationOption into an actual IntegrationOption. Probably didn't need to
+    # break out separately, but might be useful
+    #
+    # @param [Hash] raw_integration_option is a Hash representation of an IntegrationOption
+    # @return [IntegrationOption] The IntegrationOption version of the Hash
+    def self.load(raw_integration_option)
+      integration_option = IntegrationOption.new(id: raw_integration_option[:id], name: raw_integration_option[:name])
+      steps = raw_integration_option[:steps]
+      steps.each do |step|
+        step_config = step[:stepConfiguration]
+        integration_option.steps << Step.new(uuid: step[:uuid],
+                                             service_name: step[:serviceName],
+                                             type_name: step_config[:typeName],
+                                             previous_type_name: step_config[:previousTypeName],
+                                             configuration_params: step_config[:configurationParams])
+      end
+      integration_option
+    end
+  end
+end