prancer-basic 3.0.22__tar.gz → 3.0.25__tar.gz

{prancer-basic-3.0.22/src/prancer_basic.egg-info → prancer-basic-3.0.25}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 1.2
 Name: prancer-basic
-Version: 3.0.22
+Version: 3.0.25
 Summary: Prancer Basic, http://prancer.io/
 Home-page: https://github.com/prancer-io/cloud-validation-framework
 Author: Farshid M/Ajey Khanapuri

{prancer-basic-3.0.22 → prancer-basic-3.0.25}/setup.py

@@ -18,7 +18,7 @@ LONG_DESCRIPTION = """
 setup(
     name='prancer-basic',
     # also update the version in processor.__init__.py file
-    version='3.0.22',
+    version='3.0.25',
     description='Prancer Basic, http://prancer.io/',
     long_description=LONG_DESCRIPTION,
     license = "BSD",

{prancer-basic-3.0.22 → prancer-basic-3.0.25/src/prancer_basic.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 1.2
 Name: prancer-basic
-Version: 3.0.22
+Version: 3.0.25
 Summary: Prancer Basic, http://prancer.io/
 Home-page: https://github.com/prancer-io/cloud-validation-framework
 Author: Farshid M/Ajey Khanapuri

prancer-basic-3.0.25/src/processor/__init__.py

@@ -0,0 +1,3 @@
+# Prancer Basic
+
+__version__ = '3.0.25'

{prancer-basic-3.0.22 → prancer-basic-3.0.25}/src/processor/comparison/interpreter.py

@@ -737,6 +737,7 @@ class ComparatorV01:
         if exists_dir(json_dir):
             rego_file_name = '%s/%s/%s' % (json_dir, container, rego_file)
             if exists_file(rego_file_name):
+                rego_file_name = rego_file_name.replace(" ", "\ ")
                 pass
             else:
                 rego_file_name = None

{prancer-basic-3.0.22 → prancer-basic-3.0.25}/src/processor/connector/snapshot_aws.py

@@ -34,6 +34,7 @@ from processor.helper.httpapi.restapi_azure import json_source
 from processor.helper.httpapi.restapi_azure import get_client_secret
 from processor.connector.snapshot_utils import validate_snapshot_nodes
 from processor.connector.arn_parser import arnparse
+from processor.helper.config.remote_utils import get_value_from_customer_keyvault
 
 logger = getlogger()
 _valid_service_names = Session().get_available_services()
@@ -530,7 +531,10 @@ def get_all_nodes(awsclient, node, snapshot, connector):
         list_function = getattr(awsclient, list_function_name, None)
         if list_function and callable(list_function):
             try:
+                function_kwargs = node.get("kwargs", {})
                 list_kwargs = _get_list_function_kwargs(awsclient.meta._service_model.service_name, list_function_name)
+                list_kwargs.update(function_kwargs)
+                logger.debug("list_kwargs %s", list_kwargs)
                 response = list_function(**list_kwargs)
                 list_of_resources = _get_resources_from_list_function(response, list_function_name, awsclient.meta._service_model.service_name)
                 # print('list_of_resources: ', list_of_resources)
@@ -1140,8 +1144,13 @@ def populate_aws_snapshot(snapshot, container=None):
             if secret_access:
                 logger.info('Secret Access key from environment variable, Secret: %s', '*' * len(secret_access))
         
+        isremote = get_from_currentdata('remote')
         # Read the client secrets from the vault
-        if not secret_access:
+        if not secret_access and isremote:
+            secret_access = get_value_from_customer_keyvault(access_key)
+
+        # Read the client secrets from the vault
+        if not secret_access and not isremote:
             secret_access = get_vault_data(access_key)
             if secret_access:
                 logger.info('Secret Access key from vault Secret: %s', '*' * len(secret_access))

{prancer-basic-3.0.22 → prancer-basic-3.0.25}/src/processor/connector/snapshot_azure.py

@@ -27,6 +27,7 @@ from processor.database.database import insert_one_document, COLLECTION, get_col
      DATABASE, DBNAME, sort_field, get_documents
 from processor.connector.snapshot_utils import validate_snapshot_nodes
 from processor.templates.azure.azure_parser import AzureTemplateParser
+from processor.helper.config.remote_utils import get_value_from_customer_keyvault
 
 
 logger = getlogger()
@@ -320,9 +321,14 @@ def populate_client_secret(client_id, client_secret, snapshot_user):
         client_secret = os.getenv(snapshot_user, None)
         if client_secret:
             logger.info('Client Secret from environment variable, Secret: %s', '*' * len(client_secret))
-        
+
+    isremote = get_from_currentdata('remote')
     # Read the client secrets from the vault
-    if not client_secret:
+    if not client_secret and isremote:
+        client_secret = get_value_from_customer_keyvault(client_id)
+
+    # Read the client secrets from the vault
+    if not client_secret and not isremote:
         client_secret = get_vault_data(client_id)
         if client_secret:
             logger.info('Client Secret from Vault, Secret: %s', '*' * len(client_secret))

{prancer-basic-3.0.22 → prancer-basic-3.0.25}/src/processor/connector/snapshot_google.py

@@ -33,6 +33,7 @@ from processor.database.database import insert_one_document, sort_field, get_doc
     COLLECTION, DATABASE, DBNAME, get_collection_size, create_indexes
 from processor.helper.httpapi.restapi_azure import json_source
 from processor.connector.snapshot_utils import validate_snapshot_nodes
+from processor.helper.config.remote_utils import get_value_from_customer_keyvault
 import requests
 
 
@@ -187,6 +188,9 @@ def get_params_for_get_method(response, url_var, project_id):
 
             elif item == r"{cloud_run_service}":
                 params[item] = response['metadata']['name']
+            elif item == r"{secret}":
+                secret_name = response['name']
+                params[item] = secret_name.split('/')[-1]
 
         return params
     except Exception as ex:
@@ -715,9 +719,20 @@ def generate_gce(google_data, project, user):
         
         if not gce['private_key']:
             raise Exception("Private key does not exist at given private key path : %s " % private_key_path)
+
+    isremote = get_from_currentdata('remote')
+    if not gce['private_key'] and isremote:
+        gce['private_key'] = get_value_from_customer_keyvault(gce['private_key_id'])
+        logger.info('Private key from customer keyvault, Secret: %s', '*' * len(gce['private_key']))
     
+    elif not gce['private_key']:
+        gce['private_key'] = os.getenv("GCP_PRIVATE_KEY", None)
+        if gce['private_key']:
+            gce['private_key'] = gce['private_key'].replace("\\n","\n")
+            logger.info('Private key from environment variable, Secret: %s', '*' * len(gce['private_key']))
+
     # Read the private key from the vault
-    if not gce['private_key']:
+    if not gce['private_key'] and not isremote:
         private_key = get_vault_data(gce['private_key_id'])
         if private_key:
             gce["private_key"] = private_key.replace("\\n","\n")

{prancer-basic-3.0.22 → prancer-basic-3.0.25}/src/processor/crawler/utils.py

@@ -8,12 +8,15 @@ from processor.logging.log_handler import getlogger
 from processor.helper.httpapi.http_utils import http_get_request, http_post_request
 from processor.connector.vault import get_vault_data, set_vault_data
 from processor.connector.snapshot_azure import populate_client_secret
+from processor.helper.config.rundata_utils import get_from_currentdata
 from oauth2client.service_account import ServiceAccountCredentials
 from boto3 import client
 import copy
 import requests
 import tempfile
 import re
+import os
+from processor.helper.config.remote_utils import get_value_from_customer_keyvault
 
 logger = getlogger()
 
@@ -195,13 +198,22 @@ def access_token_from_service_account(private_key_id, private_key, client_email,
 def get_projects_list(private_key_id, private_key, client_email, client_id, test_user):
     """ Get google projects list """
     project_list = []
+    isremote = get_from_currentdata('remote')
+    if not private_key and isremote:
+        private_key = get_value_from_customer_keyvault(private_key_id)
+        logger.info('Private key from customer keyvault, Secret: %s', '*' * len(private_key))
+    
     if not private_key:
-        new_private_key = get_vault_data(private_key_id)
-    else:
-        new_private_key = private_key
-
-    if new_private_key:
-        access_token = access_token_from_service_account(private_key_id, new_private_key, client_email, client_id)
+        private_key = os.getenv("GCP_PRIVATE_KEY", None)
+        if private_key:
+            private_key = private_key.replace("\\n","\n")
+            logger.info('Private key from environment variable, Secret: %s', '*' * len(private_key))
+    
+    if not private_key and not isremote:
+        private_key = get_vault_data(private_key_id)
+    
+    if private_key:
+        access_token = access_token_from_service_account(private_key_id, private_key, client_email, client_id)
         if access_token:
             hdrs = {"Accept": "application/json", "Authorization": "Bearer %s" % access_token }
             url = "https://cloudresourcemanager.googleapis.com/v1/projects"

{prancer-basic-3.0.22 → prancer-basic-3.0.25}/src/processor/helper/config/remote_utils.py

@@ -5,10 +5,12 @@ import datetime
 import subprocess
 from urllib import request
 from inspect import currentframe, getframeinfo
-
+from processor.helper.config.rundata_utils import get_from_currentdata
 from processor.helper.file.file_utils import exists_file, exists_dir, mkdir_path
+from processor.helper.utils.compliance_utils import get_api_server
 from processor.helper.config.config_utils import COMPLIANCE, CRAWL, CRAWL_AND_COMPLIANCE, framework_dir, config_value, framework_config, \
     CFGFILE, get_config_data
+from processor.helper.httpapi.http_utils import http_get_request_useragent
 
 def console_log(message, cf):
     """Logger like statements only used till logger configuration is read and initialized."""
@@ -20,10 +22,14 @@ def console_log(message, cf):
     print(fmtstr)
 
 
-def remote_config_ini_setup():
+def mastersnapshot_type(masersnapshot_data):
+    return masersnapshot_data.get("json", {}).get("type", "")
+
+def remote_config_ini_setup(collection_data):
     """Need the config.ini file to read initial configuration data"""
     error = False
     config_ini = None
+    mastersnapshot = collection_data["masersnapshots"][0] if collection_data.get("masersnapshots") else {}
     fwdir = os.getenv('FRAMEWORKDIR', None)
     if fwdir:
         if exists_dir(fwdir):
@@ -60,7 +66,7 @@ def remote_config_ini_setup():
         if not opapresent:
             console_log("opa binary required, not present in path or current directory, exiting...", currentframe())
             error = True
-        if not error:
+        if not error and mastersnapshot_type(mastersnapshot) == "helm":
             helmpresent = check_exe_in_path_and_curdir(config_ini, 'HELM', 'helmexe', 'helm')
             if not helmpresent:
                 console_log("helm binary required, not present in path or current directory, exiting...", currentframe())
@@ -136,4 +142,25 @@ def create_remote_config(config_ini):
     cfgparser = configparser.ConfigParser(allow_no_value=True)
     cfgparser.read_dict(cdata)
     with open(config_ini, 'w') as configfile:
-        cfgparser.write(configfile)
+        cfgparser.write(configfile)
+
+
+def get_value_from_customer_keyvault(key):
+    value = None
+    env = get_from_currentdata('env')
+    apitoken = get_from_currentdata('apitoken')
+    company = get_from_currentdata('company')
+
+    apiserver = get_api_server(env, company)
+    vaultapi_uri = f'{apiserver}secret/vault/?key_name={key}'
+    if vaultapi_uri:
+        hdrs = {
+            "Content-Type": "application/json",
+            "Authorization" : f"Bearer {apitoken}"
+        }
+        status, data = http_get_request_useragent(vaultapi_uri, headers=hdrs, useragent=True)
+        if status and isinstance(status, int) and status == 200:
+            if 'data' in data:
+                value = data['data'].get("value")
+
+    return value

{prancer-basic-3.0.22 → prancer-basic-3.0.25}/src/processor/helper/utils/cli_validator.py

@@ -297,7 +297,7 @@ Run prancer for a list of snapshots
                         if status and isinstance(status, int) and status == 200:
                             if 'data' in data:
                                 collectionData = data['data']
-                                error, cfg_ini = remote_config_ini_setup()
+                                error, cfg_ini = remote_config_ini_setup(collectionData)
                                 if error:
                                     msg = "Unable to setup config.ini, exiting!....."
                                     console_log(msg, currentframe())

prancer-basic-3.0.22/src/processor/__init__.py

@@ -1,3 +0,0 @@
-# Prancer Basic
-
-__version__ = '3.0.22'