zscams 2.0.10__py3-none-any.whl → 2.0.12__py3-none-any.whl

zscams/__init__.py

@@ -1,3 +0,0 @@
-from .deps import ensure_native_deps
-
-ensure_native_deps()

zscams/__main__.py

@@ -2,14 +2,14 @@
 Main entry point for ZSCAMs Agent
 """
 
-import asyncio
 import sys
-import os
+import asyncio
 from zscams.agent.src.core.backend.bootstrap import bootstrap
 from zscams.agent.src.core.backend.unbootstrap import unbootstrap
 from zscams.agent.src.core.backend.update_machine_info import update_machine_info
 from zscams.agent.src.support.logger import get_logger
 from zscams.agent import init_parser, ensure_bootstrapped, run
+from zscams.agent.src.support.os import running_as_root
 
 logger = get_logger("ZSCAMs")
 
@@ -20,7 +20,7 @@ def main():
 
     if args.bootstrap:
         try:
-            if os.geteuid() != 0:
+            if not running_as_root():
                 logger.error("You are NOT running as root.")
                 sys.exit(1)
             bootstrap()
@@ -35,7 +35,7 @@ def main():
 
     if args.unbootstrap:
         try:
-            if os.geteuid() != 0:
+            if not running_as_root():
                 logger.error("You are NOT running as root.")
                 sys.exit(1)
             unbootstrap()

zscams/agent/__init__.py

@@ -2,7 +2,7 @@ import os
 import asyncio
 import sys
 import argparse
-from zscams.agent.src.support.configuration import get_config, CONFIG_PATH
+from zscams.agent.src.support.configuration import RemoteConfig, config, CONFIG_PATH
 from zscams.agent.src.support.filesystem import is_file_exists, resolve_path
 from zscams.agent.src.core.tunnel.tls import create_ssl_context
 from zscams.agent.src.core.tunnels import start_all_tunnels
@@ -38,8 +38,7 @@ def init_parser():
 def ensure_bootstrapped():
     """Ensure the agent is bootstrapped with the backend."""
 
-    config = get_config()
-    remote_cfg = config["remote"]
+    remote_cfg = config.get("remote", valtyp=dict)
     config_dir = os.path.dirname(CONFIG_PATH)
 
     files_to_ensure = [
@@ -69,11 +68,12 @@ def ensure_bootstrapped():
 async def run():
     """Asynchronous main function to start tunnels and services."""
 
-    config = get_config()
     config_dir = os.path.dirname(CONFIG_PATH)
-    ssl_context = create_ssl_context(config["remote"], config_dir=config_dir)
-    remote_host = config["remote"]["host"]
-    remote_port = config["remote"]["port"]
+    ssl_context = create_ssl_context(
+        config.get("remote", valtyp=RemoteConfig), config_dir=config_dir
+    )
+    remote_host = config.get("remote.host")
+    remote_port = config.get("remote.port")
 
     # Start tunnels and wait for readiness
     tunnel_tasks = await start_all_tunnels(

zscams/agent/configuration/config.j2

@@ -1,8 +1,7 @@
 ---
-backend:
+bootstrap:
   base_url: http://22.0.122.40:5000/api
   cache_dir: .cache
-bootstrap_info:
   blacklist_ports: []
   cert_issuer: ZSCAMs
   csr:
@@ -19,6 +18,7 @@ forwards:
     local_port: 4423
     sni_hostname: monitor-tunnel
 general:
+  install_project_deps: false
   health_check_interval: 30
 logging:
   level: 10

zscams/agent/configuration/freebsd_service.j2

@@ -10,7 +10,7 @@ name="zscams"
 rcvar="zscams_enable"
 
 # Execution command and arguments
-command="{ python_exec }"
+command="{python_exec}"
 command_args="-m zscams"
 
 # User to run the process

zscams/agent/src/core/backend/bootstrap.py

@@ -1,14 +1,19 @@
 import os
-from pathlib import Path
 import sysconfig
 import sys
 from typing import cast
 from zscams.agent.src.core.backend.client import backend_client
-from zscams.agent.src.support.configuration import reinitialize, CONFIG_PATH
+from zscams.agent.src.support.configuration import ROOT_PATH, config, CONFIG_PATH
 from zscams.agent.src.support.logger import get_logger
-from zscams.agent.src.support.os import create_system_user, install_service, is_freebsd
+from zscams.agent.src.support.os import (
+    create_system_user,
+    install_service,
+    is_freebsd,
+    is_linux,
+)
 from zscams.agent.src.support.ssh import add_to_authorized_keys
-from zscams.agent.src.support.cli import prompt
+from zscams.agent.src.support.cli import ensure_config_value, prompt, prompt_auth_info
+from zscams.deps import ensure_native_deps
 
 logger = get_logger("bootstrap")
 
@@ -16,32 +21,46 @@ logger = get_logger("bootstrap")
 def bootstrap():
     """Ensure the agent is bootstrapped with the backend."""
 
+    if config.get("general.install_project_deps", default=True):
+        ensure_native_deps()
+
+    ensure_config_value(
+        config_key_path="bootstrap.base_url",
+        prompt_message="Bootstrap server origin",
+        prompt_desc="(E.g. http://10.0.100.100:5000)",
+        process_value=lambda v: (
+            v.rstrip("/") + "/api"
+            if not v.rstrip("/").endswith("api")
+            else v.rstrip("/")
+        ),
+    )
+
+    ensure_config_value(
+        config_key_path="remote.host",
+        prompt_message="Remote host IP",
+        prompt_desc="(E.g. 10.0.100.100)",
+    )
+
     if backend_client.is_bootstrapped():
         logger.info("Agent ID %s is already bootstrapped.", backend_client.agent_id)
         return
 
-    username = input("Username: ")
-    totp = input("One Time Password (OTP): ")
-
+    username, totp = prompt_auth_info()
     backend_client.login(username, totp)
 
     customer_name = prompt(
-        "Customer Name",
         "Customer Name",
         required=True,
-        startswith="",
     )
     connector_name = prompt(
         "Connector Name",
-        "Connector Name [Unique name for this connector]",
+        "[Unique name for this connector]",
         required=True,
-        startswith="",
     )
     equipment_type = prompt(
         "Equipment Type",
-        "Equipment Type [Can be ZPA|VZEN|PSE]",
         required=True,
-        startswith="",
+        one_of=["ZPA", "VZEN", "PSE"],
     )
     equipment_name = (
         f"{equipment_type.lower()}-{customer_name.lower()}-{connector_name.lower()}"
@@ -49,7 +68,7 @@ def bootstrap():
     enforced_id = prompt("Enforced ID", "Enforced Agent ID")
     if not os.path.exists(CONFIG_PATH):
         os.remove(CONFIG_PATH)
-    reinitialize(equipment_name=equipment_name, equipment_type=equipment_type)
+    config.reinitialize(equipment_name=equipment_name, equipment_type=equipment_type)
     cm_info = backend_client.bootstrap(equipment_name, enforced_id or None)
 
     sys_user = cast(str, cm_info.get("ssh_user"))
@@ -60,18 +79,19 @@ def bootstrap():
 
 
 def install_zscams_systemd_service(user_to_run_as: str):
+    if not is_freebsd() and not is_linux():
+        logger.error("Unsupported OS for service installation.")
+        return
 
     data = {
         "pythonpath": sysconfig.get_paths()["purelib"],
         "python_exec": sys.executable,
         "user_to_run_as": user_to_run_as,
     }
-    import zscams
 
-    BASE_DIR = Path(zscams.__file__).resolve().parent
-    filename = "freebsd_service" if is_freebsd() else "linux_service"
-    template_path = f"{BASE_DIR}/agent/configuration/{filename}.j2"
-    with open(template_path) as f:
+    file_prefix = "freebsd" if is_freebsd() else "linux"
+    template_path = ROOT_PATH.joinpath(f"configuration/{file_prefix}_service.j2")
+    with open(template_path, encoding="utf-8") as f:
         template = f.read()
 
     rendered_config = template.format(**data)

zscams/agent/src/core/backend/client.py

@@ -5,16 +5,19 @@ import requests
 
 from typing import Optional, cast
 
+from zscams.agent.src.support.os import get_machine_id
+
 from .exceptions import AgentBootstrapError
 
 from zscams.agent.src.support.configuration import (
     CONFIG_PATH,
     ROOT_PATH,
-    get_config,
-    override_config,
+    config,
+)
+from zscams.agent.src.support.yaml import (
+    resolve_placeholders,
+    assert_no_placeholders_left,
 )
-from zscams.agent.src.support.yaml import resolve_placeholders, assert_no_placeholders_left
-from zscams.agent.src.support.mac import get_mac_address
 from zscams.agent.src.support.filesystem import resolve_path, ensure_dir, is_file_exists
 from zscams.agent.src.support.network import get_local_hostname, get_local_ip_address
 from zscams.agent.src.support.openssl import (
@@ -30,22 +33,17 @@ class BackendClient:
     MACHINE_INFO_FILE_NAME = "machine_info.json"
 
     def __init__(self):
-        config = get_config()
-        self.services_config = config.get("services", [])
-        self.backend_config = config.get("backend", {})
-        self.bootstrap_info = config.get("bootstrap_info", {})
-        self.remote_config = config.get("remote", {})
-        self.url = self.backend_config.get("base_url")
+        self.services_config = config.get("services", [], valtyp=list)
+        self.bootstrap_config = config.get("bootstrap", {}, valtyp=dict)
+        self.remote_config = config.get("remote", {}, valtyp=dict)
+        self.url = self.bootstrap_config.get("base_url")
         self.session = requests.session()
-        self.agent_id = get_mac_address()
+        self.agent_id = get_machine_id()
         self.logger = get_logger("backend_client")
 
-        self.__machine_cache_path = Path(
-            os.path.join(
-                ROOT_PATH.parent,
-                self.backend_config.get("cache_dir"),
-                self.MACHINE_INFO_FILE_NAME,
-            )
+        self.__machine_cache_path = ROOT_PATH.parent.parent.joinpath(
+            self.bootstrap_config.get("cache_dir", ".cache"),
+            self.MACHINE_INFO_FILE_NAME,
         )
 
     def bootstrap(self, equipment_name: str, enforced_id: Optional[str] = None):
@@ -59,8 +57,8 @@ class BackendClient:
 
         self.logger.info("bootstrapping agent ID %s", self.agent_id)
 
-        csr_info = self.bootstrap_info.get("csr", {})
-        remote_configs = get_config().get("remote", {})
+        csr_info = self.bootstrap_config.get("csr", {})
+        remote_configs = config.get("remote", {}, valtyp=dict)
 
         private_key_path = cast(
             str,
@@ -97,9 +95,13 @@ class BackendClient:
             "equipment_name": equipment_name,
             "csr": csr,
             "enforced_id": enforced_id,
-            "services": [service.get("name") for service in self.services_config if service.get("custom_port_name", None)],
-            "blacklist_ports": self.bootstrap_info.get("blacklist_ports", []),
-            "cert_issuer": self.bootstrap_info.get("cert_issuer", None),
+            "services": [
+                service.get("name")
+                for service in self.services_config
+                if service.get("custom_port_name", None)
+            ],
+            "blacklist_ports": self.bootstrap_config.get("blacklist_ports", []),
+            "cert_issuer": self.bootstrap_config.get("cert_issuer", None),
         }
 
         self.logger.debug(
@@ -135,6 +137,18 @@ class BackendClient:
 
         return customer_machine
 
+    def unbootstrap(self):
+        """This will remove the machine from the db and revoke the agent's certificate"""
+
+        if not self.is_authenticated():
+            self.logger.error("Couldn't authenticate")
+            raise AgentBootstrapError(
+                "Client is not authenticated to unbootstrap. Please login first."
+            )
+
+        res = self._delete(f"agent-bootstrap/{self.agent_id}")
+        return res.json().get("response")
+
     def get_machine_info(self, ignore_cache: bool = False):
         """Get machine information from the backend."""
 
@@ -170,7 +184,9 @@ class BackendClient:
 
     def _write_certificates(self, ca_chain: list[str], cert: str):
         if cert:
-            cert_path = os.path.join(ROOT_PATH, self.remote_config.get("client_cert"))
+            cert_path = os.path.join(
+                str(ROOT_PATH), self.remote_config.get("client_cert")
+            )
 
             self.logger.info("Writing signed certificate to %s", cert_path)
             with open(cert_path, "w", encoding="utf-8") as cert_file:
@@ -251,31 +267,35 @@ class BackendClient:
         return self.session.headers.get("Authorization") is not None
 
     def __prepare_path(self, path):
+        if self.url is None:
+            self.url = self.bootstrap_config.get("base_url")
         return f"{self.url}/{path.lstrip('/')}"
-            
+
     def __override_config_services_ports(self, cm_services: list[dict]):
         self.logger.debug("Overriding configuration services ports...")
 
-        config = get_config()
+        _config = config.to_dict()
         custom_ports = {}
         for cm_service in cm_services:
-            for cfg_service_idx, cfg_service in enumerate(config.get("services", [])):
+            for cfg_service_idx, cfg_service in enumerate(
+                config.get("services", [], valtyp=list[dict])
+            ):
                 if cm_service.get("name") == cfg_service.get("name"):
 
-                    if not config["services"][cfg_service_idx]["params"]:
-                        config["services"][cfg_service_idx]["params"] = {}
+                    if not _config["services"][cfg_service_idx]["params"]:
+                        _config["services"][cfg_service_idx]["params"] = {}
 
                     port_field_name = cfg_service.get("custom_port_name", None)
                     if port_field_name:
                         custom_ports[port_field_name] = cm_service.get("port")
-                        config["services"][cfg_service_idx]["params"][port_field_name] = (
-                            cm_service.get("port")
-                        )
-        resolve_placeholders(config, custom_ports)
-        assert_no_placeholders_left(config)
+                        _config["services"][cfg_service_idx]["params"][
+                            port_field_name
+                        ] = cm_service.get("port")
+        resolve_placeholders(_config, custom_ports)
+        assert_no_placeholders_left(_config)
         self.logger.debug("Done overriding the configurations")
 
-        return override_config(config)
+        return config.override_config(_config)
 
 
 backend_client = BackendClient()

zscams/agent/src/core/backend/unbootstrap.py

@@ -1,31 +1,50 @@
 import os
+from typing import cast
+
+from zscams.agent.src.support.cli import prompt_auth_info
+
+from .client import backend_client
 from zscams.agent.src.support.filesystem import resolve_path
-from zscams.agent.src.support.configuration import get_config, CONFIG_PATH, ROOT_PATH
+from zscams.agent.src.support.configuration import config, CONFIG_PATH, ROOT_PATH
 from zscams.agent.src.core.backend.client import BackendClient
 from zscams.agent.src.support.logger import get_logger
-from zscams.agent.src.support.os import remove_service, is_freebsd
+from zscams.agent.src.support.os import remove_service
 
 logger = get_logger("Unbootstrap")
 
 
 def unbootstrap():
-    remote_configs = get_config().get("remote", {})
-    backend_config = get_config().get("backend", {})
-    private_key_path = resolve_path(
-        remote_configs.get("client_key"), os.path.dirname(CONFIG_PATH)
+    username, totp = prompt_auth_info()
+    backend_client.login(username, totp)
+
+    backend_client.unbootstrap()
+    logger.info(
+        "Unbootstrapped from backend and revoked the certificate.",
+    )
+
+    remove_local_data()
+
+
+def remove_local_data():
+    remote_configs = config.get("remote", default={}, valtyp=dict)
+    private_key_path = cast(
+        str,
+        resolve_path(remote_configs.get("client_key"), os.path.dirname(CONFIG_PATH)),
     )
 
-    cert_path = resolve_path(
-        remote_configs.get("client_key"), os.path.dirname(CONFIG_PATH)
+    cert_path = cast(
+        str,
+        resolve_path(remote_configs.get("client_key"), os.path.dirname(CONFIG_PATH)),
     )
 
-    ca_chain_path = resolve_path(
-        remote_configs.get("client_key"), os.path.dirname(CONFIG_PATH)
+    ca_chain_path = cast(
+        str,
+        resolve_path(remote_configs.get("client_key"), os.path.dirname(CONFIG_PATH)),
     )
 
     cache_path = os.path.join(
         ROOT_PATH.parent,
-        backend_config.get("cache_dir"),
+        config.get("bootstrap.cache_dir", must_resolve=True, valtyp=str),
         BackendClient.MACHINE_INFO_FILE_NAME,
     )
 
@@ -45,5 +64,6 @@ def unbootstrap():
         os.remove(cache_path)
         logger.debug("Removed Machine info")
 
-    remove_service("zscams" if is_freebsd() else "zscams.service")
-    logger.debug("Removed ZSCAMs service")
+    removed_service = remove_service("zscams")
+    if removed_service:
+        logger.debug("Removed ZSCAMs service")

zscams/agent/src/support/cli.py

@@ -1,4 +1,5 @@
-from typing import Optional, cast
+from typing import Optional, Callable
+from zscams.agent.src.support.configuration import config
 from zscams.agent.src.support.logger import get_logger
 
 logger = get_logger("bootstrap")
@@ -14,13 +15,24 @@ class InvalidFieldException(Exception):
 
 def prompt(
     name: str,
-    message: str,
+    description: Optional[str] = None,
     required=False,
-    startswith: Optional[str] = None,
+    startswith: Optional[list[str]] = None,
+    one_of: Optional[list[str]] = None,
     fail_on_error=False,
     retries_count=3,
 ):
-    _message = message
+    _message = name
+
+    if description:
+        _message += f" {description}"
+
+    if startswith:
+        _message += f" [Must start with {'|'.join(startswith)}]"
+
+    if one_of:
+        _message += f" [Can be {'|'.join(one_of)}]"
+
     if not required:
         _message += " (Optional)"
 
@@ -31,20 +43,90 @@ def prompt(
     if required and not val:
         if fail_on_error:
             raise RequiredFieldException(f"Missing {name}")
-        logger.error(f"{name} is required..")
+        logger.error("%s is required..", name)
         retries_count -= 1
         return prompt(
-            name, message, required, startswith, fail_on_error=retries_count <= 0
+            name, description, required, startswith, fail_on_error=retries_count <= 0
         )
 
-    if startswith is not None and not val.startswith(startswith):
-        error_mesagge = f"The value has to start with {startswith}"
-        if fail_on_error:
-            raise InvalidFieldException(error_mesagge)
-        logger.error(error_mesagge)
-        retries_count -= 1
-        return prompt(
-            name, message, required, startswith, fail_on_error=retries_count <= 0
-        )
+    if startswith:
+        matches = next((start for start in startswith if val.startswith(start)), False)
+        if not matches:
+            error_mesagge = f"The value has to start with one of {startswith}"
+            if fail_on_error:
+                raise InvalidFieldException(error_mesagge)
+            logger.error(error_mesagge)
+            retries_count -= 1
+            return prompt(
+                name,
+                description,
+                required,
+                one_of=one_of,
+                startswith=startswith,
+                fail_on_error=retries_count <= 0,
+            )
+
+    if one_of:
+        matches = next((opt for opt in one_of if val == opt), False)
+        if not matches:
+            error_mesagge = f"The value has to be one of {one_of}"
+            if fail_on_error:
+                raise InvalidFieldException(error_mesagge)
+            logger.error(error_mesagge)
+            retries_count -= 1
+            return prompt(
+                name,
+                description,
+                required,
+                one_of=one_of,
+                startswith=startswith,
+                fail_on_error=retries_count <= 0,
+            )
 
     return val
+
+
+def prompt_auth_info():
+    """Prompt for username and totp"""
+
+    username = prompt("Username", required=True)
+    totp = prompt("One Time Password (OTP)", required=True)
+    return username, totp
+
+
+def ensure_config_value(
+    config_key_path: str,
+    prompt_message: str,
+    prompt_desc: Optional[str] = None,
+    process_value: Optional[Callable] = None,
+):
+    """
+    Ensures a configuration value is set. If not, prompts the user and sets it.
+
+    Args:
+        config_key_path (list): List of keys representing the path in the config dict.
+        prompt_message (str): Message to display in the prompt.
+        default_value (str, optional): Default value for the prompt.
+        process_value (callable, optional): Function to process the input value.
+        append_path_segment (str, optional): Path segment to append if needed.
+    """
+    if config.has(config_key_path):
+        return
+
+    value = prompt(prompt_message, prompt_desc, required=True)
+
+    if process_value:
+        value = process_value(value)
+
+    _config = config.to_dict()
+
+    d = _config
+    keys_list = config_key_path.split(".")
+    for key in keys_list[:-1]:
+        if key not in d:
+            d[key] = {}
+        d = d[key]
+
+    d[keys_list[-1]] = value
+
+    config.override_config(_config)

zscams/agent/src/support/configuration.py

@@ -3,19 +3,119 @@ Configuration loader module
 """
 
 import os
+import sys
 from pathlib import Path
-from typing import TypedDict
-import json
+from typing import Optional, Type, TypeVar, TypedDict, cast
 import yaml
-from zscams.agent.src.support.yaml import YamlIndentedListsDumper,  resolve_placeholders
 
+import zscams
+from zscams.agent.src.support.yaml import YamlIndentedListsDumper, resolve_placeholders
 
-config = {}
-
-ROOT_PATH = Path(__file__).parent.parent.parent
-
+ROOT_PATH = Path(zscams.__file__).resolve().parent.joinpath("agent")
 CONFIG_PATH = os.path.join(ROOT_PATH.absolute(), "config.yaml")
 
+GetReturnT = TypeVar("T")
+
+
+class MissingConfiguration(BaseException):
+    """Error when the requisted key is not found"""
+
+
+class Configuration:
+    """Class to get/set configurations and handle the configurations file."""
+
+    __instance = None
+    __config = {}
+
+    def __init__(self):
+        self.__load_config()
+
+    def __new__(cls):
+        if cls.__instance is None:
+            cls.__instance = super().__new__(cls)
+        return cls.__instance
+
+    def __load_config(self):
+        try:
+            with open(CONFIG_PATH, "r", encoding="utf-8") as f:
+                self.__config = yaml.safe_load(f)
+        except FileNotFoundError:
+            print(
+                f"Can't find configurations file. Make sure you have it by running `cp '{ROOT_PATH.joinpath('configuration/config.j2')}' '{CONFIG_PATH}'`",
+            )
+            sys.exit(1)
+
+    def override_config(self, new_config: dict):
+        """
+        Override the existing configuration with a new one.
+        Args:
+            new_config (dict): New configuration dictionary to override the existing one.
+        """
+        self.__config = new_config
+
+        with open(CONFIG_PATH, "w", encoding="utf-8") as file:
+            yaml.dump(
+                self.__config,
+                file,
+                Dumper=YamlIndentedListsDumper,
+                default_flow_style=False,
+                explicit_start=True,
+            )
+
+    def to_dict(self):
+        return self.__config
+
+    def get(
+        self,
+        key: str,
+        default: Optional[GetReturnT] = None,
+        must_resolve=False,
+        valtyp: Type[GetReturnT] = str,
+    ) -> GetReturnT:
+        """
+        Returns the configuration value.
+
+        Args:
+            key (str): The configurations dotnotation key to get the value of.
+            default (Optional[T]): The default value if the configurations wasn't found.
+            must_resolve (bool): Wheither to throw an error if the value wasn't found and if there was no default.
+            valtyp (Type[T]): The expected type of the return value.
+        """
+
+        keys = key.split(".")
+        val = self.__config
+
+        for k in keys:
+            if isinstance(val, dict) and k in val:
+                val = val.get(k, default)
+            elif isinstance(val, list) and int(k) < len(val):
+                val = val[int(k)]
+            elif default is not None:
+                val = default
+                break
+            elif must_resolve:
+                raise MissingConfiguration
+            else:
+                val = None
+                break
+
+        return cast(GetReturnT, val)
+
+    def has(self, key: str):
+        try:
+            self.get(key, must_resolve=True)
+            return True
+        except MissingConfiguration:
+            return False
+
+    def reinitialize(self, **kwargs):
+        """Regenerate the config template with new values"""
+        template_path = ROOT_PATH.joinpath("configuration/config.j2")
+        with open(template_path, encoding="utf-8") as f:
+            template = yaml.safe_load(f)
+        resolve_placeholders(template, kwargs)
+        self.override_config(template)
+
 
 class RemoteConfig(TypedDict):
     """Type definition for remote configuration."""
@@ -27,60 +127,5 @@ class RemoteConfig(TypedDict):
     ca_cert: str
     ca_chain: str
 
-def reinitialize(**kwargs):
-    import zscams
-    BASE_DIR = Path(zscams.__file__).resolve().parent
-    template_path = f"{BASE_DIR}/agent/configuration/config.j2"
-    with open(template_path) as f:
-        template = yaml.safe_load(f)
-    resolve_placeholders(template, kwargs)
-    override_config(template)
-
-def save_config(data):
-    """Save the YAML config back to disk."""
-    with open(CONFIG_PATH, "w", encoding="utf-8") as f:
-        yaml.safe_dump(data, f, default_flow_style=False)
-
-
-def load_config():
-    """
-    Load and parse the YAML configuration file.
-
-    Returns:
-        dict: Configuration dictionary containing remote settings and forwards.
-    """
-    with open(CONFIG_PATH, "r", encoding="utf-8") as f:
-        config = yaml.safe_load(f)
-        return config
-
-
-def get_config():
-    """
-    Get the loaded configuration.
-
-    Returns:
-        dict: Configuration dictionary containing remote settings and forwards.
-    """
-
-    if not config:
-        return load_config()
-
-    return config
-
-
-def override_config(new_config: dict):
-    """
-    Override the existing configuration with a new one.
-    Args:
-        new_config (dict): New configuration dictionary to override the existing one.
-    """
-    config = new_config
-
-    with open(CONFIG_PATH, "w", encoding="utf-8") as file:
-        yaml.dump(
-            config,
-            file,
-            Dumper=YamlIndentedListsDumper,
-            default_flow_style=False,
-            explicit_start=True,
-        )
+
+config = Configuration()

zscams/agent/src/support/logger.py

@@ -10,7 +10,7 @@ import platform
 from typing import Dict
 from logging import Logger
 
-from zscams.agent.src.support.configuration import get_config
+from zscams.agent.src.support.configuration import config
 
 loggers: Dict[str, Logger] = {}
 
@@ -66,7 +66,8 @@ def get_logger(name: str) -> Logger:
     logger = logging.getLogger(
         f"ZSCAMs - {name}" if name.lower().find("zscams") == -1 else name
     )
-    logger.setLevel(get_config().get("logging", {}).get("level", 10))
+    logging_level = config.get("logging.level", default=10, valtyp=int)
+    logger.setLevel(logging_level)
     logger.propagate = False  # Prevent duplicate logs
 
     # Cleanup handlers if any
@@ -75,7 +76,7 @@ def get_logger(name: str) -> Logger:
 
     # -------- Console Handler -------- #
     console_handler = logging.StreamHandler(sys.stdout)
-    console_handler.setLevel(get_config().get("logging", {}).get("level", 10))
+    console_handler.setLevel(logging_level)
 
     console_formatter = ColorFormatter(
         fmt="[%(asctime)s] [%(levelname)s] [%(name)s] %(message)s",

zscams/agent/src/support/os.py

@@ -1,9 +1,10 @@
 import os
+from pathlib import Path
 import sys
 import subprocess
 import platform
-import subprocess
 from zscams.agent.src.support.logger import get_logger
+from zscams.agent.src.support.mac import get_mac_address
 
 from .filesystem import write_to_file
 
@@ -11,9 +12,14 @@ logger = get_logger("os_support")
 
 
 def is_linux():
-    if sys.platform.lower().startswith("linux"):
-        return True
-    return False
+    return sys.platform.lower().startswith("linux")
+
+
+def is_freebsd():
+    return (
+        platform.system().lower() == "freebsd"
+        or platform.system().lower() == "zscaleros"
+    )
 
 
 def system_user_exists(username: str):
@@ -30,16 +36,9 @@ def system_user_exists(username: str):
         return False
 
 
-def is_freebsd():
-    return (
-        platform.system().lower() == "freebsd"
-        or platform.system().lower() == "zscaleros"
-    )
-
-
 def create_system_user(username: str):
     # Support both Linux and FreeBSD
-    if not (platform.system() == "Linux" or is_freebsd()):
+    if not (is_linux() or is_freebsd()):
         logger.error(
             "Error creating system user: This script is intended to run on Linux or FreeBSD systems."
         )
@@ -146,12 +145,15 @@ def remove_service(service_name: str):
     # Standardize name (remove .service suffix if present for consistency)
     clean_name = service_name.replace(".service", "")
 
+    if not is_linux() or not is_freebsd():
+        logger.error("Unsupported OS for service removal.")
+        return False
+
     if is_linux():
         _remove_systemd_service(clean_name)
     elif is_freebsd():
         _remove_rc_service(clean_name)
-    else:
-        logger.error("Unsupported OS for service removal.")
+    return True
 
 
 def _remove_systemd_service(name: str):
@@ -187,3 +189,16 @@ def _remove_rc_service(name: str):
 
     except subprocess.CalledProcessError as e:
         logger.error("Failed to remove FreeBSD service: %s", e)
+
+
+def running_as_root():
+    if not is_linux() and not is_freebsd():
+        return True
+    return os.geteuid() == 0
+
+
+def get_machine_id():
+    try:
+        return Path("/etc/machine-id").read_text("utf-8").strip()
+    except FileNotFoundError:
+        return get_mac_address()

zscams/agent/src/support/ssh.py

@@ -1,4 +1,3 @@
-from zscams.agent.src.support.configuration import get_config
 from zscams.agent.src.support.filesystem import append_to_file
 from zscams.agent.src.support.logger import get_logger
 
@@ -6,18 +5,18 @@ from zscams.agent.src.support.logger import get_logger
 logger = get_logger("ssh_support")
 
 
-def add_to_known_hosts(hostname: str, pub_key: str):
+def add_to_known_hosts(user: str, hostname: str, pub_key: str):
     logger.debug("Appending '%s' to known hosts...", pub_key)
     append_to_file(
-        get_config().get("ssh", {}).get("known_hosts_file_path"),
+        f"/home/{user}/.ssh/known_hosts",
         f"{hostname} {pub_key}\n",
     )
     logger.debug("Appended key to known hosts")
 
 
-def add_to_authorized_keys(user, pub_key):
+def add_to_authorized_keys(user: str, pub_key: str):
     logger.debug(f"Appending to public key to {user}")
-    key = pub_key.split(' ')[1] if len(pub_key.split(' ')) >= 2 else pub_key
+    key = pub_key.split(" ")[1] if len(pub_key.split(" ")) >= 2 else pub_key
     append_to_file(
         f"/home/{user}/.ssh/authorized_keys",
         f"ssh-rsa {key} zscams@orangecyberdefense\n",

zscams/agent/src/support/yaml.py

@@ -5,7 +5,8 @@ class YamlIndentedListsDumper(yaml.Dumper):
     def increase_indent(self, flow=False, indentless=False):
         return super(YamlIndentedListsDumper, self).increase_indent(flow, False)
 
-def resolve_placeholders( obj, values: dict[str, int]):
+
+def resolve_placeholders(obj, values: dict[str, int]):
     """
     Recursively replace '{key}' strings with values[key]
     in dicts, lists, and strings.
@@ -26,6 +27,8 @@ def resolve_placeholders( obj, values: dict[str, int]):
         return obj
 
     return obj
+
+
 def assert_no_placeholders_left(obj):
     if isinstance(obj, dict):
         for v in obj.values():
@@ -34,4 +37,5 @@ def assert_no_placeholders_left(obj):
         for v in obj:
             assert_no_placeholders_left(v)
     elif isinstance(obj, str) and obj.startswith("{") and obj.endswith("}"):
-        raise ValueError(f"Unresolved placeholder: {obj}")
+        raise ValueError(f"Unresolved placeholder: {obj}")
+

zscams/deps.py

@@ -1,9 +1,10 @@
 import subprocess
 import sys
-import platform
 import os
 import importlib.util
 
+from zscams.agent.src.support.os import is_freebsd
+
 
 def is_installed(name):
     return importlib.util.find_spec(name) is not None
@@ -11,10 +12,7 @@ def is_installed(name):
 
 def ensure_native_deps():
     # Only run this logic on FreeBSD
-    if (
-        platform.system().lower() != "freebsd"
-        and platform.system().lower() != "zscaleros"
-    ):
+    if not is_freebsd():
         # --- Linux/Standard Path ---
         # On Linux, we just use pip to install the missing pieces
         # We use 'PyYAML' instead of 'yaml' for pip

{zscams-2.0.10.dist-info → zscams-2.0.12.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: zscams
-Version: 2.0.10
+Version: 2.0.12
 Summary: Async TLS tunnel client with SNI routing, auto-reconnect, and health checks
 Author: OCD - Cairo Software Team
 Maintainer: OCD - Cairo Software Team

{zscams-2.0.10.dist-info → zscams-2.0.12.dist-info}/RECORD

@@ -1,18 +1,17 @@
-zscams/__init__.py,sha256=xAeDJU2cSBrdspt5aVRTYIzAbGSGvn-CtGV4qc7moQ0,59
-zscams/__main__.py,sha256=-vjCPBc7n_M3Gq7GRu5TWhdxJrPcU_NV1sZEXvUZU58,1432
-zscams/agent/__init__.py,sha256=zGhrb1drq8BP9uvuXeq-L8HhtfWW7s-_1VjVJ-jaykY,3105
+zscams/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+zscams/__main__.py,sha256=TcHhPfv7zHxD1orIDbv5Tr5WB10wq7nGNnifVr7SqPg,1486
+zscams/agent/__init__.py,sha256=F1GZKevu-XdgWdT5mP-PnjWDdbgAnsaCDFtoPS7RtEo,3121
 zscams/agent/certificates/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-zscams/agent/config.yaml,sha256=0DuIENHlSoo6nRg4Xa0ZljHGgDGQiWSEX8b_uRMtpS0,2542
-zscams/agent/configuration/config.j2,sha256=95lUo1oo_EExGCHIhlBnaeK0cwmr9gUXfh7TYP9WYdg,2633
-zscams/agent/configuration/freebsd_service.j2,sha256=d0Nh6WJFGw7PhO_dfUjECx2NXTGagalvuIE0aulXIYE,309
+zscams/agent/configuration/config.j2,sha256=znK-UvRB3-PiEOUPrFuAYDbkAA-zog-Js-et4-97rY4,2649
+zscams/agent/configuration/freebsd_service.j2,sha256=LHW1bEz0ky2aasYBy1JpreAzplzqJ53z8SNbDElD4y0,307
 zscams/agent/configuration/linux_service.j2,sha256=UOrGrXvBK2mFit_b3QxUAKgZhG-dmKV8-45bksxL4NE,225
 zscams/agent/keys/autoport.key,sha256=hZBmtw_nLsZwe11LYlwLL-P_blQ_qpUDpFwvqOZDZFE,1679
 zscams/agent/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 zscams/agent/src/core/__init__.py,sha256=CEDwvbxojtNZOfOOFBj-URg4Q0KB0cq9AqIiD0uzPic,24
-zscams/agent/src/core/backend/bootstrap.py,sha256=ELkDtvNa_Bn4JO4JWgW9Y0pu0NVvAM6bEkgFyXJMon0,2541
-zscams/agent/src/core/backend/client.py,sha256=xZw2GuOVw6Ek-QI9OaUO4rqzIrs4xGwiPizBLCH89fo,10123
+zscams/agent/src/core/backend/bootstrap.py,sha256=oeSERVRo6CqXWraDm2z-JUpasjmObeBDhEQqlSVE_FQ,3145
+zscams/agent/src/core/backend/client.py,sha256=QFMqG58EUzYJ1ODsqU6I4fxhQAGvgS1xywA30EbKpq4,10727
 zscams/agent/src/core/backend/exceptions.py,sha256=osMbVb_ZGvrGbw5cOCMG1s4yBLukJl7T8TITCcVPyXA,383
-zscams/agent/src/core/backend/unbootstrap.py,sha256=ULY78KGuv-Pcz69L6PyhU_4_xRaMZCrrln1TdejjzBE,1554
+zscams/agent/src/core/backend/unbootstrap.py,sha256=PZAN_Bgf26iEJoljCIs0cftCyC0lqPkgThjpaK_i0zU,1978
 zscams/agent/src/core/backend/update_machine_info.py,sha256=9chBdvsLeLVf5DsvSHiUO9xQpXSbDgqhdnrUwxyoKUM,474
 zscams/agent/src/core/prerequisites.py,sha256=5OlXBEg8FaYp6LXjJHtbdcpRaMywR-DBDyvDr_OiVdA,1286
 zscams/agent/src/core/service_health_check.py,sha256=9VUWQitXcDEwLcHTTeequi6om98OXN-JIIMZCCH5y4A,1733
@@ -25,18 +24,18 @@ zscams/agent/src/services/reverse_ssh.py,sha256=LUbl7FwKltN2irQ-lAsECm-JMr0PRlgb
 zscams/agent/src/services/ssh_forwarder.py,sha256=vl3afyWxvYu114o5PTQpg3aok9oaLdVfIwydVxE5bUo,2446
 zscams/agent/src/services/system_monitor.py,sha256=caGexjOD0eH7GVDdQQIBdTlMpYema_YIUEo3F-fG1vM,7526
 zscams/agent/src/support/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-zscams/agent/src/support/cli.py,sha256=6Y0zokhwhWcsmjEosGqq_kMqF3tn4juPpsBmQax1Oyc,1221
-zscams/agent/src/support/configuration.py,sha256=hnJhvJLdL5ElZITDFLybTOHVACBHttWgy8sXhmu75Wc,2025
+zscams/agent/src/support/cli.py,sha256=QexHTsEFSRy3AY-29m0Q-0msL4fxooRUJdIN0vAT_WI,3641
+zscams/agent/src/support/configuration.py,sha256=3jGtXdGBPE2zKfMb2T85837YJOHTALhP_r8W__ej7qs,3761
 zscams/agent/src/support/filesystem.py,sha256=e2p2xWxitLkTclyVgmDC-2DGROBwowves7dlm0S47Hw,1719
-zscams/agent/src/support/logger.py,sha256=rKjAVO6vDeXYTM9__q2lcc1PBiJoZUqLzry8yMf71vY,2347
+zscams/agent/src/support/logger.py,sha256=cKmCqy2dSOJk7kivs9QPyop7bLa71619ODNylS27z6M,2345
 zscams/agent/src/support/mac.py,sha256=XVKc5YAYLu4a-5VrMhcwgkMNnP2u6itK3cx-Oxnx4IA,453
 zscams/agent/src/support/network.py,sha256=VwVVNqykZxvrTPwPYQ3sSVMc_Z2XUwASlo_kd_wdGDs,1453
 zscams/agent/src/support/openssl.py,sha256=jLSv8ajIw1YfNdBhz4KSvNp-cARLXY9-7qdzne9Zca4,3429
-zscams/agent/src/support/os.py,sha256=QxAfj8nhC6EIpN14snIsjF5c2i8tWhtCS4DzWIZBSJc,6691
-zscams/agent/src/support/ssh.py,sha256=J9-XsVc6fGdcTN9CsfmgDRaMnfaWluDUaPGug7BVl6Q,812
-zscams/agent/src/support/yaml.py,sha256=bKsQzXHAgjCxkGzPR8bgaUPB-QHMR3AMEVuvn4RRpnA,1188
-zscams/deps.py,sha256=D2WEI7dLoMnPl_OL7NOSXe-k25p1FFeeGsY1Mh7IIEw,3630
-zscams-2.0.10.dist-info/METADATA,sha256=JoWXxVqzag06DUBG1LpxVPg2eQrC28jyMZj5l6zAOTM,6806
-zscams-2.0.10.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
-zscams-2.0.10.dist-info/entry_points.txt,sha256=IXiMYjEq4q0tUiD9O7eCWhqKBuOssXrMW42siTBAgG8,47
-zscams-2.0.10.dist-info/RECORD,,
+zscams/agent/src/support/os.py,sha256=EhDy5mMyZsDFK_eL_qot5l2e94r3RODVLh2eX2BvONg,7054
+zscams/agent/src/support/ssh.py,sha256=5qJpKIIiidG1r9AMeAIfb4c4eGOV4MExSVmQUgAuVzs,747
+zscams/agent/src/support/yaml.py,sha256=7NXPqj-v_RUif3fLfErNwSUJ-Y-so0GCFZ5aIiU96GQ,1192
+zscams/deps.py,sha256=9xbpgq77oTch-Nv_99QQtkyO3a96JxqFjUH_2d5zt4Q,3575
+zscams-2.0.12.dist-info/METADATA,sha256=ChVB7wedYEAGnl3H8u2Qzor8OxKStTpov5oVeWuyFZY,6806
+zscams-2.0.12.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
+zscams-2.0.12.dist-info/entry_points.txt,sha256=IXiMYjEq4q0tUiD9O7eCWhqKBuOssXrMW42siTBAgG8,47
+zscams-2.0.12.dist-info/RECORD,,

zscams/agent/config.yaml

@@ -1,103 +0,0 @@
----
-backend:
-  base_url: http://22.0.122.40:5000/api
-  cache_dir: .cache
-bootstrap_info:
-  blacklist_ports: []
-  cert_issuer: ZSCAMs
-  csr:
-    country: FR
-    default_common_name: zscams-agent.orangecyberdefense.com
-    locality: Paris
-    organization: zscams-agent.orangecyberdefense.com
-    state: Ile-de-France
-forwards:
-  - description: Forward to SSH backend
-    local_port: 4422
-    sni_hostname: ssh-tunnel
-  - description: Forward to Seculogs
-    local_port: 4423
-    sni_hostname: monitor-tunnel
-general:
-  health_check_interval: 30
-logging:
-  level: 10
-remote:
-  ca_cert: certificates/ca_chain.pem
-  ca_chain: certificates/ca_chain.pem
-  client_cert: certificates/client.crt
-  client_key: certificates/client.key
-  host: 81.255.240.214
-  port: 443
-  verify_cert: false
-services:
-  - args: []
-    custom_port_name: reverse_port
-    health:
-      host: localhost
-      port: 22
-    name: Reverse SSH
-    params:
-      local_port: 4422
-      private_key: keys/autoport.key
-      remote_host: localhost
-      reverse_port: 10000
-      server_ssh_user: ssh_user
-      ssh_options:
-        - -o LogLevel=error
-        - -o UserKnownHostsFile=/dev/null
-        - -o StrictHostKeyChecking=no
-        - -o ServerAliveInterval=30
-        - -o ServerAliveCountMax=2
-    port: 22
-    prerequisites:
-      files:
-        - zscams/agent/keys/autoport.key
-      ports:
-        - 22
-      services: []
-    script: src/services/reverse_ssh.py
-  - args: []
-    custom_port_name: forwarder_port
-    health:
-      host: localhost
-      port: 10001
-    name: Monitor Forwarder
-    params:
-      forwarder_port: 10001
-      local_port: 4423
-      private_key: zscams/agent/keys/autoport.key
-      remote_host: 194.51.14.159
-      remote_port: 530
-      server_ssh_user: ssh_user
-      ssh_options:
-        - -o LogLevel=error
-        - -o UserKnownHostsFile=/dev/null
-        - -o StrictHostKeyChecking=no
-        - -o ServerAliveInterval=30
-        - -o ServerAliveCountMax=2
-    port: 530
-    prerequisites:
-      files:
-        - zscams/agent/keys/autoport.key
-      ports: []
-      services: []
-    script: src/services/ssh_forwarder.py
-  - args: []
-    health:
-      host: localhost
-      port: 10001
-    name: Monitor Service
-    params:
-      equipment_name: zpa-orange-swec-dev-01
-      equipment_type: zpa
-      remote_host: localhost
-      remote_port: 10001
-      service_name: Zscaler-AppConnector
-    port: 10001
-    prerequisites:
-      files: []
-      ports:
-        - 10001
-      services: []
-    script: src/services/system_monitor.py