zscams 2.0.4__py3-none-any.whl

zscams/agent/src/core/tunnels.py

@@ -0,0 +1,55 @@
+"""
+Utilities to start TLS tunnels asynchronously
+
+- Supports multiple forwards
+- Signals readiness via asyncio.Event
+- Auto-reconnect and logging
+"""
+
+import asyncio
+from zscams.agent.src.core.tunnel import start_tunnel
+from zscams.agent.src.support.logger import get_logger
+
+logger = get_logger("tunnel_launcher")
+
+
+async def start_all_tunnels(forwards_cfg_list, remote_host, remote_port, ssl_context):
+    """
+    Start all TLS tunnels concurrently and wait for readiness.
+
+    Args:
+        forwards_cfg_list (list): List of forward dictionaries from config
+            Each dict should have:
+                - local_port
+                - sni_hostname
+        remote_host (str): Remote host to connect to
+        remote_port (int): Remote port to connect to
+        ssl_context (ssl.SSLContext): SSL context for the TLS tunnel
+
+    Returns:
+        list of asyncio.Tasks: tunnel tasks running indefinitely
+    """
+    tasks = []
+    ready_events = []
+
+    for forward_cfg in forwards_cfg_list:
+        ready_event = asyncio.Event()
+        ready_events.append(ready_event)
+        tasks.append(
+            asyncio.create_task(
+                start_tunnel(
+                    local_port=forward_cfg["local_port"],
+                    remote_host=remote_host,
+                    remote_port=remote_port,
+                    sni_hostname=forward_cfg["sni_hostname"],
+                    ssl_context=ssl_context,
+                    reconnect_max_delay=60,
+                    ready_event=ready_event,
+                )
+            )
+        )
+
+    # Wait for all tunnels to signal readiness
+    await asyncio.gather(*(event.wait() for event in ready_events))
+    logger.info("[*] %d tunnel(s) ready", len(tasks))
+    return tasks

zscams/agent/src/services/reverse_ssh.py

@@ -0,0 +1,73 @@
+import asyncio
+import json
+import os
+import sys
+from zscams.agent.src.support.logger import get_logger
+
+logger = get_logger("autossh_service")
+
+# Load service-specific params from environment
+params_env = os.environ.get("SERVICE_PARAMS")
+if not params_env:
+    logger.error("SERVICE_PARAMS environment variable not set")
+    sys.exit(1)
+
+params = json.loads(params_env)
+
+LOCAL_PORT = params.get("local_port", 4422)
+SERVER_SSH_USER = params.get("server_ssh_user", "ssh_user")
+REVERSE_PORT = params.get("reverse_port", 2222)
+PRIVATE_KEY = params.get("private_key")  # Path to RSA key
+SSH_OPTIONS = params.get("ssh_options", [])
+CHECK_INTERVAL = 120  #
+
+
+async def run():
+    backoff = 1
+    max_backoff = 60
+    ssh_cmd = [
+        "ssh",
+        "-p",
+        f"{LOCAL_PORT}",
+        "-R",
+        f"*:{REVERSE_PORT}:localhost:22",
+        f"{SERVER_SSH_USER}@localhost",
+        "-N",
+    ]
+
+    # Use key file if provided
+    if PRIVATE_KEY:
+        ssh_cmd += ["-i", PRIVATE_KEY]
+
+    # Add additional SSH options
+    ssh_cmd += SSH_OPTIONS
+
+    logger.info(f"Starting reverse SSH tunnel: {' '.join(ssh_cmd)}")
+
+    while True:
+        try:
+            process = await asyncio.create_subprocess_exec(
+                *ssh_cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE
+            )
+            logger.info(f"SSH tunnel started (PID={process.pid})")
+            stdout, stderr = await process.communicate()
+            if stdout:
+                logger.info(stdout.decode())
+            if stderr:
+                logger.warning(stderr.decode())
+            returncode = process.returncode
+            logger.warning(f"SSH tunnel exited with code {returncode}")
+        except Exception as e:
+            logger.error(f"SSH tunnel failed: {e}")
+
+        logger.info(f"Reconnecting in {backoff} seconds...")
+        await asyncio.sleep(backoff)
+        backoff = min(backoff * 2, max_backoff)
+
+
+if __name__ == "__main__":
+    try:
+        asyncio.run(run())
+    except KeyboardInterrupt:
+        logger.info("Exiting autossh_service.py")
+        sys.exit(0)

zscams/agent/src/services/ssh_forwarder.py

@@ -0,0 +1,75 @@
+import asyncio
+import json
+import os
+import sys
+from zscams.agent.src.support.logger import get_logger
+
+logger = get_logger("autossh_service")
+
+# Load service-specific params from environment
+params_env = os.environ.get("SERVICE_PARAMS")
+if not params_env:
+    logger.error("SERVICE_PARAMS environment variable not set")
+    sys.exit(1)
+
+params = json.loads(params_env)
+
+FORWARDER_PORT = params.get("forwarder_port", 4422)
+LOCAL_PORT = params.get("local_port", 4422)
+REMOTE_PORT = params.get("remote_port", 4422)
+REMOTE_HOST = params.get("remote_host", "localhost")
+SERVER_SSH_USER = params.get("server_ssh_user", "ssh_user")
+PRIVATE_KEY = params.get("private_key")  # Path to RSA key
+SSH_OPTIONS = params.get("ssh_options", [])
+CHECK_INTERVAL = 120  #
+
+
+async def run():
+    backoff = 1
+    max_backoff = 60
+    ssh_cmd = [
+        "ssh",
+        "-p",
+        f"{LOCAL_PORT}",
+        "-L",
+        f"{FORWARDER_PORT}:{REMOTE_HOST}:{REMOTE_PORT}",
+        f"{SERVER_SSH_USER}@localhost",
+        "-N",  # No command execution
+    ]
+
+    # Use key file if provided
+    if PRIVATE_KEY:
+        ssh_cmd += ["-i", PRIVATE_KEY]
+
+    # Add additional SSH options
+    ssh_cmd += SSH_OPTIONS
+
+    logger.info(f"Starting reverse SSH tunnel: {' '.join(ssh_cmd)}")
+
+    while True:
+        try:
+            process = await asyncio.create_subprocess_exec(
+                *ssh_cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE
+            )
+            logger.info(f"SSH tunnel started (PID={process.pid})")
+            stdout, stderr = await process.communicate()
+            if stdout:
+                logger.info(stdout.decode())
+            if stderr:
+                logger.warning(stderr.decode())
+            returncode = process.returncode
+            logger.warning(f"SSH tunnel exited with code {returncode}")
+        except Exception as e:
+            logger.error(f"SSH tunnel failed: {e}")
+
+        logger.info(f"Reconnecting in {backoff} seconds...")
+        await asyncio.sleep(backoff)
+        backoff = min(backoff * 2, max_backoff)
+
+
+if __name__ == "__main__":
+    try:
+        asyncio.run(run())
+    except KeyboardInterrupt:
+        logger.info("Exiting autossh_service.py")
+        sys.exit(0)

zscams/agent/src/services/system_monitor.py

@@ -0,0 +1,264 @@
+import asyncio
+import os
+import sys
+import datetime
+import psutil
+import logging
+import logging.handlers
+import json
+import socket
+import platform
+from zscams.agent.src.support.logger import get_logger
+from http.client import BadStatusLine, HTTPConnection, HTTPException
+logger = get_logger("system_monitor")
+
+# Load service-specific params from environment
+params_env = os.environ.get("SERVICE_PARAMS")
+if not params_env:
+    logger.error("SERVICE_PARAMS environment variable not set")
+    sys.exit(1)
+
+params = json.loads(params_env)
+# -----------------------------
+# Configuration
+# -----------------------------
+SYSLOG_HOST = params.get("remote_host", "localhost")  # remote rsyslog host
+SYSLOG_PORT = params.get("remote_port", 514)  # TCP syslog port
+EQUIPMENT_NAME = params.get("equipment_name", "connector")
+EQUIPMENT_TYPE = params.get("equipment_type", "zpa")
+SERVICE_NAME = params.get("service_name", "Zscaler-AppConnector")
+HOSTNAME = platform.node()
+
+
+
+
+def network():
+    """
+    Collect network interfaces and their statistics.
+    Returns a dictionary with per-interface
+    """
+    ifaces = {}
+    for iface, stats in psutil.net_io_counters(pernic=True).items():
+        ifaces[iface] = {
+            "in": {
+                "bytes": stats.bytes_recv,
+                "packets": stats.packets_recv,
+                "errors": getattr(stats, "errin", 0),
+                "dropped": getattr(stats, "dropin", 0),
+            },
+            "out": {
+                "bytes": stats.bytes_sent,
+                "packets": stats.packets_sent,
+                "errors": getattr(stats, "errout", 0),
+                "dropped": getattr(stats, "dropout", 0),
+            },
+        }
+    if "lo" in ifaces:
+        del ifaces["lo"]
+    return ifaces
+
+
+def memory():
+    """
+    Get memory and swap usage
+    Returns a dictionary with total, used, free, and swap info.
+    """
+    mem = psutil.virtual_memory()
+    swap = psutil.swap_memory()
+    mem_remain = mem.total - mem.available
+    output_memory = {
+        "actual": {
+            "free": mem.available,
+            "used": {
+                "pct": round(mem_remain / mem.total, 4),
+                "bytes": mem_remain,
+            },
+        },
+        "total": mem.total,
+        "used": {
+            "pct": round(mem.percent / 100, 4),
+            "bytes": mem.total - mem.available,
+        },
+        "free": mem.available,
+        "swap": {
+            "total": swap.total,
+            "used": {
+                "pct": swap.percent / 100,
+                "bytes": swap.used,
+            },
+            "free": swap.free,
+        },
+    }
+    return output_memory
+
+
+def cpu():
+    """
+    Get CPU usage
+    Returns a dictionary with total, user, system, idle, and core count.
+    """
+    times = psutil.cpu_times()
+    total = sum(times)
+    used = total - times.idle
+    cpu_total_pct = round(used / total, 4)
+    return {
+        "total": {"pct": cpu_total_pct},
+        "system": {"pct": round(times.system / total, 4)},
+        "user": {"pct": round(times.user / total, 4)},
+        "idle": {"pct": round(times.idle / total, 4)},
+        "cores": psutil.cpu_count(),
+        "iowait": {"pct": round(getattr(times, "iowait", 0) / total, 4)},
+        "irq": {"pct": round(getattr(times, "irq", 0) / total, 4)},
+        "softirq": {"pct": round(getattr(times, "softirq", 0) / total, 4)},
+        "nice": {"pct": round(getattr(times, "nice", 0) / total, 4)},
+        "steal": {"pct": round(getattr(times, "steal", 0) / total, 4)},
+    }
+
+
+def load():
+    """
+    Get CPU load averages over 1, 5, and 15 minutes.
+    Returns a dictionary with normalized load per CPU core.
+    """
+    load1, load5, load15 = psutil.getloadavg()
+    cores = psutil.cpu_count()
+    cores = float(cores) if cores else 1.0
+    return {
+        "1": load1,
+        "5": load5,
+        "15": load15,
+        "cores": cores,
+        "norm": {
+            "1": load1 / cores,
+            "5": load5 / cores,
+            "15": load15 / cores,
+        },
+    }
+
+
+def uptime():
+    """
+    Return system boot time in seconds since the epoch.
+    """
+    return {"duration": {"seconds": int(psutil.boot_time())}}
+
+
+def disk():
+    """
+    Get disk usage metrics for the root filesystem.
+    Returns a dictionary with total, used, and free bytes.
+    """
+    disk = psutil.disk_usage("/")
+    return {"total": disk.total, "used": disk.used, "free": disk.free}
+
+
+def process(process_names=None):
+    """
+    Get metrics about running processes by name.
+    Default: ["zpa-connector", "zpa-service-edge"]
+    Returns a list of dictionaries with process info.
+    """
+    if process_names is None:
+        process_names = ["zpa-connector", "zpa-service-edge"]
+
+    output = []
+    for proc in psutil.process_iter(
+        [
+            "name",
+            "pid",
+            "ppid",
+            "username",
+            "memory_info",
+            "cpu_times",
+            "cmdline",
+            "status",
+            "create_time",
+        ]
+    ):
+        try:
+            if proc.info["name"] in process_names:
+                mem = proc.info["memory_info"]
+                cpu_pct = proc.cpu_percent(interval=0.1)
+                output.append(
+                    {
+                        "name": proc.info["name"],
+                        "pid": proc.info["pid"],
+                        "ppid": proc.info["ppid"],
+                        "username": proc.info["username"],
+                        "memory": {
+                            "rss": mem.rss,
+                            "vms": mem.vms,
+                            "percent": round(proc.memory_percent(), 2),
+                        },
+                        "cpu": {
+                            "percent": cpu_pct,
+                            "start_time": datetime.datetime.fromtimestamp(
+                                proc.info["create_time"]
+                            ).isoformat(),
+                        },
+                        "cmdline": proc.info["cmdline"],
+                        "status": proc.info["status"],
+                    }
+                )
+        except (psutil.NoSuchProcess, psutil.AccessDenied):
+            continue
+    return output
+
+
+def collect_all():
+    """
+    Collect all metrics in a single dictionary.
+    """
+    return {
+        "network": network(),
+        "memory": memory(),
+        "cpu": cpu(),
+        "load": load(),
+        "uptime": uptime(),
+        "disk": disk(),
+        "processes": process(),
+    }
+
+
+def log():
+    return {
+        "system": collect_all(),
+        "beat": {
+            "name": EQUIPMENT_NAME,
+            "type": EQUIPMENT_TYPE,
+            "hostname": HOSTNAME,
+        },
+        "host": HOSTNAME,
+    }
+
+
+
+# -----------------------------
+# Helper function to log JSON
+# -----------------------------
+async def send_json_log(payload: dict):
+    """
+    Send a JSON-formatted log to syslog via TCP
+    """
+    conn = HTTPConnection(SYSLOG_HOST, SYSLOG_PORT, timeout=10)
+    conn.request(
+        "POST", "/", json.dumps(payload), headers={"Content-type": "application/json"}
+    )
+    conn.close()
+    logger.info("Metrices collected and sent successfully.")
+
+
+async def schedule_task(interval):
+    while (True):
+        try:
+            await send_json_log(log())
+        except Exception as exception:
+            print(exception)
+        await asyncio.sleep(interval)
+
+if __name__ == "__main__":
+    try:
+        asyncio.run(schedule_task(30))
+    except KeyboardInterrupt:
+        logger.info("Exiting system_monitor.py")
+        sys.exit(0)

zscams/agent/src/support/cli.py

@@ -0,0 +1,50 @@
+from typing import Optional, cast
+from zscams.agent.src.support.logger import get_logger
+
+logger = get_logger("bootstrap")
+
+
+class RequiredFieldException(Exception):
+    pass
+
+
+class InvalidFieldException(Exception):
+    pass
+
+
+def prompt(
+    name: str,
+    message: str,
+    required=False,
+    startswith: Optional[str] = None,
+    fail_on_error=False,
+    retries_count=3,
+):
+    _message = message
+    if not required:
+        _message += " (Optional)"
+
+    _message += ": "
+
+    val = input(_message)
+
+    if required and not val:
+        if fail_on_error:
+            raise RequiredFieldException(f"Missing {name}")
+        logger.error(f"{name} is required..")
+        retries_count -= 1
+        return prompt(
+            name, message, required, startswith, fail_on_error=retries_count <= 0
+        )
+
+    if startswith is not None and not val.startswith(startswith):
+        error_mesagge = f"The value has to start with {startswith}"
+        if fail_on_error:
+            raise InvalidFieldException(error_mesagge)
+        logger.error(error_mesagge)
+        retries_count -= 1
+        return prompt(
+            name, message, required, startswith, fail_on_error=retries_count <= 0
+        )
+
+    return val

zscams/agent/src/support/configuration.py

@@ -0,0 +1,86 @@
+"""
+Configuration loader module
+"""
+
+import os
+from pathlib import Path
+from typing import TypedDict
+import json
+import yaml
+from zscams.agent.src.support.yaml import YamlIndentedListsDumper,  resolve_placeholders
+
+
+config = {}
+
+ROOT_PATH = Path(__file__).parent.parent.parent
+
+CONFIG_PATH = os.path.join(ROOT_PATH.absolute(), "config.yaml")
+
+
+class RemoteConfig(TypedDict):
+    """Type definition for remote configuration."""
+
+    host: str
+    port: str
+    verify_cert: bool
+    client_key: str
+    ca_cert: str
+    ca_chain: str
+
+def reinitialize(**kwargs):
+    import zscams
+    BASE_DIR = Path(zscams.__file__).resolve().parent
+    template_path = f"{BASE_DIR}/agent/configuration/config.j2"
+    with open(template_path) as f:
+        template = yaml.safe_load(f)
+    resolve_placeholders(template, kwargs)
+    override_config(template)
+
+def save_config(data):
+    """Save the YAML config back to disk."""
+    with open(CONFIG_PATH, "w", encoding="utf-8") as f:
+        yaml.safe_dump(data, f, default_flow_style=False)
+
+
+def load_config():
+    """
+    Load and parse the YAML configuration file.
+
+    Returns:
+        dict: Configuration dictionary containing remote settings and forwards.
+    """
+    with open(CONFIG_PATH, "r", encoding="utf-8") as f:
+        config = yaml.safe_load(f)
+        return config
+
+
+def get_config():
+    """
+    Get the loaded configuration.
+
+    Returns:
+        dict: Configuration dictionary containing remote settings and forwards.
+    """
+
+    if not config:
+        return load_config()
+
+    return config
+
+
+def override_config(new_config: dict):
+    """
+    Override the existing configuration with a new one.
+    Args:
+        new_config (dict): New configuration dictionary to override the existing one.
+    """
+    config = new_config
+
+    with open(CONFIG_PATH, "w", encoding="utf-8") as file:
+        yaml.dump(
+            config,
+            file,
+            Dumper=YamlIndentedListsDumper,
+            default_flow_style=False,
+            explicit_start=True,
+        )

zscams/agent/src/support/filesystem.py

@@ -0,0 +1,63 @@
+"""
+Path utilities for TLS Tunnel Client
+"""
+
+import os
+from pathlib import Path
+from typing import Optional
+from zscams.agent.src.support.logger import get_logger
+
+logger = get_logger("FileSystem")
+
+def resolve_path(path: Optional[str], base_dir: Optional[str] = None) -> Optional[str]:
+    """
+    Resolve a file path relative to a base directory.
+
+    Args:
+        path (str): Path to resolve (absolute or relative)
+        base_dir (str, optional): Directory to resolve relative paths from.
+            Defaults to None (current working directory)
+
+    Returns:
+        str: Absolute path
+    """
+    if path is None:
+        return None
+    if not os.path.isabs(path) and base_dir:
+        return os.path.join(base_dir, path)
+    return path
+
+
+def ensure_dir(path: str):
+    """Ensure a directory exists."""
+
+    os.makedirs(path, exist_ok=True)
+
+
+def is_file_exists(path, logger):
+    """Check if file exists."""
+    if os.path.exists(path):
+        logger.debug(f"File exists: {path}")
+        return True
+
+    logger.error(f"File not found: {path}")
+    return False
+
+
+def append_to_file(path: str | Path, content: str):
+    try:
+        if isinstance(path, str):
+            path = Path(path)
+
+        if not path.parent.exists():
+            os.mkdir(path.parent,0o700)
+
+        with open(path, "a", encoding="utf-8") as file:
+            file.write(content)
+    except Exception as exception:
+        logger.error(exception)
+        raise exception
+
+def write_to_file(path: str | Path, content: str):
+    with open(path, "w", encoding="utf-8") as f:
+        f.write(content)