Before performing AWS functions, verify credentials

This commit is contained in:
Itay Mizeretz 2019-02-06 14:28:27 +02:00
parent acc1c5207d
commit 10d513a6d5
3 changed files with 29 additions and 7 deletions

View File

@ -1,4 +1,5 @@
import boto3
from botocore.exceptions import ClientError
__author__ = 'itay.mizeretz'
@ -39,6 +40,14 @@ class AwsService(object):
def get_regions():
return AwsService.get_session().get_available_regions('ssm')
@staticmethod
def test_client():
try:
AwsService.get_client('ssm').describe_instance_information()
return True
except ClientError:
return False
@staticmethod
def get_instances():
return \

View File

@ -15,7 +15,6 @@ class RemoteRun(flask_restful.Resource):
def run_aws_monkeys(self, request_body):
instances = request_body.get('instances')
island_ip = request_body.get('island_ip')
RemoteRunAwsService.update_aws_auth_params()
return RemoteRunAwsService.run_aws_monkeys(instances, island_ip)
@jwt_required()
@ -25,8 +24,10 @@ class RemoteRun(flask_restful.Resource):
is_aws = RemoteRunAwsService.is_running_on_aws()
resp = {'is_aws': is_aws}
if is_aws:
RemoteRunAwsService.update_aws_auth_params()
resp['instances'] = AwsService.get_instances()
is_auth = RemoteRunAwsService.update_aws_auth_params()
resp['auth'] = is_auth
if is_auth:
resp['instances'] = AwsService.get_instances()
return jsonify(resp)
return {}
@ -34,9 +35,14 @@ class RemoteRun(flask_restful.Resource):
@jwt_required()
def post(self):
body = json.loads(request.data)
resp = {}
if body.get('type') == 'aws':
result = self.run_aws_monkeys(body)
return jsonify({'result': result})
is_auth = RemoteRunAwsService.update_aws_auth_params()
resp['auth'] = is_auth
if is_auth:
result = self.run_aws_monkeys(body)
resp['result'] = result
return jsonify(resp)
# default action
return make_response({'error': 'Invalid action'}, 500)

View File

@ -10,6 +10,7 @@ __author__ = "itay.mizeretz"
class RemoteRunAwsService:
aws_instance = None
is_auth = False
def __init__(self):
pass
@ -48,13 +49,19 @@ class RemoteRunAwsService:
def update_aws_auth_params():
"""
Updates the AWS authentication parameters according to config
:return: None
:return: True if new params allow successful authentication. False otherwise
"""
access_key_id = ConfigService.get_config_value(['cnc', 'aws_config', 'aws_access_key_id'], False, True)
secret_access_key = ConfigService.get_config_value(['cnc', 'aws_config', 'aws_secret_access_key'], False, True)
AwsService.set_auth_params(access_key_id, secret_access_key)
if (access_key_id != AwsService.access_key_id) or (secret_access_key != AwsService.secret_access_key):
AwsService.set_auth_params(access_key_id, secret_access_key)
RemoteRunAwsService.is_auth = AwsService.test_client()
AwsService.set_region(RemoteRunAwsService.aws_instance.region)
return RemoteRunAwsService.is_auth
@staticmethod
def get_bitness(instances):
"""