Island: Remove endpoints/resources/services related to Scoutsuite

monkey/monkey_island/cc/app.py

@@ -46,8 +46,6 @@ from monkey_island.cc.resources.telemetry import Telemetry
 from monkey_island.cc.resources.telemetry_feed import TelemetryFeed
 from monkey_island.cc.resources.version_update import VersionUpdate
 from monkey_island.cc.resources.zero_trust.finding_event import ZeroTrustFindingEvent
-from monkey_island.cc.resources.zero_trust.scoutsuite_auth.aws_keys import AWSKeys
-from monkey_island.cc.resources.zero_trust.scoutsuite_auth.scoutsuite_auth import ScoutSuiteAuth
 from monkey_island.cc.resources.zero_trust.zero_trust_report import ZeroTrustReport
 from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH
 from monkey_island.cc.server_utils.custom_json_encoder import CustomJSONEncoder
@@ -168,8 +166,6 @@ def init_api_resources(api):
     api.add_resource(VersionUpdate, "/api/version-update")
     api.add_resource(StopAgentCheck, "/api/monkey_control/needs-to-stop/<int:monkey_guid>")
     api.add_resource(StopAllAgents, "/api/monkey_control/stop-all-agents")
-    api.add_resource(ScoutSuiteAuth, "/api/scoutsuite_auth/<string:provider>")
-    api.add_resource(AWSKeys, "/api/aws_keys")
 
     # Resources used by black box tests
     api.add_resource(MonkeyBlackboxEndpoint, "/api/test/monkey")

monkey/monkey_island/cc/resources/zero_trust/scoutsuite_auth/aws_keys.py

@@ -1,10 +0,0 @@
-import flask_restful
-
-from monkey_island.cc.resources.auth.auth import jwt_required
-from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import get_aws_keys
-
-
-class AWSKeys(flask_restful.Resource):
-    @jwt_required
-    def get(self):
-        return get_aws_keys()

monkey/monkey_island/cc/resources/zero_trust/scoutsuite_auth/scoutsuite_auth.py

@@ -1,37 +0,0 @@
-import json
-
-import flask_restful
-from flask import request
-
-from common.cloud.scoutsuite_consts import CloudProviders
-from common.utils.exceptions import InvalidAWSKeys
-from monkey_island.cc.resources.auth.auth import jwt_required
-from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import (
-    is_cloud_authentication_setup,
-    set_aws_keys,
-)
-
-
-class ScoutSuiteAuth(flask_restful.Resource):
-    @jwt_required
-    def get(self, provider: CloudProviders):
-        if provider == CloudProviders.AWS.value:
-            is_setup, message = is_cloud_authentication_setup(provider)
-            return {"is_setup": is_setup, "message": message}
-        else:
-            return {"is_setup": False, "message": ""}
-
-    @jwt_required
-    def post(self, provider: CloudProviders):
-        key_info = json.loads(request.data)
-        error_msg = ""
-        if provider == CloudProviders.AWS.value:
-            try:
-                set_aws_keys(
-                    access_key_id=key_info["accessKeyId"],
-                    secret_access_key=key_info["secretAccessKey"],
-                    session_token=key_info["sessionToken"],
-                )
-            except InvalidAWSKeys as e:
-                error_msg = str(e)
-        return {"error_msg": error_msg}

monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py

@@ -1,58 +0,0 @@
-from typing import Tuple
-
-from ScoutSuite.providers.base.authentication_strategy import AuthenticationException
-
-from common.cloud.scoutsuite_consts import CloudProviders
-from common.config_value_paths import AWS_KEYS_PATH
-from common.utils.exceptions import InvalidAWSKeys
-from monkey_island.cc.server_utils.encryption import get_datastore_encryptor
-from monkey_island.cc.services.config import ConfigService
-
-
-def is_cloud_authentication_setup(provider: CloudProviders) -> Tuple[bool, str]:
-    if provider == CloudProviders.AWS.value:
-        if is_aws_keys_setup():
-            return True, "AWS keys already setup."
-
-        import ScoutSuite.providers.aws.authentication_strategy as auth_strategy
-
-        try:
-            profile = auth_strategy.AWSAuthenticationStrategy().authenticate()
-            return True, f' Profile "{profile.session.profile_name}" is already setup. '
-        except AuthenticationException:
-            return False, ""
-
-
-def is_aws_keys_setup():
-    return ConfigService.get_config_value(
-        AWS_KEYS_PATH + ["aws_access_key_id"]
-    ) and ConfigService.get_config_value(AWS_KEYS_PATH + ["aws_secret_access_key"])
-
-
-def set_aws_keys(access_key_id: str, secret_access_key: str, session_token: str):
-    if not access_key_id or not secret_access_key:
-        raise InvalidAWSKeys(
-            "Missing some of the following fields: access key ID, secret access key."
-        )
-    _set_aws_key("aws_access_key_id", access_key_id)
-    _set_aws_key("aws_secret_access_key", secret_access_key)
-    _set_aws_key("aws_session_token", session_token)
-
-
-def _set_aws_key(key_type: str, key_value: str):
-    path_to_keys = AWS_KEYS_PATH
-    encrypted_key = get_datastore_encryptor().encrypt(key_value)
-    ConfigService.set_config_value(path_to_keys + [key_type], encrypted_key)
-
-
-def get_aws_keys():
-    return {
-        "access_key_id": _get_aws_key("aws_access_key_id"),
-        "secret_access_key": _get_aws_key("aws_secret_access_key"),
-        "session_token": _get_aws_key("aws_session_token"),
-    }
-
-
-def _get_aws_key(key_type: str):
-    path_to_keys = AWS_KEYS_PATH
-    return ConfigService.get_config_value(config_key_as_arr=path_to_keys + [key_type])