Island: Decouple propagation credentials from per-agent config

2022-06-09 08:08:03 +00:00 · 2022-06-09 08:08:03 +00:00 · f5134f1d3b
parent ae5216bf02
commit f5134f1d3b
3 changed files with 5 additions and 35 deletions
--- a/monkey/infection_monkey/master/control_channel.py
+++ b/monkey/infection_monkey/master/control_channel.py
@ -68,7 +68,7 @@ class ControlChannel(IControlChannel):

    def get_credentials_for_propagation(self) -> PropagationCredentials:
        propagation_credentials_url = (
-            f"https://{self._control_channel_server}/api/propagation-credentials/{self._agent_id}"
+            f"https://{self._control_channel_server}/api/propagation-credentials"
        )
        try:
            response = requests.get(  # noqa: DUO123
--- a/monkey/monkey_island/cc/resources/propagation_credentials.py
+++ b/monkey/monkey_island/cc/resources/propagation_credentials.py
@ -1,17 +1,15 @@
-from monkey_island.cc.database import mongo
 from monkey_island.cc.resources.AbstractResource import AbstractResource
 from monkey_island.cc.services.config import ConfigService


 class PropagationCredentials(AbstractResource):
-    urls = ["/api/propagation-credentials/<string:guid>"]
+    urls = ["/api/propagation-credentials"]

-    def get(self, guid: str):
-        monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
-        ConfigService.decrypt_flat_config(monkey_json["config"])
+    def get(self):
+        config = ConfigService.get_flat_config(should_decrypt=True)

        propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config(
-            monkey_json["config"]
+            config
        )

        return {"propagation_credentials": propagation_credentials}
--- a/monkey/monkey_island/cc/services/config.py
+++ b/monkey/monkey_island/cc/services/config.py
@ -327,34 +327,6 @@ class ConfigService:
    def encrypt_config(config):
        ConfigService._encrypt_or_decrypt_config(config, False)

-    @staticmethod
-    def decrypt_flat_config(flat_config, is_island=False):
-        """
-        Same as decrypt_config but for a flat configuration
-        """
-        keys = [config_arr_as_array[-1] for config_arr_as_array in ENCRYPTED_CONFIG_VALUES]
-
-        for key in keys:
-            if isinstance(flat_config[key], collections.Sequence) and not isinstance(
-                flat_config[key], str
-            ):
-                # Check if we are decrypting ssh key pair
-                if (
-                    flat_config[key]
-                    and isinstance(flat_config[key][0], dict)
-                    and "public_key" in flat_config[key][0]
-                ):
-                    flat_config[key] = [
-                        decrypt_dict(SENSITIVE_SSH_KEY_FIELDS, item) for item in flat_config[key]
-                    ]
-                else:
-                    flat_config[key] = [
-                        get_datastore_encryptor().decrypt(item) for item in flat_config[key]
-                    ]
-            else:
-                flat_config[key] = get_datastore_encryptor().decrypt(flat_config[key])
-        return flat_config
-
    @staticmethod
    def _encrypt_or_decrypt_config(config, is_decrypt=False):
        for config_arr_as_array in ENCRYPTED_CONFIG_VALUES: