Merge branch 'environment-config-section' into develop

This commit is contained in:
Mike Salvatore 2021-05-13 08:02:55 -04:00
commit 3205d8344c
17 changed files with 73 additions and 94 deletions

View File

@ -28,6 +28,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Zerologon exploiter writes runtime artifacts to a secure temporary directory
instead of $HOME. #1143
- Authentication mechanism to use bcrypt on server side. #1139
- `server_config.json` puts environment config options in a separate section
named "environment". #1161
### Removed
- Relevant dead code as reported by Vulture. #1149

View File

@ -166,7 +166,6 @@ copy_monkey_island_to_appdir() {
cp -r "$1"/common "$INSTALL_DIR/"
cp -r "$1"/monkey_island "$INSTALL_DIR/"
cp ./run_appimage.sh "$INSTALL_DIR"/monkey_island/linux/
cp ./island_logger_config.json "$INSTALL_DIR"/
cp ./server_config.json.standard "$INSTALL_DIR"/monkey_island/cc/
# TODO: This is a workaround that may be able to be removed after PR #848 is

View File

@ -3,12 +3,6 @@
PYTHON_CMD="$APPDIR"/opt/python3.7/bin/python3.7
DOT_MONKEY="$HOME"/.monkey_island/
configure_default_logging() {
if [ ! -f "$DOT_MONKEY"/island_logger_config.json ]; then
cp "$APPDIR"/usr/src/island_logger_config.json "$DOT_MONKEY"
fi
}
configure_default_server() {
if [ ! -f "$DOT_MONKEY"/server_config.json ]; then
cp "$APPDIR"/usr/src/monkey_island/cc/server_config.json.standard "$DOT_MONKEY"/server_config.json
@ -21,9 +15,8 @@ mkdir --mode=0700 --parents "$DOT_MONKEY"
DB_DIR="$DOT_MONKEY"/db
mkdir --parents "$DB_DIR"
configure_default_logging
configure_default_server
cd "$APPDIR"/usr/src || exit 1
./monkey_island/bin/mongodb/bin/mongod --dbpath "$DB_DIR" &
${PYTHON_CMD} ./monkey_island.py --server-config "$DOT_MONKEY"/server_config.json --logger-config "$DOT_MONKEY"/island_logger_config.json
${PYTHON_CMD} ./monkey_island.py --server-config "$DOT_MONKEY"/server_config.json

View File

@ -1,5 +1,8 @@
{
"server_config": "password",
"deployment": "standard",
"data_dir": "~/.monkey_island"
"data_dir": "~/.monkey_island",
"log_level": "DEBUG",
"environment": {
"server_config": "password",
"deployment": "standard"
}
}

View File

@ -32,4 +32,4 @@ if "__main__" == __name__:
from monkey_island.cc.main import main # noqa: E402
main(island_args.setup_only, island_args.server_config)
main(config["data_dir"], island_args.setup_only, island_args.server_config)

View File

@ -9,7 +9,6 @@ import monkey_island.cc.environment.server_config_generator as server_config_gen
from monkey_island.cc.environment.user_creds import UserCreds
from monkey_island.cc.resources.auth.auth_user import User
from monkey_island.cc.resources.auth.user_store import UserStore
from monkey_island.cc.server_utils.consts import DEFAULT_DATA_DIR
class EnvironmentConfig:
@ -19,7 +18,6 @@ class EnvironmentConfig:
self.deployment = None
self.user_creds = None
self.aws = None
self.data_dir = None
self._load_from_file(self._server_config_path)
@ -35,31 +33,29 @@ class EnvironmentConfig:
def _load_from_json(self, config_json: str) -> EnvironmentConfig:
data = json.loads(config_json)
self._load_from_dict(data)
self._load_from_dict(data["environment"])
def _load_from_dict(self, dict_data: Dict):
aws = dict_data["aws"] if "aws" in dict_data else None
data_dir = dict_data["data_dir"] if "data_dir" in dict_data else DEFAULT_DATA_DIR
self.server_config = dict_data["server_config"]
self.deployment = dict_data["deployment"]
self.user_creds = _get_user_credentials_from_config(dict_data)
self.aws = aws
self.data_dir = data_dir
@property
def data_dir_abs_path(self):
return os.path.abspath(os.path.expanduser(os.path.expandvars(self.data_dir)))
def save_to_file(self):
with open(self._server_config_path, "r") as f:
config = json.load(f)
config["environment"] = self.to_dict()
with open(self._server_config_path, "w") as f:
f.write(json.dumps(self.to_dict(), indent=2))
f.write(json.dumps(config, indent=2))
def to_dict(self) -> Dict:
config_dict = {
"server_config": self.server_config,
"deployment": self.deployment,
"data_dir": self.data_dir,
}
if self.aws:
config_dict.update({"aws": self.aws})

View File

@ -34,10 +34,13 @@ from monkey_island.cc.setup import setup # noqa: E402
MINIMUM_MONGO_DB_VERSION_REQUIRED = "4.2.0"
def main(should_setup_only=False, server_config_filename=DEFAULT_SERVER_CONFIG_PATH):
def main(
data_dir,
should_setup_only=False,
server_config_filename=DEFAULT_SERVER_CONFIG_PATH,
):
logger.info("Starting bootloader server")
data_dir = env_singleton.env.get_config().data_dir_abs_path
env_singleton.initialize_from_file(server_config_filename)
initialize_encryptor(data_dir)
initialize_services(data_dir)

View File

@ -1,5 +1,7 @@
{
"server_config": "password",
"deployment": "develop",
"log_level": "DEBUG"
"log_level": "DEBUG",
"environment": {
"server_config": "password",
"deployment": "develop"
}
}

View File

@ -38,16 +38,6 @@ def standard_with_credentials(environment_resources_dir):
return os.path.join(environment_resources_dir, "server_config_standard_with_credentials.json")
@pytest.fixture(scope="session")
def with_data_dir(environment_resources_dir):
return os.path.join(environment_resources_dir, "server_config_with_data_dir.json")
@pytest.fixture(scope="session")
def with_data_dir_home(environment_resources_dir):
return os.path.join(environment_resources_dir, "server_config_with_data_dir_home.json")
@pytest.fixture(scope="session")
def server_config_resources_dir(resources_dir):
return os.path.join(resources_dir, "server_configs")

View File

@ -6,7 +6,6 @@ import pytest
from monkey_island.cc.environment.environment_config import EnvironmentConfig
from monkey_island.cc.environment.user_creds import UserCreds
from monkey_island.cc.server_utils.consts import DEFAULT_DATA_DIR
@pytest.fixture
@ -17,31 +16,28 @@ def config_file(tmpdir):
def test_get_with_credentials(with_credentials):
config_dict = EnvironmentConfig(with_credentials).to_dict()
assert len(config_dict.keys()) == 5
assert len(config_dict.keys()) == 4
assert config_dict["server_config"] == "password"
assert config_dict["deployment"] == "develop"
assert config_dict["user"] == "test"
assert config_dict["password_hash"] == "abcdef"
assert config_dict["data_dir"] == DEFAULT_DATA_DIR
def test_get_with_no_credentials(no_credentials):
config_dict = EnvironmentConfig(no_credentials).to_dict()
assert len(config_dict.keys()) == 3
assert len(config_dict.keys()) == 2
assert config_dict["server_config"] == "password"
assert config_dict["deployment"] == "develop"
assert config_dict["data_dir"] == DEFAULT_DATA_DIR
def test_get_with_partial_credentials(partial_credentials):
config_dict = EnvironmentConfig(partial_credentials).to_dict()
assert len(config_dict.keys()) == 4
assert len(config_dict.keys()) == 3
assert config_dict["server_config"] == "password"
assert config_dict["deployment"] == "develop"
assert config_dict["user"] == "test"
assert config_dict["data_dir"] == DEFAULT_DATA_DIR
def test_save_to_file(config_file, standard_with_credentials):
@ -54,13 +50,28 @@ def test_save_to_file(config_file, standard_with_credentials):
with open(config_file, "r") as f:
from_file = json.load(f)
assert len(from_file.keys()) == 6
assert from_file["server_config"] == "standard"
assert from_file["deployment"] == "develop"
assert from_file["user"] == "test"
assert from_file["password_hash"] == "abcdef"
assert from_file["aws"] == "test_aws"
assert from_file["data_dir"] == DEFAULT_DATA_DIR
assert len(from_file.keys()) == 2
assert len(from_file["environment"].keys()) == 5
assert from_file["environment"]["server_config"] == "standard"
assert from_file["environment"]["deployment"] == "develop"
assert from_file["environment"]["user"] == "test"
assert from_file["environment"]["password_hash"] == "abcdef"
assert from_file["environment"]["aws"] == "test_aws"
def test_save_to_file_preserve_log_level(config_file, standard_with_credentials):
shutil.copyfile(standard_with_credentials, config_file)
environment_config = EnvironmentConfig(config_file)
environment_config.aws = "test_aws"
environment_config.save_to_file()
with open(config_file, "r") as f:
from_file = json.load(f)
assert len(from_file.keys()) == 2
assert "log_level" in from_file
assert from_file["log_level"] == "NOTICE"
def test_add_user(config_file, standard_with_credentials):
@ -76,9 +87,9 @@ def test_add_user(config_file, standard_with_credentials):
with open(config_file, "r") as f:
from_file = json.load(f)
assert len(from_file.keys()) == 5
assert from_file["user"] == new_user
assert from_file["password_hash"] == new_password_hash
assert len(from_file["environment"].keys()) == 4
assert from_file["environment"]["user"] == new_user
assert from_file["environment"]["password_hash"] == new_password_hash
def test_get_users(standard_with_credentials):
@ -101,20 +112,3 @@ def test_generate_default_file(config_file):
assert environment_config.user_creds.username == ""
assert environment_config.user_creds.password_hash == ""
assert environment_config.aws is None
assert environment_config.data_dir == DEFAULT_DATA_DIR
def test_data_dir(with_data_dir):
environment_config = EnvironmentConfig(with_data_dir)
assert environment_config.data_dir == "/test/data/dir"
def set_home_env(monkeypatch, tmpdir):
monkeypatch.setenv("HOME", str(tmpdir))
def test_data_dir_abs_path_from_file(monkeypatch, tmpdir, with_data_dir_home):
set_home_env(monkeypatch, tmpdir)
config = EnvironmentConfig(with_data_dir_home)
assert config.data_dir_abs_path == os.path.join(tmpdir, "data_dir")

View File

@ -1,4 +1,6 @@
{
"server_config": "password",
"deployment": "develop"
"environment" : {
"server_config": "password",
"deployment": "develop"
}
}

View File

@ -1,5 +1,7 @@
{
"server_config": "password",
"deployment": "develop",
"user": "test"
"environment" : {
"server_config": "password",
"deployment": "develop",
"user": "test"
}
}

View File

@ -1,4 +1,6 @@
{
"server_config": "standard",
"deployment": "develop"
"environment" : {
"server_config": "standard",
"deployment": "develop"
}
}

View File

@ -1,6 +1,9 @@
{
"log_level": "NOTICE",
"environment" : {
"server_config": "standard",
"deployment": "develop",
"user": "test",
"password_hash": "abcdef"
}
}

View File

@ -1,6 +1,8 @@
{
"environment" : {
"server_config": "password",
"deployment": "develop",
"user": "test",
"password_hash": "abcdef"
}
}

View File

@ -1,7 +0,0 @@
{
"server_config": "password",
"deployment": "develop",
"user": "test",
"password_hash": "abcdef",
"data_dir": "/test/data/dir"
}

View File

@ -1,7 +0,0 @@
{
"server_config": "password",
"deployment": "develop",
"user": "test",
"password_hash": "abcdef",
"data_dir": "~/data_dir"
}