From a42d621340363fc7b6e8873f177dc18cf457b28d Mon Sep 17 00:00:00 2001
From: "maor.rayzin" <maorrayzin@guardicore.com>
Date: Tue, 27 Nov 2018 11:08:43 +0200
Subject: [PATCH] * Added another configuration endpoint for the island
 specific fields

---
 monkey/monkey_island/cc/app.py                |  2 ++
 .../cc/resources/island_configuration.py      | 24 +++++++++++++++++++
 monkey/monkey_island/cc/services/config.py    | 19 ++++++++-------
 .../ui/src/components/pages/ConfigurePage.js  |  2 +-
 4 files changed, 37 insertions(+), 10 deletions(-)
 create mode 100644 monkey/monkey_island/cc/resources/island_configuration.py

diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py
index a9682cc90..5bb94b611 100644
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@@ -18,6 +18,7 @@ from cc.resources.log import Log
 from cc.resources.island_logs import IslandLog
 from cc.resources.monkey import Monkey
 from cc.resources.monkey_configuration import MonkeyConfiguration
+from cc.resources.island_configuration import IslandConfiguration
 from cc.resources.monkey_download import MonkeyDownload
 from cc.resources.netmap import NetMap
 from cc.resources.node import Node
@@ -104,6 +105,7 @@ def init_app(mongo_url):
     api.add_resource(ClientRun, '/api/client-monkey', '/api/client-monkey/')
     api.add_resource(Telemetry, '/api/telemetry', '/api/telemetry/', '/api/telemetry/<string:monkey_guid>')
     api.add_resource(MonkeyConfiguration, '/api/configuration', '/api/configuration/')
+    api.add_resource(IslandConfiguration, '/api/configuration/island', '/api/configuration/island/')
     api.add_resource(MonkeyDownload, '/api/monkey/download', '/api/monkey/download/',
                      '/api/monkey/download/<string:path>')
     api.add_resource(NetMap, '/api/netmap', '/api/netmap/')
diff --git a/monkey/monkey_island/cc/resources/island_configuration.py b/monkey/monkey_island/cc/resources/island_configuration.py
new file mode 100644
index 000000000..57fda34fe
--- /dev/null
+++ b/monkey/monkey_island/cc/resources/island_configuration.py
@@ -0,0 +1,24 @@
+import json
+
+import flask_restful
+from flask import request, jsonify, abort
+
+from cc.auth import jwt_required
+from cc.services.config import ConfigService
+
+
+class IslandConfiguration(flask_restful.Resource):
+    @jwt_required()
+    def get(self):
+        return jsonify(schema=ConfigService.get_config_schema(),
+                       configuration=ConfigService.get_config(False, True, True))
+
+    @jwt_required()
+    def post(self):
+        config_json = json.loads(request.data)
+        if 'reset' in config_json:
+            ConfigService.reset_config()
+        else:
+            if not ConfigService.update_config(config_json, should_encrypt=True):
+                abort(400)
+        return self.get()
diff --git a/monkey/monkey_island/cc/services/config.py b/monkey/monkey_island/cc/services/config.py
index 1fb26cb1c..2058a61dd 100644
--- a/monkey/monkey_island/cc/services/config.py
+++ b/monkey/monkey_island/cc/services/config.py
@@ -648,17 +648,20 @@ SCHEMA = {
                         'aws_account_id': {
                             'title': 'AWS account ID',
                             'type': 'string',
-                            'description': 'Your AWS account ID that is subscribed to security hub feeds'
+                            'description': 'Your AWS account ID that is subscribed to security hub feeds',
+                            'default': " "
                         },
                         'aws_access_key_id': {
                             'title': 'AWS access key ID',
                             'type': 'string',
-                            'description': 'Your AWS public access key ID, can be found in the IAM user interface in the AWS console.'
+                            'description': 'Your AWS public access key ID, can be found in the IAM user interface in the AWS console.',
+                            'default': " "
                         },
                         'aws_secret_access_key': {
                             'title': 'AWS secret access key',
                             'type': 'string',
-                            'description': 'Your AWS secret access key id, you can get this after creating a public access key in the console.'
+                            'description': 'Your AWS secret access key id, you can get this after creating a public access key in the console.',
+                            'default': " "
                         }
                     }
                 }
@@ -897,16 +900,14 @@ ENCRYPTED_CONFIG_ARRAYS = \
         ['basic', 'credentials', 'exploit_password_list'],
         ['internal', 'exploits', 'exploit_lm_hash_list'],
         ['internal', 'exploits', 'exploit_ntlm_hash_list'],
-        ['internal', 'exploits', 'exploit_ssh_keys'],
-        # ['cnc', 'aws_config', 'iam_role_id'],
-        # ['cnc', 'aws_config', 'aws_access_key_id'],
-        # ['cnc', 'aws_config', 'aws_secret_access_key'],
+        ['internal', 'exploits', 'exploit_ssh_keys']
     ]
 
 # This should be used for config values of string type
 ENCRYPTED_CONFIG_STRINGS = \
     [
-        
+        ['cnc', 'aws_config', 'aws_access_key_id'],
+        ['cnc', 'aws_config', 'aws_secret_access_key']
     ]
 
 
@@ -931,7 +932,7 @@ class ConfigService:
         if should_decrypt and len(config) > 0:
             ConfigService.decrypt_config(config)
         if not is_island:
-            config['cnc'].pop('aws_config', None)
+            config.get('cnc', {}).pop('aws_config', None)
         return config
 
     @staticmethod
diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
index a97447df0..6cc7e009a 100644
--- a/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/ConfigurePage.js
@@ -24,7 +24,7 @@ class ConfigurePageComponent extends AuthComponent {
   }
 
   componentDidMount() {
-    this.authFetch('/api/configuration')
+    this.authFetch('/api/configuration/island')
       .then(res => res.json())
       .then(res => {
         let sections = [];