forked from p15670423/monkey
Island: Decouple propagation credentials from per-agent config
This commit is contained in:
parent
ae5216bf02
commit
f5134f1d3b
|
@ -68,7 +68,7 @@ class ControlChannel(IControlChannel):
|
|||
|
||||
def get_credentials_for_propagation(self) -> PropagationCredentials:
|
||||
propagation_credentials_url = (
|
||||
f"https://{self._control_channel_server}/api/propagation-credentials/{self._agent_id}"
|
||||
f"https://{self._control_channel_server}/api/propagation-credentials"
|
||||
)
|
||||
try:
|
||||
response = requests.get( # noqa: DUO123
|
||||
|
|
|
@ -1,17 +1,15 @@
|
|||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.resources.AbstractResource import AbstractResource
|
||||
from monkey_island.cc.services.config import ConfigService
|
||||
|
||||
|
||||
class PropagationCredentials(AbstractResource):
|
||||
urls = ["/api/propagation-credentials/<string:guid>"]
|
||||
urls = ["/api/propagation-credentials"]
|
||||
|
||||
def get(self, guid: str):
|
||||
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
|
||||
ConfigService.decrypt_flat_config(monkey_json["config"])
|
||||
def get(self):
|
||||
config = ConfigService.get_flat_config(should_decrypt=True)
|
||||
|
||||
propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config(
|
||||
monkey_json["config"]
|
||||
config
|
||||
)
|
||||
|
||||
return {"propagation_credentials": propagation_credentials}
|
||||
|
|
|
@ -327,34 +327,6 @@ class ConfigService:
|
|||
def encrypt_config(config):
|
||||
ConfigService._encrypt_or_decrypt_config(config, False)
|
||||
|
||||
@staticmethod
|
||||
def decrypt_flat_config(flat_config, is_island=False):
|
||||
"""
|
||||
Same as decrypt_config but for a flat configuration
|
||||
"""
|
||||
keys = [config_arr_as_array[-1] for config_arr_as_array in ENCRYPTED_CONFIG_VALUES]
|
||||
|
||||
for key in keys:
|
||||
if isinstance(flat_config[key], collections.Sequence) and not isinstance(
|
||||
flat_config[key], str
|
||||
):
|
||||
# Check if we are decrypting ssh key pair
|
||||
if (
|
||||
flat_config[key]
|
||||
and isinstance(flat_config[key][0], dict)
|
||||
and "public_key" in flat_config[key][0]
|
||||
):
|
||||
flat_config[key] = [
|
||||
decrypt_dict(SENSITIVE_SSH_KEY_FIELDS, item) for item in flat_config[key]
|
||||
]
|
||||
else:
|
||||
flat_config[key] = [
|
||||
get_datastore_encryptor().decrypt(item) for item in flat_config[key]
|
||||
]
|
||||
else:
|
||||
flat_config[key] = get_datastore_encryptor().decrypt(flat_config[key])
|
||||
return flat_config
|
||||
|
||||
@staticmethod
|
||||
def _encrypt_or_decrypt_config(config, is_decrypt=False):
|
||||
for config_arr_as_array in ENCRYPTED_CONFIG_VALUES:
|
||||
|
|
Loading…
Reference in New Issue