Island: Decouple propagation credentials from per-agent config

This commit is contained in:
vakaris_zilius 2022-06-09 08:08:03 +00:00 committed by vakarisz
parent ae5216bf02
commit f5134f1d3b
3 changed files with 5 additions and 35 deletions

View File

@ -68,7 +68,7 @@ class ControlChannel(IControlChannel):
def get_credentials_for_propagation(self) -> PropagationCredentials: def get_credentials_for_propagation(self) -> PropagationCredentials:
propagation_credentials_url = ( propagation_credentials_url = (
f"https://{self._control_channel_server}/api/propagation-credentials/{self._agent_id}" f"https://{self._control_channel_server}/api/propagation-credentials"
) )
try: try:
response = requests.get( # noqa: DUO123 response = requests.get( # noqa: DUO123

View File

@ -1,17 +1,15 @@
from monkey_island.cc.database import mongo
from monkey_island.cc.resources.AbstractResource import AbstractResource from monkey_island.cc.resources.AbstractResource import AbstractResource
from monkey_island.cc.services.config import ConfigService from monkey_island.cc.services.config import ConfigService
class PropagationCredentials(AbstractResource): class PropagationCredentials(AbstractResource):
urls = ["/api/propagation-credentials/<string:guid>"] urls = ["/api/propagation-credentials"]
def get(self, guid: str): def get(self):
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid}) config = ConfigService.get_flat_config(should_decrypt=True)
ConfigService.decrypt_flat_config(monkey_json["config"])
propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config( propagation_credentials = ConfigService.get_config_propagation_credentials_from_flat_config(
monkey_json["config"] config
) )
return {"propagation_credentials": propagation_credentials} return {"propagation_credentials": propagation_credentials}

View File

@ -327,34 +327,6 @@ class ConfigService:
def encrypt_config(config): def encrypt_config(config):
ConfigService._encrypt_or_decrypt_config(config, False) ConfigService._encrypt_or_decrypt_config(config, False)
@staticmethod
def decrypt_flat_config(flat_config, is_island=False):
"""
Same as decrypt_config but for a flat configuration
"""
keys = [config_arr_as_array[-1] for config_arr_as_array in ENCRYPTED_CONFIG_VALUES]
for key in keys:
if isinstance(flat_config[key], collections.Sequence) and not isinstance(
flat_config[key], str
):
# Check if we are decrypting ssh key pair
if (
flat_config[key]
and isinstance(flat_config[key][0], dict)
and "public_key" in flat_config[key][0]
):
flat_config[key] = [
decrypt_dict(SENSITIVE_SSH_KEY_FIELDS, item) for item in flat_config[key]
]
else:
flat_config[key] = [
get_datastore_encryptor().decrypt(item) for item in flat_config[key]
]
else:
flat_config[key] = get_datastore_encryptor().decrypt(flat_config[key])
return flat_config
@staticmethod @staticmethod
def _encrypt_or_decrypt_config(config, is_decrypt=False): def _encrypt_or_decrypt_config(config, is_decrypt=False):
for config_arr_as_array in ENCRYPTED_CONFIG_VALUES: for config_arr_as_array in ENCRYPTED_CONFIG_VALUES: