diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py index ead2ec327..d7a8227fb 100644 --- a/monkey/monkey_island/cc/app.py +++ b/monkey/monkey_island/cc/app.py @@ -46,8 +46,6 @@ from monkey_island.cc.resources.telemetry import Telemetry from monkey_island.cc.resources.telemetry_feed import TelemetryFeed from monkey_island.cc.resources.version_update import VersionUpdate from monkey_island.cc.resources.zero_trust.finding_event import ZeroTrustFindingEvent -from monkey_island.cc.resources.zero_trust.scoutsuite_auth.aws_keys import AWSKeys -from monkey_island.cc.resources.zero_trust.scoutsuite_auth.scoutsuite_auth import ScoutSuiteAuth from monkey_island.cc.resources.zero_trust.zero_trust_report import ZeroTrustReport from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH from monkey_island.cc.server_utils.custom_json_encoder import CustomJSONEncoder @@ -168,8 +166,6 @@ def init_api_resources(api): api.add_resource(VersionUpdate, "/api/version-update") api.add_resource(StopAgentCheck, "/api/monkey_control/needs-to-stop/") api.add_resource(StopAllAgents, "/api/monkey_control/stop-all-agents") - api.add_resource(ScoutSuiteAuth, "/api/scoutsuite_auth/") - api.add_resource(AWSKeys, "/api/aws_keys") # Resources used by black box tests api.add_resource(MonkeyBlackboxEndpoint, "/api/test/monkey") diff --git a/monkey/monkey_island/cc/resources/zero_trust/scoutsuite_auth/aws_keys.py b/monkey/monkey_island/cc/resources/zero_trust/scoutsuite_auth/aws_keys.py deleted file mode 100644 index 174e02843..000000000 --- a/monkey/monkey_island/cc/resources/zero_trust/scoutsuite_auth/aws_keys.py +++ /dev/null @@ -1,10 +0,0 @@ -import flask_restful - -from monkey_island.cc.resources.auth.auth import jwt_required -from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import get_aws_keys - - -class AWSKeys(flask_restful.Resource): - @jwt_required - def get(self): - return get_aws_keys() diff --git a/monkey/monkey_island/cc/resources/zero_trust/scoutsuite_auth/scoutsuite_auth.py b/monkey/monkey_island/cc/resources/zero_trust/scoutsuite_auth/scoutsuite_auth.py deleted file mode 100644 index 5197b1972..000000000 --- a/monkey/monkey_island/cc/resources/zero_trust/scoutsuite_auth/scoutsuite_auth.py +++ /dev/null @@ -1,37 +0,0 @@ -import json - -import flask_restful -from flask import request - -from common.cloud.scoutsuite_consts import CloudProviders -from common.utils.exceptions import InvalidAWSKeys -from monkey_island.cc.resources.auth.auth import jwt_required -from monkey_island.cc.services.zero_trust.scoutsuite.scoutsuite_auth_service import ( - is_cloud_authentication_setup, - set_aws_keys, -) - - -class ScoutSuiteAuth(flask_restful.Resource): - @jwt_required - def get(self, provider: CloudProviders): - if provider == CloudProviders.AWS.value: - is_setup, message = is_cloud_authentication_setup(provider) - return {"is_setup": is_setup, "message": message} - else: - return {"is_setup": False, "message": ""} - - @jwt_required - def post(self, provider: CloudProviders): - key_info = json.loads(request.data) - error_msg = "" - if provider == CloudProviders.AWS.value: - try: - set_aws_keys( - access_key_id=key_info["accessKeyId"], - secret_access_key=key_info["secretAccessKey"], - session_token=key_info["sessionToken"], - ) - except InvalidAWSKeys as e: - error_msg = str(e) - return {"error_msg": error_msg} diff --git a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py b/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py deleted file mode 100644 index b54b3252c..000000000 --- a/monkey/monkey_island/cc/services/zero_trust/scoutsuite/scoutsuite_auth_service.py +++ /dev/null @@ -1,58 +0,0 @@ -from typing import Tuple - -from ScoutSuite.providers.base.authentication_strategy import AuthenticationException - -from common.cloud.scoutsuite_consts import CloudProviders -from common.config_value_paths import AWS_KEYS_PATH -from common.utils.exceptions import InvalidAWSKeys -from monkey_island.cc.server_utils.encryption import get_datastore_encryptor -from monkey_island.cc.services.config import ConfigService - - -def is_cloud_authentication_setup(provider: CloudProviders) -> Tuple[bool, str]: - if provider == CloudProviders.AWS.value: - if is_aws_keys_setup(): - return True, "AWS keys already setup." - - import ScoutSuite.providers.aws.authentication_strategy as auth_strategy - - try: - profile = auth_strategy.AWSAuthenticationStrategy().authenticate() - return True, f' Profile "{profile.session.profile_name}" is already setup. ' - except AuthenticationException: - return False, "" - - -def is_aws_keys_setup(): - return ConfigService.get_config_value( - AWS_KEYS_PATH + ["aws_access_key_id"] - ) and ConfigService.get_config_value(AWS_KEYS_PATH + ["aws_secret_access_key"]) - - -def set_aws_keys(access_key_id: str, secret_access_key: str, session_token: str): - if not access_key_id or not secret_access_key: - raise InvalidAWSKeys( - "Missing some of the following fields: access key ID, secret access key." - ) - _set_aws_key("aws_access_key_id", access_key_id) - _set_aws_key("aws_secret_access_key", secret_access_key) - _set_aws_key("aws_session_token", session_token) - - -def _set_aws_key(key_type: str, key_value: str): - path_to_keys = AWS_KEYS_PATH - encrypted_key = get_datastore_encryptor().encrypt(key_value) - ConfigService.set_config_value(path_to_keys + [key_type], encrypted_key) - - -def get_aws_keys(): - return { - "access_key_id": _get_aws_key("aws_access_key_id"), - "secret_access_key": _get_aws_key("aws_secret_access_key"), - "session_token": _get_aws_key("aws_session_token"), - } - - -def _get_aws_key(key_type: str): - path_to_keys = AWS_KEYS_PATH - return ConfigService.get_config_value(config_key_as_arr=path_to_keys + [key_type])