def serviceAny_TestBadObjectAuth(self):
# Should also test bad direct auth in the authentication class
falcon = CloudConnectAWS(auth_object=OAuth2())
result = falcon.QueryAWSAccounts()
if result["status_code"] in AllowedResponses:
return True
else:
return False
def serviceCCAWS_AuthWithObject(self):
falconWithObject = CloudConnectAWS(auth_object=FalconAuth.OAuth2(creds={
'client_id': auth.config["falcon_client_id"],
'client_secret': auth.config["falcon_client_secret"]
}, base_url=auth.config["falcon_base_url"]))
check = falconWithObject.auth_object.token()
if check["status_code"] == 429:
pytest.skip("Rate limit hit")
return falconWithObject.authenticated()
def serviceAny_TestStaleObjectAuth(self):
falcon = CloudConnectAWS(auth_object=OAuth2(creds={"client_id": auth.config["falcon_client_id"],
"client_secret": auth.config["falcon_client_secret"]
}
))
result = falcon.QueryAWSAccounts()
if result["status_code"] in AllowedResponses:
return True
else:
return False
def serviceAny_TestObjectAuth(self):
# Should also test direct auth in the authentication class
auth_obj = OAuth2(client_id=auth.config["falcon_client_id"],
client_secret=auth.config["falcon_client_secret"]
)
auth_obj.token()
# While we're at it, test user_agent override
falcon = CloudConnectAWS(auth_object=auth_obj, user_agent=f"{_TITLE}/{str(_VERSION)}")
result = falcon.QueryAWSAccounts()
if result["status_code"] in AllowedResponses:
return True
else:
return False
def serviceAny_forceGovCloudAutoSelectFailure(self):
falcon = OAuth2(client_id=os.environ["CROSS_DEBUG_KEY"],
client_secret=os.environ["CROSS_DEBUG_SECRET"],
base_url="usgov1"
)
result = falcon.token()
if result["status_code"] == 201:
falcon = APIHarness(client_id=os.environ["CROSS_DEBUG_KEY"],
client_secret=os.environ["CROSS_DEBUG_SECRET"],
base_url="usgov1"
)
t_creds = {
"client_id": os.environ["CROSS_DEBUG_KEY"],
"client_secret": os.environ["CROSS_DEBUG_SECRET"],
}
result = falcon.command("oauth2AccessToken", data=t_creds, base_url="usgov1")
if result["status_code"] == 201:
falcon = CloudConnectAWS(client_id=os.environ["CROSS_DEBUG_KEY"],
client_secret=os.environ["CROSS_DEBUG_SECRET"],
base_url="usgov1"
)
result = falcon.auth_object.token()
if result["status_code"] == 429:
pytest.skip("Rate limit hit")
if result["status_code"] == 201:
return True
else:
return False
else:
return False
else:
return False
def timeout_test(self):
falcon = CloudConnectAWS(creds={
'client_id':
auth.config["falcon_client_id"],
'client_secret':
auth.config["falcon_client_secret"]
},
base_url=auth.config["falcon_base_url"])
success = False
result = falcon.QueryAWSAccounts()
if result['status_code'] in AllowedResponses:
success = True
else:
if auth.authorization.base_url == "https://api.laggar.gcw.crowdstrike.com":
pytest.skip("GovCloud rate limit met")
return success
def serviceCCAWS_RefreshToken(self):
falconWithObject = CloudConnectAWS(auth_object=FalconAuth.OAuth2(creds={
'client_id': auth.config["falcon_client_id"],
'client_secret': auth.config["falcon_client_secret"]
}, base_url=auth.config["falcon_base_url"]))
check = falconWithObject.auth_object.token()
if check["status_code"] == 429:
pytest.skip("Rate limit hit")
if not falconWithObject.token_expired():
falconWithObject.auth_object.token_expiration = 0 # Forcibly expire the current token
if falconWithObject.QueryAWSAccounts(parameters={"limit": 1})["status_code"] in AllowedResponses:
return True
else:
return False
else:
return False
def timeout_standard(self):
falconStandardFail = CloudConnectAWS(
creds={
'client_id': auth.config["falcon_client_id"],
'client_secret': auth.config["falcon_client_secret"]
},
timeout=.001,
base_url=auth.config["falcon_base_url"])
success = False
result = falconStandardFail.QueryAWSAccounts()
if result["status_code"] == 429:
pytest.skip("Rate limit hit")
if result['status_code'] in AllowedResponses:
if "connect timeout" in result["body"]["errors"][0]["message"]:
success = True
else:
if auth.authorization.base_url == "https://api.laggar.gcw.crowdstrike.com":
pytest.skip("GovCloud rate limit met")
return success
def serviceCCAWS_InvalidPayloads(self):
result = True
falconWithObject = CloudConnectAWS(auth_object=FalconAuth.OAuth2(creds={
'client_id': auth.config["falcon_client_id"],
'client_secret': auth.config["falcon_client_secret"]
}, base_url=auth.config["falcon_base_url"]))
check = falconWithObject.auth_object.token()
if check["status_code"] == 429:
pytest.skip("Rate limit hit")
if not falconWithObject.QueryAWSAccounts(parameters={"limite": 1})["status_code"] in AllowedResponses:
result = False
if not falconWithObject.QueryAWSAccounts(parameters={"limit": "1"})["status_code"] in AllowedResponses:
result = False
if falconWithObject.UpdateAWSAccounts(body={"resource": "I'm gonna go Boom!"})["status_code"] != 400:
result = False
if falconWithObject.UpdateAWSAccounts(body={"resources": {"id": "I'm gonna go Boom!"}})["status_code"] != 400:
result = False
return result
def lambda_handler(event, context):
try:
response_data = {}
logger.info('Event = {}'.format(event))
FalconClientId = event['ResourceProperties']['FalconClientId']
FalconSecret = event['ResouceProperties']['FalconSecret']
falcon = CloudConnectAWS(
client_id=FalconClientId,
client_secret=FalconSecret,
base_url=CrowdStrikeCloud # Only necessary for GovCloud
)
if event['RequestType'] in ['Create']:
external_id = event['ResourceProperties']['ExternalID']
api_message = format_notification_message(external_id)
try:
delay = float(delay_timer)
except Exception as e:
logger.info('cant convert delay_timer type {} error {}'.format(
type(delay_timer), e))
delay = 60
logger.info(
'Got ARN of Role Pausing for {} seconds for role setup'.format(
delay))
time.sleep(delay)
register_result = register_falcon_discover_account(
api_message, falcon)
logger.info(
'Account registration result: {}'.format(register_result))
if register_result:
cfnresponse_send(event, context, SUCCESS, register_result,
"CustomResourcePhysicalID")
else:
cfnresponse_send(event, context, FAILED, register_result,
"CustomResourcePhysicalID")
elif event['RequestType'] in ['Update']:
logger.info('Event = ' + event['RequestType'])
external_id = event['ResourceProperties']['ExternalID']
api_message = format_notification_message(external_id)
register_result = update_falcon_discover_account(
api_message, falcon)
logger.info('Account update result: {}'.format(register_result))
if register_result:
cfnresponse_send(event, context, SUCCESS,
"CustomResourcePhysicalID")
else:
cfnresponse_send(event, context, FAILED,
"CustomResourcePhysicalID")
logger.info('Event = ' + event['RequestType'])
cfnresponse_send(event, context, 'SUCCESS',
"CustomResourcePhysicalID")
elif event['RequestType'] in ['Delete']:
logger.info('Event = ' + event['RequestType'])
external_id = event['ResourceProperties']['ExternalID']
api_message = format_notification_message(external_id)
result = delete_falcon_discover_account(api_message, falcon)
if result:
logger.info(
'Successfully deleted account in Falcon Discover portal')
else:
logger.info(
'Failed to delete account in Falcon Discover portal')
response_data["Status"] = "Success"
cfnresponse_send(event, context, 'SUCCESS', response_data,
"CustomResourcePhysicalID")
except Exception as e:
logger.error(e)
response_data = {}
response_data["Status"] = str(e)
cfnresponse_send(event, context, 'FAILED', response_data,
"CustomResourcePhysicalID")
import sys
import pytest
# Authentication via the test_authorization.py
from tests import test_authorization as Authorization
# Import our sibling src folder into the path
sys.path.append(os.path.abspath('src'))
# Classes to test - manually imported from sibling folder
from falconpy import CloudConnectAWS
from falconpy import oauth2 as FalconAuth
from falconpy._util import service_request
auth = Authorization.TestAuthorization()
config = auth.getConfigObject()
falcon = CloudConnectAWS(auth_object=config)
AllowedResponses = [200, 201, 404, 429] # Adding rate-limiting as an allowed response for now
accountPayload = {
"resources": [
{
"rate_limit_reqs": 0,
"rate_limit_time": 0
}
]
}
falconWithCreds = None
falconWithObject = None
class TestCloudConnectAWS:
def serviceCCAWS_AuthWithCreds(self):
parser.error(f"The {command} command is not recognized.")
# These globals exist for all requests
falcon_client_id = args.falcon_client_id
falcon_client_secret = args.falcon_client_secret
log_enabled = args.log_enabled
if args.query_limit is None:
QUERY_LIMIT = 100
else:
QUERY_LIMIT = args.query_limit
# =============== MAIN ROUTINE
# Authenticate using our provided falcon client_id and client_secret
auth = OAuth2(client_id=falcon_client_id, client_secret=falcon_client_secret)
# Connect using our token and return an instance of the API gateway object
falcon_discover = CloudConnectAWS(auth_object=auth)
try:
# Execute the requested command
if command.lower() == "delete":
delete_account()
elif command.lower() == "register":
register_account()
elif command.lower() == "update":
update_account()
else:
check_account()
except Exception as e:
# Handle any previously unhandled errors
print("Command failed with error: {}.".format(str(e)))
falcon_client_secret = args.falcon_client_secret
if not args.crowdstrike_cloud:
CLOUD_URL = "US1"
else:
CLOUD_URL = args.crowdstrike_cloud
log_enabled = args.log_enabled
if not args.query_limit:
QUERY_LIMIT = 100
else:
QUERY_LIMIT = args.query_limit
# ############## MAIN ROUTINE
# Connect to the API using our provided falcon client_id and client_secret
try:
falcon = CloudConnectAWS(client_id=falcon_client_id,
client_secret=falcon_client_secret,
base_url=CLOUD_URL)
except Exception as err: # noqa: E722 pylint: disable=W0703
# We can't communicate with the endpoint
print(f"Unable to communicate with API: {str(err)}")
# Authenticate
if falcon.auth_object.token()["status_code"] == 201:
try:
# Execute the command by calling the named function
if command.lower() == "check":
check_account()
if command.lower() == "update":
update_account()
if command.lower() == "register":
register_account()
if command.lower() == "delete":
