def save_app_auth_info(app, info, func_name, overwrite=False): """Function to add app auth information to parameter store Args: info (dict): Required values needed to save the requested authentication information to AWS Parameter Store """ # Get all of the required authentication values from the user for this app integration auth_dict = { auth_key: user_input(info['description'], False, info['format']) for auth_key, info in app.required_auth_info().iteritems() } description = ( 'Required authentication information for the \'{}\' service for ' 'use in the \'{}\' app'.format(info['type'], info['app_name'])) # Save these to the parameter store param_name = '{}_{}'.format(func_name, AppConfig.AUTH_CONFIG_SUFFIX) saved = save_parameter(info['region'], param_name, auth_dict, description, overwrite) if saved: LOGGER.info( 'App authentication info successfully saved to parameter store.') else: LOGGER.error( 'App authentication info was not saved to parameter store.') return saved
def configure_output(options): """Configure a new output for this service Args: options (argparser): Basically a namedtuple with the service setting """ account_config = CONFIG['global']['account'] region = account_config['region'] prefix = account_config['prefix'] kms_key_alias = account_config['kms_key_alias'] # Verify that the word alias is not in the config. # It is interpolated when the API call is made. if 'alias/' in kms_key_alias: kms_key_alias = kms_key_alias.split('/')[1] # Retrieve the proper service class to handle dispatching the alerts of this services output = get_output_dispatcher(options.service, region, prefix, config_outputs.load_outputs_config()) # If an output for this service has not been defined, the error is logged # prior to this if not output: return # get dictionary of OutputProperty items to be used for user prompting props = output.get_user_defined_properties() for name, prop in props.iteritems(): # pylint: disable=protected-access props[name] = prop._replace(value=user_input( prop.description, prop.mask_input, prop.input_restrictions)) service = output.__service__ config = config_outputs.load_config(props, service) # An empty config here means this configuration already exists, # so we can ask for user input again for a unique configuration if config is False: return configure_output(options) secrets_bucket = '{}.streamalert.secrets'.format(prefix) secrets_key = output.output_cred_name(props['descriptor'].value) # Encrypt the creds and push them to S3 # then update the local output configuration with properties if config_outputs.encrypt_and_push_creds_to_s3(region, secrets_bucket, secrets_key, props, kms_key_alias): updated_config = output.format_output_config(config, props) config_outputs.update_outputs_config(config, updated_config, service) LOGGER_CLI.info( 'Successfully saved \'%s\' output configuration for service \'%s\'', props['descriptor'].value, options.service) else: LOGGER_CLI.error( 'An error occurred while saving \'%s\' ' 'output configuration for service \'%s\'', props['descriptor'].value, options.service)
def save_api_creds_info(region, overwrite=False): """Function to add API creds information to parameter store Args: info (dict): Required values needed to save the requested credentials information to AWS Parameter Store """ # Get all of the required credentials from the user for API calls required_creds = { 'api_user': { 'description': ('API username to retrieve IOCs via API calls. ' 'This should be an email address.'), 'format': re.compile(r'^[a-zA-Z].*@.*') }, 'api_key': { 'description': ('API key to retrieve IOCs via API calls. ' 'This should be a string of 40 alphanumeric characters.'), 'format': re.compile(r'^[a-zA-Z0-9]{40}$') } } creds_dict = { auth_key: user_input(info['description'], False, info['format']) for auth_key, info in required_creds.iteritems() } description = ('Required credentials for the Threat Intel Downloader') # Save these to the parameter store param_name = 'threat_intel_downloader_api_creds' saved = save_parameter(region, param_name, creds_dict, description, overwrite) if saved: LOGGER_CLI.info( 'Threat Intel Downloader credentials were successfully ' 'saved to parameter store.') else: LOGGER_CLI.error( 'Threat Intel Downloader credentials were not saved to ' 'parameter store.') return saved
def output_handler(options, config): """Configure a new output for this service Args: options (argparse.Namespace): Basically a namedtuple with the service setting Returns: bool: False if errors occurred, True otherwise """ account_config = config['global']['account'] region = account_config['region'] prefix = account_config['prefix'] kms_key_alias = account_config['kms_key_alias'] # Verify that the word alias is not in the config. # It is interpolated when the API call is made. if 'alias/' in kms_key_alias: kms_key_alias = kms_key_alias.split('/')[1] # Retrieve the proper service class to handle dispatching the alerts of this services output = StreamAlertOutput.get_dispatcher(options.service) # If an output for this service has not been defined, the error is logged # prior to this if not output: return False # get dictionary of OutputProperty items to be used for user prompting props = output.get_user_defined_properties() for name, prop in props.iteritems(): # pylint: disable=protected-access props[name] = prop._replace(value=user_input( prop.description, prop.mask_input, prop.input_restrictions)) output_config = config['outputs'] service = output.__service__ # If it exists already, ask for user input again for a unique configuration if output_exists(output_config, props, service): return output_handler(options, config) provider = OutputCredentialsProvider(service, config=config, region=region, prefix=prefix) result = provider.save_credentials(props['descriptor'].value, kms_key_alias, props) if not result: LOGGER.error( 'An error occurred while saving \'%s\' ' 'output configuration for service \'%s\'', props['descriptor'].value, options.service) return False updated_config = output.format_output_config(output_config, props) output_config[service] = updated_config config.write() LOGGER.info( 'Successfully saved \'%s\' output configuration for service \'%s\'', props['descriptor'].value, options.service) return True