def handle(self, **options): zentral_api_secret = make_secret("zentral.contrib.zendesk") for trigger_type in ("ticket", "comment"): print("TRIGGER TYPE:", trigger_type) template = self.read_template(trigger_type) template = template.replace("%ZENTRAL_API_SECRET%", zentral_api_secret) print(template)
def get(self, request, *args, **kwargs): try: mbu = MetaBusinessUnit.objects.get(pk=int(request.GET['mbu_id'])) # -> BaseInstallerPackageView # TODO Race. The meta_business_unit could maybe be without any api BU. # TODO. Better selection if multiple BU ? bu = mbu.api_enrollment_business_units()[0] except ValueError: bu = None secret = make_secret("zentral.contrib.santa", bu) debugging_tools = self.debugging_template % {'secret': secret, 'tls_hostname': settings['api']['tls_hostname']} return HttpResponse(debugging_tools)
def build_curl_command(self, manifest): business_unit = manifest.meta_business_unit.api_enrollment_business_units()[0] api_secret = make_secret('zentral.contrib.monolith', business_unit) json_payload = json.dumps(self.cleaned_data) tls_hostname = settings["api"]["tls_hostname"] path = reverse("monolith:cache_servers") # TODO: what if there is a ' in the json payload ? return ("curl -XPOST " "-H 'Zentral-API-Secret: {api_secret}' " "-d '{json_payload}' " "{tls_hostname}{path}").format(api_secret=api_secret, json_payload=json_payload, tls_hostname=tls_hostname, path=path)
def get(self, request, *args, **kwargs): try: mbu = MetaBusinessUnit.objects.get(pk=int(request.GET['mbu_id'])) # TODO Race. The meta_business_unit could maybe be without any api BU. # TODO. Better selection if multiple BU ? bu = mbu.api_enrollment_business_units()[0] except ValueError: bu = None debugging_tools = self.debugging_template % { 'path': reverse("jss:post_event", args=(make_secret("zentral.contrib.jss", bu),)), 'tls_hostname': settings['api']['tls_hostname'] } return HttpResponse(debugging_tools)
def test_re_enroll(self): machine_serial_number = get_random_string(32) # enroll machine secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"), machine_serial_number) response = self.post_as_json("enroll", {"enroll_secret": secret, "host_identifier": "godzilla"}) json_response = response.json() node_key = json_response["node_key"] # re-enroll machine response = self.post_as_json("enroll", {"enroll_secret": secret, "host_identifier": "godzilla"}) json_response = response.json() self.assertEqual(json_response["node_key"], node_key)
def test_re_enroll(self): machine_serial_number = "2130982103971203" # enroll machine secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"), machine_serial_number) response = self.post_as_json("enroll", {"enroll_secret": secret, "host_identifier": "godzilla"}) json_response = response.json() node_key = json_response["node_key"] # re-enroll machine response = self.post_as_json("enroll", {"enroll_secret": secret, "host_identifier": "godzilla"}) json_response = response.json() self.assertEqual(json_response["node_key"], node_key)
def get(self, request, *args, **kwargs): try: mbu = MetaBusinessUnit.objects.get(pk=int(request.GET['mbu_id'])) # -> BaseInstallerPackageView # TODO Race. The meta_business_unit could maybe be without any api BU. # TODO. Better selection if multiple BU ? bu = mbu.api_enrollment_business_units()[0] except (KeyError, ValueError): bu = None debugging_tools = self.debugging_template % {'config_path': reverse("osquery:config"), 'enroll_path': reverse("osquery:enroll"), 'secret': make_secret("zentral.contrib.osquery", bu), 'tls_hostname': settings['api']['tls_hostname']} return HttpResponse(debugging_tools)
def test_enroll_ok(self): machine_serial_number = "210923091238731290" machine_test_qs = MachineSnapshot.objects.filter(source__module="zentral.contrib.osquery", serial_number=machine_serial_number) # no machine self.assertEqual(machine_test_qs.count(), 0) # enroll machine secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"), machine_serial_number) response = self.post_as_json("enroll", {"enroll_secret": secret}) json_response = response.json() self.assertCountEqual(["node_key"], json_response.keys()) self.assertEqual(machine_test_qs.count(), 1) machine = machine_test_qs.all()[0] self.assertEqual(machine.reference, json_response["node_key"])
def get(self, request, *args, **kwargs): try: mbu = MetaBusinessUnit.objects.get(pk=int(request.GET['mbu_id'])) # TODO Race. The meta_business_unit could maybe be without any api BU. # TODO. Better selection if multiple BU ? bu = mbu.api_enrollment_business_units()[0] except (KeyError, ValueError): bu = None debugging_tools = self.debugging_template % { 'path': reverse("jss:post_event", args=(make_secret("zentral.contrib.jss", bu), )), 'tls_hostname': settings['api']['tls_hostname'] } return HttpResponse(debugging_tools)
def test_enroll_ok_old_way(self): # TODO: deprecate and remove machine_serial_number = get_random_string(32) machine_test_qs = MachineSnapshot.objects.filter(source__module="zentral.contrib.osquery", serial_number=machine_serial_number) # no machine self.assertEqual(machine_test_qs.count(), 0) # enroll machine secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"), machine_serial_number) response = self.post_as_json("enroll", {"enroll_secret": secret}) json_response = response.json() self.assertCountEqual(["node_key"], json_response.keys()) self.assertEqual(machine_test_qs.count(), 1) machine = machine_test_qs.all()[0] self.assertEqual(machine.reference, json_response["node_key"])
def test_enroll_ok(self): machine_serial_number = "210923091238731290" machine_test_qs = MachineSnapshot.objects.filter( source__module="zentral.contrib.osquery", serial_number=machine_serial_number) # no machine self.assertEqual(machine_test_qs.count(), 0) # enroll machine secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"), machine_serial_number) response = self.post_as_json("enroll", {"enroll_secret": secret}) json_response = response.json() self.assertCountEqual(["node_key"], json_response.keys()) self.assertEqual(machine_test_qs.count(), 1) machine = machine_test_qs.all()[0] self.assertEqual(machine.reference, json_response["node_key"])
def get(self, request, *args, **kwargs): try: mbu = MetaBusinessUnit.objects.get(pk=int(request.GET["mbu_id"])) # -> BaseInstallerPackageView # TODO Race. The meta_business_unit could maybe be without any api BU. # TODO. Better selection if multiple BU ? bu = mbu.api_enrollment_business_units()[0] except (KeyError, ValueError): bu = None debugging_tools = self.debugging_template % { "config_path": reverse("osquery:config"), "enroll_path": reverse("osquery:enroll"), "secret": make_secret("zentral.contrib.osquery", bu), "tls_hostname": settings["api"]["tls_hostname"], } return HttpResponse(debugging_tools)
def test_enroll_with_host_identifier_ok(self): machine_serial_number = get_random_string(32) machine_test_qs = MachineSnapshot.objects.filter(source__module="zentral.contrib.osquery", serial_number=machine_serial_number) # no machine self.assertEqual(machine_test_qs.count(), 0) # enroll machine secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"), machine_serial_number) response = self.post_as_json("enroll", {"enroll_secret": secret, "host_identifier": "godzilla"}) json_response = response.json() self.assertCountEqual(["node_key"], json_response.keys()) self.assertEqual(machine_test_qs.count(), 1) machine = machine_test_qs.all()[0] self.assertEqual(machine.reference, json_response["node_key"]) self.assertEqual(machine.system_info.computer_name, "godzilla")
def setUpTestData(cls): cls.configuration = Configuration.objects.create( name=get_random_string(256)) cls.meta_business_unit = MetaBusinessUnit.objects.create( name=get_random_string(64)) cls.enrollment_secret = EnrollmentSecret.objects.create( meta_business_unit=cls.meta_business_unit) cls.enrollment = Enrollment.objects.create( configuration=cls.configuration, secret=cls.enrollment_secret) cls.machine_serial_number = get_random_string(64) cls.enrolled_machine = EnrolledMachine.objects.create( enrollment=cls.enrollment, serial_number=cls.machine_serial_number, machine_id=get_random_string(64)) cls.business_unit = cls.meta_business_unit.create_enrollment_business_unit( ) cls.api_secret = "{}$SERIAL${}".format( make_secret("zentral.contrib.santa", cls.business_unit), cls.machine_serial_number)
def enroll_machine(self, machine_serial_number): secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"), machine_serial_number) response = self.post_as_json("enroll", {"enroll_secret": secret}) json_response = response.json() return json_response["node_key"]
def test_enroll_not_machine_serial_number(self): secret = make_secret("zentral.contrib.osquery") response = self.post_as_json("enroll", {"enroll_secret": secret}) self.assertEqual(response.status_code, 400)
def test_enroll_enroll_secret_bad_module(self): secret = make_secret("zentral.inexisting.module") response = self.post_as_json("enroll", {"enroll_secret": secret}) self.assertContains(response, "Invalid module", status_code=403)
def get_context_data(self, **kwargs): context = super(WebHookView, self).get_context_data(**kwargs) context['monolith'] = True context['api_host'] = self.request.get_host() context['api_secret'] = make_secret('zentral.contrib.monolith') return context
def test_secret_bad_module(self): secret = make_secret("zentral.inexisting.module") response = self.post_as_json(secret, PAYLOAD) self.assertContains(response, "Invalid module", status_code=403)
def test_ok(self): secret = make_secret("zentral.contrib.jss") response = self.post_as_json(secret, PAYLOAD) self.assertEqual(response.status_code, 200)
def test_enroll_enroll_secret_bad_module_old_way(self): # TODO: deprecate and remove secret = "{}$SERIAL${}".format( make_secret("zentral.inexisting.module"), get_random_string(32)) response = self.post_as_json("enroll", {"enroll_secret": secret}) self.assertContains(response, "Invalid module", status_code=403)
def make_api_secret(self): machine_serial_number = get_random_string(32) api_secret = "{}$SERIAL${}".format( make_secret("zentral.contrib.munki", self.business_unit), machine_serial_number) return machine_serial_number, api_secret
def make_api_secret(self): return make_secret(self.zentral_module, self.business_unit)