def handle(self, **options):
zentral_api_secret = make_secret("zentral.contrib.zendesk")
for trigger_type in ("ticket", "comment"):
print("TRIGGER TYPE:", trigger_type)
template = self.read_template(trigger_type)
template = template.replace("%ZENTRAL_API_SECRET%", zentral_api_secret)
print(template)
def get(self, request, *args, **kwargs):
try:
mbu = MetaBusinessUnit.objects.get(pk=int(request.GET['mbu_id']))
# -> BaseInstallerPackageView
# TODO Race. The meta_business_unit could maybe be without any api BU.
# TODO. Better selection if multiple BU ?
bu = mbu.api_enrollment_business_units()[0]
except ValueError:
bu = None
secret = make_secret("zentral.contrib.santa", bu)
debugging_tools = self.debugging_template % {'secret': secret,
'tls_hostname': settings['api']['tls_hostname']}
return HttpResponse(debugging_tools)
def build_curl_command(self, manifest):
business_unit = manifest.meta_business_unit.api_enrollment_business_units()[0]
api_secret = make_secret('zentral.contrib.monolith', business_unit)
json_payload = json.dumps(self.cleaned_data)
tls_hostname = settings["api"]["tls_hostname"]
path = reverse("monolith:cache_servers")
# TODO: what if there is a ' in the json payload ?
return ("curl -XPOST "
"-H 'Zentral-API-Secret: {api_secret}' "
"-d '{json_payload}' "
"{tls_hostname}{path}").format(api_secret=api_secret,
json_payload=json_payload,
tls_hostname=tls_hostname,
path=path)
def get(self, request, *args, **kwargs):
try:
mbu = MetaBusinessUnit.objects.get(pk=int(request.GET['mbu_id']))
# TODO Race. The meta_business_unit could maybe be without any api BU.
# TODO. Better selection if multiple BU ?
bu = mbu.api_enrollment_business_units()[0]
except ValueError:
bu = None
debugging_tools = self.debugging_template % {
'path': reverse("jss:post_event",
args=(make_secret("zentral.contrib.jss", bu),)),
'tls_hostname': settings['api']['tls_hostname']
}
return HttpResponse(debugging_tools)
def test_re_enroll(self):
machine_serial_number = get_random_string(32)
# enroll machine
secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"),
machine_serial_number)
response = self.post_as_json("enroll", {"enroll_secret": secret,
"host_identifier": "godzilla"})
json_response = response.json()
node_key = json_response["node_key"]
# re-enroll machine
response = self.post_as_json("enroll", {"enroll_secret": secret,
"host_identifier": "godzilla"})
json_response = response.json()
self.assertEqual(json_response["node_key"], node_key)
def test_re_enroll(self):
machine_serial_number = "2130982103971203"
# enroll machine
secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"),
machine_serial_number)
response = self.post_as_json("enroll", {"enroll_secret": secret,
"host_identifier": "godzilla"})
json_response = response.json()
node_key = json_response["node_key"]
# re-enroll machine
response = self.post_as_json("enroll", {"enroll_secret": secret,
"host_identifier": "godzilla"})
json_response = response.json()
self.assertEqual(json_response["node_key"], node_key)
def get(self, request, *args, **kwargs):
try:
mbu = MetaBusinessUnit.objects.get(pk=int(request.GET['mbu_id']))
# -> BaseInstallerPackageView
# TODO Race. The meta_business_unit could maybe be without any api BU.
# TODO. Better selection if multiple BU ?
bu = mbu.api_enrollment_business_units()[0]
except (KeyError, ValueError):
bu = None
debugging_tools = self.debugging_template % {'config_path': reverse("osquery:config"),
'enroll_path': reverse("osquery:enroll"),
'secret': make_secret("zentral.contrib.osquery", bu),
'tls_hostname': settings['api']['tls_hostname']}
return HttpResponse(debugging_tools)
def test_enroll_ok(self):
machine_serial_number = "210923091238731290"
machine_test_qs = MachineSnapshot.objects.filter(source__module="zentral.contrib.osquery",
serial_number=machine_serial_number)
# no machine
self.assertEqual(machine_test_qs.count(), 0)
# enroll machine
secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"),
machine_serial_number)
response = self.post_as_json("enroll", {"enroll_secret": secret})
json_response = response.json()
self.assertCountEqual(["node_key"], json_response.keys())
self.assertEqual(machine_test_qs.count(), 1)
machine = machine_test_qs.all()[0]
self.assertEqual(machine.reference, json_response["node_key"])
def get(self, request, *args, **kwargs):
try:
mbu = MetaBusinessUnit.objects.get(pk=int(request.GET['mbu_id']))
# TODO Race. The meta_business_unit could maybe be without any api BU.
# TODO. Better selection if multiple BU ?
bu = mbu.api_enrollment_business_units()[0]
except (KeyError, ValueError):
bu = None
debugging_tools = self.debugging_template % {
'path':
reverse("jss:post_event",
args=(make_secret("zentral.contrib.jss", bu), )),
'tls_hostname':
settings['api']['tls_hostname']
}
return HttpResponse(debugging_tools)
def test_enroll_ok_old_way(self):
# TODO: deprecate and remove
machine_serial_number = get_random_string(32)
machine_test_qs = MachineSnapshot.objects.filter(source__module="zentral.contrib.osquery",
serial_number=machine_serial_number)
# no machine
self.assertEqual(machine_test_qs.count(), 0)
# enroll machine
secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"),
machine_serial_number)
response = self.post_as_json("enroll", {"enroll_secret": secret})
json_response = response.json()
self.assertCountEqual(["node_key"], json_response.keys())
self.assertEqual(machine_test_qs.count(), 1)
machine = machine_test_qs.all()[0]
self.assertEqual(machine.reference, json_response["node_key"])
def test_enroll_ok(self):
machine_serial_number = "210923091238731290"
machine_test_qs = MachineSnapshot.objects.filter(
source__module="zentral.contrib.osquery",
serial_number=machine_serial_number)
# no machine
self.assertEqual(machine_test_qs.count(), 0)
# enroll machine
secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"),
machine_serial_number)
response = self.post_as_json("enroll", {"enroll_secret": secret})
json_response = response.json()
self.assertCountEqual(["node_key"], json_response.keys())
self.assertEqual(machine_test_qs.count(), 1)
machine = machine_test_qs.all()[0]
self.assertEqual(machine.reference, json_response["node_key"])
def get(self, request, *args, **kwargs):
try:
mbu = MetaBusinessUnit.objects.get(pk=int(request.GET["mbu_id"]))
# -> BaseInstallerPackageView
# TODO Race. The meta_business_unit could maybe be without any api BU.
# TODO. Better selection if multiple BU ?
bu = mbu.api_enrollment_business_units()[0]
except (KeyError, ValueError):
bu = None
debugging_tools = self.debugging_template % {
"config_path": reverse("osquery:config"),
"enroll_path": reverse("osquery:enroll"),
"secret": make_secret("zentral.contrib.osquery", bu),
"tls_hostname": settings["api"]["tls_hostname"],
}
return HttpResponse(debugging_tools)
def test_enroll_with_host_identifier_ok(self):
machine_serial_number = get_random_string(32)
machine_test_qs = MachineSnapshot.objects.filter(source__module="zentral.contrib.osquery",
serial_number=machine_serial_number)
# no machine
self.assertEqual(machine_test_qs.count(), 0)
# enroll machine
secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"),
machine_serial_number)
response = self.post_as_json("enroll", {"enroll_secret": secret,
"host_identifier": "godzilla"})
json_response = response.json()
self.assertCountEqual(["node_key"], json_response.keys())
self.assertEqual(machine_test_qs.count(), 1)
machine = machine_test_qs.all()[0]
self.assertEqual(machine.reference, json_response["node_key"])
self.assertEqual(machine.system_info.computer_name, "godzilla")
def setUpTestData(cls):
cls.configuration = Configuration.objects.create(
name=get_random_string(256))
cls.meta_business_unit = MetaBusinessUnit.objects.create(
name=get_random_string(64))
cls.enrollment_secret = EnrollmentSecret.objects.create(
meta_business_unit=cls.meta_business_unit)
cls.enrollment = Enrollment.objects.create(
configuration=cls.configuration, secret=cls.enrollment_secret)
cls.machine_serial_number = get_random_string(64)
cls.enrolled_machine = EnrolledMachine.objects.create(
enrollment=cls.enrollment,
serial_number=cls.machine_serial_number,
machine_id=get_random_string(64))
cls.business_unit = cls.meta_business_unit.create_enrollment_business_unit(
)
cls.api_secret = "{}$SERIAL${}".format(
make_secret("zentral.contrib.santa", cls.business_unit),
cls.machine_serial_number)
def enroll_machine(self, machine_serial_number):
secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"),
machine_serial_number)
response = self.post_as_json("enroll", {"enroll_secret": secret})
json_response = response.json()
return json_response["node_key"]
def test_enroll_not_machine_serial_number(self):
secret = make_secret("zentral.contrib.osquery")
response = self.post_as_json("enroll", {"enroll_secret": secret})
self.assertEqual(response.status_code, 400)
def test_enroll_enroll_secret_bad_module(self):
secret = make_secret("zentral.inexisting.module")
response = self.post_as_json("enroll", {"enroll_secret": secret})
self.assertContains(response, "Invalid module", status_code=403)
def enroll_machine(self, machine_serial_number):
secret = "{}$SERIAL${}".format(make_secret("zentral.contrib.osquery"),
machine_serial_number)
response = self.post_as_json("enroll", {"enroll_secret": secret})
json_response = response.json()
return json_response["node_key"]
def get_context_data(self, **kwargs):
context = super(WebHookView, self).get_context_data(**kwargs)
context['monolith'] = True
context['api_host'] = self.request.get_host()
context['api_secret'] = make_secret('zentral.contrib.monolith')
return context
def test_secret_bad_module(self):
secret = make_secret("zentral.inexisting.module")
response = self.post_as_json(secret, PAYLOAD)
self.assertContains(response, "Invalid module", status_code=403)
def test_ok(self):
secret = make_secret("zentral.contrib.jss")
response = self.post_as_json(secret, PAYLOAD)
self.assertEqual(response.status_code, 200)
def test_enroll_enroll_secret_bad_module_old_way(self):
# TODO: deprecate and remove
secret = "{}$SERIAL${}".format(
make_secret("zentral.inexisting.module"), get_random_string(32))
response = self.post_as_json("enroll", {"enroll_secret": secret})
self.assertContains(response, "Invalid module", status_code=403)
def make_api_secret(self):
machine_serial_number = get_random_string(32)
api_secret = "{}$SERIAL${}".format(
make_secret("zentral.contrib.munki", self.business_unit),
machine_serial_number)
return machine_serial_number, api_secret
def test_enroll_enroll_secret_bad_module(self):
secret = make_secret("zentral.inexisting.module")
response = self.post_as_json("enroll", {"enroll_secret": secret})
self.assertContains(response, "Invalid module", status_code=403)
def make_api_secret(self):
return make_secret(self.zentral_module, self.business_unit)
def test_enroll_not_machine_serial_number(self):
secret = make_secret("zentral.contrib.osquery")
response = self.post_as_json("enroll", {"enroll_secret": secret})
self.assertEqual(response.status_code, 400)
