def _panorama_get_addresses_function(self, event, *args, **kwargs): """Function: Panorama get addresses returns a list of the address objects""" try: yield StatusMessage("Getting list of addresses") rp = ResultPayload("fn_pa_panorama", **kwargs) # Get the function parameters: location = self.get_select_param( kwargs.get("panorama_location")) # select vsys = kwargs.get("panorama_vsys") # text # Log inputs if location is None: raise ValueError("panorama_location needs to be set.") log.info("panorama_location: {}".format(location)) log.info("panorama_vsys: {}".format(vsys)) panorama_util = PanoramaClient(self.opts, location, vsys) response = panorama_util.get_addresses() yield StatusMessage("{} addresses returned.".format( response["result"]["@count"])) results = rp.done(True, response) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)
def _utilities_base64_to_attachment_function(self, event, *args, **kwargs): """Function: Creates a new attachment from a base64 string.""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] # Get the function parameters: base64content = kwargs.get("base64content") # text incident_id = kwargs.get("incident_id") # number task_id = kwargs.get("task_id") # number file_name = kwargs.get("file_name") # text content_type = kwargs.get("content_type") # text log = logging.getLogger(__name__) log.info("base64content: %s", base64content) log.info("incident_id: %s", incident_id) log.info("task_id: %s", task_id) log.info("file_name: %s", file_name) log.info("content_type: %s", content_type) # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE # yield StatusMessage("starting...") # yield StatusMessage("done...") results = {"value": "xyz"} # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _mitre_tactic_information_function(self, event, *args, **kwargs): """Function: Get information about MITRE tactic""" try: # Get the function parameters: mitre_tactic_id = kwargs.get("mitre_tactic_id") # text mitre_tactic_name = kwargs.get("mitre_tactic_name") # text log = logging.getLogger(__name__) log.info("mitre_tactic_id: %s", mitre_tactic_id) log.info("mitre_tactic_name: %s", mitre_tactic_name) yield StatusMessage("starting...") yield StatusMessage("query MITRE STIX TAXII server, and it can take several minutes....") tactics = mitre_attack_utils.get_techniques(tactic_names=mitre_tactic_name, tactic_ids=mitre_tactic_id) yield StatusMessage("done...") results = { "mitre_tactics": tactics } # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: log.exception(str(e)) yield FunctionError()
def _utilities_json2html_function(self, event, *args, **kwargs): """Function: Produces an HTML representation of JSON data. All data is converted into tables of key / value pairs or lists. Provide an optional parameter `json2html_keys` to limit the JSON data to display.""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"]["workflow_instance_id"] yield StatusMessage("Starting 'utilities_json2html' running in workflow '{0}'".format(wf_instance_id)) # Get the function parameters: json2html_data = kwargs.get("json2html_data") # text json2html_keys = kwargs.get("json2html_keys") # text log = logging.getLogger(__name__) log.info("json2html_data: %s", json2html_data) log.info("json2html_keys: %s", json2html_keys) ############################################## # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE # ############################################## yield StatusMessage("Finished 'utilities_json2html' that was running in workflow '{0}'".format(wf_instance_id)) results = { "content": "xyz" } # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _fn_sep_get_file_content_as_base64_function(self, event, *args, **kwargs): """Function: Get the contents of an uploaded binary file, in base64 format.""" try: params = transform_kwargs(kwargs) if kwargs else {} # Instantiate result payload object. rp = ResultPayload(CONFIG_DATA_SECTION, **kwargs) # Get the function parameters: sep_file_id = kwargs.get("sep_file_id") # text LOG.info("sep_file_id: %s", sep_file_id) validate_fields(["sep_file_id"], kwargs) yield StatusMessage("Running Symantec SEP Get File Content as Base64 ...") sep = Sepclient(self.options, params) rtn = base64.b64encode(sep.get_file_content(**params)).decode("utf-8") results = rp.done(True, rtn) yield StatusMessage("Returning 'Symantec SEP Get File Content as Base64' results") LOG.debug(json.dumps(results["content"])) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: LOG.exception("Exception in Resilient Function for Symantec SEP.") yield FunctionError()
def _qradar_find_reference_sets_function(self, event, *args, **kwargs): """Function: Find reference sets that contain a given item value, together with information about this item in those reference sets. Information includes whether this item is added to the reference set manually or by a rule.""" try: # Get the function parameters: qradar_reference_set_item_value = kwargs.get("qradar_reference_set_item_value") # text log = logging.getLogger(__name__) log.info("qradar_reference_set_item_value: %s", qradar_reference_set_item_value) qradar_verify_cert = True if "verify_cert" in self.options and self.options["verify_cert"] == "false": qradar_verify_cert = False log.debug("Connection to {} using {}".format(self.options["host"], self.options["username"])) yield StatusMessage("starting...") qradar_client = QRadarClient(host=self.options["host"], username=self.options.get("username", None), password=self.options.get("qradarpassword", None), token=self.options.get("qradartoken", None), cafile=qradar_verify_cert) r_items = qradar_client.find_all_ref_set_contains(qradar_reference_set_item_value) yield StatusMessage("done...") results = { "reference_items": r_items } # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: log.exception(e) yield FunctionError()
def _utilities_xml_transformation_function(self, event, *args, **kwargs): """Function: Transforms an XML document using a preexisting `xsl` stylesheet. The resulting content is returned.""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] # Get the function parameters: xml_source = kwargs.get("xml_source") # text xml_stylesheet = kwargs.get("xml_stylesheet") # text log = logging.getLogger(__name__) log.info("xml_source: %s", xml_source) log.info("xml_stylesheet: %s", xml_stylesheet) # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE # yield StatusMessage("starting...") # yield StatusMessage("done...") results = {"value": "xyz"} # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _mock_function_two_function(self, event, *args, **kwargs): """Function: mock description two""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] # Get the function parameters: mock_field_one = kwargs.get("mock_field_one") # text mock_field_two = kwargs.get("mock_field_two") # number log = logging.getLogger(__name__) log.info("mock_field_one: %s", mock_field_one) log.info("mock_field_two: %s", mock_field_two) # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE # yield StatusMessage("starting...") # yield StatusMessage("done...") results = {"value": "xyz"} # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _event_function(self, event, *args, **kwargs): """Function: This is a function implementation that uses the Cisco API to post a Malware event""" try: rp = ResultPayload(SECTION_NAME, **kwargs) url = '/'.join((self.options['url'], 'events?customerKey={}')) url = url.format(self.apikey) self.log.debug(url) data, cisco_dstdomain = self.createdataobject(kwargs) rc = RequestsCommon(self.opts, self.options) content, msg = rc.execute_call_v2("post", url, json=data, verify=False, headers=HEADERS, callback=callback) if msg: yield StatusMessage(msg) else: yield StatusMessage( u"Add Domain for '{}' was successful".format( cisco_dstdomain)) results = rp.done(False if msg else True, None if msg else content, msg) # backward compatibility results['value'] = None if msg else content # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as err: self.log.error(err) yield FunctionError(err)
def _utilities_attachment_hash_function(self, event, *args, **kwargs): """Function: Calculate hashes for a file attachment. Returns `md5`, `sha1`, `sha256` and other hashes of the file content. Those hashes can then be used as artifacts or in other parts of your workflows.""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] # Get the function parameters: incident_id = kwargs.get("incident_id") # number task_id = kwargs.get("task_id") # number attachment_id = kwargs.get("attachment_id") # number log = logging.getLogger(__name__) log.info("incident_id: %s", incident_id) log.info("task_id: %s", task_id) log.info("attachment_id: %s", attachment_id) # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE # yield StatusMessage("starting...") # yield StatusMessage("done...") results = {"value": "xyz"} # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def get_input_entity(client, incident_id, attachment_id, artifact_id): re_uri_match_pattern = r"""(?:(?:https?|ftp):\/\/|\b(?:[a-z\d]+\.))(?:(?:[^\s()<>]+|\((?:[^\s()<>]+|(?:\([^\s()<>]+\)))?\))+(?:\((?:[^\s()<>]+|(?:\(?:[^\s()<>]+\)))?\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’]))?""" entity = {"incident_id": incident_id, "id": None, "type": "", "meta_data": None, "data": None} if (attachment_id): entity["id"] = attachment_id entity["type"] = "attachment" entity["meta_data"] = client.get("/incidents/{0}/attachments/{1}".format(entity["incident_id"], entity["id"])) entity["data"] = client.get_content("/incidents/{0}/attachments/{1}/contents".format(entity["incident_id"], entity["id"])) elif (artifact_id): entity["id"] = artifact_id entity["type"] = "artifact" entity["meta_data"] = client.get("/incidents/{0}/artifacts/{1}".format(entity["incident_id"], entity["id"])) # handle if artifact has attachment if (entity["meta_data"]["attachment"]): entity["data"] = client.get_content("/incidents/{0}/artifacts/{1}/contents".format(entity["incident_id"], entity["id"])) # else handle if artifact.value contains an URI using RegEx else: match = re.match(re_uri_match_pattern, entity["meta_data"]["value"]) if (match): entity["uri"] = match.group() else: raise FunctionError("Artifact has no attachment or supported URI") else: raise ValueError('attachment_id AND artifact_id both None') return entity
def _phish_ai_scan_url_function(self, event, *args, **kwargs): """Function: Scans URL against Phish.AI.""" try: rp = ResultPayload(PACKAGE_NAME, **kwargs) yield StatusMessage("starting...") # Get the function parameters: artifact_value = kwargs.get("artifact_value") # text log = logging.getLogger(__name__) LOG.info(u"artifact_value: %s", artifact_value) ph = PhishAI(self.opts, self.options) response_json = ph.scan_url(artifact_value) yield StatusMessage("done...") results = rp.done(True, response_json) # For backward compatibility with v1.0.0 results["run_time"] = str(results['metrics']['execution_time_ms'] / 1000) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)
def get_content(client, incident_id, attachment_id, artifact_id): entity = { "incident_id": incident_id, "id": None, "type": "", "meta_data": None, "data": None } if attachment_id: return client.get_content( "/incidents/{0}/attachments/{1}/contents".format( entity["incident_id"], attachment_id)) elif artifact_id: entity["meta_data"] = client.get("/incidents/{0}/artifacts/{1}".format( entity["incident_id"], artifact_id)) # handle if artifact has attachment if (entity["meta_data"].get("attachment")): return client.get_content( "/incidents/{0}/artifacts/{1}/contents".format( entity["incident_id"], artifact_id)) else: raise FunctionError("Artifact has no attachment or supported URI") else: raise ValueError('attachment_id AND artifact_id both None')
def _utilities_string_to_attachment_function(self, event, *args, **kwargs): """Function: Creates a new file (.txt) attachment in the incident or task from a string that your workflow provides as input.""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] # Get the function parameters: string_to_convert_to_attachment = kwargs.get( "string_to_convert_to_attachment") # text attachment_name = kwargs.get("attachment_name") # text incident_id = kwargs.get("incident_id") # number task_id = kwargs.get("task_id") # number log = logging.getLogger(__name__) log.info("string_to_convert_to_attachment: %s", string_to_convert_to_attachment) log.info("attachment_name: %s", attachment_name) log.info("incident_id: %s", incident_id) log.info("task_id: %s", task_id) # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE # yield StatusMessage("starting...") # yield StatusMessage("done...") results = {"value": "xyz"} # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _exchange_online_delete_email_function(self, event, *args, **kwargs): """Function: Delete a message in the specified user's mailbox.""" try: # Initialize the results payload rp = ResultPayload(CONFIG_DATA_SECTION, **kwargs) # Validate fields validate_fields(['exo_email_address', 'exo_messages_id'], kwargs) # Get the function parameters email_address = kwargs.get('exo_email_address') # text mailfolders_id = kwargs.get('exo_mailfolders_id') # text messages_id = kwargs.get('exo_messages_id') # text LOG.info(u"exo_email_address: %s", email_address) LOG.info(u"exo_mailfolders_id: %s", mailfolders_id) LOG.info(u"exo_messages_id: %s", messages_id) yield StatusMessage( u"Starting delete message for email address: {}".format( email_address)) # Get the MS Graph helper class MS_graph_helper = MSGraphHelper( self.options.get("microsoft_graph_token_url"), self.options.get("microsoft_graph_url"), self.options.get("tenant_id"), self.options.get("client_id"), self.options.get("client_secret"), self.options.get("max_messages"), self.options.get("max_users"), self.options.get("max_retries_total", MAX_RETRIES_TOTAL), self.options.get("max_retries_backoff_factor", MAX_RETRIES_BACKOFF_FACTOR), self.options.get("max_batched_requests", MAX_BATCHED_REQUESTS), RequestsCommon(self.opts, self.options).get_proxies()) # Call MS Graph API to get the user profile response = MS_graph_helper.delete_message(email_address, mailfolders_id, messages_id) # If message was deleted a 204 code is returned. if response.status_code == 204: success = True response_json = {'value': success} else: success = False response_json = response.json() results = rp.done(success, response_json) yield StatusMessage( u"Returning delete results for email address: {}".format( email_address)) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as err: LOG.error(err) yield FunctionError(err)
def _bit9_approval_request_get_function(self, event, *args, **kwargs): """Function: Get an approval request by ID""" try: validate_fields(["bit9_approval_request_id"], kwargs) # Get the function parameters: bit9_approval_request_id = kwargs.get( "bit9_approval_request_id") # number log.info(u"bit9_approval_request_id: %s", bit9_approval_request_id) bit9_client = CbProtectClient(self.options) results = bit9_client.get_approval_request( bit9_approval_request_id) results[ "details_url"] = u"https://{}/approval-request-details.php?request_id={}".format( bit9_client.server, bit9_approval_request_id) log.info(u"Request Status :%d", results.get("status")) log.debug(results) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as err: log.error(err) yield FunctionError(err)
def _fn_proofpoint_trap_get_list_members_function(self, event, *args, **kwargs): """Function: Retrieve all the members of a Threat Response list.""" try: params = transform_kwargs(kwargs) if kwargs else {} rp = ResultPayload(CONFIG_DATA_SECTION, **kwargs) # Get the function parameters: trap_list_id = kwargs.get("trap_list_id") # number trap_member_id = kwargs.get("trap_member_id ") # number trap_members_type = self.get_select_param( kwargs.get( "trap_members_type")) # select, values: "members.json" LOG.info("trap_list_id: %s", trap_list_id) LOG.info("trap_member_id: %s", trap_member_id) LOG.info("trap_members_type: %s", trap_members_type) validate_fields(["trap_list_id", "trap_members_type"], kwargs) pptr = PPTRClient(self.opts, self.options) rtn = pptr.get_list_members(**params) results = rp.done(True, rtn) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: LOG.exception( "Exception in Resilient Function for Proofpoint TRAP.") yield FunctionError()
def _create_a_schedule_function(self, event, *args, **kwargs): incident_id = kwargs.get("incident_id") # number log.info("incident_id: %s", incident_id) try: rc = ResultPayload(SECTION_SCHEDULER, **kwargs) # Produce a FunctionResult with the results scheduler = ResilientScheduler.get_scheduler() jobs = scheduler.get_jobs() list_jobs = [] for job in jobs: job_json = ResilientScheduler.sanitize_job(job) params = list(job_json['args']) if incident_id is None or incident_id == 0 or \ incident_id == params[0]: list_jobs.append(job_json) log.debug(list_jobs) if not list_jobs: yield StatusMessage("No scheduled jobs") result = rc.done(True, list_jobs) yield FunctionResult(result) except Exception: yield FunctionError()
def _pt_integration_c_process_added_artifact_function( self, event, *args, **kwargs): """Function: Processes the Artifact added. Just returns a success = True""" try: log = logging.getLogger(__name__) # Instansiate ResultPayload rp = ResultPayload(PACKAGE_NAME, **kwargs) mandatory_fields = [ "pt_int_artifact_id", "pt_int_artifact_description", "pt_int_artifact_value" ] # Get the function inputs: fn_inputs = validate_fields(mandatory_fields, kwargs) log.info("Processing Artifact: %s", fn_inputs.get("pt_int_artifact_id")) results_content = { "artifact_description": fn_inputs.get("pt_int_artifact_description") } results = rp.done(True, results_content) log.info("Returning results to post-process script") # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _ansible_tower_list_job_templates_function(self, event, *args, **kwargs): """Function: List available job templates""" try: # validate key app.config settings validate_fields(("url"), self.options) # Get the function parameters: tower_project = kwargs.get("tower_project") # text template_pattern = kwargs.get("tower_template_pattern") # text log = logging.getLogger(__name__) log.info("tower_project: %s", tower_project) log.info("tower_template_pattern: %s", template_pattern) result = ResultPayload(SECTION_HDR, **kwargs) # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE yield StatusMessage("starting...") json_templates = get_job_template_by_project(self.opts, self.options, tower_project, template_pattern) result_payload = result.done(True, json_templates) yield StatusMessage("done...") # Produce a FunctionResult with the results yield FunctionResult(result_payload) except Exception: yield FunctionError()
def _incident_utils_close_incident_function(self, event, *args, **kwargs): """Function: Function that takes a JSON String of field and value pairs to close an Incident.""" try: # Get the function parameters: incident_id = kwargs.get("incident_id") # number close_fields = kwargs.get("close_fields") # text # Check JSON string and convert it to dict if close_fields is None: close_fields = {} else: close_fields = json.loads(close_fields) log = logging.getLogger(__name__) log.info("incident_id: %s", incident_id) log.info("close_fields: %s", close_fields) rp = ResultPayload(PACKAGE_NAME, **kwargs) yield StatusMessage("starting...") # Instansiate new Resilient API object res_client = self.rest_client() # API call to Close an Incident response = close_incident(res_client, incident_id, close_fields) results = rp.done(True, response.json()) yield StatusMessage("done...") # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _isitphishing_url_function(self, event, *args, **kwargs): """Function: isitphishing_url This function takes URL string as a required parameter. It queries the Vade Secure isiphishing API to analyze the URL to determine if it is PHISHING or SPAM. The results contain the result of the query in 'contents' and the URL input parameter to the function. """ try: rp = ResultPayload(PACKAGE_NAME, **kwargs) # Get the function parameters: isitphishing_url = kwargs.get("isitphishing_url") # text log = logging.getLogger(__name__) log.info("isitphishing_url: %s", isitphishing_url) # Form the URL for API request. API_URL = u"{0}/url".format(self.options["isitphishing_api_url"]) # Get the license key to access the API endpoint. auth_token = get_license_key(self.options["isitphishing_name"], self.options["isitphishing_license"]) # Build the header and the data payload. headers = { "Authorization": u'Bearer {}'.format(auth_token), "Content-type": "application/json", } payload = { "url": isitphishing_url, "force": False, "smart": True, "timeout": 8000 } yield StatusMessage( "Query IsItPhishing.org endpoint for status of URL {0}.". format(isitphishing_url)) # Make URL request rc = RequestsCommon(self.opts, self.options) response = rc.execute_call_v2("post", API_URL, json=payload, headers=headers, proxies=rc.get_proxies()) if response.status_code == 200: success = True else: success = False response_json = response.json() results = rp.done(success, response_json) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as err: yield FunctionError(err)
def _utilities_attachment_to_base64_function(self, event, *args, **kwargs): """Function: Reads a file attachment in the incident, and produces a base64-encoded string with the file attachment content. This content can then be used in combination with other workflow functions to create an artifact, a new file attachment, or to analyze the contents using various tools.""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] # Get the function parameters: incident_id = kwargs.get("incident_id") # number artifact_id = kwargs.get("artifact_id") # number task_id = kwargs.get("task_id") # number attachment_id = kwargs.get("attachment_id") # number log = logging.getLogger(__name__) log.info("incident_id: %s", incident_id) log.info("artifact_id: %s", artifact_id) log.info("task_id: %s", task_id) log.info("attachment_id: %s", attachment_id) # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE # yield StatusMessage("starting...") # yield StatusMessage("done...") results = {"value": "xyz"} # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _utilities_pdfid_function(self, event, *args, **kwargs): """Function: Produces summary information about the structure of a PDF file, using Didier Stevens' pdfid (https://blog.didierstevens.com/programs/pdf-tools/). Provide the PDF file content as a base64-encoded string, for example the output from the “Attachment to Base64” function. This function is useful in initial triage of suspicious email attachments and other files. It allows you to identify PDF documents that contain (for example) JavaScript or that execute an action when opened. PDFiD also handles name obfuscation. The combination of PDF automatic action and JavaScript makes a document very suspicious.""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] yield StatusMessage( "Starting 'utilities_pdfid' running in workflow '{0}'".format( wf_instance_id)) # Get the function parameters: base64content = kwargs.get("base64content") # text log = logging.getLogger(__name__) log.info("base64content: %s", base64content) ############################################## # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE # ############################################## yield StatusMessage( "Finished 'utilities_pdfid' that was running in workflow '{0}'" .format(wf_instance_id)) results = {"content": "xyz"} # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _phish_ai_scan_url_function(self, event, *args, **kwargs): """Function: Scans URL against Phish.AI.""" try: start_time = time.time() yield StatusMessage("starting...") api_key = self.options.get("phishai_api_key", None) # Get the function parameters: artifact_value = kwargs.get("artifact_value") # text log = logging.getLogger(__name__) if artifact_value is not None: log.info("artifact_value: %s", artifact_value) else: raise ValueError("artifact_value needs to be set to run this function.") ph = API(api_key=api_key) res = ph.scan_url(artifact_value) end_time = time.time() yield StatusMessage("done...") results = { "inputs": { "artifact_value": artifact_value }, "run_time": str(end_time - start_time), "content": res } # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as e: yield FunctionError(e)
def _fn_aws_iam_update_access_key_function(self, event, *args, **kwargs): """Function: Update status of an IAM user access key. Change the status of an access key from Active to Inactive, or vice versa. param aws_iam_user_name: An IAM user name. param aws_iam_access_key_id: An IAM user access key id. param aws_iam_status: An IAM user access key taget status. """ try: params = transform_kwargs(kwargs) if kwargs else {} # Instantiate result payload object rp = ResultPayload(CONFIG_DATA_SECTION, **kwargs) # Get the function parameters: aws_iam_user_name = kwargs.get("aws_iam_user_name") # text aws_iam_access_key_id = kwargs.get("aws_iam_access_key_id") # text aws_iam_status = \ self.get_select_param(kwargs.get("aws_iam_status")) # select, values: "Active", "Inactive" LOG.info("aws_iam_user_name: %s", aws_iam_user_name) LOG.info("aws_iam_access_key_id: %s", aws_iam_access_key_id) LOG.info("aws_iam_status: %s", aws_iam_status) validate_fields(["aws_iam_user_name", "aws_iam_access_key_id", "aws_iam_status"], kwargs) iam_cli = AwsIamClient(self.options) rtn = iam_cli.post("update_access_key", **params) results = rp.done(True, rtn) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as aws_err: LOG.exception("ERROR with Exception '%s' in Resilient Function for AWS IAM.", aws_err.__repr__()) yield FunctionError()
def _fn_disable_hsts_function(self, event, *args, **kwargs): """Function: None""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] yield StatusMessage( "Starting 'fn_disable_hsts' running in workflow '{0}'".format( wf_instance_id)) # Get the function parameters: log = logging.getLogger(__name__) os.system( 'ssh [email protected] /snap/bin/kubectl apply -f /home/chao/digi/nginx-configmap-without-hsts.yaml' ) yield StatusMessage( "Finished 'fn_disable_hsts' that was running in workflow '{0}'" .format(wf_instance_id)) results = {"content": "xyz"} # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _utilities_extract_ssl_cert_from_url_function(self, event, *args, **kwargs): """Function: This function takes in a HTTPS URL or DNS input, establishes a connection and then attempts to acquire the SSL certificate. If successful, the function then saves the certificate as an artifact of type ‘X509 Certificate File’. Works on most URLs including those with self-signed or expired certificates. The output of this function is a string representation of the certificate saved in PEM format.""" try: # Get the wf_instance_id of the workflow this Function was called in wf_instance_id = event.message["workflow_instance"][ "workflow_instance_id"] yield StatusMessage( "Starting 'utilities_extract_ssl_cert_from_url' running in workflow '{0}'" .format(wf_instance_id)) # Get the function parameters: https_url = kwargs.get("https_url") # text log = logging.getLogger(__name__) log.info("https_url: %s", https_url) ############################################## # PUT YOUR FUNCTION IMPLEMENTATION CODE HERE # ############################################## yield StatusMessage( "Finished 'utilities_extract_ssl_cert_from_url' that was running in workflow '{0}'" .format(wf_instance_id)) results = {"content": "xyz"} # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def _utilities_json2html_function(self, event, *args, **kwargs): """Function: convert a json string to html. Optionally, reference a portion of the json to render""" try: # Get the function parameters: json2html_data = kwargs.get("json2html_data") # text json2html_keys = kwargs.get("json2html_keys") # text log = logging.getLogger(__name__) log.info("json2html_data: %s", json2html_data) log.info("json2html_keys: %s", json2html_keys) json_node = json.loads(json2html_data) # look for path information to narrow the amount of json to render if json2html_keys: for key in json2html_keys.split('.'): if key not in json_node.keys(): raise ValueError("{} key not found".format(key)) else: json_node = json_node.get(key) result = json2html.convert(json=json_node) results = {"content": result} log.debug(results) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception: yield FunctionError()
def create_meeting(self): """Creates a meeting based on options specified in app.config and function args""" meeting_xml = self.generate_create_meeting_xml() path = "/WBXService/XMLService" response = self.webex_request(path, "POST", meeting_xml) if response.text == "": raise FunctionError("Failed to create meeting, null response") status_regex = "<serv:result>(.*)<\/serv:result>" failure_reason_regex = "<serv:reason>(.*)<\/serv:reason>" status_regex_search = re.search(status_regex, response.text) failure_reason_regex_search = re.search(failure_reason_regex, response.text) results = {} if status_regex_search is not None: results["status"] = status_regex_search.group(1) if failure_reason_regex_search is not None: results["fail_reason"] = failure_reason_regex_search.group(1) return results success_details_regex = "<serv:host>(.*)<\/serv:host>\s*<serv:attendee>(.*)<\/serv:attendee>" success_details_regex_search = re.search(success_details_regex, response.text) if success_details_regex_search is not None: results["host_url"] = success_details_regex_search.group(1) results["attendee_url"] = success_details_regex_search.group(2) return results