def post(self, project_id: int) -> Tuple[dict, int]: # pylint: disable=C0111
data = self._parser_post.parse_args()
# Check project_id for validity
project = Project.get_or_404(project_id)
# Set secrets
set_project_secrets(project.id, data["secrets"])
return {"message": f"Project secrets were saved"}, 200
def delete(self, project_id: int, secret: str) -> Tuple[dict, int]: # pylint: disable=C0111
project = Project.get_or_404(project_id)
secrets = get_project_secrets(project.id)
if secret in secrets:
del secrets[secret]
set_project_secrets(project.id, secrets)
return {"message": "deleted"}, 200
def get(self, project_id):
project = Project.get_or_404(project_id)
args = self.get_parser.parse_args(strict=False)
if args['name'] not in ['post_processor', 'control_tower', 'all']:
return {"message": "go away", "code": 400}, 400
secrets = get_project_hidden_secrets(project.id)
project_secrets = {}
if args['name'] == 'post_processor':
secrets = self._create_pp(project, secrets)
elif args['name'] == 'control_tower':
secrets = self._create_cc(project, secrets)
elif args['name'] == 'all':
secrets = self._create_pp(project, secrets)
secrets = self._create_cc(project, secrets)
project_secrets["galloper_url"] = APP_HOST
project_secrets["project_id"] = project.id
secrets["redis_host"] = APP_IP
secrets["loki_host"] = EXTERNAL_LOKI_HOST.replace(
"https://", "http://")
secrets["influx_ip"] = APP_IP
secrets["influx_port"] = INFLUX_PORT
secrets["loki_port"] = LOKI_PORT
secrets["redis_password"] = REDIS_PASSWORD
set_project_secrets(project.id, project_secrets)
else:
return {"message": "go away", "code": 400}, 400
set_project_hidden_secrets(project.id, secrets)
return {"message": "Done", "code": 200}
def jira_integration(args, project):
try:
if args["test"]:
url = f'{args["config"]["jira_url"]}/rest/api/2/project'
res = get(url, auth=(args["config"]["jira_login"], args["config"]["jira_password"]))
if res.status_code == 200:
message = "Successfully connected to Jira"
else:
message = "Connection failed"
if "failed" not in message and args["config"]["jira_project"] not in res.text:
message = "Connection succeed but project not found"
return message
else:
jira_perf_api_config = {
"assignee": args["config"]["jira_login"],
"check_functional_errors": "True",
"check_performance_degradation": "True",
"check_missed_thresholds": "True",
"performance_degradation_rate": 20,
"missed_thresholds_rate": 50,
"jira_labels": "performance, api",
"jira_watchers": "",
"jira_epic_key": ""
}
secrets = get_project_secrets(project.id)
hidden_secrets = get_project_hidden_secrets(project.id)
hidden_secrets["jira"] = dumps(args["config"])
secrets["jira_perf_api"] = dumps(jira_perf_api_config)
set_project_secrets(project.id, secrets)
set_project_hidden_secrets(project.id, hidden_secrets)
return "Jira settings saved"
except Exception as e:
return f"Failed. Jira settings not saved. {str(e)}"
def rp_integration(args, project):
if args["test"]:
url = f'{args["config"]["rp_host"]}/api/v1/project/{args["config"]["rp_project"]}'
headers = {
'content-type': 'application/json',
'Authorization': f'bearer {args["config"]["rp_token"]}'
}
res = get(url, headers=headers)
if res.status_code == 200:
message = "Successfully connected to RP"
else:
message = "Connection failed"
return message
else:
rp_perf_api_config = {
"rp_launch_name": "carrier",
"check_functional_errors": "True",
"check_performance_degradation": "True",
"check_missed_thresholds": "True",
"performance_degradation_rate": 20,
"missed_thresholds_rate": 50
}
secrets = get_project_secrets(project.id)
hidden_secrets = get_project_hidden_secrets(project.id)
hidden_secrets["rp"] = dumps(args["config"])
secrets["rp_perf_api"] = dumps(rp_perf_api_config)
set_project_secrets(project.id, secrets)
set_project_hidden_secrets(project.id, hidden_secrets)
return "RP settings saved"
def post(self, project_id: int, secret: str) -> Tuple[dict, int]: # pylint: disable=C0111
data = self._parser_post.parse_args()
# Check project_id for validity
project = Project.get_or_404(project_id)
# Set secret
secrets = get_project_secrets(project.id)
secrets[secret] = data["secret"]
set_project_secrets(project.id, secrets)
return {"message": f"Project secret was saved"}, 200
def put(self, project_id: int, secret: str) -> Tuple[dict, int]: # pylint: disable=C0111
# Check project_id for validity
project = Project.get_or_404(project_id)
# Set secret
secrets = get_project_secrets(project.id)
hidden_secrets = get_project_hidden_secrets(project.id)
hidden_secrets[secret] = secrets[secret]
secrets.pop(secret, None)
set_project_secrets(project.id, secrets)
set_project_hidden_secrets(project.id, hidden_secrets)
return {"message": f"Project secret was moved to hidden secrets"}, 200
def get(self, project_id):
project = Project.get_or_404(project_id)
args = self.get_parser.parse_args(strict=False)
if args['name'] not in ['post_processor', 'control_tower', 'all']:
return {"message": "go away", "code": 400}, 400
secrets = get_project_hidden_secrets(project.id)
project_secrets = get_project_secrets(project.id)
if args['name'] == 'post_processor':
self.create_pp_task(project)
elif args['name'] == 'control_tower':
self.create_cc_task(project)
elif args['name'] == 'all':
self.create_pp_task(project)
self.create_cc_task(project)
project_secrets["galloper_url"] = APP_HOST
project_secrets["project_id"] = project.id
secrets[
"post_processor"] = f"{APP_HOST}/task/{secrets['post_processor_id']}"
secrets["redis_host"] = APP_IP
secrets["loki_host"] = EXTERNAL_LOKI_HOST.replace(
"https://", "http://")
secrets["influx_ip"] = APP_IP
secrets["influx_port"] = INFLUX_PORT
secrets["influx_user"] = INFLUX_USER
secrets["influx_password"] = INFLUX_PASSWORD
secrets["loki_port"] = LOKI_PORT
secrets["redis_password"] = REDIS_PASSWORD
secrets["rabbit_host"] = APP_IP
secrets["rabbit_user"] = RABBIT_USER
secrets["rabbit_password"] = RABBIT_PASSWORD
set_project_secrets(project.id, project_secrets)
else:
return {"message": "go away", "code": 400}, 400
set_project_hidden_secrets(project.id, secrets)
if "rabbit_project_user" not in project_secrets and "rabbit_project_user" not in secrets:
create_project_user_and_vhost(project_id)
return {"message": "Done", "code": 200}
def create_project_user_and_vhost(project_id):
secrets = get_project_secrets(project_id)
hidden_secrets = get_project_hidden_secrets(project_id)
# connect to RabbitMQ management api
rabbit_api = AdminAPI(url=f'http://carrier-rabbit:15672',
auth=(hidden_secrets["rabbit_user"],
hidden_secrets["rabbit_password"]))
# prepare user credentials
user = f"rabbit_user_{project_id}"
password = password_generator()
vhost = f"project_{project_id}_vhost"
# create project user and vhost
rabbit_api.create_vhost(vhost)
rabbit_api.create_user(user, password)
rabbit_api.create_user_permission(user, vhost)
# set project secrets
secrets["rabbit_project_user"] = user
secrets["rabbit_project_password"] = password
secrets["rabbit_project_vhost"] = vhost
set_project_secrets(project_id, secrets)
def post(self, project_id: Optional[int] = None) -> Tuple[dict, int]:
data = self._parser_post.parse_args()
name_ = data["name"]
owner_ = data["owner"]
package = data["package"].lower()
dast_enabled_ = False if data["dast_enabled"] == "disabled" else True
sast_enabled_ = False if data["sast_enabled"] == "disabled" else True
performance_enabled_ = False if data[
"performance_enabled"] == "disabled" else True
perf_tests_limit = data["perf_tests_limit"]
ui_perf_tests_limit = data["ui_perf_tests_limit"]
sast_scans_limit = data["sast_scans_limit"]
dast_scans_limit = data["dast_scans_limit"]
tasks_count_limit = data["tasks_count_limit"]
task_executions_limit = data["task_executions_limit"]
storage_space_limit = data["storage_space_limit"]
data_retention_limit = data["data_retention_limit"]
project = Project(name=name_,
dast_enabled=dast_enabled_,
project_owner=owner_,
sast_enabled=sast_enabled_,
performance_enabled=performance_enabled_,
package=package)
project_secrets = {}
project_hidden_secrets = {}
project.insert()
SessionProject.set(project.id) # Looks weird, sorry :D
if package == "custom":
getattr(project_quota,
"custom")(project.id, perf_tests_limit,
ui_perf_tests_limit, sast_scans_limit,
dast_scans_limit, -1, storage_space_limit,
data_retention_limit, tasks_count_limit,
task_executions_limit)
else:
getattr(project_quota, package)(project.id)
statistic = Statistic(project_id=project.id,
start_time=str(datetime.utcnow()),
performance_test_runs=0,
sast_scans=0,
dast_scans=0,
ui_performance_test_runs=0,
public_pool_workers=0,
tasks_executions=0)
statistic.insert()
pp_args = {
"funcname":
"post_processor",
"invoke_func":
"lambda_function.lambda_handler",
"runtime":
"Python 3.7",
"env_vars":
dumps({
"jmeter_db": "{{secret.jmeter_db}}",
"gatling_db": "{{secret.gatling_db}}",
"comparison_db": "{{secret.comparison_db}}",
"AWS_LAMBDA_FUNCTION_TIMEOUT": 900
})
}
pp = create_task(project, File(POST_PROCESSOR_PATH), pp_args)
cc_args = {
"funcname":
"control_tower",
"invoke_func":
"lambda.handler",
"runtime":
"Python 3.7",
"env_vars":
dumps({
"token": "{{secret.auth_token}}",
"galloper_url": "{{secret.galloper_url}}",
"GALLOPER_WEB_HOOK": '{{secret.post_processor}}',
"project_id": '{{secret.project_id}}',
"loki_host": '{{secret.loki_host}}',
"AWS_LAMBDA_FUNCTION_TIMEOUT": 900
})
}
cc = create_task(project, File(CONTROL_TOWER_PATH), cc_args)
project_secrets["galloper_url"] = APP_HOST
project_secrets["project_id"] = project.id
project_hidden_secrets["post_processor"] = f'{APP_HOST}{pp.webhook}'
project_hidden_secrets["post_processor_id"] = pp.task_id
project_hidden_secrets["redis_host"] = APP_IP
project_hidden_secrets["loki_host"] = EXTERNAL_LOKI_HOST.replace(
"https://", "http://")
project_hidden_secrets["influx_ip"] = APP_IP
project_hidden_secrets["influx_port"] = INFLUX_PORT
project_hidden_secrets["loki_port"] = LOKI_PORT
project_hidden_secrets["redis_password"] = REDIS_PASSWORD
project_hidden_secrets["rabbit_host"] = APP_IP
project_hidden_secrets["rabbit_user"] = RABBIT_USER
project_hidden_secrets["rabbit_password"] = RABBIT_PASSWORD
project_hidden_secrets["control_tower_id"] = cc.task_id
project_hidden_secrets["influx_user"] = INFLUX_USER
project_hidden_secrets["influx_password"] = INFLUX_PASSWORD
project_hidden_secrets["jmeter_db"] = f'jmeter_{project.id}'
project_hidden_secrets["gatling_db"] = f'gatling_{project.id}'
project_hidden_secrets["comparison_db"] = f'comparison_{project.id}'
project_hidden_secrets["telegraf_db"] = f'telegraf_{project.id}'
project_hidden_secrets["gf_api_key"] = GF_API_KEY
project_vault_data = {"auth_role_id": "", "auth_secret_id": ""}
try:
project_vault_data = initialize_project_space(project.id)
except:
current_app.logger.warning("Vault is not configured")
project.secrets_json = {
"vault_auth_role_id": project_vault_data["auth_role_id"],
"vault_auth_secret_id": project_vault_data["auth_secret_id"],
}
project.commit()
set_project_secrets(project.id, project_secrets)
set_project_hidden_secrets(project.id, project_hidden_secrets)
create_project_user_and_vhost(project.id)
create_project_databases(project.id)
set_grafana_datasources(project.id)
return {"message": f"Project was successfully created"}, 200