From 0ab0d80e5e2467c40c22afa1a6de0041b472c658 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matev=C5=BE=20Er=C5=BEen?= <matevz.erzen@xlab.si>
Date: Tue, 22 Mar 2022 15:04:16 +0000
Subject: [PATCH] Oauth2 implementation
---
.env | 5 +-
MANIFEST | 2 +-
README.md | 3 +
forward_evidence/clouditor_authentication.py | 48 ++++
forward_evidence/forward_evidence.py | 6 +-
grpc_gen/assessment_pb2.py | 258 +++++++++++++-----
grpc_gen/assessment_pb2_grpc.py | 74 +++--
grpc_gen/evidence_pb2.py | 5 +-
grpc_gen/metric_pb2.py | 82 +++++-
proto/assessment.proto | 64 +++--
proto/evidence.proto | 6 +-
proto/metric.proto | 20 +-
.../wazuh_evidence_collector.py | 13 +-
13 files changed, 421 insertions(+), 165 deletions(-)
create mode 100644 forward_evidence/clouditor_authentication.py
diff --git a/.env b/.env
index b9b03d8..908aec1 100644
--- a/.env
+++ b/.env
@@ -15,4 +15,7 @@ redis_port=6379
redis_queue=low
clouditor_host=192.168.33.14
-clouditor_port=9090
\ No newline at end of file
+clouditor_port=9090
+clouditor_oauth2_port=8080
+clouditor_client_id=clouditor
+clouditor_client_secret=clouditor
\ No newline at end of file
diff --git a/MANIFEST b/MANIFEST
index 9f9cd1c..ca1dc8e 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,2 +1,2 @@
-VERSION=v0.0.9
+VERSION=v0.0.10
SERVICE=evidence-collector
diff --git a/README.md b/README.md
index 7277081..01e8f72 100644
--- a/README.md
+++ b/README.md
@@ -100,6 +100,9 @@ All of the following environment variables have to be set (or passed to containe
| `redis_queue` | Redis queue name. |
| `clouditor_host` | Clouditor host's IP address. |
| `clouditor_port` | Clouditor port. Default value `9090`. |
+| `clouditor_oauth2_port` | Clouditor port used for authentication services. Default value `8080`. |
+| `clouditor_client_id` | Clouditor OAuth2 default id. Default value `clouditor`. |
+| `clouditor_client_secret` | Clouditor OAuth2 default secret. Default value `clouditor`. |
### Generate gRPC code from `.proto` files
diff --git a/forward_evidence/clouditor_authentication.py b/forward_evidence/clouditor_authentication.py
new file mode 100644
index 0000000..77bb580
--- /dev/null
+++ b/forward_evidence/clouditor_authentication.py
@@ -0,0 +1,48 @@
+import os
+import json
+import requests
+import urllib3
+from datetime import datetime, timedelta
+
+CLOUDITOR_HOST = os.environ.get("clouditor_host")
+CLOUDITOR_OAUTH2_PORT = int(os.environ.get("clouditor_oauth2_port"))
+CLIENT_ID = os.environ.get("clouditor_client_id")
+CLIENT_SECRET = os.environ.get("clouditor_client_secret")
+
+class ClouditorAuthentication(object):
+
+ def __init__(self, logger):
+ self.logger = logger
+
+ self.__access_token = None
+ self.__token_expiration_time = None
+
+ self.__token_url = 'http://{}:{}/v1/auth/token'.format(CLOUDITOR_HOST, CLOUDITOR_OAUTH2_PORT)
+
+ self.__data = {'grant_type': 'client_credentials'}
+
+ self.request_token()
+
+ def request_token(self):
+ try:
+ access_token_response = requests.post(self.__token_url, data=self.__data, verify=False, allow_redirects=False, auth=(CLIENT_ID, CLIENT_SECRET))
+ except (TimeoutError, urllib3.exceptions.NewConnectionError,
+ urllib3.exceptions.MaxRetryError, requests.exceptions.ConnectionError) as err:
+ self.logger.error(err)
+ self.logger.error("Clouditor OAuth2 token endpoint not available")
+ else:
+ token = json.loads(access_token_response.text)
+
+ self.__access_token = token['access_token']
+ self.__token_expiration_time = datetime.utcnow() + timedelta(seconds=token['expires_in'])
+
+ self.logger.info("New OAuth2 token successfully acquired")
+ self.logger.debug("OAuth2 token expiring at: " + str(self.__token_expiration_time - 10))
+
+ def get_token(self):
+ # In practice this condition isn't even needed as every scheduled job creates new ClouditorAuthentication object and acquires new token.
+ if (datetime.utcnow() > self.__token_expiration_time):
+ self.logger.debug("OAuth2 token expired.")
+ self.request_token()
+
+ return self.__access_token
diff --git a/forward_evidence/forward_evidence.py b/forward_evidence/forward_evidence.py
index fcb0369..99ca462 100644
--- a/forward_evidence/forward_evidence.py
+++ b/forward_evidence/forward_evidence.py
@@ -12,9 +12,11 @@ class ForwardEvidence(object):
self.stub = AssessmentStub(self.channel)
self.logger = logger
- def send_evidence(self, assessevidencerequest):
+ def send_evidence(self, assessevidencerequest, token):
try:
- response = self.stub.AssessEvidence(assessevidencerequest)
+ metadata = [('authorization', 'Bearer ' + token)]
+
+ response = self.stub.AssessEvidence(assessevidencerequest, metadata=metadata)
self.logger.info('gRPC evidence forwarded: ' + str(response))
except grpc.RpcError as err:
self.logger.error(err)
diff --git a/grpc_gen/assessment_pb2.py b/grpc_gen/assessment_pb2.py
index 82565b5..7f0efe0 100644
--- a/grpc_gen/assessment_pb2.py
+++ b/grpc_gen/assessment_pb2.py
@@ -22,27 +22,87 @@ DESCRIPTOR = _descriptor.FileDescriptor(
name='assessment.proto',
package='clouditor',
syntax='proto3',
- serialized_options=b'Z\016api/assessment',
+ serialized_options=None,
create_key=_descriptor._internal_create_key,
- serialized_pb=b'\n\x10\x61ssessment.proto\x12\tclouditor\x1a\x1cgoogle/api/annotations.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x0e\x65vidence.proto\x1a\x0cmetric.proto\".\n\x18TriggerAssessmentRequest\x12\x12\n\nsomeOption\x18\x01 \x01(\t\"\x1e\n\x1cListAssessmentResultsRequest\"C\n\x1dListAssessmentResultsResponse\x12\"\n\x07results\x18\x01 \x03(\x0b\x32\x11.clouditor.Result\">\n\x15\x41ssessEvidenceRequest\x12%\n\x08\x65vidence\x18\x01 \x01(\x0b\x32\x13.clouditor.Evidence\"(\n\x16\x41ssessEvidenceResponse\x12\x0e\n\x06status\x18\x01 \x01(\x08\"\xe9\x01\n\x06Result\x12\n\n\x02id\x18\x01 \x01(\t\x12-\n\ttimestamp\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x11\n\tmetric_id\x18\x03 \x01(\t\x12\x33\n\x0bmetric_data\x18\x04 \x01(\x0b\x32\x1e.clouditor.MetricConfiguration\x12\x11\n\tcompliant\x18\x05 \x01(\x08\x12\x13\n\x0b\x65vidence_id\x18\x06 \x01(\t\x12\x13\n\x0bresource_id\x18\x07 \x01(\t\x12\x1f\n\x17non_compliance_comments\x18\x08 \x01(\t2\xae\x03\n\nAssessment\x12R\n\x11TriggerAssessment\x12#.clouditor.TriggerAssessmentRequest\x1a\x16.google.protobuf.Empty\"\x00\x12\x8d\x01\n\x15ListAssessmentResults\x12\'.clouditor.ListAssessmentResultsRequest\x1a(.clouditor.ListAssessmentResultsResponse\"!\x82\xd3\xe4\x93\x02\x1b\"\x16/v1/assessment/resultsb\x01*\x12z\n\x0e\x41ssessEvidence\x12 .clouditor.AssessEvidenceRequest\x1a!.clouditor.AssessEvidenceResponse\"#\x82\xd3\xe4\x93\x02\x1d\"\x18/v1/assessment/evidencesb\x01*\x12@\n\x0f\x41ssessEvidences\x12\x13.clouditor.Evidence\x1a\x16.google.protobuf.Empty(\x01\x42\x10Z\x0e\x61pi/assessmentb\x06proto3'
+ serialized_pb=b'\n\x10\x61ssessment.proto\x12\tclouditor\x1a\x1cgoogle/api/annotations.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x0e\x65vidence.proto\x1a\x0cmetric.proto\"\x1e\n\x1cListAssessmentResultsRequest\"M\n\x1dListAssessmentResultsResponse\x12,\n\x07results\x18\x01 \x03(\x0b\x32\x1b.clouditor.AssessmentResult\"\x1c\n\x1a\x43onfigureAssessmentRequest\"\x1d\n\x1b\x43onfigureAssessmentResponse\"/\n\x18TriggerAssessmentRequest\x12\x13\n\x0bsome_option\x18\x01 \x01(\t\">\n\x15\x41ssessEvidenceRequest\x12%\n\x08\x65vidence\x18\x01 \x01(\x0b\x32\x13.clouditor.Evidence\"\xde\x01\n\x16\x41ssessEvidenceResponse\x12\x42\n\x06status\x18\x01 \x01(\x0e\x32\x32.clouditor.AssessEvidenceResponse.AssessmentStatus\x12\x16\n\x0estatus_message\x18\x02 \x01(\t\"h\n\x10\x41ssessmentStatus\x12!\n\x1d\x41SSESSMENT_STATUS_UNSPECIFIED\x10\x00\x12\x17\n\x13WAITING_FOR_RELATED\x10\x01\x12\x0c\n\x08\x41SSESSED\x10\x02\x12\n\n\x06\x46\x41ILED\x10\x03\"\xfc\x01\n\x10\x41ssessmentResult\x12\n\n\x02id\x18\x01 \x01(\t\x12-\n\ttimestamp\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x11\n\tmetric_id\x18\x03 \x01(\t\x12<\n\x14metric_configuration\x18\x04 \x01(\x0b\x32\x1e.clouditor.MetricConfiguration\x12\x11\n\tcompliant\x18\x05 \x01(\x08\x12\x13\n\x0b\x65vidence_id\x18\x06 \x01(\t\x12\x13\n\x0bresource_id\x18\x07 \x01(\t\x12\x1f\n\x17non_compliance_comments\x18\x08 \x01(\t2\xd7\x03\n\nAssessment\x12R\n\x11TriggerAssessment\x12#.clouditor.TriggerAssessmentRequest\x1a\x16.google.protobuf.Empty\"\x00\x12\x89\x01\n\x0e\x41ssessEvidence\x12 .clouditor.AssessEvidenceRequest\x1a!.clouditor.AssessEvidenceResponse\"2\x82\xd3\xe4\x93\x02,\"\x18/v1/assessment/evidences:\x08\x65videnceb\x06status\x12\\\n\x0f\x41ssessEvidences\x12 .clouditor.AssessEvidenceRequest\x1a!.clouditor.AssessEvidenceResponse\"\x00(\x01\x30\x01\x12\x8a\x01\n\x15ListAssessmentResults\x12\'.clouditor.ListAssessmentResultsRequest\x1a(.clouditor.ListAssessmentResultsResponse\"\x1e\x82\xd3\xe4\x93\x02\x18\x12\x16/v1/assessment/resultsb\x06proto3'
,
dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR,google_dot_protobuf_dot_empty__pb2.DESCRIPTOR,google_dot_protobuf_dot_timestamp__pb2.DESCRIPTOR,evidence__pb2.DESCRIPTOR,metric__pb2.DESCRIPTOR,])
+_ASSESSEVIDENCERESPONSE_ASSESSMENTSTATUS = _descriptor.EnumDescriptor(
+ name='AssessmentStatus',
+ full_name='clouditor.AssessEvidenceResponse.AssessmentStatus',
+ filename=None,
+ file=DESCRIPTOR,
+ create_key=_descriptor._internal_create_key,
+ values=[
+ _descriptor.EnumValueDescriptor(
+ name='ASSESSMENT_STATUS_UNSPECIFIED', index=0, number=0,
+ serialized_options=None,
+ type=None,
+ create_key=_descriptor._internal_create_key),
+ _descriptor.EnumValueDescriptor(
+ name='WAITING_FOR_RELATED', index=1, number=1,
+ serialized_options=None,
+ type=None,
+ create_key=_descriptor._internal_create_key),
+ _descriptor.EnumValueDescriptor(
+ name='ASSESSED', index=2, number=2,
+ serialized_options=None,
+ type=None,
+ create_key=_descriptor._internal_create_key),
+ _descriptor.EnumValueDescriptor(
+ name='FAILED', index=3, number=3,
+ serialized_options=None,
+ type=None,
+ create_key=_descriptor._internal_create_key),
+ ],
+ containing_type=None,
+ serialized_options=None,
+ serialized_start=557,
+ serialized_end=661,
+)
+_sym_db.RegisterEnumDescriptor(_ASSESSEVIDENCERESPONSE_ASSESSMENTSTATUS)
+
-_TRIGGERASSESSMENTREQUEST = _descriptor.Descriptor(
- name='TriggerAssessmentRequest',
- full_name='clouditor.TriggerAssessmentRequest',
+_LISTASSESSMENTRESULTSREQUEST = _descriptor.Descriptor(
+ name='ListAssessmentResultsRequest',
+ full_name='clouditor.ListAssessmentResultsRequest',
+ filename=None,
+ file=DESCRIPTOR,
+ containing_type=None,
+ create_key=_descriptor._internal_create_key,
+ fields=[
+ ],
+ extensions=[
+ ],
+ nested_types=[],
+ enum_types=[
+ ],
+ serialized_options=None,
+ is_extendable=False,
+ syntax='proto3',
+ extension_ranges=[],
+ oneofs=[
+ ],
+ serialized_start=153,
+ serialized_end=183,
+)
+
+
+_LISTASSESSMENTRESULTSRESPONSE = _descriptor.Descriptor(
+ name='ListAssessmentResultsResponse',
+ full_name='clouditor.ListAssessmentResultsResponse',
filename=None,
file=DESCRIPTOR,
containing_type=None,
create_key=_descriptor._internal_create_key,
fields=[
_descriptor.FieldDescriptor(
- name='someOption', full_name='clouditor.TriggerAssessmentRequest.someOption', index=0,
- number=1, type=9, cpp_type=9, label=1,
- has_default_value=False, default_value=b"".decode('utf-8'),
+ name='results', full_name='clouditor.ListAssessmentResultsResponse.results', index=0,
+ number=1, type=11, cpp_type=10, label=3,
+ has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
@@ -58,14 +118,14 @@ _TRIGGERASSESSMENTREQUEST = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
- serialized_start=153,
- serialized_end=199,
+ serialized_start=185,
+ serialized_end=262,
)
-_LISTASSESSMENTRESULTSREQUEST = _descriptor.Descriptor(
- name='ListAssessmentResultsRequest',
- full_name='clouditor.ListAssessmentResultsRequest',
+_CONFIGUREASSESSMENTREQUEST = _descriptor.Descriptor(
+ name='ConfigureAssessmentRequest',
+ full_name='clouditor.ConfigureAssessmentRequest',
filename=None,
file=DESCRIPTOR,
containing_type=None,
@@ -83,23 +143,48 @@ _LISTASSESSMENTRESULTSREQUEST = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
- serialized_start=201,
- serialized_end=231,
+ serialized_start=264,
+ serialized_end=292,
)
-_LISTASSESSMENTRESULTSRESPONSE = _descriptor.Descriptor(
- name='ListAssessmentResultsResponse',
- full_name='clouditor.ListAssessmentResultsResponse',
+_CONFIGUREASSESSMENTRESPONSE = _descriptor.Descriptor(
+ name='ConfigureAssessmentResponse',
+ full_name='clouditor.ConfigureAssessmentResponse',
+ filename=None,
+ file=DESCRIPTOR,
+ containing_type=None,
+ create_key=_descriptor._internal_create_key,
+ fields=[
+ ],
+ extensions=[
+ ],
+ nested_types=[],
+ enum_types=[
+ ],
+ serialized_options=None,
+ is_extendable=False,
+ syntax='proto3',
+ extension_ranges=[],
+ oneofs=[
+ ],
+ serialized_start=294,
+ serialized_end=323,
+)
+
+
+_TRIGGERASSESSMENTREQUEST = _descriptor.Descriptor(
+ name='TriggerAssessmentRequest',
+ full_name='clouditor.TriggerAssessmentRequest',
filename=None,
file=DESCRIPTOR,
containing_type=None,
create_key=_descriptor._internal_create_key,
fields=[
_descriptor.FieldDescriptor(
- name='results', full_name='clouditor.ListAssessmentResultsResponse.results', index=0,
- number=1, type=11, cpp_type=10, label=3,
- has_default_value=False, default_value=[],
+ name='some_option', full_name='clouditor.TriggerAssessmentRequest.some_option', index=0,
+ number=1, type=9, cpp_type=9, label=1,
+ has_default_value=False, default_value=b"".decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
@@ -115,8 +200,8 @@ _LISTASSESSMENTRESULTSRESPONSE = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
- serialized_start=233,
- serialized_end=300,
+ serialized_start=325,
+ serialized_end=372,
)
@@ -147,8 +232,8 @@ _ASSESSEVIDENCEREQUEST = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
- serialized_start=302,
- serialized_end=364,
+ serialized_start=374,
+ serialized_end=436,
)
@@ -162,8 +247,15 @@ _ASSESSEVIDENCERESPONSE = _descriptor.Descriptor(
fields=[
_descriptor.FieldDescriptor(
name='status', full_name='clouditor.AssessEvidenceResponse.status', index=0,
- number=1, type=8, cpp_type=7, label=1,
- has_default_value=False, default_value=False,
+ number=1, type=14, cpp_type=8, label=1,
+ has_default_value=False, default_value=0,
+ message_type=None, enum_type=None, containing_type=None,
+ is_extension=False, extension_scope=None,
+ serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
+ _descriptor.FieldDescriptor(
+ name='status_message', full_name='clouditor.AssessEvidenceResponse.status_message', index=1,
+ number=2, type=9, cpp_type=9, label=1,
+ has_default_value=False, default_value=b"".decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
@@ -172,6 +264,7 @@ _ASSESSEVIDENCERESPONSE = _descriptor.Descriptor(
],
nested_types=[],
enum_types=[
+ _ASSESSEVIDENCERESPONSE_ASSESSMENTSTATUS,
],
serialized_options=None,
is_extendable=False,
@@ -179,70 +272,70 @@ _ASSESSEVIDENCERESPONSE = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
- serialized_start=366,
- serialized_end=406,
+ serialized_start=439,
+ serialized_end=661,
)
-_RESULT = _descriptor.Descriptor(
- name='Result',
- full_name='clouditor.Result',
+_ASSESSMENTRESULT = _descriptor.Descriptor(
+ name='AssessmentResult',
+ full_name='clouditor.AssessmentResult',
filename=None,
file=DESCRIPTOR,
containing_type=None,
create_key=_descriptor._internal_create_key,
fields=[
_descriptor.FieldDescriptor(
- name='id', full_name='clouditor.Result.id', index=0,
+ name='id', full_name='clouditor.AssessmentResult.id', index=0,
number=1, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=b"".decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
_descriptor.FieldDescriptor(
- name='timestamp', full_name='clouditor.Result.timestamp', index=1,
+ name='timestamp', full_name='clouditor.AssessmentResult.timestamp', index=1,
number=2, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
_descriptor.FieldDescriptor(
- name='metric_id', full_name='clouditor.Result.metric_id', index=2,
+ name='metric_id', full_name='clouditor.AssessmentResult.metric_id', index=2,
number=3, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=b"".decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
_descriptor.FieldDescriptor(
- name='metric_data', full_name='clouditor.Result.metric_data', index=3,
+ name='metric_configuration', full_name='clouditor.AssessmentResult.metric_configuration', index=3,
number=4, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
_descriptor.FieldDescriptor(
- name='compliant', full_name='clouditor.Result.compliant', index=4,
+ name='compliant', full_name='clouditor.AssessmentResult.compliant', index=4,
number=5, type=8, cpp_type=7, label=1,
has_default_value=False, default_value=False,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
_descriptor.FieldDescriptor(
- name='evidence_id', full_name='clouditor.Result.evidence_id', index=5,
+ name='evidence_id', full_name='clouditor.AssessmentResult.evidence_id', index=5,
number=6, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=b"".decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
_descriptor.FieldDescriptor(
- name='resource_id', full_name='clouditor.Result.resource_id', index=6,
+ name='resource_id', full_name='clouditor.AssessmentResult.resource_id', index=6,
number=7, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=b"".decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
_descriptor.FieldDescriptor(
- name='non_compliance_comments', full_name='clouditor.Result.non_compliance_comments', index=7,
+ name='non_compliance_comments', full_name='clouditor.AssessmentResult.non_compliance_comments', index=7,
number=8, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=b"".decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
@@ -260,29 +353,26 @@ _RESULT = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
- serialized_start=409,
- serialized_end=642,
+ serialized_start=664,
+ serialized_end=916,
)
-_LISTASSESSMENTRESULTSRESPONSE.fields_by_name['results'].message_type = _RESULT
+_LISTASSESSMENTRESULTSRESPONSE.fields_by_name['results'].message_type = _ASSESSMENTRESULT
_ASSESSEVIDENCEREQUEST.fields_by_name['evidence'].message_type = evidence__pb2._EVIDENCE
-_RESULT.fields_by_name['timestamp'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP
-_RESULT.fields_by_name['metric_data'].message_type = metric__pb2._METRICCONFIGURATION
-DESCRIPTOR.message_types_by_name['TriggerAssessmentRequest'] = _TRIGGERASSESSMENTREQUEST
+_ASSESSEVIDENCERESPONSE.fields_by_name['status'].enum_type = _ASSESSEVIDENCERESPONSE_ASSESSMENTSTATUS
+_ASSESSEVIDENCERESPONSE_ASSESSMENTSTATUS.containing_type = _ASSESSEVIDENCERESPONSE
+_ASSESSMENTRESULT.fields_by_name['timestamp'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP
+_ASSESSMENTRESULT.fields_by_name['metric_configuration'].message_type = metric__pb2._METRICCONFIGURATION
DESCRIPTOR.message_types_by_name['ListAssessmentResultsRequest'] = _LISTASSESSMENTRESULTSREQUEST
DESCRIPTOR.message_types_by_name['ListAssessmentResultsResponse'] = _LISTASSESSMENTRESULTSRESPONSE
+DESCRIPTOR.message_types_by_name['ConfigureAssessmentRequest'] = _CONFIGUREASSESSMENTREQUEST
+DESCRIPTOR.message_types_by_name['ConfigureAssessmentResponse'] = _CONFIGUREASSESSMENTRESPONSE
+DESCRIPTOR.message_types_by_name['TriggerAssessmentRequest'] = _TRIGGERASSESSMENTREQUEST
DESCRIPTOR.message_types_by_name['AssessEvidenceRequest'] = _ASSESSEVIDENCEREQUEST
DESCRIPTOR.message_types_by_name['AssessEvidenceResponse'] = _ASSESSEVIDENCERESPONSE
-DESCRIPTOR.message_types_by_name['Result'] = _RESULT
+DESCRIPTOR.message_types_by_name['AssessmentResult'] = _ASSESSMENTRESULT
_sym_db.RegisterFileDescriptor(DESCRIPTOR)
-TriggerAssessmentRequest = _reflection.GeneratedProtocolMessageType('TriggerAssessmentRequest', (_message.Message,), {
- 'DESCRIPTOR' : _TRIGGERASSESSMENTREQUEST,
- '__module__' : 'assessment_pb2'
- # @@protoc_insertion_point(class_scope:clouditor.TriggerAssessmentRequest)
- })
-_sym_db.RegisterMessage(TriggerAssessmentRequest)
-
ListAssessmentResultsRequest = _reflection.GeneratedProtocolMessageType('ListAssessmentResultsRequest', (_message.Message,), {
'DESCRIPTOR' : _LISTASSESSMENTRESULTSREQUEST,
'__module__' : 'assessment_pb2'
@@ -297,6 +387,27 @@ ListAssessmentResultsResponse = _reflection.GeneratedProtocolMessageType('ListAs
})
_sym_db.RegisterMessage(ListAssessmentResultsResponse)
+ConfigureAssessmentRequest = _reflection.GeneratedProtocolMessageType('ConfigureAssessmentRequest', (_message.Message,), {
+ 'DESCRIPTOR' : _CONFIGUREASSESSMENTREQUEST,
+ '__module__' : 'assessment_pb2'
+ # @@protoc_insertion_point(class_scope:clouditor.ConfigureAssessmentRequest)
+ })
+_sym_db.RegisterMessage(ConfigureAssessmentRequest)
+
+ConfigureAssessmentResponse = _reflection.GeneratedProtocolMessageType('ConfigureAssessmentResponse', (_message.Message,), {
+ 'DESCRIPTOR' : _CONFIGUREASSESSMENTRESPONSE,
+ '__module__' : 'assessment_pb2'
+ # @@protoc_insertion_point(class_scope:clouditor.ConfigureAssessmentResponse)
+ })
+_sym_db.RegisterMessage(ConfigureAssessmentResponse)
+
+TriggerAssessmentRequest = _reflection.GeneratedProtocolMessageType('TriggerAssessmentRequest', (_message.Message,), {
+ 'DESCRIPTOR' : _TRIGGERASSESSMENTREQUEST,
+ '__module__' : 'assessment_pb2'
+ # @@protoc_insertion_point(class_scope:clouditor.TriggerAssessmentRequest)
+ })
+_sym_db.RegisterMessage(TriggerAssessmentRequest)
+
AssessEvidenceRequest = _reflection.GeneratedProtocolMessageType('AssessEvidenceRequest', (_message.Message,), {
'DESCRIPTOR' : _ASSESSEVIDENCEREQUEST,
'__module__' : 'assessment_pb2'
@@ -311,15 +422,14 @@ AssessEvidenceResponse = _reflection.GeneratedProtocolMessageType('AssessEvidenc
})
_sym_db.RegisterMessage(AssessEvidenceResponse)
-Result = _reflection.GeneratedProtocolMessageType('Result', (_message.Message,), {
- 'DESCRIPTOR' : _RESULT,
+AssessmentResult = _reflection.GeneratedProtocolMessageType('AssessmentResult', (_message.Message,), {
+ 'DESCRIPTOR' : _ASSESSMENTRESULT,
'__module__' : 'assessment_pb2'
- # @@protoc_insertion_point(class_scope:clouditor.Result)
+ # @@protoc_insertion_point(class_scope:clouditor.AssessmentResult)
})
-_sym_db.RegisterMessage(Result)
+_sym_db.RegisterMessage(AssessmentResult)
-DESCRIPTOR._options = None
_ASSESSMENT = _descriptor.ServiceDescriptor(
name='Assessment',
@@ -328,8 +438,8 @@ _ASSESSMENT = _descriptor.ServiceDescriptor(
index=0,
serialized_options=None,
create_key=_descriptor._internal_create_key,
- serialized_start=645,
- serialized_end=1075,
+ serialized_start=919,
+ serialized_end=1390,
methods=[
_descriptor.MethodDescriptor(
name='TriggerAssessment',
@@ -342,33 +452,33 @@ _ASSESSMENT = _descriptor.ServiceDescriptor(
create_key=_descriptor._internal_create_key,
),
_descriptor.MethodDescriptor(
- name='ListAssessmentResults',
- full_name='clouditor.Assessment.ListAssessmentResults',
+ name='AssessEvidence',
+ full_name='clouditor.Assessment.AssessEvidence',
index=1,
containing_service=None,
- input_type=_LISTASSESSMENTRESULTSREQUEST,
- output_type=_LISTASSESSMENTRESULTSRESPONSE,
- serialized_options=b'\202\323\344\223\002\033\"\026/v1/assessment/resultsb\001*',
+ input_type=_ASSESSEVIDENCEREQUEST,
+ output_type=_ASSESSEVIDENCERESPONSE,
+ serialized_options=b'\202\323\344\223\002,\"\030/v1/assessment/evidences:\010evidenceb\006status',
create_key=_descriptor._internal_create_key,
),
_descriptor.MethodDescriptor(
- name='AssessEvidence',
- full_name='clouditor.Assessment.AssessEvidence',
+ name='AssessEvidences',
+ full_name='clouditor.Assessment.AssessEvidences',
index=2,
containing_service=None,
input_type=_ASSESSEVIDENCEREQUEST,
output_type=_ASSESSEVIDENCERESPONSE,
- serialized_options=b'\202\323\344\223\002\035\"\030/v1/assessment/evidencesb\001*',
+ serialized_options=None,
create_key=_descriptor._internal_create_key,
),
_descriptor.MethodDescriptor(
- name='AssessEvidences',
- full_name='clouditor.Assessment.AssessEvidences',
+ name='ListAssessmentResults',
+ full_name='clouditor.Assessment.ListAssessmentResults',
index=3,
containing_service=None,
- input_type=evidence__pb2._EVIDENCE,
- output_type=google_dot_protobuf_dot_empty__pb2._EMPTY,
- serialized_options=None,
+ input_type=_LISTASSESSMENTRESULTSREQUEST,
+ output_type=_LISTASSESSMENTRESULTSRESPONSE,
+ serialized_options=b'\202\323\344\223\002\030\022\026/v1/assessment/results',
create_key=_descriptor._internal_create_key,
),
])
diff --git a/grpc_gen/assessment_pb2_grpc.py b/grpc_gen/assessment_pb2_grpc.py
index 11ab55b..fbf893c 100644
--- a/grpc_gen/assessment_pb2_grpc.py
+++ b/grpc_gen/assessment_pb2_grpc.py
@@ -3,7 +3,6 @@
import grpc
import grpc_gen.assessment_pb2 as assessment__pb2
-import grpc_gen.evidence_pb2 as evidence__pb2
from google.protobuf import empty_pb2 as google_dot_protobuf_dot_empty__pb2
@@ -23,20 +22,20 @@ class AssessmentStub(object):
request_serializer=assessment__pb2.TriggerAssessmentRequest.SerializeToString,
response_deserializer=google_dot_protobuf_dot_empty__pb2.Empty.FromString,
)
- self.ListAssessmentResults = channel.unary_unary(
- '/clouditor.Assessment/ListAssessmentResults',
- request_serializer=assessment__pb2.ListAssessmentResultsRequest.SerializeToString,
- response_deserializer=assessment__pb2.ListAssessmentResultsResponse.FromString,
- )
self.AssessEvidence = channel.unary_unary(
'/clouditor.Assessment/AssessEvidence',
request_serializer=assessment__pb2.AssessEvidenceRequest.SerializeToString,
response_deserializer=assessment__pb2.AssessEvidenceResponse.FromString,
)
- self.AssessEvidences = channel.stream_unary(
+ self.AssessEvidences = channel.stream_stream(
'/clouditor.Assessment/AssessEvidences',
- request_serializer=evidence__pb2.Evidence.SerializeToString,
- response_deserializer=google_dot_protobuf_dot_empty__pb2.Empty.FromString,
+ request_serializer=assessment__pb2.AssessEvidenceRequest.SerializeToString,
+ response_deserializer=assessment__pb2.AssessEvidenceResponse.FromString,
+ )
+ self.ListAssessmentResults = channel.unary_unary(
+ '/clouditor.Assessment/ListAssessmentResults',
+ request_serializer=assessment__pb2.ListAssessmentResultsRequest.SerializeToString,
+ response_deserializer=assessment__pb2.ListAssessmentResultsResponse.FromString,
)
@@ -46,33 +45,30 @@ class AssessmentServicer(object):
"""
def TriggerAssessment(self, request, context):
- """Triggers the assessment. Part of the private API,
- not exposed as REST.
+ """Triggers the assessment. Part of the private API. Not exposed as REST.
"""
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
raise NotImplementedError('Method not implemented!')
- def ListAssessmentResults(self, request, context):
- """TODO(all): Part of public API because external entities (mainly
- discoveries) can use it? List the latest set of assessment results. Part of
- the public API, also exposed as REST
+ def AssessEvidence(self, request, context):
+ """Assesses the evidence sent by the discovery. Part of the public API, also
+ exposed as REST.
"""
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
raise NotImplementedError('Method not implemented!')
- def AssessEvidence(self, request, context):
- """Assesses the evidence sent by discovery. Part of the public API,
- also exposed as REST
+ def AssessEvidences(self, request_iterator, context):
+ """Assesses stream of evidences sent by the discovery and returns a response
+ stream. Part of the public API. Not exposed as REST.
"""
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
raise NotImplementedError('Method not implemented!')
- def AssessEvidences(self, request_iterator, context):
- """Assesses stream of evidences coming from the discovery. Part of the public
- API, not exposed as REST
+ def ListAssessmentResults(self, request, context):
+ """List all assessment results. Part of the public API, also exposed as REST.
"""
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
@@ -86,20 +82,20 @@ def add_AssessmentServicer_to_server(servicer, server):
request_deserializer=assessment__pb2.TriggerAssessmentRequest.FromString,
response_serializer=google_dot_protobuf_dot_empty__pb2.Empty.SerializeToString,
),
- 'ListAssessmentResults': grpc.unary_unary_rpc_method_handler(
- servicer.ListAssessmentResults,
- request_deserializer=assessment__pb2.ListAssessmentResultsRequest.FromString,
- response_serializer=assessment__pb2.ListAssessmentResultsResponse.SerializeToString,
- ),
'AssessEvidence': grpc.unary_unary_rpc_method_handler(
servicer.AssessEvidence,
request_deserializer=assessment__pb2.AssessEvidenceRequest.FromString,
response_serializer=assessment__pb2.AssessEvidenceResponse.SerializeToString,
),
- 'AssessEvidences': grpc.stream_unary_rpc_method_handler(
+ 'AssessEvidences': grpc.stream_stream_rpc_method_handler(
servicer.AssessEvidences,
- request_deserializer=evidence__pb2.Evidence.FromString,
- response_serializer=google_dot_protobuf_dot_empty__pb2.Empty.SerializeToString,
+ request_deserializer=assessment__pb2.AssessEvidenceRequest.FromString,
+ response_serializer=assessment__pb2.AssessEvidenceResponse.SerializeToString,
+ ),
+ 'ListAssessmentResults': grpc.unary_unary_rpc_method_handler(
+ servicer.ListAssessmentResults,
+ request_deserializer=assessment__pb2.ListAssessmentResultsRequest.FromString,
+ response_serializer=assessment__pb2.ListAssessmentResultsResponse.SerializeToString,
),
}
generic_handler = grpc.method_handlers_generic_handler(
@@ -131,7 +127,7 @@ class Assessment(object):
insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
@staticmethod
- def ListAssessmentResults(request,
+ def AssessEvidence(request,
target,
options=(),
channel_credentials=None,
@@ -141,14 +137,14 @@ class Assessment(object):
wait_for_ready=None,
timeout=None,
metadata=None):
- return grpc.experimental.unary_unary(request, target, '/clouditor.Assessment/ListAssessmentResults',
- assessment__pb2.ListAssessmentResultsRequest.SerializeToString,
- assessment__pb2.ListAssessmentResultsResponse.FromString,
+ return grpc.experimental.unary_unary(request, target, '/clouditor.Assessment/AssessEvidence',
+ assessment__pb2.AssessEvidenceRequest.SerializeToString,
+ assessment__pb2.AssessEvidenceResponse.FromString,
options, channel_credentials,
insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
@staticmethod
- def AssessEvidence(request,
+ def AssessEvidences(request_iterator,
target,
options=(),
channel_credentials=None,
@@ -158,14 +154,14 @@ class Assessment(object):
wait_for_ready=None,
timeout=None,
metadata=None):
- return grpc.experimental.unary_unary(request, target, '/clouditor.Assessment/AssessEvidence',
+ return grpc.experimental.stream_stream(request_iterator, target, '/clouditor.Assessment/AssessEvidences',
assessment__pb2.AssessEvidenceRequest.SerializeToString,
assessment__pb2.AssessEvidenceResponse.FromString,
options, channel_credentials,
insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
@staticmethod
- def AssessEvidences(request_iterator,
+ def ListAssessmentResults(request,
target,
options=(),
channel_credentials=None,
@@ -175,8 +171,8 @@ class Assessment(object):
wait_for_ready=None,
timeout=None,
metadata=None):
- return grpc.experimental.stream_unary(request_iterator, target, '/clouditor.Assessment/AssessEvidences',
- evidence__pb2.Evidence.SerializeToString,
- google_dot_protobuf_dot_empty__pb2.Empty.FromString,
+ return grpc.experimental.unary_unary(request, target, '/clouditor.Assessment/ListAssessmentResults',
+ assessment__pb2.ListAssessmentResultsRequest.SerializeToString,
+ assessment__pb2.ListAssessmentResultsResponse.FromString,
options, channel_credentials,
insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
diff --git a/grpc_gen/evidence_pb2.py b/grpc_gen/evidence_pb2.py
index ff09aaf..0f152a5 100644
--- a/grpc_gen/evidence_pb2.py
+++ b/grpc_gen/evidence_pb2.py
@@ -19,9 +19,9 @@ DESCRIPTOR = _descriptor.FileDescriptor(
name='evidence.proto',
package='clouditor',
syntax='proto3',
- serialized_options=b'Z\014api/evidence',
+ serialized_options=None,
create_key=_descriptor._internal_create_key,
- serialized_pb=b'\n\x0e\x65vidence.proto\x12\tclouditor\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xa1\x01\n\x08\x45vidence\x12\n\n\x02id\x18\x01 \x01(\t\x12-\n\ttimestamp\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x12\n\nservice_id\x18\x03 \x01(\t\x12\x0f\n\x07tool_id\x18\x04 \x01(\t\x12\x0b\n\x03raw\x18\x05 \x01(\t\x12(\n\x08resource\x18\x06 \x01(\x0b\x32\x16.google.protobuf.ValueB\x0eZ\x0c\x61pi/evidenceb\x06proto3'
+ serialized_pb=b'\n\x0e\x65vidence.proto\x12\tclouditor\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xa1\x01\n\x08\x45vidence\x12\n\n\x02id\x18\x01 \x01(\t\x12-\n\ttimestamp\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x12\n\nservice_id\x18\x03 \x01(\t\x12\x0f\n\x07tool_id\x18\x04 \x01(\t\x12\x0b\n\x03raw\x18\x05 \x01(\t\x12(\n\x08resource\x18\x06 \x01(\x0b\x32\x16.google.protobuf.Valueb\x06proto3'
,
dependencies=[google_dot_protobuf_dot_struct__pb2.DESCRIPTOR,google_dot_protobuf_dot_timestamp__pb2.DESCRIPTOR,])
@@ -107,5 +107,4 @@ Evidence = _reflection.GeneratedProtocolMessageType('Evidence', (_message.Messag
_sym_db.RegisterMessage(Evidence)
-DESCRIPTOR._options = None
# @@protoc_insertion_point(module_scope)
diff --git a/grpc_gen/metric_pb2.py b/grpc_gen/metric_pb2.py
index 433292d..cd0fdb1 100644
--- a/grpc_gen/metric_pb2.py
+++ b/grpc_gen/metric_pb2.py
@@ -18,9 +18,9 @@ DESCRIPTOR = _descriptor.FileDescriptor(
name='metric.proto',
package='clouditor',
syntax='proto3',
- serialized_options=b'Z\016api/assessment',
+ serialized_options=None,
create_key=_descriptor._internal_create_key,
- serialized_pb=b'\n\x0cmetric.proto\x12\tclouditor\x1a\x1cgoogle/protobuf/struct.proto\"\xc1\x01\n\x06Metric\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12\x10\n\x08\x63\x61tegory\x18\x04 \x01(\t\x12&\n\x05scale\x18\x05 \x01(\x0e\x32\x17.clouditor.Metric.Scale\x12\x1f\n\x05range\x18\x06 \x01(\x0b\x32\x10.clouditor.Range\"-\n\x05Scale\x12\x0b\n\x07NOMIMAL\x10\x00\x12\x0b\n\x07ORDINAL\x10\x01\x12\n\n\x06METRIC\x10\x02\"\x8d\x01\n\x05Range\x12\x32\n\x0e\x61llowed_values\x18\x01 \x01(\x0b\x32\x18.clouditor.AllowedValuesH\x00\x12!\n\x05order\x18\x02 \x01(\x0b\x32\x10.clouditor.OrderH\x00\x12$\n\x07min_max\x18\x03 \x01(\x0b\x32\x11.clouditor.MinMaxH\x00\x42\x07\n\x05range\"\"\n\x06MinMax\x12\x0b\n\x03min\x18\x01 \x01(\x03\x12\x0b\n\x03max\x18\x02 \x01(\x03\"7\n\rAllowedValues\x12&\n\x06values\x18\x01 \x03(\x0b\x32\x16.google.protobuf.Value\"/\n\x05Order\x12&\n\x06values\x18\x01 \x03(\x0b\x32\x16.google.protobuf.Value\"i\n\x13MetricConfiguration\x12\x10\n\x08operator\x18\x01 \x01(\t\x12,\n\x0ctarget_value\x18\x02 \x01(\x0b\x32\x16.google.protobuf.Value\x12\x12\n\nis_default\x18\x03 \x01(\x08\x42\x10Z\x0e\x61pi/assessmentb\x06proto3'
+ serialized_pb=b'\n\x0cmetric.proto\x12\tclouditor\x1a\x1cgoogle/protobuf/struct.proto\"\xc1\x01\n\x06Metric\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12\x10\n\x08\x63\x61tegory\x18\x04 \x01(\t\x12&\n\x05scale\x18\x05 \x01(\x0e\x32\x17.clouditor.Metric.Scale\x12\x1f\n\x05range\x18\x06 \x01(\x0b\x32\x10.clouditor.Range\"-\n\x05Scale\x12\x0b\n\x07NOMINAL\x10\x00\x12\x0b\n\x07ORDINAL\x10\x01\x12\n\n\x06METRIC\x10\x02\"\x8d\x01\n\x05Range\x12\x32\n\x0e\x61llowed_values\x18\x01 \x01(\x0b\x32\x18.clouditor.AllowedValuesH\x00\x12!\n\x05order\x18\x02 \x01(\x0b\x32\x10.clouditor.OrderH\x00\x12$\n\x07min_max\x18\x03 \x01(\x0b\x32\x11.clouditor.MinMaxH\x00\x42\x07\n\x05range\"\"\n\x06MinMax\x12\x0b\n\x03min\x18\x01 \x01(\x03\x12\x0b\n\x03max\x18\x02 \x01(\x03\"7\n\rAllowedValues\x12&\n\x06values\x18\x01 \x03(\x0b\x32\x16.google.protobuf.Value\"/\n\x05Order\x12&\n\x06values\x18\x01 \x03(\x0b\x32\x16.google.protobuf.Value\"i\n\x13MetricConfiguration\x12\x10\n\x08operator\x18\x01 \x01(\t\x12,\n\x0ctarget_value\x18\x02 \x01(\x0b\x32\x16.google.protobuf.Value\x12\x12\n\nis_default\x18\x03 \x01(\x08\"\x90\x01\n\x14MetricImplementation\x12:\n\x08language\x18\x01 \x01(\x0e\x32(.clouditor.MetricImplementation.Language\x12\x0c\n\x04\x63ode\x18\x02 \x01(\t\".\n\x08Language\x12\x18\n\x14LANGUAGE_UNSPECIFIED\x10\x00\x12\x08\n\x04REGO\x10\x01\x62\x06proto3'
,
dependencies=[google_dot_protobuf_dot_struct__pb2.DESCRIPTOR,])
@@ -34,7 +34,7 @@ _METRIC_SCALE = _descriptor.EnumDescriptor(
create_key=_descriptor._internal_create_key,
values=[
_descriptor.EnumValueDescriptor(
- name='NOMIMAL', index=0, number=0,
+ name='NOMINAL', index=0, number=0,
serialized_options=None,
type=None,
create_key=_descriptor._internal_create_key),
@@ -56,6 +56,31 @@ _METRIC_SCALE = _descriptor.EnumDescriptor(
)
_sym_db.RegisterEnumDescriptor(_METRIC_SCALE)
+_METRICIMPLEMENTATION_LANGUAGE = _descriptor.EnumDescriptor(
+ name='Language',
+ full_name='clouditor.MetricImplementation.Language',
+ filename=None,
+ file=DESCRIPTOR,
+ create_key=_descriptor._internal_create_key,
+ values=[
+ _descriptor.EnumValueDescriptor(
+ name='LANGUAGE_UNSPECIFIED', index=0, number=0,
+ serialized_options=None,
+ type=None,
+ create_key=_descriptor._internal_create_key),
+ _descriptor.EnumValueDescriptor(
+ name='REGO', index=1, number=1,
+ serialized_options=None,
+ type=None,
+ create_key=_descriptor._internal_create_key),
+ ],
+ containing_type=None,
+ serialized_options=None,
+ serialized_start=745,
+ serialized_end=791,
+)
+_sym_db.RegisterEnumDescriptor(_METRICIMPLEMENTATION_LANGUAGE)
+
_METRIC = _descriptor.Descriptor(
name='Metric',
@@ -324,6 +349,46 @@ _METRICCONFIGURATION = _descriptor.Descriptor(
serialized_end=644,
)
+
+_METRICIMPLEMENTATION = _descriptor.Descriptor(
+ name='MetricImplementation',
+ full_name='clouditor.MetricImplementation',
+ filename=None,
+ file=DESCRIPTOR,
+ containing_type=None,
+ create_key=_descriptor._internal_create_key,
+ fields=[
+ _descriptor.FieldDescriptor(
+ name='language', full_name='clouditor.MetricImplementation.language', index=0,
+ number=1, type=14, cpp_type=8, label=1,
+ has_default_value=False, default_value=0,
+ message_type=None, enum_type=None, containing_type=None,
+ is_extension=False, extension_scope=None,
+ serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
+ _descriptor.FieldDescriptor(
+ name='code', full_name='clouditor.MetricImplementation.code', index=1,
+ number=2, type=9, cpp_type=9, label=1,
+ has_default_value=False, default_value=b"".decode('utf-8'),
+ message_type=None, enum_type=None, containing_type=None,
+ is_extension=False, extension_scope=None,
+ serialized_options=None, file=DESCRIPTOR, create_key=_descriptor._internal_create_key),
+ ],
+ extensions=[
+ ],
+ nested_types=[],
+ enum_types=[
+ _METRICIMPLEMENTATION_LANGUAGE,
+ ],
+ serialized_options=None,
+ is_extendable=False,
+ syntax='proto3',
+ extension_ranges=[],
+ oneofs=[
+ ],
+ serialized_start=647,
+ serialized_end=791,
+)
+
_METRIC.fields_by_name['scale'].enum_type = _METRIC_SCALE
_METRIC.fields_by_name['range'].message_type = _RANGE
_METRIC_SCALE.containing_type = _METRIC
@@ -342,12 +407,15 @@ _RANGE.fields_by_name['min_max'].containing_oneof = _RANGE.oneofs_by_name['range
_ALLOWEDVALUES.fields_by_name['values'].message_type = google_dot_protobuf_dot_struct__pb2._VALUE
_ORDER.fields_by_name['values'].message_type = google_dot_protobuf_dot_struct__pb2._VALUE
_METRICCONFIGURATION.fields_by_name['target_value'].message_type = google_dot_protobuf_dot_struct__pb2._VALUE
+_METRICIMPLEMENTATION.fields_by_name['language'].enum_type = _METRICIMPLEMENTATION_LANGUAGE
+_METRICIMPLEMENTATION_LANGUAGE.containing_type = _METRICIMPLEMENTATION
DESCRIPTOR.message_types_by_name['Metric'] = _METRIC
DESCRIPTOR.message_types_by_name['Range'] = _RANGE
DESCRIPTOR.message_types_by_name['MinMax'] = _MINMAX
DESCRIPTOR.message_types_by_name['AllowedValues'] = _ALLOWEDVALUES
DESCRIPTOR.message_types_by_name['Order'] = _ORDER
DESCRIPTOR.message_types_by_name['MetricConfiguration'] = _METRICCONFIGURATION
+DESCRIPTOR.message_types_by_name['MetricImplementation'] = _METRICIMPLEMENTATION
_sym_db.RegisterFileDescriptor(DESCRIPTOR)
Metric = _reflection.GeneratedProtocolMessageType('Metric', (_message.Message,), {
@@ -392,6 +460,12 @@ MetricConfiguration = _reflection.GeneratedProtocolMessageType('MetricConfigurat
})
_sym_db.RegisterMessage(MetricConfiguration)
+MetricImplementation = _reflection.GeneratedProtocolMessageType('MetricImplementation', (_message.Message,), {
+ 'DESCRIPTOR' : _METRICIMPLEMENTATION,
+ '__module__' : 'metric_pb2'
+ # @@protoc_insertion_point(class_scope:clouditor.MetricImplementation)
+ })
+_sym_db.RegisterMessage(MetricImplementation)
+
-DESCRIPTOR._options = None
# @@protoc_insertion_point(module_scope)
diff --git a/proto/assessment.proto b/proto/assessment.proto
index c3002ac..69d2e8d 100644
--- a/proto/assessment.proto
+++ b/proto/assessment.proto
@@ -1,5 +1,5 @@
/*
- * Copyright 2021 Fraunhofer AISEC
+ * Copyright 2016-2022 Fraunhofer AISEC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -34,52 +34,62 @@ import "google/protobuf/timestamp.proto";
import "evidence.proto";
import "metric.proto";
-option go_package = "api/assessment";
-
// Representing the link between orchestrator and discovery: Assessing evidences
// from discovery and sending results to orchestrator
service Assessment {
- // Triggers the assessment. Part of the private API,
- // not exposed as REST.
+
+ // Triggers the assessment. Part of the private API. Not exposed as REST.
rpc TriggerAssessment(TriggerAssessmentRequest)
returns (google.protobuf.Empty) {}
- // TODO(all): Part of public API because external entities (mainly
- // discoveries) can use it? List the latest set of assessment results. Part of
- // the public API, also exposed as REST
- rpc ListAssessmentResults(ListAssessmentResultsRequest)
- returns (ListAssessmentResultsResponse) {
+ // Assesses the evidence sent by the discovery. Part of the public API, also
+ // exposed as REST.
+ rpc AssessEvidence(AssessEvidenceRequest) returns (AssessEvidenceResponse) {
option (google.api.http) = {
- post : "/v1/assessment/results"
- response_body : "*"
+ post : "/v1/assessment/evidences"
+ body : "evidence"
+ response_body : "status"
};
}
- // Assesses the evidence sent by discovery. Part of the public API,
- // also exposed as REST
- rpc AssessEvidence(AssessEvidenceRequest) returns (AssessEvidenceResponse) {
+ // Assesses stream of evidences sent by the discovery and returns a response
+ // stream. Part of the public API. Not exposed as REST.
+ rpc AssessEvidences(stream AssessEvidenceRequest)
+ returns (stream AssessEvidenceResponse) {};
+
+ // List all assessment results. Part of the public API, also exposed as REST.
+ rpc ListAssessmentResults(ListAssessmentResultsRequest)
+ returns (ListAssessmentResultsResponse) {
option (google.api.http) = {
- post : "/v1/assessment/evidences"
- response_body : "*"
+ get : "/v1/assessment/results"
};
}
-
- // Assesses stream of evidences coming from the discovery. Part of the public
- // API, not exposed as REST
- rpc AssessEvidences(stream Evidence) returns (google.protobuf.Empty);
};
-message TriggerAssessmentRequest { string someOption = 1; }
-
message ListAssessmentResultsRequest {}
-message ListAssessmentResultsResponse { repeated Result results = 1; }
+message ListAssessmentResultsResponse { repeated AssessmentResult results = 1; }
+
+message ConfigureAssessmentRequest {}
+message ConfigureAssessmentResponse {}
+
+message TriggerAssessmentRequest { string some_option = 1; }
message AssessEvidenceRequest { Evidence evidence = 1; }
-message AssessEvidenceResponse { bool status = 1; }
+message AssessEvidenceResponse {
+ enum AssessmentStatus {
+ ASSESSMENT_STATUS_UNSPECIFIED = 0;
+ WAITING_FOR_RELATED = 1;
+ ASSESSED = 2;
+ FAILED = 3;
+ }
+ AssessmentStatus status = 1;
+
+ string status_message = 2;
+}
// A result resource, representing the result after assessing the cloud resource
// with id resource_id.
-message Result {
+message AssessmentResult {
// Assessment result id
string id = 1;
@@ -90,7 +100,7 @@ message Result {
string metric_id = 3;
// Data corresponding to the metric by the given metric id
- MetricConfiguration metric_data = 4;
+ MetricConfiguration metric_configuration = 4;
// Compliant case: true or false
bool compliant = 5;
diff --git a/proto/evidence.proto b/proto/evidence.proto
index f1f2585..5a6e5b8 100644
--- a/proto/evidence.proto
+++ b/proto/evidence.proto
@@ -1,5 +1,5 @@
/*
- * Copyright 2021 Fraunhofer AISEC
+ * Copyright 2016-2022 Fraunhofer AISEC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -24,8 +24,6 @@
*
* This file is part of Clouditor Community Edition.
*/
-// ToDo(all): Change name of file to resources.proto or similar? (It is not
-// containing evidences only)
syntax = "proto3";
package clouditor;
@@ -33,8 +31,6 @@ package clouditor;
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";
-option go_package = "api/evidence";
-
// An evidence resource
message Evidence {
// the ID in a uuid format
diff --git a/proto/metric.proto b/proto/metric.proto
index f5f0763..33c1807 100644
--- a/proto/metric.proto
+++ b/proto/metric.proto
@@ -24,16 +24,12 @@
*
* This file is part of Clouditor Community Edition.
*/
-// ToDo(all): Change name of file to resources.proto or similar? (It is not
-// containing evidences only)
syntax = "proto3";
package clouditor;
import "google/protobuf/struct.proto";
-option go_package = "api/assessment";
-
// A metric resource
message Metric {
// Required. The unique identifier of the metric.
@@ -56,7 +52,7 @@ message Metric {
// The values a Scale accepts
enum Scale {
- NOMIMAL = 0;
+ NOMINAL = 0;
ORDINAL = 1;
METRIC = 2;
}
@@ -102,4 +98,18 @@ message MetricConfiguration {
// Whether this configuration is a default configuration
bool is_default = 3;
+}
+
+// MetricImplementation defines the implementation of an individual metric.
+message MetricImplementation {
+ enum Language {
+ LANGUAGE_UNSPECIFIED = 0;
+ REGO = 1;
+ };
+
+ // The language this metric is implemented in
+ Language language = 1;
+
+ // The actual implementation
+ string code = 2;
}
\ No newline at end of file
diff --git a/wazuh_evidence_collector/wazuh_evidence_collector.py b/wazuh_evidence_collector/wazuh_evidence_collector.py
index d5a589c..694eedb 100644
--- a/wazuh_evidence_collector/wazuh_evidence_collector.py
+++ b/wazuh_evidence_collector/wazuh_evidence_collector.py
@@ -2,9 +2,9 @@ import json
import os
from wazuh_evidence_collector.wazuh_client import WazuhClient
from elasticsearch import Elasticsearch
-from elasticsearch_dsl import Search
from forward_evidence.forward_evidence import ForwardEvidence
from forward_evidence.generate_evidence import create_resource, create_assessevidence_request, print_evidence
+from forward_evidence.clouditor_authentication import ClouditorAuthentication
from wazuh_evidence_collector.checker import Checker
from wazuh_evidence_collector.demo_checker import DemoChecker
import uuid
@@ -39,6 +39,8 @@ if not DEMO:
ssl_show_warn=False,
)
+oauth_client = ClouditorAuthentication(LOGGER)
+
forwarder = ForwardEvidence(LOGGER)
# Get ID (UUID)
@@ -88,7 +90,7 @@ def run_collector():
# TODO:
for ae_req in ae_req_list:
- forwarder.send_evidence(ae_req)
+ forwarder.send_evidence(ae_req, oauth_client.get_token())
print_evidence(LOGGER, ae_req.evidence)
return ae_req_list
@@ -119,14 +121,17 @@ def generate_evidence(agent, checker):
else:
malware_protection = { "malwareProtection": { "enabled": False }}
+ # TODO: implement metrics
+ malware_protection["malwareProtection"].update({ "daysSinceActive": None, "numberOfThreatsFound": None})
+
# MalwareProtectionOutput
evidence, result_alert_integration = checker.check_alert_integrations()
raw_evidence.append(evidence)
if result_alert_integration:
- malware_protection["malwareProtection"].update({ "output": [agent[0]] })
+ malware_protection["malwareProtection"].update({ "applicationLogging": { "enabled": True, "loggingService": ["?"], "retentionPeriod": None }})
else:
- malware_protection["malwareProtection"].update({ "output": [] })
+ malware_protection["malwareProtection"].update({ "applicationLogging": { "enabled": False, "loggingService": [], "retentionPeriod": None }})
# TODO: change ID
resource = create_resource(agent[0], agent[1], None, malware_protection)
--
GitLab