K8s config update

e9398a1e · Matevz Erzen · Zitnik, Anze · 641bb587 · e9398a1e · e9398a1e
Commit e9398a1e authored 2 years ago by Matevz Erzen Committed by Zitnik, Anze 2 years ago
--- a/.env
+++ b/.env
@@ -16,14 +16,23 @@ redis_queue=low

 local_clouditor_deploy=true

+### Localy deployed Clouditor ###
 clouditor_host=192.168.33.14
 clouditor_port=9090
-
 clouditor_oauth2_host=192.168.33.14
 clouditor_oauth2_port=8080
 clouditor_client_id=clouditor
 clouditor_client_secret=clouditor
 clouditor_oauth2_scope=

+### K8s deployed Clouditor ###
+#clouditor_host=security-assessment-dev.k8s.medina.esilab.org
+#clouditor_port=443
+#clouditor_oauth2_host=catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token
+#clouditor_oauth2_port=443
+#clouditor_client_id=wazuh-vat-evidence-collector-dev
+#clouditor_client_secret=68dec932-77fc-4322-8089-d64c3a3317bf
+#clouditor_oauth2_scope=openid
+
 wazuh_check_interval=300
 wazuh_rule_level=10
\ No newline at end of file
--- a/forward_evidence/clouditor_authentication.py
+++ b/forward_evidence/clouditor_authentication.py
@@ -19,11 +19,19 @@ class ClouditorAuthentication(object):
        self.__token_expiration_time = None

        if LOCAL_CLOUDITOR_DEPLOY:
+            #If Clouditor is deployed localy, in a VM
            self.__token_url = 'http://{}:{}/v1/auth/token'.format(CLOUDITOR_OAUTH2_HOST, CLOUDITOR_OAUTH2_PORT)
            self.__data = {'grant_type': 'client_credentials'}
        else:
-            self.__token_url = 'https://{}'.format(CLOUDITOR_OAUTH2_HOST)
-            CLOUDITOR_OAUTH2_SCOPE = os.environ.get("cclouditor_oauth2_scope")
+            # For K8s/other remote deployed Clouditor
+            split_host_url = CLOUDITOR_OAUTH2_HOST.split("/", 1)
+
+            if split_host_url[1] is not None:
+                self.__token_url = 'https://{}:{}/{}'.format(split_host_url[0], CLOUDITOR_OAUTH2_PORT, split_host_url[1])
+            else:
+                self.__token_url = 'https://{}:{}'.format(split_host_url[0], CLOUDITOR_OAUTH2_PORT)
+
+            CLOUDITOR_OAUTH2_SCOPE = os.environ.get("clouditor_oauth2_scope")
            self.__data = {'grant_type': 'client_credentials', 'scope': CLOUDITOR_OAUTH2_SCOPE}

        self.request_token()

--- a/kubernetes/wazuh-vat-evidence-collector-configmap.yaml
+++ b/kubernetes/wazuh-vat-evidence-collector-configmap.yaml
@@ -5,15 +5,15 @@ metadata:
 data:
    dummy_wazuh_manager: 'true'

-    wazuh_host: 'localhost'
+    wazuh_host: 'bosch-demo-wazuh-manager-svc'
    wazuh_port: '55000'
    wazuh_username: 'wazuh-wui'
    wazuh_password: 'wazuh-wui'

-    elastic_host: 'localhost'
+    elastic_host: 'bosch-demo-elastic-svc'
    elastic_port: '9200'
    elastic_username: 'admin'
-    elastic_password: 'changeme'
+    elastic_password: 'admin'

    redis_host: 'localhost'
    redis_port: '6379'
@@ -21,10 +21,10 @@ data:

    local_clouditor_deploy: 'false'

-    clouditor_host: 'security-assessment-grpc-svc'
-    clouditor_port: '9092'
-    clouditor_oauth2_host: 'security-assessment-svc'
-    clouditor_oauth2_port: '8082'
+    clouditor_host: 'security-assessment-dev.k8s.medina.esilab.org'
+    clouditor_port: '443'
+    clouditor_oauth2_host: 'catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token'
+    clouditor_oauth2_port: '443'
    clouditor_client_id: wazuh-vat-evidence-collector-dev
    clouditor_client_secret: 68dec932-77fc-4322-8089-d64c3a3317bf
    clouditor_oauth2_scope: openid