From e9398a1e1587b8af4b9b5515559abeb3661e84bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matev=C5=BE=20Er=C5=BEen?= <matevz.erzen@xlab.si>
Date: Fri, 20 May 2022 09:40:20 +0000
Subject: [PATCH] K8s config update
---
.env | 11 ++++++++++-
forward_evidence/clouditor_authentication.py | 12 ++++++++++--
.../wazuh-vat-evidence-collector-configmap.yaml | 14 +++++++-------
3 files changed, 27 insertions(+), 10 deletions(-)
diff --git a/.env b/.env
index 75a0dc5..3833ca1 100644
--- a/.env
+++ b/.env
@@ -16,14 +16,23 @@ redis_queue=low
local_clouditor_deploy=true
+### Localy deployed Clouditor ###
clouditor_host=192.168.33.14
clouditor_port=9090
-
clouditor_oauth2_host=192.168.33.14
clouditor_oauth2_port=8080
clouditor_client_id=clouditor
clouditor_client_secret=clouditor
clouditor_oauth2_scope=
+### K8s deployed Clouditor ###
+#clouditor_host=security-assessment-dev.k8s.medina.esilab.org
+#clouditor_port=443
+#clouditor_oauth2_host=catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token
+#clouditor_oauth2_port=443
+#clouditor_client_id=wazuh-vat-evidence-collector-dev
+#clouditor_client_secret=68dec932-77fc-4322-8089-d64c3a3317bf
+#clouditor_oauth2_scope=openid
+
wazuh_check_interval=300
wazuh_rule_level=10
\ No newline at end of file
diff --git a/forward_evidence/clouditor_authentication.py b/forward_evidence/clouditor_authentication.py
index 36ab82b..4e627f7 100644
--- a/forward_evidence/clouditor_authentication.py
+++ b/forward_evidence/clouditor_authentication.py
@@ -19,11 +19,19 @@ class ClouditorAuthentication(object):
self.__token_expiration_time = None
if LOCAL_CLOUDITOR_DEPLOY:
+ #If Clouditor is deployed localy, in a VM
self.__token_url = 'http://{}:{}/v1/auth/token'.format(CLOUDITOR_OAUTH2_HOST, CLOUDITOR_OAUTH2_PORT)
self.__data = {'grant_type': 'client_credentials'}
else:
- self.__token_url = 'https://{}'.format(CLOUDITOR_OAUTH2_HOST)
- CLOUDITOR_OAUTH2_SCOPE = os.environ.get("cclouditor_oauth2_scope")
+ # For K8s/other remote deployed Clouditor
+ split_host_url = CLOUDITOR_OAUTH2_HOST.split("/", 1)
+
+ if split_host_url[1] is not None:
+ self.__token_url = 'https://{}:{}/{}'.format(split_host_url[0], CLOUDITOR_OAUTH2_PORT, split_host_url[1])
+ else:
+ self.__token_url = 'https://{}:{}'.format(split_host_url[0], CLOUDITOR_OAUTH2_PORT)
+
+ CLOUDITOR_OAUTH2_SCOPE = os.environ.get("clouditor_oauth2_scope")
self.__data = {'grant_type': 'client_credentials', 'scope': CLOUDITOR_OAUTH2_SCOPE}
self.request_token()
diff --git a/kubernetes/wazuh-vat-evidence-collector-configmap.yaml b/kubernetes/wazuh-vat-evidence-collector-configmap.yaml
index d043c43..1ab8ddc 100644
--- a/kubernetes/wazuh-vat-evidence-collector-configmap.yaml
+++ b/kubernetes/wazuh-vat-evidence-collector-configmap.yaml
@@ -5,15 +5,15 @@ metadata:
data:
dummy_wazuh_manager: 'true'
- wazuh_host: 'localhost'
+ wazuh_host: 'bosch-demo-wazuh-manager-svc'
wazuh_port: '55000'
wazuh_username: 'wazuh-wui'
wazuh_password: 'wazuh-wui'
- elastic_host: 'localhost'
+ elastic_host: 'bosch-demo-elastic-svc'
elastic_port: '9200'
elastic_username: 'admin'
- elastic_password: 'changeme'
+ elastic_password: 'admin'
redis_host: 'localhost'
redis_port: '6379'
@@ -21,10 +21,10 @@ data:
local_clouditor_deploy: 'false'
- clouditor_host: 'security-assessment-grpc-svc'
- clouditor_port: '9092'
- clouditor_oauth2_host: 'security-assessment-svc'
- clouditor_oauth2_port: '8082'
+ clouditor_host: 'security-assessment-dev.k8s.medina.esilab.org'
+ clouditor_port: '443'
+ clouditor_oauth2_host: 'catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token'
+ clouditor_oauth2_port: '443'
clouditor_client_id: wazuh-vat-evidence-collector-dev
clouditor_client_secret: 68dec932-77fc-4322-8089-d64c3a3317bf
clouditor_oauth2_scope: openid
--
GitLab