This repository has been archived by the owner on Sep 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 42
/
integrations.go
313 lines (263 loc) · 9.71 KB
/
integrations.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
package kibana
import (
"encoding/json"
"fmt"
"strings"
"github.com/Jeffail/gabs/v2"
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
)
// IntegrationPackage used to share information about a integration
type IntegrationPackage struct {
ID string `json:"id,omitempty"`
Name string `json:"name"`
Title string `json:"title"`
Version string `json:"version"`
}
// AddIntegrationToPolicy adds an integration to policy
func (c *Client) AddIntegrationToPolicy(packageDS PackageDataStream) error {
reqBody, err := json.Marshal(packageDS)
if err != nil {
return errors.Wrap(err, "could not convert policy-package (request) to JSON")
}
statusCode, respBody, err := c.post(fmt.Sprintf("%s/package_policies", FleetAPI), reqBody)
if err != nil {
return errors.Wrap(err, "could not add package to policy")
}
if statusCode != 200 {
return fmt.Errorf("could not add package to policy; API status code = %d; response body = %s", statusCode, respBody)
}
return nil
}
// DeleteIntegrationFromPolicy adds an integration to policy
func (c *Client) DeleteIntegrationFromPolicy(packageDS PackageDataStream) error {
reqBody := `{"packagePolicyIds":["` + packageDS.ID + `"]}`
statusCode, respBody, err := c.post(fmt.Sprintf("%s/package_policies/delete", FleetAPI), []byte(reqBody))
if err != nil {
return errors.Wrap(err, "could not delete integration from policy")
}
if statusCode != 200 {
return fmt.Errorf("could not delete integration from policy; API status code = %d; response body = %s", statusCode, respBody)
}
return nil
}
// GetIntegrations returns all available integrations
func (c *Client) GetIntegrations() ([]IntegrationPackage, error) {
statusCode, respBody, err := c.get(fmt.Sprintf("%s/epm/packages?experimental=true", FleetAPI))
if err != nil {
log.WithFields(log.Fields{
"body": respBody,
"error": err,
}).Error("Could not get Integration package")
return []IntegrationPackage{}, err
}
if statusCode != 200 {
log.WithFields(log.Fields{
"body": respBody,
"error": err,
"statusCode": statusCode,
}).Error("Could not get Fleet's installed integrations")
return nil, err
}
jsonParsed, err := gabs.ParseJSON([]byte(respBody))
if err != nil {
log.WithFields(log.Fields{
"error": err,
"responseBody": jsonParsed,
}).Error("Could not parse get response into JSON")
return []IntegrationPackage{}, err
}
var resp struct {
Packages []IntegrationPackage `json:"response"`
}
if err := json.Unmarshal(respBody, &resp); err != nil {
return []IntegrationPackage{}, errors.Wrap(err, "Unable to convert integration package to JSON")
}
return resp.Packages, nil
}
// GetIntegrationByPackageName returns metadata from an integration from Fleet
func (c *Client) GetIntegrationByPackageName(packageName string) (IntegrationPackage, error) {
integrationPackages, err := c.GetIntegrations()
if err != nil {
log.WithFields(log.Fields{
"error": err,
}).Error("Could not get Integration packages list")
return IntegrationPackage{}, err
}
for _, pkg := range integrationPackages {
if strings.EqualFold(pkg.Name, packageName) || strings.EqualFold(pkg.Title, packageName) {
return pkg, nil
}
}
return IntegrationPackage{}, errors.New("Unable to find package")
}
// GetIntegrationFromAgentPolicy get package policy from agent policy
func (c *Client) GetIntegrationFromAgentPolicy(packageName string, policy Policy) (PackageDataStream, error) {
packagePolicies, err := c.ListPackagePolicies()
if err != nil {
log.WithFields(log.Fields{
"error": err,
"policy": policy,
}).Trace("An error retrieving the package policies")
return PackageDataStream{}, err
}
for _, child := range packagePolicies {
if policy.ID == child.PolicyID && (strings.EqualFold(packageName, child.Name) || strings.EqualFold(packageName, child.Package.Title)) {
return child, nil
}
}
return PackageDataStream{}, errors.New("Unable to find package in policy")
}
// SecurityEndpoint endpoint metadata
type SecurityEndpoint struct {
Metadata struct {
Status string `json:"host_status"`
Host struct {
Hostname string `json:"hostname"`
Name string `json:"name"`
} `json:"host"`
Elastic struct {
Agent struct {
ID string `json:"id"`
Version string `json:"version"`
} `json:"agent"`
} `json:"elastic"`
Endpoint struct {
Policy struct {
Applied struct {
Name string `json:"name"`
Status string `json:"status"`
} `json:"applied"`
} `json:"policy"`
} `json:"Endpoint"`
} `json:"metadata"`
}
// GetMetadataFromSecurityApp sends a POST request to retrieve metadata from Security App
func (c *Client) GetMetadataFromSecurityApp() ([]SecurityEndpoint, error) {
reqBody := `{}`
statusCode, respBody, err := c.post(fmt.Sprintf("%s/metadata", EndpointAPI), []byte(reqBody))
if err != nil {
return []SecurityEndpoint{}, errors.Wrap(err, "could not get endpoint metadata")
}
jsonParsed, _ := gabs.ParseJSON([]byte(respBody))
log.WithFields(log.Fields{
"responseBody": jsonParsed,
}).Trace("Endpoint Metadata Response")
if statusCode != 200 {
return []SecurityEndpoint{}, fmt.Errorf("could not get endpoint metadata; API status code = %d; response body = %s", statusCode, respBody)
}
var resp struct {
Hosts []SecurityEndpoint `json:"hosts"`
}
if err := json.Unmarshal(respBody, &resp); err != nil {
return []SecurityEndpoint{}, errors.Wrap(err, "Unable to convert metadata from security app to JSON")
}
return resp.Hosts, nil
}
// InstallIntegrationAssets sends a POST request to Fleet installing the assets for an integration
func (c *Client) InstallIntegrationAssets(integration IntegrationPackage) (string, error) {
reqBody := `{}`
statusCode, respBody, err := c.post(fmt.Sprintf("%s/epm/packages/%s-%s", FleetAPI, integration.Name, integration.Version), []byte(reqBody))
if err != nil {
return "", errors.Wrap(err, "could not install integration assets")
}
if statusCode != 200 {
return "", fmt.Errorf("could not install integration assets; API status code = %d; response body = %s", statusCode, respBody)
}
var resp struct {
Response struct {
ID string `json:"id"`
} `json:"response"`
}
if err := json.Unmarshal(respBody, &resp); err != nil {
return "", errors.Wrap(err, "Unable to convert install integration assets to JSON")
}
return resp.Response.ID, nil
}
// IsAgentListedInSecurityApp retrieves the hosts from Endpoint to check if a hostname
// is listed in the Security App. For that, we will inspect the metadata, and will iterate
// through the hosts, until we get the proper hostname.
func (c *Client) IsAgentListedInSecurityApp(hostName string) (SecurityEndpoint, error) {
hosts, err := c.GetMetadataFromSecurityApp()
if err != nil {
return SecurityEndpoint{}, err
}
for _, host := range hosts {
metadataHostname := host.Metadata.Host.Hostname
if metadataHostname == hostName {
log.WithFields(log.Fields{
"hostname": hostName,
}).Debug("Hostname for the agent listed in the Security App")
return host, nil
}
}
return SecurityEndpoint{}, nil
}
// IsAgentListedInSecurityAppWithStatus inspects the metadata field for a hostname, obtained from
// the security App. We will check if the status matches the desired status, returning an error
// if the agent is not present in the Security App
func (c *Client) IsAgentListedInSecurityAppWithStatus(hostName string, desiredStatus string) (bool, error) {
host, err := c.IsAgentListedInSecurityApp(hostName)
if err != nil {
log.WithFields(log.Fields{
"hostname": hostName,
"error": err,
}).Error("There was an error getting the agent in the Administration view in the Security app")
return false, err
}
hostStatus := host.Metadata.Status
log.WithFields(log.Fields{
"desiredStatus": desiredStatus,
"hostname": hostName,
"status": hostStatus,
}).Debug("Hostname for the agent listed with desired status in the Administration view in the Security App")
return (hostStatus == desiredStatus), nil
}
// IsPolicyResponseListedInSecurityApp sends a POST request to Endpoint to check if a hostname
// is listed in the Security App. For that, we will inspect the metadata, and will iterate
// through the hosts, until we get the policy status, finally checking for the success
// status.
func (c *Client) IsPolicyResponseListedInSecurityApp(agentID string) (bool, error) {
hosts, err := c.GetMetadataFromSecurityApp()
if err != nil {
return false, err
}
for _, host := range hosts {
metadataAgentID := host.Metadata.Elastic.Agent.ID
name := host.Metadata.Endpoint.Policy.Applied.Name
status := host.Metadata.Endpoint.Policy.Applied.Status
if metadataAgentID == agentID {
log.WithFields(log.Fields{
"agentID": agentID,
"name": name,
"status": status,
}).Debug("Policy response for the agent listed in the Security App")
return (status == "success"), nil
}
}
return false, nil
}
// UpdateIntegrationPackagePolicy sends a PUT request to Fleet updating integration
// configuration
func (c *Client) UpdateIntegrationPackagePolicy(packageDS PackageDataStream) (string, error) {
// empty the ID as it won't be recoganized in the PUT body
id := packageDS.ID
packageDS.ID = ""
reqBody, _ := json.Marshal(packageDS)
statusCode, respBody, err := c.put(fmt.Sprintf("%s/package_policies/%s", FleetAPI, id), reqBody)
if err != nil {
return "", errors.Wrap(err, "could not update integration package")
}
if statusCode != 200 {
return "", fmt.Errorf("could not update package ; API status code = %d; response body = %s", statusCode, respBody)
}
var resp struct {
Item struct {
UpdatedAt string `json:"updated_at"`
} `json:"item"`
}
if err := json.Unmarshal(respBody, &resp); err != nil {
return "", errors.Wrap(err, "Unable to convert install updated package policy to JSON")
}
return resp.Item.UpdatedAt, nil
}