From fcb128a5a15ec8b4b97b373888cfdcb306a2ea67 Mon Sep 17 00:00:00 2001 From: Jose Mota Date: Tue, 25 Jul 2023 09:17:38 +0100 Subject: [PATCH] Adding support for the CSPM url for different regions (instead of just the US one) --- client/src/App.tsx | 8 +++++++- client/src/ConfigureCreds.tsx | 19 ++++++++++++++++--- service/internal/auth/validate.go | 6 +++--- service/main.go | 7 ++++--- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/client/src/App.tsx b/client/src/App.tsx index 1bb0a08..0d5ef00 100644 --- a/client/src/App.tsx +++ b/client/src/App.tsx @@ -17,6 +17,7 @@ import { SendMetric } from './Metrics'; export function App() { const [aquaKey, setAquaKey] = React.useState(""); const [aquaSecret, setAquaSecret] = React.useState(""); + const [aquaCSPMUrl, setAquaCSPMUrl] = React.useState(""); const [scanImage, setScanImage] = React.useState(""); const [disableScan, setDisableScan] = React.useState(true); @@ -135,6 +136,8 @@ export function App() { commandParts.push("AQUA_KEY=" + aquaKey); commandParts.push("-e"); commandParts.push("AQUA_SECRET=" + aquaSecret); + commandParts.push("-e"); + commandParts.push("CSPM_URL=" + aquaCSPMUrl); } @@ -338,7 +341,8 @@ export function App() { window.ddClient.extension.vm.service.get("/credentials").then((value: any) => { setAquaKey(value.aqua_key); setAquaSecret(value.aqua_secret); - if (value.aqua_key !== "" && value.aqua_secret !== "") { + setAquaCSPMUrl(value.aqua_cspm_url); + if (value.aqua_key !== "" && value.aqua_secret !== "" && value.aqua_cspm_url !== "") { setLoggedIn(true); } }).catch((err: any) => { @@ -360,6 +364,8 @@ export function App() { setAquaKey={setAquaKey} aquaSecret={aquaSecret} setAquaSecret={setAquaSecret} + aquaCSPMUrl={aquaCSPMUrl} + setAquaCSPMUrl={setAquaCSPMUrl} loggedIn={loggedIn} setLoggedIn={setLoggedIn} /> diff --git a/client/src/ConfigureCreds.tsx b/client/src/ConfigureCreds.tsx index c955951..b65e862 100644 --- a/client/src/ConfigureCreds.tsx +++ b/client/src/ConfigureCreds.tsx @@ -23,7 +23,7 @@ export function ConfigureCreds(props: any) { }; const handleSaveDetails = () => { - let payload = { aqua_key: props.aquaKey, aqua_secret: props.aquaSecret }; + let payload = { aqua_key: props.aquaKey, aqua_secret: props.aquaSecret, aqua_cspm_url: props.aquaCSPMUrl }; console.log(payload); window.ddClient.extension.vm.service.request({ url: "/credentials", method: "POST", headers: { 'Content-Type': 'application/json' }, data: payload }) .then(() => { @@ -41,6 +41,7 @@ export function ConfigureCreds(props: any) { SendMetric("trivy_aqua_login_failed", { aquaKey: props.aquaKey }); props.setAquaKey(""); props.setAquaSecret(""); + props.setAquaCSPMUrl(""); console.log(error); }); }; @@ -48,6 +49,7 @@ export function ConfigureCreds(props: any) { const handleSignOutClick = () => { props.setAquaKey(""); props.setAquaSecret(""); + props.setAquaCSPMUrl(""); props.setLoggedIn(false); let payload = { aqua_key: "", aqua_secret: "" }; @@ -94,7 +96,7 @@ export function ConfigureCreds(props: any) { onChange={(e) => props.setAquaKey(e.target.value)} fullWidth variant="standard" - helperText="AQUA_KEY provided in you CSPM account" + helperText="AQUA_KEY provided in your CSPM account" /> props.setAquaSecret(e.target.value)} fullWidth variant="standard" - helperText="AQUA_SECRET provided in you CSPM account" + helperText="AQUA_SECRET provided in your CSPM account" /> + props.setAquaCSPMUrl(e.target.value)} + fullWidth + variant="standard" + helperText="AQUA_CSPM_URL provided in your CSPM account" + /> diff --git a/service/internal/auth/validate.go b/service/internal/auth/validate.go index a7fb26b..a9586b5 100644 --- a/service/internal/auth/validate.go +++ b/service/internal/auth/validate.go @@ -19,12 +19,12 @@ type Response struct { Errors []string `json:"errors,omitempty"` } -const cspmUrl = "https://api.cloudsploit.com/v2/tokens" +const cspmTokenExchangePath = "/v2/tokens" -func ValidateCredentials(key, secret string) (string, error) { +func ValidateCredentials(key, secret, cspmUrl string) (string, error) { body := `{"validity":30,"allowed_endpoints":["ANY:v2/build/twirp/buildsecurity.BuildSecurity/*"]}` - req, err := http.NewRequest("POST", cspmUrl, bytes.NewBuffer([]byte(body))) + req, err := http.NewRequest("POST", cspmUrl+cspmTokenExchangePath, bytes.NewBuffer([]byte(body))) if err != nil { return "", err } diff --git a/service/main.go b/service/main.go index 81fa391..a7398f6 100644 --- a/service/main.go +++ b/service/main.go @@ -18,8 +18,9 @@ import ( const credsFile = "/creds/.aqua" type Credentials struct { - AquaKey string `json:"aqua_key"` - AquaSecret string `json:"aqua_secret"` + AquaKey string `json:"aqua_key"` + AquaSecret string `json:"aqua_secret"` + AquaCSPMUrl string `json:"aqua_cspm_url"` } func main() { @@ -66,7 +67,7 @@ func writeCredentials(ctx echo.Context) error { if err := ctx.Bind(creds); err != nil { return internalError(ctx, err) } - validated, err := auth.ValidateCredentials(creds.AquaKey, creds.AquaSecret) + validated, err := auth.ValidateCredentials(creds.AquaKey, creds.AquaSecret, creds.AquaCSPMUrl) if err != nil || validated == "" { return internalError(ctx, err) }