This repository has been archived by the owner on Nov 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathstreaming_api.go
132 lines (122 loc) · 3.43 KB
/
streaming_api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
package main
import (
"crypto/tls"
"encoding/json"
"flag"
"fmt"
"net/http"
"os"
"strconv"
"strings"
"time"
"github.com/gorilla/websocket"
)
var nodeIDs = []string{"hosts", "containers", "containers-by-image", "kubernetes-clusters", "cloud-providers", "cloud-regions", "processes"}
var nodeID = flag.String("node-type", "hosts", fmt.Sprintf("Node type to run websocket client for. Ex: %s", strings.Join(nodeIDs, ", ")))
var managementConsoleUrl = flag.String("management-console-url", "", "Enter api url. Example: 22.33.44.55 / abc.com")
var deepfenceKey = flag.String("deepfence-key", "", "Enter api key. (Get it from user management page)")
var ignoreConnections = flag.Bool("ignore-connections", true, "Weather to ignore connections data")
var vulnerabilityScan = flag.Bool("vulnerability-scan", false, "Start vulnerability scan on new nodes")
func connectWS() (*websocket.Conn, error) {
wsUrl := fmt.Sprintf("wss://%s/topology-api/topology-connection-ws?t=5s&ignore_connections=%s&api_key=%s",
*managementConsoleUrl, strconv.FormatBool(*ignoreConnections), *deepfenceKey)
fmt.Printf("Connecting to %s\n", wsUrl)
dialer := &websocket.Dialer{
Proxy: http.ProxyFromEnvironment,
HandshakeTimeout: 45 * time.Second,
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
conn, _, err := dialer.Dial(wsUrl, nil)
if err != nil {
return nil, err
}
return conn, nil
}
func main() {
var topologyDiff TopologyDiff
var accessToken string
var nodeType string
flag.Parse()
if *managementConsoleUrl == "" {
fmt.Println("management-console-url is required")
os.Exit(1)
} else if *deepfenceKey == "" {
fmt.Println("deepfence-key is required")
os.Exit(1)
}
if !inSlice(nodeIDs, *nodeID) {
fmt.Printf("node-type must be one of %s", strings.Join(nodeIDs, ", "))
os.Exit(1)
}
ws, err := connectWS()
if err != nil {
fmt.Println(err)
os.Exit(1)
}
sendMessage := func(msg string) error {
msgJson := map[string]interface{}{}
err := json.Unmarshal([]byte(msg), &msgJson)
if err != nil {
return err
}
err = ws.WriteJSON(msgJson)
if err != nil {
return err
}
return nil
}
go func() {
err := sendMessage(fmt.Sprintf(`{"add":{"topology_id":"","node_id":"","children":[{"topology_id":"%s"}]}}`, *nodeID))
if err != nil {
fmt.Println(err)
os.Exit(1)
}
}()
if *vulnerabilityScan {
accessToken = getAccessToken(*managementConsoleUrl, *deepfenceKey)
}
for {
_, resp, err := ws.ReadMessage()
if err != nil {
fmt.Println(err)
return
}
if *vulnerabilityScan {
err := json.Unmarshal(resp, &topologyDiff)
if err != nil {
fmt.Println(err)
return
}
for _, nodeInfo := range topologyDiff.Nodes.Add {
fmt.Printf("Starting vulnerability scan on new node %s\n", nodeInfo.Label)
if *nodeID == "hosts" {
nodeType = "host"
} else if *nodeID == "containers" {
nodeType = "container"
} else if *nodeID == "containers-by-image" {
nodeType = "container_image"
} else {
fmt.Printf("vulnerability scan not applicable for node: %s\n", nodeInfo.Label)
continue
}
nodeInfo := nodeInfo
go func() {
err := startVulnerabilityScan(nodeInfo.ID, accessToken, nodeType, *managementConsoleUrl)
if err != nil {
fmt.Println(err)
}
}()
}
} else {
fmt.Println("\nGot data:\n", string(resp))
}
}
}
func inSlice(slice []string, val string) bool {
for _, item := range slice {
if item == val {
return true
}
}
return false
}