CSEC_PUBLIC/catalyst
1
0
Fork 0
mirror of https://github.com/SecurityBrewery/catalyst.git synced 2025-12-06 15:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Set network (#31)

Browse Source 
* Set network for automation docker container
This commit is contained in:
Jonas Plum
2022-02-13 20:44:16 +01:00
committed by GitHub
parent 2d817318f2
commit 599b9d3c6e
7 changed files with 29 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
busservice/busservice.go
View File

@@ -17,11 +17,12 @@ type busService struct {
apiURL string apiURL string
apiKey string apiKey string
catalystBus *bus.Bus catalystBus *bus.Bus
network string
} }
func New(apiURL, apikey string, catalystBus *bus.Bus, db *database.Database) error { func New(apiURL, apikey, network string, catalystBus *bus.Bus, db *database.Database) error {
h := &busService{db: db, apiURL: apiURL, apiKey: apikey, catalystBus: catalystBus} h := &busService{db: db, apiURL: apiURL, apiKey: apikey, network: network, catalystBus: catalystBus}
if err := catalystBus.SubscribeRequest(h.logRequest); err != nil { if err := catalystBus.SubscribeRequest(h.logRequest); err != nil {
return err return err

14
busservice/docker.go
View File

@@ -17,7 +17,7 @@ import (
"github.com/SecurityBrewery/catalyst/database" "github.com/SecurityBrewery/catalyst/database"
) )
func createContainer(ctx context.Context, image, script, data string) (string, string, error) { func createContainer(ctx context.Context, image, script, data, network string) (string, string, error) {
cli, err := client.NewClientWithOpts(client.FromEnv) cli, err := client.NewClientWithOpts(client.FromEnv)
if err != nil { if err != nil {
return "", "", err return "", "", err
@@ -29,10 +29,16 @@ func createContainer(ctx context.Context, image, script, data string) (string, s
} }
config := &container.Config{ config := &container.Config{
Image: image, Cmd: []string{"/script", data}, WorkingDir: "/home", Image: image,
AttachStderr: true, AttachStdout: true, Cmd: []string{"/script", data},
WorkingDir: "/home",
AttachStderr: true,
AttachStdout: true,
} }
resp, err := cli.ContainerCreate(ctx, config, nil, nil, "") hostConfig := &container.HostConfig{
NetworkMode: container.NetworkMode(network),
}
resp, err := cli.ContainerCreate(ctx, config, hostConfig, nil, "")
if err != nil { if err != nil {
return "", logs, err return "", logs, err
} }

2
busservice/job.go
View File

@@ -41,7 +41,7 @@ func (h *busService) handleJob(automationMsg *bus.JobMsg) {
scriptMessage, _ := json.Marshal(automationMsg.Message) scriptMessage, _ := json.Marshal(automationMsg.Message)
containerID, logs, err := createContainer(ctx, automation.Image, automation.Script, string(scriptMessage)) containerID, logs, err := createContainer(ctx, automation.Image, automation.Script, string(scriptMessage), h.network)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return

2
cmd/cmd.go
View File

@@ -21,6 +21,7 @@ type CLI struct {
Secret string `env:"SECRET" required:"" help:"A random secret value (can be created with 'openssl rand -hex 32')"` Secret string `env:"SECRET" required:"" help:"A random secret value (can be created with 'openssl rand -hex 32')"`
ExternalAddress string `env:"EXTERNAL_ADDRESS" required:""` ExternalAddress string `env:"EXTERNAL_ADDRESS" required:""`
CatalystAddress string `env:"CATALYST_ADDRESS" default:"http://catalyst:8000"` CatalystAddress string `env:"CATALYST_ADDRESS" default:"http://catalyst:8000"`
Network string `env:"CATALYST_NETWORK" default:"catalyst"`
OIDCIssuer string `env:"OIDC_ISSUER" required:""` OIDCIssuer string `env:"OIDC_ISSUER" required:""`
OIDCClientID string `env:"OIDC_CLIENT_ID" default:"catalyst"` OIDCClientID string `env:"OIDC_CLIENT_ID" default:"catalyst"`
@@ -82,6 +83,7 @@ func MapConfig(cli CLI) (*catalyst.Config, error) {
scopes := unique(append([]string{oidc.ScopeOpenID, "profile", "email"}, cli.OIDCScopes...)) scopes := unique(append([]string{oidc.ScopeOpenID, "profile", "email"}, cli.OIDCScopes...))
config := &catalyst.Config{ config := &catalyst.Config{
IndexPath: cli.IndexPath, IndexPath: cli.IndexPath,
Network: cli.Network,
DB: &database.Config{Host: cli.ArangoDBHost, User: cli.ArangoDBUser, Password: cli.ArangoDBPassword}, DB: &database.Config{Host: cli.ArangoDBHost, User: cli.ArangoDBUser, Password: cli.ArangoDBPassword},
Storage: &storage.Config{Host: cli.S3Host, User: cli.S3User, Password: cli.S3Password}, Storage: &storage.Config{Host: cli.S3Host, User: cli.S3User, Password: cli.S3Password},
Secret: []byte(cli.Secret), Secret: []byte(cli.Secret),

10
dev/docker-compose.yml
View File

@@ -5,17 +5,20 @@ services:
volumes: volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx.conf:/etc/nginx/nginx.conf:ro
ports: [ "80:80", "8529:8529", "9000:9000", "9001:9001", "9002:9002", "9003:9003" ] ports: [ "80:80", "8529:8529", "9000:9000", "9001:9001", "9002:9002", "9003:9003" ]
networks: [ catalyst ]
arangodb: arangodb:
image: arangodb/arangodb:3.8.1 image: arangodb/arangodb:3.8.1
environment: environment:
ARANGO_ROOT_PASSWORD: foobar ARANGO_ROOT_PASSWORD: foobar
networks: [ catalyst ]
emitter: emitter:
image: emitter/server image: emitter/server
environment: environment:
- EMITTER_LICENSE=PfA8ID8izeSlDUlNZgNXo77DQV9QzlNtxTk64WreCXKfDZsREAVXUXwh20UKOZdkALbLTmOytO_iC6mc_twKAQ:3 - EMITTER_LICENSE=PfA8ID8izeSlDUlNZgNXo77DQV9QzlNtxTk64WreCXKfDZsREAVXUXwh20UKOZdkALbLTmOytO_iC6mc_twKAQ:3
# A9RysEsPJni8RaHeg_K0FKXQNfBrUyw- # A9RysEsPJni8RaHeg_K0FKXQNfBrUyw-
networks: [ catalyst ]
minio: minio:
image: minio/minio:RELEASE.2021-12-10T23-03-39Z image: minio/minio:RELEASE.2021-12-10T23-03-39Z
@@ -23,6 +26,7 @@ services:
MINIO_ROOT_USER: minio MINIO_ROOT_USER: minio
MINIO_ROOT_PASSWORD: minio123 MINIO_ROOT_PASSWORD: minio123
command: server /data -console-address ":9003" command: server /data -console-address ":9003"
networks: [ catalyst ]
postgres: postgres:
image: postgres:13 image: postgres:13
@@ -30,6 +34,7 @@ services:
POSTGRES_DB: keycloak POSTGRES_DB: keycloak
POSTGRES_USER: keycloak POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password POSTGRES_PASSWORD: password
networks: [ catalyst ]
keycloak: keycloak:
image: quay.io/keycloak/keycloak:14.0.0 image: quay.io/keycloak/keycloak:14.0.0
@@ -47,3 +52,8 @@ services:
volumes: volumes:
- ./keycloak/realm.json:/tmp/realm.json - ./keycloak/realm.json:/tmp/realm.json
depends_on: [ postgres ] depends_on: [ postgres ]
networks: [ catalyst ]
networks:
catalyst:
name: catalyst

3
server.go
View File

@@ -34,6 +34,7 @@ type Config struct {
Auth *AuthConfig Auth *AuthConfig
ExternalAddress string ExternalAddress string
InitialAPIKey string InitialAPIKey string
Network string
} }
type Server struct { type Server struct {
@@ -74,7 +75,7 @@ func New(hooks *hooks.Hooks, config *Config) (*Server, error) {
return nil, err return nil, err
} }
err = busservice.New(config.Bus.APIUrl, config.InitialAPIKey, catalystBus, catalystDatabase) err = busservice.New(config.Bus.APIUrl, config.InitialAPIKey, config.Network, catalystBus, catalystDatabase)
if err != nil { if err != nil {
return nil, err return nil, err
} }

1
test/test.go
View File

@@ -35,6 +35,7 @@ func Config(ctx context.Context) (*catalyst.Config, error) {
config := &catalyst.Config{ config := &catalyst.Config{
InitialAPIKey: "test", InitialAPIKey: "test",
IndexPath: "index.bleve", IndexPath: "index.bleve",
Network: "catalyst",
DB: &database.Config{ DB: &database.Config{
Host: "http://localhost:8529", Host: "http://localhost:8529",
User: "root", User: "root",