module NexposeThycotic
Constants
- PRODUCT
- VENDOR
- VERSION
Public Class Methods
create_credential(connection, token, secret_summary, address)
click to toggle source
# File lib/nexpose_thycotic.rb, line 72 def self.create_credential(connection, token, secret_summary, address) # Get the kind of credential e.g. ssh, cifs service = connection.check_type(secret_summary[:secret_type]) # Define the credential's base properties cred_name = secret_summary[:secret_name] cred_desc = "Thycotic imported Credential for #{address}" credential = Nexpose::SiteCredentials.for_service(cred_name, -1, cred_desc, address, nil, service) # Retrieve and store the credentials res = connection.get_secret(token, secret_summary[:secret_id]) credential.user_name = res[:username] credential.password = res[:password] credential end
set_variables(options)
click to toggle source
# File lib/nexpose_thycotic.rb, line 94 def self.set_variables(options) settings = {} options.each_key do |key| value = ENV[key.to_s.upcase] value ||= options[key] if value.nil? log = NexposeThycotic::NxLogger.instance log.info("No configuration value found for #{key}") end settings[key] = value end settings end
show_version()
click to toggle source
# File lib/nexpose_thycotic/version.rb, line 5 def self.show_version puts VERSION end
update_credentials(vault_options, nexpose_options = nil)
click to toggle source
# File lib/nexpose_thycotic.rb, line 7 def self.update_credentials(vault_options, nexpose_options = nil) #TODO: Should we add the logging alias' from the SCCM gem? log = NexposeThycotic::NxLogger.instance log.setup_statistics_collection(NexposeThycotic::VENDOR, NexposeThycotic::PRODUCT, NexposeThycotic::VERSION) log.setup_logging(true, nexpose_options[:log_level], nexpose_options[:log_console]) log.info('Starting integration.') ss = ThycoticOperations.new(vault_options[:url], vault_options[:comment], vault_options[:show_deleted], vault_options[:show_restricted]) log.info("Logging into Thycotic at #{vault_options[:url]}") token = ss.authenticate(vault_options[:username], vault_options[:password]) @nx = NexposeOperations.new(nexpose_options[:nexpose_ip], nexpose_options[:nexpose_username], nexpose_options[:nexpose_password], nexpose_options[:nexpose_port]) log.info('Processing sites') nexpose_options[:sites].each do |site_id| log.log_debug_message("Processing site #{site_id}") addresses = @nx.get_device_addresses(site_id) if nexpose_options[:clear_creds] log.info('Credentials not found in Thycotic will be removed.') else log.info('Preserving existing credentials.') end site_credentials = @nx.get_existing_credentials(site_id) addresses.each do |addr| log.debug("Getting credentials for #{addr}") summaries = ss.get_secret_summaries(token, addr) next if summaries.empty? log.debug("Discovered #{summaries.count} credentials for #{addr}") summaries.each do |summary| cred = self.create_credential(ss, token, summary, addr) # Delete credsentials from site_credentials array that meet criteria and then pull one of the cred IDs # that DO match. This allows us to perform an update on credential instead of creating from scratch. removed_creds = [] site_credentials.delete_if{|c| removed_creds << c if c.host_restriction == cred.host_restriction && c.user_name == cred.user_name && c.service == cred.service} # If matched, use ID of first in list to ensure update of credential if removed_creds.length > 0 cred.id = removed_creds[0].id end site_credentials.push(cred) end end @nx.save_site(site_id, site_credentials, nexpose_options[:clear_creds]) # Update or create site credentials depending on clear_creds log.info("Finished processing #{site_id}") end end