module NexposeThycotic

Constants

PRODUCT
VENDOR
VERSION

Public Class Methods

create_credential(connection, token, secret_summary, address) click to toggle source
# File lib/nexpose_thycotic.rb, line 72
def self.create_credential(connection, token, secret_summary, address)
  # Get the kind of credential e.g. ssh, cifs
  service = connection.check_type(secret_summary[:secret_type])

  # Define the credential's base properties
  cred_name = secret_summary[:secret_name]
  cred_desc = "Thycotic imported Credential for #{address}"

  credential = Nexpose::SiteCredentials.for_service(cred_name,
                                                    -1,
                                                    cred_desc,
                                                    address,
                                                    nil,
                                                    service)
  # Retrieve and store the credentials
  res = connection.get_secret(token, secret_summary[:secret_id])
  credential.user_name = res[:username]
  credential.password = res[:password]

  credential
end
set_variables(options) click to toggle source
# File lib/nexpose_thycotic.rb, line 94
def self.set_variables(options)
  settings = {}
  options.each_key do |key|
    value = ENV[key.to_s.upcase]
    value ||= options[key]
    if value.nil?
      log = NexposeThycotic::NxLogger.instance
      log.info("No configuration value found for #{key}")
    end
    settings[key] = value
  end
  settings
end
show_version() click to toggle source
# File lib/nexpose_thycotic/version.rb, line 5
def self.show_version
  puts VERSION
end
update_credentials(vault_options, nexpose_options = nil) click to toggle source
# File lib/nexpose_thycotic.rb, line 7
def self.update_credentials(vault_options, nexpose_options = nil)
  #TODO: Should we add the logging alias' from the SCCM gem?
  log = NexposeThycotic::NxLogger.instance
  log.setup_statistics_collection(NexposeThycotic::VENDOR,
                                  NexposeThycotic::PRODUCT,
                                  NexposeThycotic::VERSION)
  log.setup_logging(true,
                    nexpose_options[:log_level],
                    nexpose_options[:log_console])
  log.info('Starting integration.')

  ss = ThycoticOperations.new(vault_options[:url],
                              vault_options[:comment],
                              vault_options[:show_deleted],
                              vault_options[:show_restricted])
  log.info("Logging into Thycotic at #{vault_options[:url]}")
  token = ss.authenticate(vault_options[:username], vault_options[:password])

  @nx = NexposeOperations.new(nexpose_options[:nexpose_ip],
                              nexpose_options[:nexpose_username],
                              nexpose_options[:nexpose_password],
                              nexpose_options[:nexpose_port])
  log.info('Processing sites')

  nexpose_options[:sites].each do |site_id|
    log.log_debug_message("Processing site #{site_id}")
    addresses = @nx.get_device_addresses(site_id)

    if nexpose_options[:clear_creds]
      log.info('Credentials not found in Thycotic will be removed.')
    else
      log.info('Preserving existing credentials.')
    end
    site_credentials = @nx.get_existing_credentials(site_id)

    addresses.each do |addr|
      log.debug("Getting credentials for #{addr}")
      summaries = ss.get_secret_summaries(token, addr)
      next if summaries.empty?

      log.debug("Discovered #{summaries.count} credentials for #{addr}")

      summaries.each do |summary|
        cred = self.create_credential(ss, token, summary, addr)

        # Delete credsentials from site_credentials array that meet criteria and then pull one of the cred IDs
        # that DO match. This allows us to perform an update on credential instead of creating from scratch.
        removed_creds = []
        site_credentials.delete_if{|c| removed_creds << c if c.host_restriction == cred.host_restriction &&
            c.user_name == cred.user_name && c.service == cred.service}

        # If matched, use ID of first in list to ensure update of credential
        if removed_creds.length > 0
          cred.id = removed_creds[0].id
        end

        site_credentials.push(cred)
      end
    end

    @nx.save_site(site_id, site_credentials, nexpose_options[:clear_creds]) # Update or create site credentials depending on clear_creds
    log.info("Finished processing #{site_id}")
  end
end