Merge pull request #2408 from tpurschke/develop

Develop hotfix email credential decryption

documentation/revision-history-develop.md

@@ -203,5 +203,9 @@ bugfix release:
 - upgrade to dotnet 8.0
 - adding all imported modelling users to uiuser
 
-# 8.2.1 - xx.05.2024 DEVELOP
+# 8.2.1 - 03.05.2024 DEVELOP
 - fix misleading login error message when authorisation is missing
+
+# 8.2.2 - 14.05.2024 DEVELOP
+- fix email credential decryption
+- start of Tufin SecureChange integration

inventory/group_vars/all.yml

@@ -1,5 +1,5 @@
 ### general settings
-product_version: "8.2.1"
+product_version: "8.2.2"
 ansible_user: "{{ lookup('env', 'USER') }}"
 ansible_become_method: sudo
 ansible_python_interpreter: /usr/bin/python3

roles/FWO.sln

@@ -39,6 +39,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.Encryption", "lib\files
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.GlobalConstants", "lib\files\FWO.GlobalConstants\FWO.GlobalConstants.csproj", "{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.Tufin.SecureChange", "lib\files\FWO.Tufin.SecureChange\FWO.Tufin.SecureChange.csproj", "{17AA0E0C-BB46-42FE-A08C-68539EA7FD53}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -113,6 +115,10 @@ Global
 		{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}.Release|Any CPU.Build.0 = Release|Any CPU
+		{17AA0E0C-BB46-42FE-A08C-68539EA7FD53}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{17AA0E0C-BB46-42FE-A08C-68539EA7FD53}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{17AA0E0C-BB46-42FE-A08C-68539EA7FD53}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{17AA0E0C-BB46-42FE-A08C-68539EA7FD53}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -132,6 +138,7 @@ Global
 		{B48F8BD5-1056-4670-BEFA-F4A260293B6F} = {CE55F125-0CD2-4789-A3C1-045DEF33ABA5}
 		{6EBEBF57-3399-4008-BA10-0D21F6827244} = {B48F8BD5-1056-4670-BEFA-F4A260293B6F}
 		{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3} = {B48F8BD5-1056-4670-BEFA-F4A260293B6F}
+		{17AA0E0C-BB46-42FE-A08C-68539EA7FD53} = {B48F8BD5-1056-4670-BEFA-F4A260293B6F}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {68364621-1011-4D44-9CF5-518F0DC3F459}

roles/api/files/replace_metadata.json

@@ -9571,9 +9571,18 @@
                       "last_recert_check"
                     ],
                     "filter": {
-                      "tenant_id": {
-                        "_eq": "x-hasura-tenant-id"
-                      }
+                      "_or": [
+                        {
+                          "tenant_id": {
+                            "_is_null": true
+                          }
+                        },
+                        {
+                          "tenant_id": {
+                            "_eq": "x-hasura-tenant-id"
+                          }
+                        }
+                      ]
                     },
                     "allow_aggregations": true
                   }

roles/database/files/sql/creation/fworch-fill-stm.sql

@@ -110,6 +110,94 @@ insert into config (config_key, config_value, config_user) VALUES ('impChangeNot
 insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifySleepTime', '0', 0);
 insert into config (config_key, config_value, config_user) VALUES ('impChangeNotifyStartAt', '00:00:00', 0);
 
+insert into config (config_key, config_value, config_user) VALUES ('extTicketSystems', '[{"Url":"","TicketTemplate":"{
+	"ticket": {
+		"subject": "@@TICKET_SUBJECT@@",
+		"priority": "@@PRIORITY@@",
+		"requester": "@@ONBEHALF@@",
+		"domain_name": "",
+		"workflow": {
+			"name": "@@WORKFLOW_NAME@@"
+		},
+		"steps": {
+			"step": [
+				{
+					"name": "Erfassung des Antrags",
+					"tasks": {
+						"task": {
+							"fields": {
+								"field": [
+										@@TASKS@@
+								]
+							}
+						}
+					}
+				}
+			]
+		}
+	}
+}", "TasksTemplates": "{
+										"@xsi.type": "multi_access_request",
+										"name": "Gewünschter Zugang",
+										"read_only": false,
+										"access_request": {
+											"order": "AR1",
+											"verifier_result": {
+												"status": "not run"
+											},
+											"use_topology": true,
+											"targets": {
+												"target": {
+													"@type": "ANY"
+												}
+											},
+											"users": {
+												"user": @@USERS@@
+											},
+											"sources": {
+												"source": @@SOURCES@@
+											},
+											"destinations": {
+												"destination": @@DESTINATIONS@@
+											},
+											"services": {
+												"service": @@SERVICES@@
+											},
+											"action": "@@ACTION@@",
+											"labels": ""
+										}
+									},
+									{
+										"@xsi.type": "text_area",
+										"name": "Grund für den Antrag",
+										"read_only": false,
+										"text": "@@REASON@@"
+									},
+									{
+										"@xsi.type": "drop_down_list",
+										"name": "Regel Log aktivieren?",
+										"selection": "@@LOGGING@@"
+									},
+									{
+										"@xsi.type": "date",
+										"name": "Regel befristen bis:"
+									},
+									{
+										"@xsi.type": "text_field",
+										"name": "Anwendungs-ID",
+										"text": "@@APPID@@"
+									},
+									{
+										"@xsi.type": "checkbox",
+										"name": "Die benötigte Kommunikationsverbindung ist im Kommunikationsprofil nach IT-Sicherheitsstandard hinterlegt",
+										"value":  @@COM_DOCUMENTED@@
+									},
+									{
+										"@xsi.type": "drop_down_list",
+										"name": "Expertenmodus: Exakt wie beantragt implementieren (Designervorschlag ignorieren)",
+										"selection": "Nein"
+									}
+								" }]', 0);
 
 INSERT INTO "report_format" ("report_format_name") VALUES ('json');
 INSERT INTO "report_format" ("report_format_name") VALUES ('pdf');

roles/database/files/sql/idempotent/fworch-texts.sql

@@ -245,6 +245,8 @@ INSERT INTO txt VALUES ('in_progress',		    'German', 	'in Arbeit');
 INSERT INTO txt VALUES ('in_progress',		    'English', 	'in progress');
 INSERT INTO txt VALUES ('select', 				'German',	'Auswählen');
 INSERT INTO txt VALUES ('select', 				'English',	'Select');
+INSERT INTO txt VALUES ('loading', 				'German',	'Laden...');
+INSERT INTO txt VALUES ('loading', 				'English',	'Loading...');
 
 -- (re)login
 INSERT INTO txt VALUES ('login', 				'German',	'Anmelden');
@@ -1128,8 +1130,13 @@ INSERT INTO txt VALUES ('save_service', 	    'German',	'Dienst speichern');
 INSERT INTO txt VALUES ('save_service', 	    'English',	'Save Service');
 INSERT INTO txt VALUES ('delete_service', 	    'German',	'Dienst löschen');
 INSERT INTO txt VALUES ('delete_service', 	    'English',	'Delete Service');
-INSERT INTO txt VALUES ('ext_request', 	        'German',	'Externer Antrag');
-INSERT INTO txt VALUES ('ext_request', 	        'English',	'External Request');
+INSERT INTO txt VALUES ('ext_ticket_url', 	    'German',	'URL des externen Ticketing Systems');
+INSERT INTO txt VALUES ('ext_ticket_url', 	    'English',	'URL of external ticketing system');
+INSERT INTO txt VALUES ('ext_ticket_template', 	'German',	'Template Ticket-Text');
+INSERT INTO txt VALUES ('ext_ticket_template', 	'English',	'Template ticket text');
+INSERT INTO txt VALUES ('ext_task_template', 	'German',	'Template Aufgabentext');
+INSERT INTO txt VALUES ('ext_task_template', 	'English',	'Template task text');
+
 INSERT INTO txt VALUES ('area', 	            'German',	'Area');
 INSERT INTO txt VALUES ('area', 	            'English',	'Area');
 INSERT INTO txt VALUES ('interface', 	        'German',	'Schnittstelle');
@@ -1182,6 +1189,16 @@ INSERT INTO txt VALUES ('log_change',		    'German', 	'Änderung loggen');
 INSERT INTO txt VALUES ('log_change',		    'English', 	'Log Change');
 INSERT INTO txt VALUES ('show_history',		    'German', 	'Änderungshistorie');
 INSERT INTO txt VALUES ('show_history',		    'English', 	'Show History');
+INSERT INTO txt VALUES ('request_fw_change',    'German', 	'Firewall-Änderungen beantragen');
+INSERT INTO txt VALUES ('request_fw_change',    'English', 	'Request firewall changes');
+INSERT INTO txt VALUES ('ext_ticket_auth',      'German', 	'Authorization-Header-String');
+INSERT INTO txt VALUES ('ext_ticket_auth',      'English', 	'Authorization header string');
+INSERT INTO txt VALUES ('ext_ticket_fail',      'German', 	'Fehler beim Erzeugen des externen Tickets');
+INSERT INTO txt VALUES ('ext_ticket_fail',      'English', 	'Error while creating external ticket');
+INSERT INTO txt VALUES ('ext_ticket_success',   'German', 	'Externes Ticket erfolgreich erzeugt');
+INSERT INTO txt VALUES ('ext_ticket_success',   'English', 	'External ticket successfully created');
+INSERT INTO txt VALUES ('ext_ticket_number',    'German', 	'Externe Ticket-Nummer');
+INSERT INTO txt VALUES ('ext_ticket_number',    'English', 	'External ticket number');
 INSERT INTO txt VALUES ('changed_by',		    'German', 	'Geändert von');
 INSERT INTO txt VALUES ('changed_by',		    'English', 	'Changed by');
 INSERT INTO txt VALUES ('object_id',            'German', 	'Objekt-Id');
@@ -1910,6 +1927,10 @@ INSERT INTO txt VALUES ('import_source',        'German',   'Importquelle');
 INSERT INTO txt VALUES ('import_source',        'English',  'Import Source');
 INSERT INTO txt VALUES ('modelling_settings',   'German', 	'Modellierungseinstellungen');
 INSERT INTO txt VALUES ('modelling_settings',   'English', 	'Modelling Settings');
+INSERT INTO txt VALUES ('ext_ticketing',        'German', 	'Externes Ticket-System');
+INSERT INTO txt VALUES ('ext_ticketing',        'English', 	'External ticket tool');
+INSERT INTO txt VALUES ('ext_ticket_settings',  'German', 	'Einstellungen externes Ticket-System');
+INSERT INTO txt VALUES ('ext_ticket_settings',  'English', 	'Settings external ticket tool');
 INSERT INTO txt VALUES ('modIconify',           'German', 	'Nutzung von Piktogrammen');
 INSERT INTO txt VALUES ('modIconify',           'English', 	'Prefer use of Icons');
 INSERT INTO txt VALUES ('use_in_src',           'German', 	'in Quelle');
@@ -4522,6 +4543,14 @@ INSERT INTO txt VALUES ('H5591', 'German',  'Common Service zugelassen: Modellie
 INSERT INTO txt VALUES ('H5591', 'English', 'Common Service Possible: Allows modellers to create common services inside.');
 INSERT INTO txt VALUES ('H5592', 'German',  'Importquelle: Falls importiert das dort vergebene Label (sh. <a href="/help/settings/modelling">Modellierungseinstellungen</a>).');
 INSERT INTO txt VALUES ('H5592', 'English', 'Import Source: If imported the label given there (see <a href="/help/settings/modelling">Modelling Settings</a>).');
+INSERT INTO txt VALUES ('H5593', 'German',  'URL des externen Ticketing Systems: Exakte Adresse inklusive Pfad, unter der die API das externen Ticket Systems erreicht werden kann');
+INSERT INTO txt VALUES ('H5593', 'English', 'URL of external ticketing system: Exact address and path under which the external ticket system''s API can be reached.');
+INSERT INTO txt VALUES ('H5594', 'German',  'Authorization-Header-String: Beispielsweise Base64-kodierter String von "Username:Password" mit f&uuml;hrendem "Basic" zur Bezeichnung der Basic Authentication');
+INSERT INTO txt VALUES ('H5594', 'English', 'Authorization header string: E.g. base64 encoded string of "Username:Password" lead by "Basic" to indicate basic authentication');
+INSERT INTO txt VALUES ('H5595', 'German',  'Template Ticket-Text: Vorlagentext mit verschiedenen Platzhaltern, die durch @@PLACEHOLDER@@ gekennzeichnet sind und für jede Anfrage durch die eigentlichen Anfragedaten ersetzt werden. Eine vollst&auml;ndige Liste der Platzhalter finden Sie auf den Hilfeseiten.');
+INSERT INTO txt VALUES ('H5595', 'English', 'Template ticket text: template text containing various placeholders indicated by @@PLACEHOLDER@@ which will be substituted for each ticket with the actual ticket data. For a full list of placeholders, see help pages.');
+INSERT INTO txt VALUES ('H5596', 'German',  'Template Aufgabentext: Template pro Verbindung (sollte die folgenden Platzhalter enthalten: @@SOURCES@@, @@SERVICES@@, @@DESTINATIONS@@, ...)');
+INSERT INTO txt VALUES ('H5596', 'English', 'Template task text: Template for each connection (should contain placeholders @@SOURCES@@, @@SERVICES@@, @@DESTINATIONS@@, ...)');
 
 INSERT INTO txt VALUES ('H5601', 'German',  'Hier werden die Einstellungen f&uuml;r die Netzwerk-Modellierung verwaltet.
     Dies betrifft Vordefinierte Dienste, Darstellung verschiedener Elemente, Definition von Namenskonventionen sowie Scheduling-Einstellungen f&uuml;r die zu importierenden Objekte:
@@ -4646,6 +4675,12 @@ INSERT INTO txt VALUES ('H5627', 'German',  'App-Server-Typen: Hier k&ouml;nnen
 INSERT INTO txt VALUES ('H5627', 'English', 'App Server Types: Here any App Server Types can be defined with name and Id. Please use different Ids. Be careful when deleting types already in use!
     The default type should always exist and is used during data import. Here only the displayed name can be chosen. It is not available for manual assignment to an App Server.
 ');
+INSERT INTO txt VALUES ('H5628', 'German',  'Vordefinierte Dienste: Hier wird dem Administrator ein Men&uuml; angeboten, um Dienste und Gruppierungen von Diensten vorzudefinieren,
+    zu bearbeiten oder zu l&ouml;schen. Diese stehen dann allen Applikationen zur Verf&uuml;gung.
+');
+INSERT INTO txt VALUES ('H5628', 'English', 'Predefined Services: Offers a menu to the administrator to define, change or delete predefined services or service groups.
+    These services are available for all applications.
+');
 
 INSERT INTO txt VALUES ('H5701', 'German',  'Die in der Datenbank hinterlegten sprachabh&auml;ngigen Texte k&ouml;nnen individuell &uuml;berschrieben werden.
     Dabei werden die vom System vorgegebenen Texte nicht ge&auml;ndert, sondern nur durch die hier definierten Texte - falls vorhanden - &uuml;berblendet.

roles/database/files/upgrade/8.2.2.sql

@@ -0,0 +1,124 @@
+/*
+
+    plan "Tufin SecureChange Request Module" - TUREM
+
+    User Interface
+        - modeller user can choose to request the current state of modelling for one app/owner
+        - a button can be used within the modeller top level menu to do so
+        - modelling which has already been requested and that which has not need to be displayed in NeMo so that each can be easily identified
+
+    Automatic steps:
+        - TUREM needs to store the last modelling state that was requested in order to be able to request the differences
+        - database structure needs to be defined - if possible find a simple model which does not look like the current FWO change tracking
+            (work with a flag - modelled/requested)
+        - TUREM needs to request the creation of objects (network, service) as well as access requests based on these objects
+        - TUREM will not take the rulebase of the actual firewalls into account - this will be done by SC
+        - specifically will changes between two TUREM requests (not requested via TUREM) not be taken into account
+
+    Open decisions/tests
+    - do we also need to get feedback on the implementation state of the SC ticket? If so, what to do with it?
+      - at least we should store the tufin ticket numbers in NeMo for reference
+    - can we always just create a single SC ticket or do we need multiple tickets?
+      - probably SC cannot deal with order of tasks so that in the first task objects are requested which are then Nused in the same ticket within an AR
+      - if we need multiple SC tickets, we need to be prepared to store multiple ticket numbers in NeMo for a single TUREM request
+    - for non-initial requests: do we have to create change requests or do we simply request the whole modelled rulebase?
+      - same question for changes to (modelled) objects
+      - what about changes to basic objects like NAs - do we requests these of just assume that they already have been implemented?
+        - where to draw the line? 
+
+    Preparations
+    - get a technical user with SC create ticket rights on Tufin STEST system
+
+    Not customer related:
+        - develop in parallel: internal request module which requests the changes within the FWO request module
+
+*/
+
+insert into config (config_key, config_value, config_user) VALUES ('extTicketSystems', '[{"Url":"","TicketTemplate":"{
+	"ticket": {
+		"subject": "@@TICKET_SUBJECT@@",
+		"priority": "@@PRIORITY@@",
+		"requester": "@@ONBEHALF@@",
+		"domain_name": "",
+		"workflow": {
+			"name": "@@WORKFLOW_NAME@@"
+		},
+		"steps": {
+			"step": [
+				{
+					"name": "Erfassung des Antrags",
+					"tasks": {
+						"task": {
+							"fields": {
+								"field": [
+										@@TASKS@@
+								]
+							}
+						}
+					}
+				}
+			]
+		}
+	}
+}", "TasksTemplates": "{
+										"@xsi.type": "multi_access_request",
+										"name": "Gewünschter Zugang",
+										"read_only": false,
+										"access_request": {
+											"order": "AR1",
+											"verifier_result": {
+												"status": "not run"
+											},
+											"use_topology": true,
+											"targets": {
+												"target": {
+													"@type": "ANY"
+												}
+											},
+											"users": {
+												"user": @@USERS@@
+											},
+											"sources": {
+												"source": @@SOURCES@@
+											},
+											"destinations": {
+												"destination": @@DESTINATIONS@@
+											},
+											"services": {
+												"service": @@SERVICES@@
+											},
+											"action": "@@ACTION@@",
+											"labels": ""
+										}
+									},
+									{
+										"@xsi.type": "text_area",
+										"name": "Grund für den Antrag",
+										"read_only": false,
+										"text": "@@REASON@@"
+									},
+									{
+										"@xsi.type": "drop_down_list",
+										"name": "Regel Log aktivieren?",
+										"selection": "@@LOGGING@@"
+									},
+									{
+										"@xsi.type": "date",
+										"name": "Regel befristen bis:"
+									},
+									{
+										"@xsi.type": "text_field",
+										"name": "Anwendungs-ID",
+										"text": "@@APPID@@"
+									},
+									{
+										"@xsi.type": "checkbox",
+										"name": "Die benötigte Kommunikationsverbindung ist im Kommunikationsprofil nach IT-Sicherheitsstandard hinterlegt",
+										"value":  @@COM_DOCUMENTED@@
+									},
+									{
+										"@xsi.type": "drop_down_list",
+										"name": "Expertenmodus: Exakt wie beantragt implementieren (Designervorschlag ignorieren)",
+										"selection": "Nein"
+									}
+								" }]', 0) ON CONFLICT DO NOTHING;

roles/importer/files/importer/common.py

@@ -349,7 +349,13 @@ def replace_device_id(config, mgm_details):
                 with open(filename, 'r') as json_file:
                     config = json.load(json_file)
     except requests.exceptions.RequestException:
-        error_string = 'got HTTP status code{code} while trying to read config file from URL {filename}'.format(code=str(r.status_code), filename=filename)
+        try:
+            # check if response "r" is defined:
+            r
+
+            error_string = 'got HTTP status code{code} while trying to read config file from URL {filename}'.format(code=str(r.status_code), filename=filename)
+        except NameError:
+            error_string = 'got error while trying to read config file from URL {filename}'.format(filename=filename)
         error_count += 1
         error_count = complete_import(current_import_id, error_string, start_time, mgm_details, change_count, error_count, jwt)
         raise ConfigFileNotFound(error_string) from None