Merge branch 'develop' of https://github.com/CactuseSecurity/firewall…

…-orchestrator into cactus-develop

documentation/installer/install-for-testing.md

@@ -12,7 +12,7 @@ This includes:
 Note: the relevant secrets are displayed at the very end of the installation. They can also be found in the etc/secrets directory.
 
 ```console
-ansible-playbook/ site.yml -e "testkeys=yes" -K
+ansible-playbook site.yml -e "testkeys=yes" -K
 ```
 
 A static jwt key helps with debugging c# code in visual studio (code) - you can use a static backend (ldap & api) with these keys.

inventory/hosts.yml

@@ -1,20 +1,20 @@
+# If you want to use distributed installation, follow the steps on localhost
 # 1. ssh-keygen -t rsa
 # Press enter for each line 
 # 2. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
 # 3. chmod og-wx ~/.ssh/authorized_keys
-# 4. change ansible_connection to ssh and ansible_host to your host
+# 4. ssh-copy-id <user>@<remote-server>
+# 5. add remote servers below
 
 all:
   hosts:
     localhost:
       ip_address: 127.0.0.1
       ansible_connection: local
-      # ansible_connection: local
-      # ansible_host: localhost
 #   Add servers for distributed installation here. Use these servers in the children dictionary below.
 #    ui-srv:
 #      ansible_connection: ssh
-#      ansible_host: 192.168.121.2
+#      ansible_host: 192.168.2.3
   children:
 
     frontends:

roles/FWO.sln

@@ -35,11 +35,11 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Recert", "lib\files\FWO
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "files", "files", "{B48F8BD5-1056-4670-BEFA-F4A260293B6F}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.Encryption", "lib\files\FWO.Encryption\FWO.Encryption.csproj", "{6EBEBF57-3399-4008-BA10-0D21F6827244}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Encryption", "lib\files\FWO.Encryption\FWO.Encryption.csproj", "{6EBEBF57-3399-4008-BA10-0D21F6827244}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.GlobalConstants", "lib\files\FWO.GlobalConstants\FWO.GlobalConstants.csproj", "{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.GlobalConstants", "lib\files\FWO.GlobalConstants\FWO.GlobalConstants.csproj", "{0CBD4CC5-3E39-4134-A0E1-4DB8999619F3}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FWO.Tufin.SecureChange", "lib\files\FWO.Tufin.SecureChange\FWO.Tufin.SecureChange.csproj", "{17AA0E0C-BB46-42FE-A08C-68539EA7FD53}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FWO.Tufin.SecureChange", "lib\files\FWO.Tufin.SecureChange\FWO.Tufin.SecureChange.csproj", "{17AA0E0C-BB46-42FE-A08C-68539EA7FD53}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -103,10 +103,6 @@ Global
 		{520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{520779B1-20EB-45D9-8A02-D0C4DFEC9302}.Release|Any CPU.Build.0 = Release|Any CPU
-		{14B56819-F629-4CE9-BBC0-7579392EFC83}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{14B56819-F629-4CE9-BBC0-7579392EFC83}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{14B56819-F629-4CE9-BBC0-7579392EFC83}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{14B56819-F629-4CE9-BBC0-7579392EFC83}.Release|Any CPU.Build.0 = Release|Any CPU
 		{6EBEBF57-3399-4008-BA10-0D21F6827244}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{6EBEBF57-3399-4008-BA10-0D21F6827244}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{6EBEBF57-3399-4008-BA10-0D21F6827244}.Release|Any CPU.ActiveCfg = Release|Any CPU

roles/database/files/sql/idempotent/fworch-texts.sql

@@ -6224,3 +6224,7 @@ INSERT INTO txt VALUES ('H9053', 'English', 'The assigned modeller can reject th
 
 INSERT INTO txt VALUES ('H9054', 'German',  'Nachricht die auf der Anmeldeseite angezeigt werden soll.');
 INSERT INTO txt VALUES ('H9054', 'English', 'Message that is displayed on Login Page.');
+INSERT INTO txt VALUES ('PagerPagesize',     'German', 	'Seitengröße');
+INSERT INTO txt VALUES ('PagerPagesize',     'English', 'Page size');
+INSERT INTO txt VALUES ('PagerSubmit',       'German', 	'Speichern');
+INSERT INTO txt VALUES ('PagerSubmit',       'English', 'Save');

roles/finalize/tasks/main.yml

@@ -77,22 +77,23 @@
   register: demo_data_present
   become: true
   become_user: postgres
+  when: "'sampleserver' in group_names"
 
 - name: find cron jobs in case of missing demo data
   find:
     paths: /etc/cron.d
     patterns: "{{ product_name }}_sample_data_*"
   register: files_to_delete
-  when: demo_data_present.query_result == []
   become: true
+  when: "demo_data_present.query_result == [] and 'sampleserver' in group_names"
 
 - name: delete cron jobs in case of missing demo data
   file:
     path: "{{ item.path }}"
     state: absent
   with_items: "{{ files_to_delete.files }}"
-  when: demo_data_present.query_result == []
   become: true
+  when: "demo_data_present.query_result == [] and 'sampleserver' in group_names"
 
 - name: remove temp importer_password from install host
   file:

roles/lib/files/FWO.Config.File/FWO.Config.File.csproj

@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.6.3" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.0.2" />
   </ItemGroup>
 
   <ItemGroup>

roles/lib/files/FWO.DeviceAutoDiscovery/FWO.DeviceAutoDiscovery.csproj

@@ -8,8 +8,8 @@
 
  <ItemGroup>
     <PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
-    <PackageReference Include="RestSharp" Version="111.4.0" />
-    <PackageReference Include="RestSharp.Serializers.NewtonsoftJson" Version="111.4.0" />
+    <PackageReference Include="RestSharp" Version="112.0.0" />
+    <PackageReference Include="RestSharp.Serializers.NewtonsoftJson" Version="112.0.0" />
     <PackageReference Include="RestSharp.Serializers.SystemTextJson" Version="106.15.0" />
   </ItemGroup>
 

roles/lib/files/FWO.Middleware.Client/FWO.Middleware.Client.csproj

@@ -8,8 +8,8 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
-    <PackageReference Include="RestSharp" Version="111.4.0" />
-    <PackageReference Include="RestSharp.Serializers.NewtonsoftJson" Version="111.4.0" />
+    <PackageReference Include="RestSharp" Version="112.0.0" />
+    <PackageReference Include="RestSharp.Serializers.NewtonsoftJson" Version="112.0.0" />
     <PackageReference Include="RestSharp.Serializers.SystemTextJson" Version="106.15.0" />
   </ItemGroup>
 

roles/lib/files/FWO.Middleware/FWO.Middleware.csproj

@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.6.3" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.0.2" />
   </ItemGroup>   
 
   <ItemGroup>

roles/lib/files/FWO.Tufin.SecureChange/ExternalTicket.cs

@@ -144,7 +144,7 @@ public async Task<RestResponse<int>> CreateTicketInTufin(ExternalTicketSystem tu
 		string taskText = "";
 
 		// set templates from config
-		if (!tufinSystem.TicketTemplate.IsNullOrEmpty() && !tufinSystem.TasksTemplate.IsNullOrEmpty())
+		if (!string.IsNullOrEmpty(tufinSystem.TicketTemplate) && !string.IsNullOrEmpty(tufinSystem.TasksTemplate))
 		{
 			TicketTemplate = tufinSystem.TicketTemplate;
 			TasksTemplate = tufinSystem.TasksTemplate;

roles/lib/files/FWO.Tufin.SecureChange/FWO.Tufin.SecureChange.csproj

@@ -8,8 +8,8 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
-    <PackageReference Include="RestSharp" Version="111.4.0" />
-    <PackageReference Include="RestSharp.Serializers.NewtonsoftJson" Version="111.4.0" />
+    <PackageReference Include="RestSharp" Version="112.0.0" />
+    <PackageReference Include="RestSharp.Serializers.NewtonsoftJson" Version="112.0.0" />
     <PackageReference Include="RestSharp.Serializers.SystemTextJson" Version="106.15.0" />
   </ItemGroup>
 

roles/lib/tasks/main.yml

@@ -40,13 +40,23 @@
     - name: install wkhtml pdf library needed for both ui and middleware servers
       include_tasks: install_wkhtml_pdf.yml
 
-    - name: copy {{ product_name }} dotnet lib files to lib target
+    - name: copy {{ product_name }} dotnet lib files to lib target (localhost)
       synchronize:
         src: "./"
         dest: "{{ lib_dir }}"
         rsync_opts:
           - "--chown={{ fworch_user }}:{{ fworch_group }}" 
       tags: [ 'test' ]
+      when: inventory_hostname == 'localhost'
+
+    - name: copy {{ product_name }} dotnet lib files to lib target (remote)
+      copy:
+        src: "./"
+        dest: "{{ lib_dir }}"
+        owner: "{{ fworch_user }}"
+        group: "{{ fworch_group }}"
+      tags: [ 'test' ]
+      when: inventory_hostname != 'localhost'
 
     - name: finalize handler for datarecovery
       set_fact:

roles/middleware/files/FWO.Middleware.Server/AppDataImport.cs

@@ -286,7 +286,7 @@ private async Task AddAllGroupMembersToUiUser(string userGroupDn)
 			// find the user in all connected ldaps
 			foreach (Ldap ldap in connectedLdaps)
 			{
-				if (!ldap.UserSearchPath.IsNullOrEmpty() && userDn.ToLower().Contains(ldap.UserSearchPath!.ToLower()))
+				if (!string.IsNullOrEmpty(ldap.UserSearchPath) && userDn.ToLower().Contains(ldap.UserSearchPath!.ToLower()))
 				{
 					LdapEntry? ldapUser = ldap.GetUserDetailsFromLdap(userDn);
 
@@ -320,7 +320,7 @@ private async Task<Tenant> DeriveTenantFromLdap(Ldap ldap, LdapEntry ldapUser)
 			string tenantName = "";
 
 			// can we derive the users tenant purely from its ldap?
-			if (!ldap.GlobalTenantName.IsNullOrEmpty() || ldap.TenantLevel > 0)
+			if (!string.IsNullOrEmpty(ldap.GlobalTenantName) || ldap.TenantLevel > 0)
 			{
 				if (ldap.TenantLevel > 0)
 				{
@@ -329,7 +329,7 @@ private async Task<Tenant> DeriveTenantFromLdap(Ldap ldap, LdapEntry ldapUser)
 				}
 				else
 				{
-					if (!ldap.GlobalTenantName.IsNullOrEmpty())
+					if (!string.IsNullOrEmpty(ldap.GlobalTenantName))
 					{
 						tenantName = ldap.GlobalTenantName ?? "";
 					}

roles/middleware/files/FWO.Middleware.Server/Ldap.cs

@@ -153,7 +153,7 @@ private string GetGroupSearchFilter(string searchPattern)
                 List<LdapEntry> possibleUserEntries = [];
 
                 // If dn was already provided
-                if (!user.Dn.IsNullOrEmpty())
+                if (!string.IsNullOrEmpty(user.Dn))
                 {
                     // Try to read user entry directly
                     LdapEntry? userEntry = connection.Read(user.Dn);

roles/sample-auth-data/tasks/main.yml

@@ -2,15 +2,15 @@
 
 - name: add auth test data to database
   include_tasks: auth_sample_data.yml
-  when: installation_mode is not match('upgrade') or sample_role_purpose is match('test')
+  when: installation_mode is match('new') or sample_role_purpose is match('test')
 
 - name: include ldif driven changes
   import_tasks: modify_ldap_tree.yml
-  when: installation_mode is not match('upgrade') or sample_role_purpose is match('test')
+  when: installation_mode is match('new') or sample_role_purpose is match('test')
 
 - name: include owner sample data
   import_tasks: sample_owner_data.yml
-  when: installation_mode is not match('upgrade') or sample_role_purpose is match('test')
+  when: installation_mode is match('new') or sample_role_purpose is match('test')
 
 - name: restart middleware server in case any changes to ldap_connections were made
   systemd:

roles/test/files/FWO.Test/FWO.Test.csproj

@@ -9,10 +9,10 @@
 
   <ItemGroup>
     <PackageReference Include="Haukcode.WkHtmlToPdfDotNet" Version="1.5.90" />
-    <PackageReference Include="NUnit" Version="4.1.0" />
-    <PackageReference Include="NUnit3TestAdapter" Version="4.5.0" />
+    <PackageReference Include="NUnit" Version="4.2.2" />
+    <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.0.0" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.0.2" />
   </ItemGroup>
 
   <ItemGroup>

roles/test/handlers/main.yml

@@ -1,12 +1,4 @@
 ---
-- name: delete test user and dir
-  user:
-    name: test
-    state: absent
-    remove: true
-  become: true
-  listen: "test importer handler"
-
 - name: delete test user cred config file
   file:
     path: "{{ fworch_secrets_dir }}/TestUserCreds.json"

roles/test/tasks/main.yml

@@ -56,18 +56,22 @@
 
 - name: database testing
   import_tasks: test-database.yml
+  when: "'databaseserver' in group_names"
 
 - name: create config with test user creds
   import_tasks: write-config-test-user-creds.yml
 
 - name: auth testing
   import_tasks: test-auth.yml
+  when: "'middlewareserver' in group_names"
 
 - name: api testing
   import_tasks: test-api.yml
-
+  when: "'apiserver' in group_names"
+
 - name: csharp testing
   import_tasks: test-csharp.yml
+  when: "'frontends' in group_names"
 
 - name: imorter testing
   import_tasks: test-importer.yml

roles/test/tasks/test-web.yml

@@ -8,9 +8,9 @@
   become: true
   when: "'frontends' in group_names"
 
-- name: test web server availability
+- name: test middleware web server availability
   uri:
-    url: "{{ loop_url }}"
+    url: "{{ middleware_uri }}/swagger/"
     method: GET
     headers:
       Content-Type: html/text
@@ -23,15 +23,53 @@
   until: web_call_result.status == 200
   retries: 10 # 10 * 5 seconds
   delay: 5 # Every 5 seconds
-  loop:
-    - "{{ middleware_uri }}/swagger/"
-    - https://{{ ui_hostname }}/
-    - https://{{ api_network_listening_ip_address }}:9443/api/
-  loop_control:
-    loop_var: loop_url
+  when: "'middlewareserver' in group_names"
 
-- name: show webserver test results
+- name: show middleware webserver test results
   fail:
-    msg: "url: {{ item.url }}, status: {{ item.status }}"
-  loop: "{{ web_call_result.results | from_yaml | list }}"
-  when: item.status!=200
+    msg: "url: {{ web_call_result.url }}, status: {{ web_call_result.status }}"
+  when: "'middlewareserver' in group_names and web_call_result.status!=200"
+
+- name: test api web server availability
+  uri:
+    url: "https://{{ api_network_listening_ip_address }}:9443/api/"
+    method: GET
+    headers:
+      Content-Type: html/text
+    body:
+    validate_certs: false
+    return_content: true
+  register: web_call_result
+  changed_when: false
+  failed_when: false
+  until: web_call_result.status == 200
+  retries: 10 # 10 * 5 seconds
+  delay: 5 # Every 5 seconds
+  when: "'apiserver' in group_names"
+
+- name: show api webserver test results
+  fail:
+    msg: "url: {{ web_call_result.url }}, status: {{ web_call_result.status }}"
+  when: "'apiserver' in group_names and web_call_result.status!=200"
+
+- name: test ui web server availability
+  uri:
+    url: "https://{{ ui_hostname }}/"
+    method: GET
+    headers:
+      Content-Type: html/text
+    body:
+    validate_certs: false
+    return_content: true
+  register: web_call_result
+  changed_when: false
+  failed_when: false
+  until: web_call_result.status == 200
+  retries: 10 # 10 * 5 seconds
+  delay: 5 # Every 5 seconds
+  when: "'frontends' in group_names"
+
+- name: show ui webserver test results
+  fail:
+    msg: "url: {{ web_call_result.url }}, status: {{ web_call_result.status }}"
+  when: "'frontends' in group_names and web_call_result.status!=200"

roles/ui/files/FWO.UI/Pages/Monitoring/MonitorAlerts.razor

@@ -17,7 +17,8 @@
 @if(InitComplete)
 {
     <div class="vheight75">
-        <Table TableClass="table table-bordered table-sm th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="Alert" Items="alertEntrys" PageSize="10">
+        <PageSizeComponent PageSizeCallback="UpdatePageSize" PageSize="PageSize"></PageSizeComponent>
+        <Table TableClass="table table-bordered table-sm th-bg-secondary table-responsive overflow-auto sticky-header" TableItem="Alert" Items="alertEntrys" PageSize="PageSize">
             <Column TableItem="Alert" Title="@(userConfig.GetText("id"))" Field="@(x => x.Id)"  Sortable="true" Filterable="true"/>
             <Column TableItem="Alert" Title="@(userConfig.GetText("timestamp"))" Field="@(x => x.Timestamp)"  Sortable="true" Filterable="true"/>
             <Column TableItem="Alert" Title="@(userConfig.GetText("source"))" Field="@(x => x.Source)" Sortable="true" Filterable="true"/>
@@ -52,11 +53,14 @@ else
     [CascadingParameter]
     Action<Exception?, string, string, bool> DisplayMessageInUi { get; set; } = DefaultInit.DoNothing;
 
+    private int PageSize { get; set; } = 10;
+
     private List<Alert> alertEntrys = new List<Alert>();
     private List<UiUser> uiUsers = new List<UiUser>();
     private List<Management> managements = new List<Management>();
     private bool InitComplete = false;
 
+
     protected override async Task OnInitializedAsync()
     {
         try
@@ -78,4 +82,9 @@ else
             DisplayMessageInUi(exception, userConfig.GetText("fetch_alerts"), "", true);
         }
     }
+
+    private void UpdatePageSize(int pageSize)
+    {
+        PageSize = pageSize;
+    }
 }