Skip to content

Commit

Permalink
Merge pull request CactuseSecurity#2405 from CactuseSecurity/develop
Browse files Browse the repository at this point in the history
main v8.2.1 minor updates & fixes
  • Loading branch information
tpurschke authored May 7, 2024
2 parents 1846038 + 1e730f8 commit 09b9c42
Show file tree
Hide file tree
Showing 26 changed files with 855 additions and 809 deletions.
33 changes: 17 additions & 16 deletions .github/workflows/test-install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,29 +21,30 @@ on:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# ubuntu18 was unstable at github (2022-07-06 - 2022-07-11)
# test_ubuntu_18:
# name: test build on ubuntu_18
# runs-on: ubuntu-18.04
# # ubuntu18 was unstable at github (2022-07-06 - 2022-07-11)
# # does not seem to be supported by hithub anymore (2024-05-01)

# test_ubuntu_20:
# name: test build on ubuntu_20
# runs-on: ubuntu-20.04
# steps:
# - uses: actions/checkout@v3
# - name: do test install in case of merged pull request
# run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K

test_ubuntu_20:
name: test build on ubuntu_20
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: do test install in case of merged pull request
run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes site.yml -K
# run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K
# run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e force_install=true site.yml -K

# test_ubuntu_22:
# name: test build on ubuntu_22
# runs-on: ubuntu-22.04
# steps:
# - uses: actions/checkout@v3
# - name: do test install in case of merged pull request
# run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes site.yml -K
# run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e run_on_github=yes --skip-tags test site.yml -K
# run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e force_install=true site.yml -K

test_ubuntu_latest:
name: test build on ubuntu latest
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: do test install in case of merged pull request
run: cd /home/runner/work/firewall-orchestrator/firewall-orchestrator && ansible-playbook -e force_install=true site.yml -K

3 changes: 3 additions & 0 deletions documentation/revision-history-develop.md
Original file line number Diff line number Diff line change
Expand Up @@ -202,3 +202,6 @@ bugfix release:
- fix demo managements (change import from deactivated to activated - does not affect test managements)
- upgrade to dotnet 8.0
- adding all imported modelling users to uiuser

# 8.2.1 - xx.05.2024 DEVELOP
- fix misleading login error message when authorisation is missing
3 changes: 1 addition & 2 deletions inventory/group_vars/all.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
### general settings
product_version: "8.2"
product_version: "8.2.1"
ansible_user: "{{ lookup('env', 'USER') }}"
ansible_become_method: sudo
ansible_python_interpreter: /usr/bin/python3
Expand All @@ -22,7 +22,6 @@ sample_hostname: "{{ groups['sampleserver'].0 }}"
# upgrade - installs on top of an existing system preserving any existing data in ldap, database, api
installation_mode: new
install_syslog: true
run_on_github: false
add_demo_data: true
api_docu: false
force_install: false
Expand Down
18 changes: 2 additions & 16 deletions roles/common/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
- block:

- name: assert ansible version gt 2.13
- name: assert ansible version gt 2.12
fail:
msg: Ansible 2.13 or above is required
when: ansible_version.full is version('2.13', '<')


- name: check for existing main config file {{ fworch_conf_file }}
stat:
path: "{{ fworch_conf_file }}"
Expand Down Expand Up @@ -93,23 +92,10 @@
- There are upgradable OS packages available, please run OS upgrade before running FWORCH installer.
- Use "-e force_install=true" to overwrite this check and install anyway at your own risk.
when: |
not force_install|bool and not run_on_github|bool and
not force_install|bool and
(ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian") and
upgradable_packages.stdout_lines|length > 1
# - name: fix grub-efi (for github actions)
# apt:
# upgrade: dist
# update_cache: true
# when: ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian" and run_on_github|bool

# - name: update operating system packages .deb based (for github actions)
# apt:
# upgrade: dist
# update_cache: true
# when: ansible_facts['distribution'] == "Ubuntu" or ansible_facts['distribution'] == "Debian" and run_on_github|bool

- name: update operating system packages .rpm based (untested)
yum:
upgrade: dist
Expand Down
36 changes: 33 additions & 3 deletions roles/database/files/sql/idempotent/fworch-texts.sql
Original file line number Diff line number Diff line change
Expand Up @@ -273,6 +273,8 @@ INSERT INTO txt VALUES ('permissions_text', 'German', 'Ihre Berechtigungen wur
INSERT INTO txt VALUES ('permissions_text', 'English', 'Your permissions have been changed. Re-login to update your permissions.');
INSERT INTO txt VALUES ('login_importer_error', 'German', 'Nutzer mit der Rolle "Importer" d&uuml;rfen sich nicht an der Benutzeroberfl&auml;che anmelden. Diese Rolle dient einzig dem Importieren von eingebundenen Ger&auml;ten.');
INSERT INTO txt VALUES ('login_importer_error', 'English', 'Users with role "importer" are not allowed to log into the user interface. The only purpose of this role is to import included devices.');
INSERT INTO txt VALUES ('not_authorized', 'German', 'Authentisierung OK, aber keine Berechtigung/Authorisierung vorhanden.');
INSERT INTO txt VALUES ('not_authorized', 'English', 'Authentication succeeded, but not authorized.');

-- navigation
INSERT INTO txt VALUES ('reporting', 'German', 'Reporting');
Expand Down Expand Up @@ -5747,11 +5749,11 @@ INSERT INTO txt VALUES ('H9011', 'English', 'An application is - from the perspe
INSERT INTO txt VALUES ('H9021', 'German', 'Verbindungen sind die Hauptbestandteile des Kommunikationsprofils. Es wird zwischen verschiedenen Arten von Verbindungen unterschieden:');
INSERT INTO txt VALUES ('H9021', 'English', 'Connections are the main components of the communication profile. There are different types of connections:');
INSERT INTO txt VALUES ('H9022', 'German', 'Schnittstellen: Sie dienen in erster Linie der Modellierung von (aus Sicht der Applikation) externen Verbindungen oder der B&uuml;ndelung interner Objekte.
Es m&uuml;ssen in der Applikation neben dem Dienst entweder Quelle oder Ziel definiert werden. Die Schnittstellen werden in den anderen Applikationen
zur Auswahl angeboten und k&ouml;nnen dort in der Definition von eigenen Verbindungen verwendet werden.
Es m&uuml;ssen in der Applikation neben dem Dienst entweder Quelle oder Ziel definiert werden. Die Schnittstellen k&ouml;nnen durch Setzen des entsprechendenn H&auml;kchens ver&ouml;ffentlicht und dadurch in den anderen Applikationen
zur Auswahl angeboten werden. Sie k&ouml;nnen dann dort in der Definition von eigenen Verbindungen verwendet werden.
');
INSERT INTO txt VALUES ('H9022', 'English', 'Interfaces: They serve primarily the modelling of (relative to the application) external connections or the bundling of internal objects.
Besides the service either source or destination have to be defined in the application. The interfaces are offered to other applications to use
Besides the service either source or destination have to be defined in the application. The interfaces can be published by setting the respective flag and are then offered to other applications to use
them in the definition of own connections.
');
INSERT INTO txt VALUES ('H9023', 'German', 'Standard: Zentrale Objekte zur Modellierung der Kommunikationsverbindungen. Dabei m&uuml;ssen Quelle, Dienst und Ziel aus den in der Bibliothek
Expand Down Expand Up @@ -5810,3 +5812,31 @@ INSERT INTO txt VALUES ('H9043', 'German', 'Dienstgruppen: In Dienstgruppen k&o
INSERT INTO txt VALUES ('H9043', 'English', 'Service Groups: Simple services can be bundled in Service Groups. A name has to be given to them, comments can be added.
Again definition can be done by the modeller, but also Service Groups predefined by the administrator can be used.
');
INSERT INTO txt VALUES ('H9051', 'German', 'Beantragung neuer Schnittstellen: Wenn externe Schnittstellen von anderen Applikationen ben&ouml;tigt werden, k&ouml;nnen diese &uuml;ber die entsprechende Schaltfl&auml;che in der Bibliothek beantragt werden.
<ul>
<li>Es erscheint ein Dialog, in dem die externe Applikation ausgew&auml;hlt und eine Begr&uuml;ndung eingetragen werden m&uuml;ssen, sowie das H&auml;kchen, ob die Schnittstelle als Quelle oder Ziel genutzt werden soll.</li>
<li>Beim Abschicken der Anforderung wird
<ul>
<li>bei der externen Applikation automatisch eine Dummy-Schnittstelle angelegt, die dann in der eigenen Schnittstellen-Auswahl erscheint und direkt zur Erstellung eigener Verbindungen genutzt werden kann.
Sie wird in der Liste der eigenen Verbindungen mit Eintr&auml;gen "Schnittstelle angefordert" in Quelle/Ziel und Dienst als solche gekennzeichnet.</li>
<li>der oder die f&uuml;r die externe Applikation Verantwortlichen per Email &uuml;ber den Antrag informiert.</li>
<li>im Workflow-Modul ein Ticket mit dem Antrag erstellt. Je nach Konfiguration des Workflows kann hier der Auftrag abgelehnt, an andere Applikationen weitergeleitet, einzelnen Bearbeitern zugewiesen oder mit Kommentaren versehen werden.</li>
</ul>
</li>
<li>Wird die Schnittstelle auf der Gegenseite modelliert und ver&ouml;ffentlicht, wandelt sich auch die eigene nutzende Verbindung automatisch in eine "normale" Verbindung um, eine weiteres Eingreifen des Antragstellers ist nicht mehr notwendig.</li>
</ul>
');
INSERT INTO txt VALUES ('H9051', 'English', 'Request new interface: If external interfaces from other applications are needed, they can be requested via a button in the library.
<ul>
<li>A dialogue is displayed to select the external Application. A reason field has to be filled as well as the checkbox, if the interface should be used as source or destination.</li>
<li>If the request is submitted
<ul>
<li>a dummy interface is created automatically at the target application, which then appears in the own interface selection in the library and can be used for the definition of the own connection.
It is marked as such by the text "Interface requested" in Source/Destination and Service in the list of own the connections.</li>
<li>the responsible(s) of the external Application is informed about the request by email.</li>
<li>a ticket in the Workflow module is created. Depending on the configuration of the workflow, the request can be rejected, forwarded to other applications, assigned to aperson in charge or commented.</li>
</ul>
</li>
<li>When the requested interface is modelled and published on the other side, the own using connection is changed to a "regular" connection automatically, further action is not necessary.</li>
</ul>
');
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
mutation updateConnectionOwner(
$id: Int!
$appId: Int
) {
update_modelling_connection_by_pk(
pk_columns: { id: $id }
_set: {
app_id: $appId
}) {
UpdatedId: id
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
mutation updateConnectionPublish(
$id: Int!
$isPublished: Boolean
$isRequested: Boolean
) {
update_modelling_connection_by_pk(
pk_columns: { id: $id }
_set: {
is_requested: $isRequested
is_published: $isPublished
}) {
UpdatedId: id
}
}
17 changes: 8 additions & 9 deletions roles/lib/files/FWO.Api.Client/Data/StateMatrix.cs
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using FWO.Api.Client.Queries;
using FWO.GlobalConstants;
using FWO.Api.Data;
using System.Text.Json.Serialization;
using Newtonsoft.Json;
Expand All @@ -20,10 +19,10 @@ public enum WorkflowPhases
public class StateMatrix
{
[JsonProperty("matrix"), JsonPropertyName("matrix")]
public Dictionary<int, List<int>> Matrix { get; set; } = new ();
public Dictionary<int, List<int>> Matrix { get; set; } = [];

[JsonProperty("derived_states"), JsonPropertyName("derived_states")]
public Dictionary<int, int> DerivedStates { get; set; } = new ();
public Dictionary<int, int> DerivedStates { get; set; } = [];

[JsonProperty("lowest_input_state"), JsonPropertyName("lowest_input_state")]
public int LowestInputState { get; set; }
Expand All @@ -37,7 +36,7 @@ public class StateMatrix
[JsonProperty("active"), JsonPropertyName("active")]
public bool Active { get; set; }

public Dictionary<WorkflowPhases, bool> PhaseActive = new Dictionary<WorkflowPhases, bool>();
public Dictionary<WorkflowPhases, bool> PhaseActive = [];
public bool IsLastActivePhase = true;
public int MinImplTasksNeeded;

Expand Down Expand Up @@ -77,7 +76,7 @@ public bool getNextActivePhase(ref WorkflowPhases phase)

public List<int> getAllowedTransitions(int stateIn)
{
return Matrix.ContainsKey(stateIn) ? Matrix[stateIn] : new ();
return Matrix.ContainsKey(stateIn) ? Matrix[stateIn] : [];
}

public int getDerivedStateFromSubStates(List<int> statesIn)
Expand All @@ -86,7 +85,7 @@ public int getDerivedStateFromSubStates(List<int> statesIn)
{
return 0;
}
int stateOut = 0;
int stateOut;
int backAssignedState = LowestInputState;
int initState = 0;
int inWorkState = LowestEndState;
Expand Down Expand Up @@ -160,7 +159,7 @@ public int getDerivedStateFromSubStates(List<int> statesIn)
public class GlobalStateMatrix
{
[JsonProperty("config_value"), JsonPropertyName("config_value")]
public Dictionary<WorkflowPhases, StateMatrix> GlobalMatrix { get; set; } = new ();
public Dictionary<WorkflowPhases, StateMatrix> GlobalMatrix { get; set; } = [];


public async Task Init(ApiConnection apiConnection, TaskType taskType = TaskType.master, bool reset = false)
Expand Down Expand Up @@ -198,11 +197,11 @@ public class GlobalStateMatrixHelper

public class StateMatrixDict
{
public Dictionary<string, StateMatrix> Matrices { get; set; } = new Dictionary<string, StateMatrix>();
public Dictionary<string, StateMatrix> Matrices { get; set; } = [];

public async Task Init(WorkflowPhases phase, ApiConnection apiConnection)
{
Matrices = new Dictionary<string, StateMatrix>();
Matrices = [];
foreach(TaskType taskType in Enum.GetValues(typeof(TaskType)))
{
Matrices.Add(taskType.ToString(), new StateMatrix());
Expand Down
6 changes: 3 additions & 3 deletions roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@

<ItemGroup>
<PackageReference Include="IPAddressRange" Version="6.0.0" />
<PackageReference Include="GraphQL.Client" Version="6.0.3" />
<PackageReference Include="GraphQL.Client.Serializer.Newtonsoft" Version="6.0.3" />
<PackageReference Include="GraphQL.Client.Serializer.SystemTextJson" Version="6.0.3" />
<PackageReference Include="GraphQL.Client" Version="6.0.5" />
<PackageReference Include="GraphQL.Client.Serializer.Newtonsoft" Version="6.0.5" />
<PackageReference Include="GraphQL.Client.Serializer.SystemTextJson" Version="6.0.5" />
<PackageReference Include="Microsoft.AspNetCore.Components" Version="8.0.4" />
</ItemGroup>

Expand Down
4 changes: 4 additions & 0 deletions roles/lib/files/FWO.Api.Client/Queries/ModellingQueries.cs
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ public class ModellingQueries : Queries
public static readonly string getCommonServices;
public static readonly string newConnection;
public static readonly string updateConnection;
public static readonly string updateConnectionOwner;
public static readonly string updateConnectionPublish;
public static readonly string deleteConnection;
public static readonly string addAppServerToConnection;
public static readonly string removeAppServerFromConnection;
Expand Down Expand Up @@ -122,6 +124,8 @@ static ModellingQueries()
getCommonServices = connectionDetailsFragment + File.ReadAllText(QueryPath + "modelling/getCommonServices.graphql");
newConnection = File.ReadAllText(QueryPath + "modelling/newConnection.graphql");
updateConnection = File.ReadAllText(QueryPath + "modelling/updateConnection.graphql");
updateConnectionOwner = File.ReadAllText(QueryPath + "modelling/updateConnectionOwner.graphql");
updateConnectionPublish = File.ReadAllText(QueryPath + "modelling/updateConnectionPublish.graphql");
deleteConnection = File.ReadAllText(QueryPath + "modelling/deleteConnection.graphql");
addAppServerToConnection = File.ReadAllText(QueryPath + "modelling/addAppServerToConnection.graphql");
removeAppServerFromConnection = File.ReadAllText(QueryPath + "modelling/removeAppServerFromConnection.graphql");
Expand Down
2 changes: 1 addition & 1 deletion roles/lib/files/FWO.Report/FWO.Report.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Haukcode.WkHtmlToPdfDotNet" Version="1.5.88" />
<PackageReference Include="Haukcode.WkHtmlToPdfDotNet" Version="1.5.90" />
</ItemGroup>

<ItemGroup>
Expand Down
Loading

0 comments on commit 09b9c42

Please sign in to comment.