Merge pull request #696 from akto-api-security/feature/kubernetes_ds

Add changes for Kubernetes Daemonset support in traffic sources
akto-api-security · May 8, 2023 · 1dff916 · 1dff916
2 parents e17db23 + ad00dc7
commit 1dff916
Show file tree

Hide file tree

Showing 11 changed files with 1,523 additions and 17 deletions.
diff --git a/apps/dashboard/pom.xml b/apps/dashboard/pom.xml
@@ -51,6 +51,21 @@
             <artifactId>aws-java-sdk-autoscaling</artifactId>
             <version>1.12.405</version>
         </dependency>
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-ec2</artifactId>
+            <version>1.12.405</version>
+        </dependency>
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-sts</artifactId>
+            <version>1.12.405</version>
+        </dependency>
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-iam</artifactId>
+            <version>1.12.405</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.struts</groupId>
             <artifactId>struts2-core</artifactId>

diff --git a/apps/dashboard/src/main/java/com/akto/action/quick_start/QuickStartAction.java b/apps/dashboard/src/main/java/com/akto/action/quick_start/QuickStartAction.java
@@ -3,6 +3,7 @@
 import java.io.BufferedReader;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.net.InetAddress;
 import java.util.*;
 import java.util.concurrent.*;
 
@@ -11,11 +12,11 @@
 import com.akto.utils.platform.DashboardStackDetails;
 import com.akto.utils.platform.MirroringStackDetails;
 import com.akto.utils.cloud.stack.dto.StackState;
-import com.amazonaws.services.cloudformation.model.Tag;
+import com.amazonaws.services.cloudformation.AmazonCloudFormation;
+import com.amazonaws.services.cloudformation.AmazonCloudFormationClientBuilder;
+import com.amazonaws.services.cloudformation.model.*;
 import org.apache.commons.lang3.StringUtils;
 import org.bson.conversions.Bson;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import com.akto.action.UserAction;
 import com.akto.dao.ApiTokensDao;
@@ -60,6 +61,28 @@ public class QuickStartAction extends UserAction {
 
     private String aktoDashboardStackName;
 
+    private DeploymentMethod deploymentMethod;
+
+    private String aktoNLBIp;
+    private String aktoMongoConn;
+
+    public enum DeploymentMethod {
+        AWS_TRAFFIC_MIRRORING,
+        KUBERNETES;
+
+        public DeploymentMethod getDeploymentMethod(String deploymentMethod) {
+            if (StringUtils.isEmpty(deploymentMethod)) {
+                return AWS_TRAFFIC_MIRRORING;
+            }
+            for (DeploymentMethod method : DeploymentMethod.values()) {
+                if (method.name().equalsIgnoreCase(deploymentMethod)) {
+                    return method;
+                }
+            }
+            return null;
+        }
+    }
+
 
     private static final LoggerMaker loggerMaker = new LoggerMaker(QuickStartAction.class);
 
@@ -87,6 +110,9 @@ public String fetchQuickStartPageState() {
     }
 
     public String fetchLoadBalancers() {
+        if(deploymentMethod != null && deploymentMethod.equals(DeploymentMethod.KUBERNETES)) {
+            return handleKubernetes();
+        }
         List<AwsResource> availableLBs = new ArrayList<>();
         List<AwsResource> selectedLBs = new ArrayList<>();
         ExecutorService executorService = Executors.newFixedThreadPool(3);
@@ -135,6 +161,52 @@ public String fetchLoadBalancers() {
         return Action.SUCCESS.toUpperCase();
     }
 
+    private String handleKubernetes(){
+        try {
+            DescribeStackResourcesRequest req = new DescribeStackResourcesRequest();
+            req.setStackName(MirroringStackDetails.getStackName());
+            req.setLogicalResourceId(MirroringStackDetails.AKTO_NLB);
+            AmazonCloudFormation cloudFormation = AmazonCloudFormationClientBuilder.standard()
+                    .build();
+            cloudFormation.describeStackResources(req);
+            this.dashboardHasNecessaryRole = true;
+        } catch (Exception e){ // TODO: Handle specific exception
+            if(e.getMessage().contains("not authorized")){
+                this.dashboardHasNecessaryRole = false;
+            } else{
+                this.dashboardHasNecessaryRole = true;
+            }
+        }
+        this.awsRegion = System.getenv(Constants.AWS_REGION);
+        this.awsAccountId = System.getenv(Constants.AWS_ACCOUNT_ID);
+        this.aktoMirroringStackName = MirroringStackDetails.getStackName();
+        this.aktoDashboardStackName = DashboardStackDetails.getStackName();
+        this.aktoDashboardRoleName = DashboardStackDetails.getAktoDashboardRole();
+
+        return Action.SUCCESS.toUpperCase();
+    }
+
+    public String createKubernetesStack(){
+        if (!AwsStack.getInstance().checkIfStackExists(MirroringStackDetails.getStackName())) {
+            try {
+                Map<String, String> parameters = new HashMap<>();
+                parameters.put("MongoIp", System.getenv("AKTO_MONGO_CONN"));
+                parameters.put("KeyPair", System.getenv("EC2_KEY_PAIR"));
+                parameters.put("SubnetId", System.getenv("EC2_SUBNET_ID"));
+                String template = convertStreamToString(AwsStack.class
+                        .getResourceAsStream("/cloud_formation_templates/kubernetes_mirroring.template"));
+                List<Tag> tags = Utils.fetchTags(DashboardStackDetails.getStackName());
+                String stackId = AwsStack.getInstance().createStack(MirroringStackDetails.getStackName(), parameters, template, tags);
+                loggerMaker.infoAndAddToDb(String.format("Stack %s creation started successfully", stackId), LogDb.DASHBOARD);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        } else {
+            throw new RuntimeException("Akto mirroring setup is complete!!");
+        }
+        return Action.SUCCESS.toUpperCase();
+    }
+
     private String filterLBName(String lbArn) {
         if(StringUtils.isEmpty(lbArn)){
             return "";
@@ -215,6 +287,12 @@ public String checkStackCreationProgress() {
                 loggerMaker.infoAndAddToDb("Nothing set in DB, moving on", LogDb.DASHBOARD);
             }
         }
+        if(DeploymentMethod.KUBERNETES.equals(this.deploymentMethod) && Stack.StackStatus.CREATE_COMPLETE.toString().equals(this.stackState.getStatus())){
+            loggerMaker.infoAndAddToDb("Stack creation complete, fetching outputs", LogDb.DASHBOARD);
+            Map<String, String> outputsMap = Utils.fetchOutputs(MirroringStackDetails.getStackName());
+            this.aktoNLBIp = outputsMap.get("AktoNLB");
+            this.aktoMongoConn = System.getenv("AKTO_MONGO_CONN");
+        }
         return Action.SUCCESS.toUpperCase();
     }
 
@@ -342,4 +420,28 @@ private static String convertStreamToString(InputStream in) throws Exception {
         in.close();
         return stringbuilder.toString();
     }
+
+    public DeploymentMethod getDeploymentMethod() {
+        return deploymentMethod;
+    }
+
+    public void setDeploymentMethod(DeploymentMethod deploymentMethod) {
+        this.deploymentMethod = deploymentMethod;
+    }
+
+    public String getAktoNLBIp() {
+        return aktoNLBIp;
+    }
+
+    public void setAktoNLBIp(String aktoNLBIp) {
+        this.aktoNLBIp = aktoNLBIp;
+    }
+
+    public String getAktoMongoConn() {
+        return aktoMongoConn;
+    }
+
+    public void setAktoMongoConn(String aktoMongoConn) {
+        this.aktoMongoConn = aktoMongoConn;
+    }
 }
diff --git a/apps/dashboard/src/main/java/com/akto/utils/cloud/Utils.java b/apps/dashboard/src/main/java/com/akto/utils/cloud/Utils.java
@@ -2,13 +2,13 @@
 
 import com.amazonaws.services.cloudformation.AmazonCloudFormation;
 import com.amazonaws.services.cloudformation.AmazonCloudFormationClientBuilder;
-import com.amazonaws.services.cloudformation.model.DescribeStacksRequest;
-import com.amazonaws.services.cloudformation.model.DescribeStacksResult;
-import com.amazonaws.services.cloudformation.model.Tag;
+import com.amazonaws.services.cloudformation.model.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
 
 public class Utils {
 
@@ -21,13 +21,23 @@ public static CloudType getCloudType() {
     }
 
     public static List<Tag> fetchTags(String stackName){
+        Stack stack = fetchStack(stackName);
+        return stack.getTags();
+    }
+
+    private static Stack fetchStack(String stackName) {
         DescribeStacksRequest describeStackRequest = new DescribeStacksRequest();
         describeStackRequest.setStackName(stackName);
         AmazonCloudFormation cloudFormation = AmazonCloudFormationClientBuilder.standard()
                 .build();
         DescribeStacksResult result = cloudFormation.describeStacks(describeStackRequest);
-        com.amazonaws.services.cloudformation.model.Stack stack = result.getStacks().get(0);
-        return stack.getTags();
+        Stack stack = result.getStacks().get(0);
+        return stack;
+    }
+
+    public static Map<String, String> fetchOutputs(String stackName){
+        Stack stack = fetchStack(stackName);
+        return stack.getOutputs().stream().collect(Collectors.toMap(Output::getOutputKey, Output::getOutputValue));
     }
 
 }