Feature/272 manual step api implementation #275
Conversation
Sigrid maintainability feedback✅ You wrote maintainable code and achieved your objective of 3.8 stars Show detailsSigrid compared your code against the baseline of 2025-01-16. 👍 What went well?
👎 What could be better?
📚 Remaining technical debt
View this system in Sigrid** to explore your technical debt ⭐️ Sigrid ratings
💬 Did you find this feedback helpful?We would like to know your thoughts to make Sigrid better. |
|
Documentation needs to be adapted to these changes |
MaartendeKruijf
force-pushed
the
feature/272-manual-step-api-implementation
branch
2 times, most recently
from
b077d25 to
bc0953a
Compare
MaartendeKruijf
force-pushed
the
feature/272-manual-step-api-implementation
branch
from
a2429cf to
b84ef03
Compare
|
Thanks @MaartendeKruijf for rebasing in the middle of my edits on the draft pull request |
|
I think we need to fix a couple things trough the way that out args would be passed down to the manual command capability |
|
Next on todo is connect manual capability / interaction objects to initialisation controller, and test the APIs |
| @@ -153,8 +154,8 @@ None | |||
| 404/Not found with payload: | |||
| General error | |||
|
|
|||
| #### POST `/manual/continue` | |||
| Respond to manual command pending in SOARCA, if out_args are defined they must be filled in and returned in the payload body. Only value is required in the response of the variable. You can however return the entire object. Of the object does not match the original out_arg the call we be considered as failed. | |||
| #### PATCH `/manual/<execution-id>/<step-id>` | |||
There was a problem hiding this comment.
Why is this changed to PATCH and has a different route
| @@ -45,7 +46,7 @@ None | |||
| |step_id |UUID |string |The id of the step executed by the execution | |||
| |description |description of the step|string |The description from the workflow step | |||
| |command |command |string |The command for the agent either command | |||
| |command_is_base64 |true \| false |bool |Indicate the command is in base 64 | |||
There was a problem hiding this comment.
Revert this to the bool
| @@ -45,7 +46,7 @@ None | |||
| |step_id |UUID |string |The id of the step executed by the execution | |||
| |description |description of the step|string |The description from the workflow step | |||
| |command |command |string |The command for the agent either command | |||
| |command_is_base64 |true \| false |bool |Indicate the command is in base 64 | |||
There was a problem hiding this comment.
Revert this to the bool
| |response_status |enum |string |Can be either `success` or `failed` | ||
| |response_out_args |cacao variables |dictionary |Map of [cacao variables](https://docs.oasis-open.org/cacao/security-playbooks/v2.0/cs01/security-playbooks-v2.0-cs01.html#_Toc152256555) handled in the step out args with current values and definitions | ||
|
|
||
| |response_status |true / false |string |`true` indicates successfull fulfilment of the manual request. `false` indicates failed satisfaction of request |
| control "ThirdPartyManualIntegration" as 3ptool | ||
|
|
||
|
|
||
| manual -> interaction : Queue(command, capabilityChannel) |
There was a problem hiding this comment.
maybe move the native implementation sequence to be the first
|
|
||
| metadata, err := manualController.makeExecutionMetadataFromPayload(result) | ||
| if err != nil { | ||
| return http.StatusBadRequest, err |
There was a problem hiding this comment.
remove the http details from here check for it in the api
There was a problem hiding this comment.
I added some custom errors in the manual model, and now checking for those types on the API side. Let me know what you think about it this way.
| // then warn if any value outside "value" has changed | ||
| if pending, ok := pendingEntry.CommandData.OutVariables[varName]; ok { | ||
| if variable.Constant != pending.Constant { | ||
| log.Warningf("provided out arg %s is attempting to change 'Constant' property", varName) |
There was a problem hiding this comment.
also include into the message the attempted action is not effectuated
| // Check register for pending manual command | ||
| metadata, err := manualController.makeExecutionMetadataFromPayload(result.Payload) | ||
| if err != nil { | ||
| log.Error(err) | ||
| manualComms.Channel <- manual.InteractionResponse{ | ||
| ResponseError: err, | ||
| Payload: cacao.Variables{}, | ||
| } | ||
| return | ||
| } | ||
| // Remove interaction from pending ones | ||
| err = manualController.removeInteractionFromPending(metadata) | ||
| if err != nil { | ||
| // If it was not there, was already resolved | ||
| log.Warning(err) | ||
| // Captured if channel not yet closed | ||
| log.Warning("manual command not found among pending ones. should be already resolved") | ||
| manualComms.Channel <- manual.InteractionResponse{ | ||
| ResponseError: err, | ||
| Payload: cacao.Variables{}, | ||
| } | ||
| return | ||
| } | ||
|
|
||
| // Copy result and conversion back to interactionResponse format | ||
| returnedVars := manualController.copyOutArgsToVars(result.Payload.ResponseOutArgs) | ||
|
|
||
| interactionResponse := manual.InteractionResponse{ | ||
| ResponseError: result.ResponseError, | ||
| Payload: returnedVars, | ||
| } | ||
|
|
||
| manualComms.Channel <- interactionResponse | ||
| return |
There was a problem hiding this comment.
Move to separate function
| for { | ||
| select { | ||
| case <-manualComms.TimeoutContext.Done(): | ||
| log.Info("context canceled due to response or timeout. exiting goroutine") |
There was a problem hiding this comment.
call removeInteractionFromPending
pkg/models/manual/manual.go
Outdated
| // ################################################################################ | ||
| // Data structures for native SOARCA manual command handling | ||
| // ################################################################################ | ||
|
|
||
| // Object stored in interaction storage and provided back from the API |
There was a problem hiding this comment.
Move the api models to the api folder
| 3ptool --> interaction : integrationChannel <- InteractionIntegrationResponse | ||
| interaction --> manual : capabilityChannel <- InteractionResponse |
There was a problem hiding this comment.
Merge intergration and interaction channel into one
lucamrgs
force-pushed
the
feature/272-manual-step-api-implementation
branch
from
d7fafe1 to
5a4f8af
Compare
No description provided.