Add basic chat-ops UI

boto.txt

@@ -0,0 +1,2 @@
+boto3==1.9.28
+requests==2.18.4

chat-ops-ui/.gitignore

@@ -33,6 +33,7 @@ npm-debug.log
 yarn-error.log
 testem.log
 /typings
+.htpasswd
 
 # System Files
 .DS_Store

chat-ops-ui/Dockerfile

@@ -0,0 +1,8 @@
+FROM nginx:latest
+
+RUN mkdir /etc/nginx/ssl
+ADD /chat-ops.key /etc/nginx/ssl/chat-ops.key
+ADD /chat-ops.crt /etc/nginx/ssl/chat-ops.crt
+ADD /chat-ops.nginx.conf /etc/nginx/conf.d/default.conf
+ADD /.htpasswd /etc/nginx/.htpasswd
+ADD /dist/chat-ops-ui /usr/share/nginx/html

chat-ops-ui/build.sh

@@ -0,0 +1,4 @@
+#! /bin/bash
+
+ng build --prod
+docker build -t ${1} .

chat-ops-ui/chat-ops.nginx.conf

@@ -0,0 +1,51 @@
+server {
+    listen       443 ssl;
+    server_name  chat-ops-ato.dispatchframework.io;
+
+    ssl_certificate /etc/nginx/ssl/chat-ops.crt;
+    ssl_certificate_key /etc/nginx/ssl/chat-ops.key;
+
+
+    #charset koi8-r;
+    #access_log  /var/log/nginx/log/host.access.log  main;
+
+    location / {
+        auth_basic "Restricted Content";
+        auth_basic_user_file /etc/nginx/.htpasswd;
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+        try_files $uri $uri/ /index.html;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}

chat-ops-ui/src/app/vm/vm.component.ts

@@ -1,13 +1,7 @@
-import { Component, OnInit } from '@angular/core';
+import { OnInit } from '@angular/core';
 import { VMService } from "./vm.service";
 import { VM } from "./vm";
 
-
-@Component({
-  selector: 'app-aws',
-  templateUrl: './../vm/vm.component.html',
-  styleUrls: ['./../vm/vm.component.css']
-})
 export abstract class VMComponent implements OnInit {
 
   vmService !: VMService;

chat-ops-ui/src/app/vm/vm.service.ts

@@ -2,12 +2,11 @@ import { Injectable } from '@angular/core';
 import { Http, Response, RequestOptions, Headers }  from '@angular/http';
 import { Observable }                               from 'rxjs/Observable';
 import { environment }                              from '../../environments/environment';
-import { interval } from 'rxjs';
+import { interval, throwError } from 'rxjs';
 
 import 'rxjs/add/operator/map';
 import 'rxjs/add/operator/catch';
 import 'rxjs/add/operator/switchMap';
-import 'rxjs/add/observable/throw';
 
 import { VM } from '../vm/vm';
 
@@ -50,14 +49,14 @@ export abstract class VMService {
       .catch(this.handleError);
   }
 
-  private extractVMs(cloud: string, res: Response) {
+  extractVMs(cloud: string, res: Response) {
     let data = res.json();
     if (data) {
       data.forEach(element => {
         element.cloud = cloud
         element.name = element.name
         element.id = element.id
-        element.state = element.state
+        element.state = element.status
       });
       console.log(data);
       return data;
@@ -76,6 +75,6 @@ export abstract class VMService {
       errMsg = error.message ? error.message : error.toString();
     }
     console.error(errMsg);
-    return Observable.throw(errMsg);
+    return throwError(errMsg);
   }
 }

chat-ops-ui/src/app/vmware/vmware.service.ts

@@ -6,5 +6,5 @@ import { VMService } from '../vm/vm.service';
   providedIn: 'root'
 })
 export class VMwareService extends VMService {
-  cloud = "vmware";
+  cloud = "vsphere";
 }

chat-ops-ui/src/environments/environment.prod.ts

@@ -1,5 +1,4 @@
 export const environment = {
   production: true,
-  apiURL: "http://localhost:8081/dispatch-server/",
-  apiPathAWS: "aws"
+  apiURL: "https://ato-api.dispatchframework.io/"
 };

chat-ops-ui/src/environments/environment.ts

@@ -4,8 +4,7 @@
 
 export const environment = {
   production: false,
-  apiURL: "http://localhost:8081/dispatch-server/",
-  apiPathAWS: "aws"
+  apiURL: "https://ato-api.dispatchframework.io/"
 };
 
 /*

chat-ops-ui/src/index.html

@@ -8,11 +8,11 @@
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <link rel="icon" type="image/x-icon" href="favicon.ico">
   <!--CLARITY ICONS STYLE-->
-  <link rel="stylesheet" href="path/to/node_modules/@clr/icons/clr-icons.min.css">
+  <link rel="stylesheet" href="../node_modules/@clr/icons/clr-icons.min.css">
   <!--CLARITY ICONS DEPENDENCY: CUSTOM ELEMENTS POLYFILL-->
-  <script src="path/to/node_modules/@webcomponents/custom-elements/custom-elements.min.js"></script>
+  <script src="../node_modules/@webcomponents/custom-elements/custom-elements.min.js"></script>
   <!--CLARITY ICONS API & ALL ICON SETS-->
-  <script src="path/to/node_modules/@clr/icons/clr-icons.min.js"></script>
+  <script src="../node_modules/@clr/icons/clr-icons.min.js"></script>
 </head>
 <body>
   <app-root></app-root>

functions/aws.py

@@ -115,14 +115,20 @@ def handle(ctx, payload):
     entry point for AWS commands
     """
 
-    access_key = ctx['secrets']['access_key']
-    secret_key = ctx['secrets']['secret_key']
     region = ctx['secrets']['region']
-
-    ec2_resource = boto3.resource("ec2", aws_access_key_id=access_key,
-                                  aws_secret_access_key=secret_key, region_name=region)
-    ec2_client = boto3.client("ec2", aws_access_key_id=access_key,
-                              aws_secret_access_key=secret_key, region_name=region)
+    access_key = ctx['secrets']['aws_access_key']
+    secret_key = ctx['secrets']['aws_secret_key']
+
+    ec2_resource = boto3.resource(
+        "ec2",
+        aws_access_key_id=access_key,
+        aws_secret_access_key=secret_key,
+        region_name=region)
+    ec2_client = boto3.client(
+        "ec2",
+        aws_access_key_id=access_key,
+        aws_secret_access_key=secret_key,
+        region_name=region)
 
     if 'command' not in payload:
         return _error('command is required')

hardenvm.ps1

@@ -0,0 +1,123 @@
+Import-Module PowerCLI.ViCore
+
+function Apply-Hardening {
+    <#	
+        .NOTES
+        ===========================================================================
+        Created by: Markus Kraus
+        Twitter: @VMarkus_K
+        Private Blog: mycloudrevolution.com
+        ===========================================================================
+        Changelog:  
+        2016.11 ver 2.0 Base Release 
+        ===========================================================================
+        External Code Sources:  
+
+        ===========================================================================
+        Tested Against Environment:
+        vSphere Version: 5.5 U2
+        PowerCLI Version: PowerCLI 6.3 R1, PowerCLI 6.5 R1
+        PowerShell Version: 4.0, 5.0
+        OS Version: Windows 8.1, Server 2012 R2
+        Keyword: VM, Hardening, Security
+        ===========================================================================
+        .DESCRIPTION
+        Applys a set of Hardening options to your VMs
+        .Example
+        Get-VM TST* | Apply-Hardening 
+        .Example
+        $SampleVMs = Get-VM "TST*"
+        Apply-Hardening -VMs $SampleVMs
+        .PARAMETER VMs
+        Specify the VMs 
+    #Requires PS -Version 4.0
+    #Requires -Modules VMware.VimAutomation.Core, @{ModuleName="VMware.VimAutomation.Core";ModuleVersion="6.3.0.0"}
+    #>
+
+    [CmdletBinding()]
+    param( 
+        [Parameter(Mandatory=$true,
+        ValueFromPipeline=$True,
+                    Position=0)]
+        [VMware.VimAutomation.ViCore.Impl.V1.Inventory.InventoryItemImpl[]]
+        $VMs
+    )
+
+    Process { 
+    #region: Create Options
+        $ExtraOptions = @{
+            "isolation.tools.diskShrink.disable"="true";
+            "isolation.tools.diskWiper.disable"="true";
+            "isolation.tools.copy.disable"="true";
+            "isolation.tools.paste.disable"="true";
+            "isolation.tools.dnd.disable"="true";
+            "isolation.tools.setGUIOptions.enable"="false"; 
+            "log.keepOld"="10";
+            "log.rotateSize"="100000"
+            "RemoteDisplay.maxConnections"="2";
+            "RemoteDisplay.vnc.enabled"="false";  
+
+        }
+        if ($DebugPreference -eq "Inquire") {
+            Write-Output "VM Hardening Options:"
+            $ExtraOptions | Format-Table -AutoSize
+        }
+
+        $VMConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
+
+        Foreach ($Option in $ExtraOptions.GetEnumerator()) {
+            $OptionValue = New-Object VMware.Vim.optionvalue
+            $OptionValue.Key = $Option.Key
+            $OptionValue.Value = $Option.Value
+            $VMConfigSpec.extraconfig += $OptionValue
+        }
+    #endregion
+
+    #region: Apply Options
+        ForEach ($VM in $VMs){
+                $VMv = Get-VM $VM | Get-View
+            $state = $VMv.Summary.Runtime.PowerState
+            Write-Output "...Starting Reconfiguring VM: $VM "
+            $TaskConf = ($VMv).ReconfigVM_Task($VMConfigSpec)
+                if ($state -eq "poweredOn") {
+                    Write-Output "...Migrating VM: $VM "
+                    $TaskMig = $VMv.MigrateVM_Task($null, $_.Runtime.Host, 'highPriority', $null)
+                    }
+            }
+        }
+    #endregion
+    }
+
+    function handle($context, $payload) {
+    [void](Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$false)
+
+    $username = $context.secrets.username
+    $password = $context.secrets.password
+    $hostname = $context.secrets.host
+    $statusurl = $context.secrets.statusUrl
+    $vmName = $payload.metadata.vm_name
+
+    # Connect to vSphere
+    Write-Host "Checking VC Connection is active"
+    if (-not $global:defaultviservers) {
+        Write-Host "Connecting to $hostname"
+        $server = connect-viserver -server $hostname -User $username -Password $password
+    } else {
+        Write-Host "Already connected to $hostname"
+    }
+
+    Write-Host "Get Virtual Machine By name"
+    $vm = Get-VM -Name $vmName
+
+    Write-Host "Security Harden our VM"
+    $vm | Apply-Hardening 
+
+    Write-Host "Sending Slack Message"
+    SendToSlack $statusurl "$vmName has been security hardened!"
+}
+
+function SendToSlack ([uri]$URL , $message){
+    $body = '{ "text": "'+ $message+ '" }'
+    $body
+    Invoke-WebRequest -Uri $URL -Headers $headers -Method "POST" -ContentType "application/json" -Body $body
+}

ui-apis.yaml

@@ -0,0 +1,67 @@
+kind: API
+name: get-aws
+enabled: true
+function: aws
+cors: true
+methods:
+  - GET
+protocols:
+  - https
+hosts:
+  - ato-api.dispatchframework.io
+uris:
+  - /aws
+tags:
+  - key: role
+    value : ato
+---
+kind: API
+name: get-gcp
+enabled: true
+function: gcp
+cors: true
+methods:
+  - GET
+protocols:
+  - https
+hosts:
+  - ato-api.dispatchframework.io
+uris:
+  - /gcp
+tags:
+  - key: role
+    value : ato
+---
+kind: API
+name: get-azure
+enabled: true
+function: azure
+cors: true
+methods:
+  - GET
+protocols:
+  - https
+hosts:
+  - ato-api.dispatchframework.io
+uris:
+  - /azure
+tags:
+  - key: role
+    value : ato
+---
+kind: API
+name: get-vsphere
+enabled: true
+function: vsphere
+cors: true
+methods:
+  - GET
+protocols:
+  - https
+hosts:
+  - ato-api.dispatchframework.io
+uris:
+  - /vsphere
+tags:
+  - key: role
+    value : ato