Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some cleanup + small fixes #2058

Merged
merged 6 commits into from
May 11, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 36 additions & 19 deletions roles/database/files/sql/idempotent/fworch-texts.sql
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,14 @@ INSERT INTO txt VALUES ('download_html', 'German', 'als HTML herunterladen');
INSERT INTO txt VALUES ('download_html', 'English', 'Download HTML');
INSERT INTO txt VALUES ('download_json', 'German', 'als JSON herunterladen');
INSERT INTO txt VALUES ('download_json', 'English', 'Download JSON');
INSERT INTO txt VALUES ('page_format', 'German', 'Seitenformat');
INSERT INTO txt VALUES ('page_format', 'English', 'Page Format');
INSERT INTO txt VALUES ('width', 'German', 'Breite (mm)');
INSERT INTO txt VALUES ('width', 'English', 'Width (mm)');
INSERT INTO txt VALUES ('height', 'German', 'Höhe (mm)');
INSERT INTO txt VALUES ('height', 'English', 'Height (mm)');
INSERT INTO txt VALUES ('includes_json', 'German', '(beinhaltet JSON)');
INSERT INTO txt VALUES ('includes_json', 'English', '(includes JSON)');
INSERT INTO txt VALUES ('save_as_template', 'German', 'Als Vorlage speichern');
INSERT INTO txt VALUES ('save_as_template', 'English', 'Save as Template');
INSERT INTO txt VALUES ('no_device_selected', 'German', 'Kein Device ausgewählt.');
Expand Down Expand Up @@ -1845,6 +1853,8 @@ INSERT INTO txt VALUES ('E5107', 'German', 'Gateway wurde bereits angelegt: ');
INSERT INTO txt VALUES ('E5107', 'English', 'Gateway has already been created: ');
INSERT INTO txt VALUES ('E5108', 'German', 'Email-Adresse muss "@"-Zeichen enthalten.');
INSERT INTO txt VALUES ('E5108', 'English', 'Email address must contain "@"-sign.');
INSERT INTO txt VALUES ('E5109', 'German', 'Bitte keine Leerzeichen im Namen verwenden.');
INSERT INTO txt VALUES ('E5109', 'English', 'Please do not use spaces in the name.');
INSERT INTO txt VALUES ('E5111', 'German', 'Es gibt bereits ein Gateway mit derselben Konfiguration und Import aktiviert');
INSERT INTO txt VALUES ('E5111', 'English', 'There is already a gateway in the same configuration with import enabled');
INSERT INTO txt VALUES ('E5112', 'German', 'Gateway konnte nicht angelegt werden');
Expand Down Expand Up @@ -2266,13 +2276,15 @@ INSERT INTO txt VALUES ('H1215', 'German', 'Aktuelle NAT Regeln: Aktuell aktive
INSERT INTO txt VALUES ('H1215', 'English', 'Current NAT Rules: Currently active NAT rules of all selected devices.');
INSERT INTO txt VALUES ('H1301', 'German', 'Direkt nach der Erzeugung oder vom <a href="/help/archive">Archiv</a> aus k&ouml;nnen Reports in verschiedenen Ausgabeformaten exportiert werden:');
INSERT INTO txt VALUES ('H1301', 'English', 'Directly after creation or from the <a href="/help/archive">archive</a> reports can be exported to different output formats:');
INSERT INTO txt VALUES ('H1302', 'German', '<li>pdf</li><li>html</li><li>csv (aktuell nur f&uuml;r aufgel&ouml;sten Regel-Report-Typ unterst&uuml;tzt)</li><li>json</li>');
INSERT INTO txt VALUES ('H1302', 'English', '<li>pdf</li><li>html</li><li>csv (currently only supported for resolved rules report type)</li><li>json</li>');
INSERT INTO txt VALUES ('H1302', 'German', '<li>pdf</li><li>html</li><li>csv (aktuell nur f&uuml;r die aufgel&ouml;sten und technischen Report-Typen unterst&uuml;tzt)</li><li>json</li>');
INSERT INTO txt VALUES ('H1302', 'English', '<li>pdf</li><li>html</li><li>csv (currently only supported for resolved and technical report types)</li><li>json</li>');
INSERT INTO txt VALUES ('H1303', 'German', 'Nach bet&auml;tigen des "Report exportieren"-Auswahlfeldes kann eines oder mehrere dieser Formate ausgew&auml;hlt werden.
Bei Aktivierung der pdf-Ausgabe wird desweiteren das Seitenformat zur Auswahl angeboten.<br>
Auch kann der Report mit einem Namen versehen und <a href="/help/archive">archiviert</a> werden.
Ein weiteres Ausgabefenster erlaubt dann das separate Abholen der ausgew&auml;hlten Ausgabedateien.
');
INSERT INTO txt VALUES ('H1303', 'English', 'After clicking the "Export Report" button one or more of them can be selected.
When selecting the pdf export, the page format is offered for selection.<br>
Also the possibility to name and save the report in the <a href="/help/archive">archive</a> is given.
Another Popup allows then to download the selected output files separately.
');
Expand Down Expand Up @@ -2905,21 +2917,25 @@ INSERT INTO txt VALUES ('H5102', 'English', 'The following firewall products can
</ul>
');
INSERT INTO txt VALUES ('H5103', 'German', 'F&uuml;r Firewallgateways ohne separates Management oder im Falle, dass das zentrale Management nicht in den Firewall Orchestrator eingebunden werden kann,
werden die Details des Gateways als Management und gleichzeitig auch als Gateway eingetragen.
werden die Details des Gateways als Management und gleichzeitig auch als Gateway eingetragen.<br>
Im Falle Fortigate: Um einen vollst&auml;ndigen Datenimport zu gew&auml;hrleisten, bitte in der Fortigate config den Seitenumbruch deaktivieren, damit beim Kommando "show full-configuration" die komplette Config ausgegeben wird.
');
INSERT INTO txt VALUES ('H5103', 'English', 'For firewall gateways without a separate management or in case the central management cannot be integrated into Firewall Orchestrator
you may enter the details of the gateway here as a management system as well and then add it again as a gateway.
you may enter the details of the gateway here as a management system as well and then add it again as a gateway.<br>
In the case of Fortigate: To get the entire data imported, disable pagination in the Fortigate config to allow get command "show full-configuration" to retrieve the complete config.
');
INSERT INTO txt VALUES ('H5104', 'German', 'Wenn Beispieldaten (definiert durch die Endung "_demo" vom Namen) existieren, wird eine Schaltfl&auml;che angezeigt, um diese und alle verkn&uuml;pften <a href="/help/settings/gateways">Gateways</a> zu l&ouml;schen.');
INSERT INTO txt VALUES ('H5104', 'English', 'If there are sample data (defined by the ending "_demo" of the name), a button is displayed to delete them and all related <a href="/help/settings/gateways">gateways</a>.');
INSERT INTO txt VALUES ('H5111', 'German', 'Name*: Name des Managements. <br>
F&uuml;r die meisten Firewalls ist dies ein willk&uuml;rlicher Name. Ausnahmen sind direkt verbundene Gateways von Fortigate, Netscreen und Juniper.
Hier muss der Name des Firewallgateways eingetragen werden.<br>
Da es zu Problemen mit dem perl-Importer kommen kann, sollten Leerzeichen im Namen von Legacy-Systemen nicht verwendet werden.
Ein Management dessen Name mit "_demo" endet, wird beim Bet&auml;tigen der "Beispieldaten l&ouml;schen"-Schaltfl&auml;che gel&ouml;scht.
');
INSERT INTO txt VALUES ('H5111', 'English', 'Name*: Name of the mangement. <br>
For most firewalls this is an arbitrary name. Exceptions are Fortigate, Netscreen and Juniper directly connected gateways.
Here the name give needs to be the name of the firewall gateway.<br>
Do not use spaces in the management name of legacy systems as perl importer cannot cope with spaces here.
A management whose name ends with "_demo" will be deleted when using the "Remove Sample Data" button.
');
INSERT INTO txt VALUES ('H5112', 'German', 'Kommentar: Optionale Beschreibung des Managements.');
Expand All @@ -2928,11 +2944,11 @@ INSERT INTO txt VALUES ('H5113', 'German', 'Ger&auml;tetyp*: bitte das korrekte
INSERT INTO txt VALUES ('H5113', 'English', 'Device Type*: Select correct product from a list of available types, see above.');
INSERT INTO txt VALUES ('H5114', 'German', 'Hostname*: Adresse des Hosts (entweder IP-Addresse oder aufl&ouml;sbarer Name).
F&uuml;r Check Point R8x MDS Installationen die Addresse des MDS-Servers f&uuml;r alle Domains benutzen.<br>
F&uuml;r Fortinet, Barradua, Juniper muss die IP vom aufl&ouml;sbaren Namen des Firewallgateways spezifiziert werden.
F&uuml;r alle Firewall-Plattformen, die kein separates Management-System besitzen, muss die IP oder der aufl&ouml;sbare Name des Firewallgateways spezifiziert werden.
');
INSERT INTO txt VALUES ('H5114', 'English', 'Hostname*: Address of the host (either IP address or resolvable name).
For Check Point R8x MDS installations use the address of the MDS server for all domains.<br>
For Fortinet, Barradua, Juniper you need to specify the IP or resolvable name of the firewall gateway.
For all firewall platforms which do not possess a separate management, use the IP address or the resolvable name of the firewall gateway.
');
INSERT INTO txt VALUES ('H5115', 'German', 'Port*: Port-Nummer des Hosts.<br>
Wenn das Ziel Check Point R8x, FortiManager, Azure oder Cisco FirePower ist, wird die Verbindung via API aufgebaut. Die Standard-Port-Nummer ist 443. Denken Sie daran, den API-Zugang auf Ihrem Firewall Managment zu aktivieren.<br>
Expand All @@ -2943,12 +2959,11 @@ INSERT INTO txt VALUES ('H5115', 'English', 'Port*: Port number of the host.<br>
If the target any other platform Firewall Orchestrator needs ssh-based access. The default port number here is 22.
');
INSERT INTO txt VALUES ('H5116', 'German', 'Login-Daten*: Zugangsdaten f&uuml;r den Import-Nutzer des Managements.<br>
Hier kann ein Satz Zugangsdaten ausgew&auml;hlt werden, der zum Login auf dem Management dient.
Hier kann ein Satz <a href="/help/settings/credentials">Zugangsdaten</a> ausgew&auml;hlt werden, der zum Login auf dem Management dient.
');
INSERT INTO txt VALUES ('H5116', 'English', 'Import Credentials*: User/Password combination for logging into the management.<br>
Choose a set of credentials which will be used to get the management''s configuration.
Choose a set of <a href="/help/settings/credentials">credentials</a> which will be used to get the management''s configuration.
');

INSERT INTO txt VALUES ('H5119', 'German', 'Domain: Firewall Domain Name <br>
f&uuml;r Check Point R8x MDS / Fortimanager Installationen, andernfall leer lassen.
');
Expand All @@ -2968,9 +2983,9 @@ INSERT INTO txt VALUES ('H5122', 'English', 'Import Disabled: Flag if the data i
INSERT INTO txt VALUES ('H5123', 'German', 'Nicht sichtbar: Wenn gesetzt ist dieses Management nicht mit Standard-Reporter-Rolle sichtbar.');
INSERT INTO txt VALUES ('H5123', 'English', 'Hide in UI: If set, this management is not visible to the standard reporter role.');

INSERT INTO txt VALUES ('H5130', 'German', 'Hier werden die Zugangsdaten f&uuml; den Import der Firewall-Konfigurationen verwaltet.
INSERT INTO txt VALUES ('H5130', 'German', 'Hier werden die Zugangsdaten f&uuml;r den Import der Firewall-Konfigurationen verwaltet.
Diese k&ouml;nnen auch f&uuml;r den Zugriff auf mehrere Firewall-Managements verwendet werden.
Ein L&ouml;schen is erst m&ouml;glich, wenn die Zugangsdaten nirgends verwendet werden.
Ein L&ouml;schen ist erst m&ouml;glich, wenn die Zugangsdaten nirgends mehr verwendet werden.
');
INSERT INTO txt VALUES ('H5130', 'English', 'Manage credentials for importing firewall configuration data.
Credentials can be used for logging in to one or multiple firewall managements.
Expand All @@ -2988,18 +3003,20 @@ INSERT INTO txt VALUES ('H5132', 'English', 'Username*: The user used to login t
This user needs to be created on the firewall system in advance and needs full read access to the system.<br>
On Check Point R8x we recommend using the predefined "Read Only All" profile (both global and domain management) for the user.
');
INSERT INTO txt VALUES ('H5135', 'German', 'Schl&uuml;sselpaar*: Handelt es sich bei diesen Login-Daten um ein SSH Public-Key Paar oder um Standard ein Standard-Passwort.
');
INSERT INTO txt VALUES ('H5135', 'English', 'Key Pair*: Do these credentials consist of a private/public SSH key pair or do they contain a standard password.
');
INSERT INTO txt VALUES ('H5133', 'German', 'Privater Schl&uuml;ssel* / Passwort*: F&uuml;r den ssh-Zugang hier den privaten ssh-Schl&uuml;ssel hinterlegen (Schl&uuml;ssel muss unverschl&uuml;sselt und ohne Passphrase sein)<br>
F&uuml;r den API-Zugang ist dies das Passwort des API-Nutzers.
INSERT INTO txt VALUES ('H5133', 'German', 'Privater Schl&uuml;ssel* / Passwort*: F&uuml;r den ssh-Zugang hier den privaten ssh-Schl&uuml;ssel hinterlegen (Schl&uuml;ssel muss unverschl&uuml;sselt und ohne Passphrase sein).
Bitte f&uuml;r ssh-basierten legacy FortiGate Zugriff kein RSA benutzen, da es hier ein Problem mit RSA-Schl&uuml;sseln zu geben scheint.<br>
F&uuml;r den API-Zugang ist hier das Passwort des API-Nutzers einzutragen.
');
INSERT INTO txt VALUES ('H5133', 'English', 'Login Secret* / Password*: For ssh access enter the private ssh key (key needs to be unencrypted without passphrase)<br>
For API access this is the password of the API user.
INSERT INTO txt VALUES ('H5133', 'English', 'Login Secret* / Password*: For ssh access enter the private ssh key (key needs to be unencrypted without passphrase).
For legacy ssh based FortiGate, do not use RSA as there seems to be a problem with RSA keys.<br>
For API access insert the password of the API user here.
');
INSERT INTO txt VALUES ('H5134', 'German', '&Ouml;ffentlicher Schl&uuml;ssel: Dieses Feld muss nur f&uuml;r Netscreen-Firewalls gef&uuml;llt werden - dieses System ben&ouml;tigt auch den &ouml;ffentlichen Schl&uuml;ssel zum Anmelden.');
INSERT INTO txt VALUES ('H5134', 'English', 'Public Key: This field only needs to be filled for netscreen firewalls - this system also needs the public key for successful login.');
INSERT INTO txt VALUES ('H5135', 'German', 'Schl&uuml;sselpaar*: Handelt es sich bei diesen Login-Daten um ein SSH Public-Key Paar oder um ein Standard-Passwort.
');
INSERT INTO txt VALUES ('H5135', 'English', 'Key Pair*: Do these credentials consist of a private/public SSH key pair or do they contain a standard password.
');
INSERT INTO txt VALUES ('H5136', 'German', 'Cloud Client ID: Nur f&uuml;r Cloud Instanzen (Azure) ben&ouml;tigt - f&uuml;r alle anderen Plattformen kann dieses Feld leer gelassen werden.
');
INSERT INTO txt VALUES ('H5136', 'English', 'Cloud Client ID: If you have a cloud installation (e.g. Azure) - enter your Azure client ID here. For all other installations, leave this field empty.
Expand Down
18 changes: 4 additions & 14 deletions roles/lib/files/FWO.Report/Display/RuleDisplayHtml.cs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
using FWO.Api.Data;
using FWO.Config.Api;
using System.Text;
using FWO.Report;
using FWO.Report.Filter;

namespace FWO.Ui.Display
Expand Down Expand Up @@ -97,17 +98,6 @@ protected string constructLink(string type, string symbol, long id, string name,
return $"<span class=\"{symbol}\">&nbsp;</span><a @onclick:stopPropagation=\"true\" href=\"{link}{type}{id}\" target=\"_top\" style=\"{style}\">{name}</a>";
}

protected string getObjSymbol(string objType)
{
switch(objType)
{
case "group": return "oi oi-list-rich";
case "network": return "oi oi-rss";
case "ip_range": return "oi oi-resize-width";
default: return "oi oi-monitor";
}
}

protected string NetworkLocationToHtml(NetworkLocation userNetworkObject, int mgmtId, OutputLocation location, string style, ReportType reportType)
{
StringBuilder result = new StringBuilder();
Expand All @@ -120,7 +110,7 @@ protected string NetworkLocationToHtml(NetworkLocation userNetworkObject, int mg
}
else
{
result.Append(constructLink("user", "oi oi-people", userNetworkObject.User.Id, userNetworkObject.User.Name, location, mgmtId, style) + "@");
result.Append(constructLink("user", ReportBase.GetIconClass(ObjCategory.user, userNetworkObject.User.Type.Name), userNetworkObject.User.Id, userNetworkObject.User.Name, location, mgmtId, style) + "@");
}
}

Expand All @@ -132,7 +122,7 @@ protected string NetworkLocationToHtml(NetworkLocation userNetworkObject, int mg
}
else
{
result.Append(constructLink("nwobj", getObjSymbol(userNetworkObject.Object.Type.Name), userNetworkObject.Object.Id, userNetworkObject.Object.Name, location, mgmtId, style));
result.Append(constructLink("nwobj", ReportBase.GetIconClass(ObjCategory.nobj, userNetworkObject.Object.Type.Name), userNetworkObject.Object.Id, userNetworkObject.Object.Name, location, mgmtId, style));
}
if (userNetworkObject.Object.Type.Name != "group")
{
Expand All @@ -158,7 +148,7 @@ protected string ServiceToHtml(NetworkService service, int mgmtId, OutputLocatio
}
else
{
result.Append(constructLink("svc", service.Type.Name == "group" ? "oi oi-list-rich" : "oi oi-wrench", service.Id, service.Name, location, mgmtId, style));
result.Append(constructLink("svc", ReportBase.GetIconClass(ObjCategory.nsrv, service.Type.Name), service.Id, service.Name, location, mgmtId, style));
}
}
if (service.DestinationPort != null)
Expand Down
32 changes: 30 additions & 2 deletions roles/lib/files/FWO.Report/ReportBase.cs
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ public enum RsbTab
rule = 30
}

public enum RsbObjType
public enum ObjCategory
{
all = 0,
nobj = 1,
Expand Down Expand Up @@ -89,7 +89,7 @@ public ReportBase(DynGraphqlQuery query, UserConfig UserConfig, ReportType repor

public abstract Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConnection apiConnection, Func<Management[], Task> callback); // to be called when exporting

public abstract Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, RsbObjType objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback);
public abstract Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback);

public abstract string ExportToCsv();

Expand Down Expand Up @@ -223,5 +223,33 @@ public async Task<Management[]> getRelevantImportIds(ApiConnection apiConnection
ImpIdQueryVariables["mgmIds"] = Query.RelevantManagementIds;
return await apiConnection.SendQueryAsync<Management[]>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
}

public static string GetIconClass(ObjCategory objCategory, string objType)
{
switch (objType)
{
case "group" when objCategory == ObjCategory.user:
return "oi oi-people";
case "group":
return "oi oi-list-rich";
case "host":
return "oi oi-laptop";
case "network":
return "oi oi-rss";
case "ip_range":
return "oi oi-resize-width";
default:
switch (objCategory)
{
case ObjCategory.nobj:
return "oi oi-laptop";
case ObjCategory.nsrv:
return "oi oi-wrench";
case ObjCategory.user:
return "oi oi-person";
}
return "";
}
}
}
}
2 changes: 1 addition & 1 deletion roles/lib/files/FWO.Report/ReportChanges.cs
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ public override async Task<bool> GetObjectsInReport(int objectsPerFetch, ApiConn
return true;
}

public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, RsbObjType objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
public override Task<bool> GetObjectsForManagementInReport(Dictionary<string, object> objQueryVariables, ObjCategory objects, int maxFetchCycles, ApiConnection apiConnection, Func<Management[], Task> callback)
{
throw new NotImplementedException();
}
Expand Down
Loading