Merge branch 'develop' into Tanium_Threat_Response_Connector

opencybersecurityalliance · Dec 7, 2023 · 5c2b563 · 5c2b563
2 parents 09b9e8e + a1bb4b0
commit 5c2b563
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 20 deletions.
diff --git a/deployment/ibm_cloud_pak_for_security/README.md b/deployment/ibm_cloud_pak_for_security/README.md
@@ -1,20 +1,20 @@
 # Build and deploy connector images into IBM Cloud Pak for Security (CP4S)
 
-The scripts contained here allow you to build an image of a new or existing connector, and deploy that image into your Kubernetes cluster on your CP4S environment. The are also options for deploying an existing image from a Docker registry and for building an image locally so that you may publish it to a registry of your choice. 
+The scripts contained here allow you to build an image of a new or existing connector, and deploy that image into your Kubernetes cluster on your CP4S environment. The are also options for deploying an existing image from a Public registry such as docker hub and for building an image locally so that you may publish it to a registry of your choice. 
 
 The `deploy` script automatically: 
 
 1. Installs the required Python libraries.
 2. [Packages the desired stix-shifter module](https://github.com/opencybersecurityalliance/stix-shifter/blob/master/adapter-guide/develop-stix-adapter.md#Packaging-individual-connectors) into a wheel file.
-3. Builds a Docker image from that wheel file.
+3. Builds a container image from that wheel file.
 4. Signs the image if a certificate is present.
 5. Deploys the image into your cluster.
 
 ## Prerequisites
 
 The following needs to be installed on your local machine: 
 * Python 3
-* Docker
+* Podman (Other Container manangement tool can be used such as Docker)
 * OpenShift CLI (`oc`)
 * Kubernetes CLI (`kubectl`)
 * OpenSSL (`openssl`)
@@ -34,6 +34,10 @@ Since the primary use-case for these scripts is to install a new or updated conn
 
     `cloudctl login -a <ICP CLUSTER URL> -u <USERNAME> -p <PASSWORD> -n <NAMESPACE>`
 
+    OR
+
+    `oc login -u <USER> --server=<SERVER URL>`
+
     Note: there is a known issue when logged in as `kubeadmin` user via oc command, `oc login -u kubeadmin`
 
 9. Run the deployment script based on one of the following scenarios:

diff --git a/deployment/ibm_cloud_pak_for_security/_build.sh b/deployment/ibm_cloud_pak_for_security/_build.sh
@@ -16,9 +16,9 @@ NAMESPACE="$2"
 validate_cmd openssl
 validate_cmd python3
 validate_cmd pip3
-validate_cmd docker
-echo -n "Checking if it is possible to execute docker command.."
-docker ps > /dev/null
+validate_cmd podman
+echo -n "Checking if it is possible to execute podman command.."
+podman ps > /dev/null
 if [ $? -eq 0 ]; then
     echo "Ok"
 else
@@ -93,7 +93,7 @@ echo $REPOSITORY
 
 
 
-REPOSITORY_CERT_DIR=/etc/docker/certs.d/$REPOSITORY/
+REPOSITORY_CERT_DIR=/etc/containers/certs.d/$REPOSITORY/
 REPOSITORY_CERT_FILE=${REPOSITORY_CERT_DIR}/ca.crt
 REPOSITORY_CERT_TMP=ca.crt.tmp
 
@@ -127,15 +127,15 @@ if [ ! -f "$REPOSITORY_CERT_FILE" ]; then
   sudo cp $REPOSITORY_CERT_TMP $REPOSITORY_CERT_FILE
   rm -rf $REPOSITORY_CERT_TMP | true
   if [[ "$OSTYPE" == "darwin"* ]]; then
-    echo -n "Adding certificate to docker VM... "
+    echo -n "Adding certificate to podman VM... "
     sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $REPOSITORY_CERT_FILE
     echo 'Ok'
-    echo -n "Restarting docker... "
-    killall Docker && open /Applications/Docker.app
+    echo -n "Restarting podman... "
+    killall Podman\ Desktop && open /Applications/Podman\ Desktop.app
     sleep 60
     echo 'Ok'
-    echo -n "Checking docker.."
-    docker ps > /dev/null
+    echo -n "Checking podman.."
+    podman ps > /dev/null
     if [ $? -eq 0 ]; then
         echo "Ok"
     else
@@ -164,30 +164,35 @@ if [ -z "${IMAGE_URL}" ]; then
   fi
 fi
 
-DOCKER_USER=`oc whoami`
-echo "Logging in into internal registry $REPOSITORY as $DOCKER_USER ..."
-docker login -u $DOCKER_USER -p `oc whoami -t` $REPOSITORY
+REGISTRY_USER=`oc whoami`
+echo "Logging in into internal registry $REPOSITORY as $REGISTRY_USER ..."
+podman login -u $REGISTRY_USER -p `oc whoami -t` $REPOSITORY
 
 if [ ! -z "${IMAGE_URL}" ]; then
   echo "Pulling ${IMAGE_URL}"
-  docker pull ${IMAGE_URL}
+  podman pull ${IMAGE_URL}
   IMAGE_LOCAL_URL=${IMAGE_URL}
   IMAGE_PUSH_URL=${REPOSITORY}/${NAMESPACE}/${FILE_PREFIX}${PROJECT_NAME_WITHOUT_DASH}:${TAG}
   # exit 0
 else
   IMAGE_LOCAL_URL=${FILE_PREFIX}${PROJECT_NAME_WITHOUT_DASH}:${TAG}
   IMAGE_PUSH_URL=${REPOSITORY}/${NAMESPACE}/${IMAGE_LOCAL_URL}
   echo "Building image..."
-  docker build --no-cache -t ${IMAGE_LOCAL_URL} --build-arg APP=${FILENAME%.whl} --build-arg VERSION=${PROJECT_VERSION} . --platform linux/amd64
+  podman build --no-cache -t ${IMAGE_LOCAL_URL} --build-arg APP=${FILENAME%.whl} --build-arg VERSION=${PROJECT_VERSION} . --platform linux/amd64
 fi
 
+# Change the registry URL if you use a different image registry
 IMAGE_POD_URL=image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${FILE_PREFIX}${PROJECT_NAME_WITHOUT_DASH}:${TAG}
 
 echo "retagging image... ${IMAGE_LOCAL_URL} > ${IMAGE_PUSH_URL}"
-docker tag ${IMAGE_LOCAL_URL} ${IMAGE_PUSH_URL}
+podman tag ${IMAGE_LOCAL_URL} ${IMAGE_PUSH_URL}
 
 echo "Pushing image..."
-docker push ${IMAGE_PUSH_URL}
+
+# "tls: failed to verify certificate" exception may occur while pusing the image
+# To resolve, Use `--tls-verify=false` if you use internal trusted registry
+# Otherwise, make sure the TLS verification is done.
+podman push ${IMAGE_PUSH_URL} 
 
 CR_FILENAME=udi-${PROJECT_NAME}-NEW.yaml
 BACKUP_FOLDER=backup_${TIMESTAMP}

diff --git a/stix_shifter/requirements.txt b/stix_shifter/requirements.txt
@@ -6,7 +6,7 @@ asyncio==3.4.3
 asynctest==0.13.0
 attrs==23.1.0
 azure-identity==1.15.0
-colorlog==6.7.0
+colorlog==6.8.0
 flask==3.0.0
 flatten_json==0.1.14
 json-fix==0.5.2