• State Not Answered
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 891 views
  • Users 0 members are here
Options
Related

SPS - Configuration synchronization plugin

leo graells

Hello !

I would like to use the Configuration synchronization plugin, on my SPS cluster :

- One SPS Central Management & Search master

- Two SPS with both roles : Managed host & Search minion

I need to not synch the targets IP of all my protocols connexions (SSH, RDP...) because I need both SPS Managed host with differents connexions IP to use them in "active / active cluster" so they both can host sessions

I've already read the doc :

https://support.oneidentity.com/fr-fr/technical-documents/one-identity-safeguard-for-privileged-sessions/6.13.1/administration-guide/42#TOPIC-1789721

the main.py file on the plugin is :

import json


def iterate(tree):
    for key in tree["@order"]:
        yield tree[key]

def iterate_items(tree):
    for key in tree["@order"]:
        yield key, tree[key]

def get_name_id_map(config, policies_path):
    name_id_map = {}
    for policy_id, policy in iterate_items(config['policies'][policies_path]):
        name_id_map[policy['name']] = policy_id
    return name_id_map

def replace_policies(config, node_specific_replacements, policies_path, policy_path):
    name_id_map = get_name_id_map(config, policies_path)
    policy_name_replacement = node_specific_replacements[policies_path]
    policy_id_replacement = {name_id_map[key]: name_id_map[value] for key, value in policy_name_replacement.items()}

    for protocol in ['ssh', 'rdp', 'vnc', 'telnet', 'ica', 'http']:
        for connection in iterate(config[protocol]['connections']):
            if connection['policies'][policy_path] in policy_id_replacement:
                connection['policies'][policy_path] = policy_id_replacement[connection['policies'][policy_path]]

def merge(local_config, merged_config, *, node_id, plugin_config, **kwargs):
    node_specific_replacements = json.loads(plugin_config)[node_id]
    replace_policies(merged_config, node_specific_replacements, 'backup_policies', 'backup_policy')
    replace_policies(merged_config, node_specific_replacements, 'archive_cleanup_policies', 'archive_cleanup_policy')

    return merged_config

I don't understand how to modify it to keep my targets IP unsynch to manage them from the managed hosts only..

It's specify to add this on the main.py file :

$ cat main.py
def merge(local_config: dict, merged_config: dict, node_id: str, plugin_config: str, **kwargs):
    merged_config['rdp']['connections'][<id-of-the-connection-policy>]['network']['targets'][0] = "10.30.255.8/24"
    return merged_config

But this in not clear if I need to do this on the file for example ?? :

import json


def iterate(tree):
    for key in tree["@order"]:
        yield tree[key]

def iterate_items(tree):
    for key in tree["@order"]:
        yield key, tree[key]

def get_name_id_map(config, policies_path):
    name_id_map = {}
    for policy_id, policy in iterate_items(config['policies'][policies_path]):
        name_id_map[policy['name']] = policy_id
    return name_id_map

def replace_policies(config, node_specific_replacements, policies_path, policy_path):
    name_id_map = get_name_id_map(config, policies_path)
    policy_name_replacement = node_specific_replacements[policies_path]
    policy_id_replacement = {name_id_map[key]: name_id_map[value] for key, value in policy_name_replacement.items()}

    for protocol in ['ssh', 'rdp', 'vnc', 'telnet', 'ica', 'http']:
        for connection in iterate(config[protocol]['connections']):
            if connection['policies'][policy_path] in policy_id_replacement:
                connection['policies'][policy_path] = policy_id_replacement[connection['policies'][policy_path]]

def merge(local_config, merged_config, *, node_id, plugin_config, **kwargs):
    node_specific_replacements = json.loads(plugin_config)[node_id]
    replace_policies(merged_config, node_specific_replacements, 'backup_policies', 'backup_policy')
    replace_policies(merged_config, node_specific_replacements, 'archive_cleanup_policies', 'archive_cleanup_policy')

    return merged_config

def merge(local_config: dict, merged_config: dict, node_id: str, plugin_config: str, **kwargs):
    node_specific_replacements = json.loads(plugin_config)[node_id]
    replace_policies(merged_config, node_specific_replacements, 'backup_policies', 'backup_policy')
    replace_policies(merged_config, node_specific_replacements, 'archive_cleanup_policies', 'archive_cleanup_policy')
    merged_config['rdp']['connections'][<id-of-the-connection-policy>]['network']['targets'][0] = "10.30.255.8/24"
    
	return merged_config

Then, how can we specify the node ID if we need to unsynch two rules ? one on the first managed host, one on the second ?

Do someone use this plugin to do something like I would like to ?

Thank for your help