GetSGOwnerVPC() and GetVMUsingRS() - cloud-barista/cb-spider GitHub Wiki

  • ์‚ฌ์šฉ์ž(Tumblebug ๋“ฑ)๊ฐ€ ๊ธฐ์กด ์ž์› ๋“ฑ๋ก ์‹œ์— ์ž์›์˜ ๊ด€๊ณ„ ์ •๋ณด๊ฐ€ ํ•„์š”ํ•จ

    • ์˜ˆ์‹œ: ํŠน์ • SecurityGroup์„ ์†Œ์œ ํ•˜๋Š” VPC ID
    • ์˜ˆ์‹œ: ํŠน์ • VM์ด ์‚ฌ์šฉํ•˜๋Š” VPC ID, SG ID, Key ID ๋“ฑ

  • ๋ฐ˜ํ™˜ ์ •๋ณด

    • ์ด๋ฏธ Spider์— ๋“ฑ๋ก๋œ ์ž์›์ด๋ฉด, NameId, SystemId ํฌํ•จ
      • ์˜ˆ์‹œ:
        • {"NameId":"vpc-01","SystemId":"vpc-06d9ed96c230c138f"}
    • ๋“ฑ๋ก์ด ์•ˆ๋œ ์ž์›์ด๋ฉด, SystemId๋งŒ ํฌํ•จ
      • ์˜ˆ์‹œ:
        • {"NameId":"","SystemId":"vpc-836f39ea"}
    • ์—ฐ๊ด€ ์ž์›์„ ์ œ๊ณตํ•˜์ง€ ์•Š๋Š” CSP ๊ฒฝ์šฐ, ๊ฐ’์ด ๋นˆ IID ๋ฐ˜ํ™˜
      • ์˜ˆ์‹œ: Azure์™€ ๊ฐ™์ด SecurityGroup์ด VPC์— ์†Œ์œ ๋˜์ง€ ์•Š๋Š” ๊ฒฝ์šฐ, SG๋ฅผ ์†Œ์œ ํ•˜๋Š” VPC ID ์š”์ฒญ์‹œ
        • {"NameId":"","SystemId":""}
    • ์ž…๋ ฅ ์ž์›์ด ์กด์žฌํ•˜์ง€ ์•Š๊ฑฐ๋‚˜ ์˜ค๋ฅ˜ ๋ฐœ์ƒ์‹œ, error ๋ฐ˜ํ™˜
      • ์˜ˆ์‹œ:
        • {"message":"InvalidGroup.NotFound: The security group 'sg-abcd' does not exist\n\tstatus code: 400, request id: dcfacf5a-87ec-4a72-9450-ffdcca38a865"}
        • {"message":"code=415, message=Unsupported Media Type"}

  • ํŠน์ด ์‚ฌํ•ญ

    • Security Group
      • Azure์™€ ๊ฐ™์ด VCP์— ์†Œ์œ ๊ฐ€ ์•ˆ๋œ SG๋ฅผ ์ œ๊ณตํ•˜๋Š” CSP๊ฐ€ ์žˆ์Œ
      • GCP ๊ฒฝ์šฐ SG ๊ฐœ๋…์ด ์—†๋Š” ๊ฐœ๋ณ„ Firewall๋งŒ ์ œ๊ณตํ•˜๊ณ  ์žˆ์–ด,
        • Spider๋ฅผ ํ†ตํ•ด์„œ ์ƒ์„ฑ์‹œ์—” ํŠน์ • ๊ทœ์น™์— ์˜ํ•œ ์—ฌ๋Ÿฌ๊ฐœ์˜ firewall์ด ์ƒ์„ฑ ๋˜์–ด ๋งตํ•‘๋˜์ง€๋งŒ,
        • ๊ธฐ์กด ์กด์žฌํ•˜๋Š” firewall์„ ์ด์šฉํ•˜์—ฌ Spider ํ†ตํ•œ ์ƒ์„ฑ์ฒ˜๋Ÿผ SG ๊ตฌ์„ฑํ•˜๋Š” ๊ฒƒ์€ ์ถ”๊ฐ€ ์ด์Šˆ๊ฐ€ ์กด์žฌํ•จ.
        • GCP SG ์ƒ์„ฑ ๊ทœ์น™: ๋‹ค์Œ ๋งํฌ์—์„œ [2.GCP ์ด์Šˆ ๋ฐฉ์•ˆ] ์ฐธ๊ณ 
    • KeyPair
      • CSP๊ฐ€ KeyPair๋ฅผ ์ œ๊ณตํ•˜์ง€ ์•Š๊ฑฐ๋‚˜,
      • Driver์—์„œ ๋ณ„๋„๋กœ ์ œ๊ณตํ•˜๋Š” KeyPair๋ฅผ ํ™œ์šฉํ•˜๋Š” CSP๊ฐ€ ์žˆ์Œ
    • VM
      • Public IP๊ฐ€ ์กด์žฌํ•˜์ง€ ์•Š์„ ์ˆ˜ ์žˆ์Œ
      • cb-user ๊ณ„์ •์ด ์กด์žฌํ•˜์ง€ ์•Š์Œ
      • DF-Agent๊ฐ€ ์„ค์น˜ ๋˜์–ด ์žˆ์ง€ ์•Š์Œ

  • Pseudo API

    • IID GetSGOwnerVPC()
    • {VPC:IID, SG:[IID], Key:IID} GetVMUsingRS()

1. GetSGOwnerVPC() ์‹œํ—˜ ํ•ญ๋ชฉ ๋ฐ ๊ฒฐ๊ณผ

  • ์‹œํ—˜ ๋ฒ„์ „: 36549a5
[AWS]
  • ๋Œ€์ƒ SG๊ฐ€ ์ด๋ฏธ Spider ๋งตํ•‘๋œ ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"sg-08d02432bd1ddebf7"} }'

{"message":"sg-sg-08d02432bd1ddebf7 already exists with sg-01!"}
  • ๋Œ€์ƒ SG๋ฅผ ์†Œ์œ ํ•œ VPC๊ฐ€ Spider์— ๋งตํ•‘๋œ ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"sg-0bd612696ed5f83e0"} }'

{"NameId":"vpc-01","SystemId":"vpc-0d12b45a9f006afea"}
  • ๋Œ€์ƒ SG๋ฅผ ์†Œ์œ ํ•œ VPC๊ฐ€ Spider์— ๋งตํ•‘์•ˆ๋œ ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"sg-0067570f557818e64"} }'

{"NameId":"","SystemId":"vpc-836f39ea"}
  • ๋Œ€์ƒ SG๊ฐ€ CSP์— ์กด์žฌํ•˜์ง€ ์•Š๋Š” ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"sg-abcd"} }'

{"message":"InvalidGroup.NotFound: The security group 'sg-abcd' does not exist\n\tstatus code: 400, request id: dcfacf5a-87ec-4a72-9450-ffdcca38a865"}
  • ๋‚ด๋ถ€ ์˜ค๋ฅ˜ ๋ฐœ์ƒํ•˜๋Š” ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"sg-xxxxxx"} }'

{"message":"InvalidGroupId.Malformed: Invalid id: \"sg-xxxxxx\"\n\tstatus code: 400, request id: 1eaaf921-eaab-4939-8b62-33db95e9646a"}
[Azure]
  • ๋Œ€์ƒ SG๊ฐ€ ์ด๋ฏธ Spider ๋งตํ•‘๋œ ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "azure-northeu-config", "ReqInfo": { "CSPId":"/subscriptions/a20fed83-96bd-4480-92a9-140b8e3b7c3a/resourceGroups/cb-group-wip/providers/Microsoft.Network/networkSecurityGroups/sg01-c9s7chiba5o1unl4urmg"} }'

{"message":"sg-/subscriptions/a20fed83-96bd-4480-92a9-140b8e3b7c3a/resourceGroups/cb-group-wip/providers/Microsoft.Network/networkSecurityGroups/sg01-c9s7chiba5o1unl4urmg already exists with sg-01!"}
  • ๋Œ€์ƒ SG๋ฅผ ์†Œ์œ ํ•œ VPC๊ฐ€ ์กด์žฌํ•˜์ง€ ์•Š๋Š” ์ผ€์ด์Šค(Azure๋Š” VPC๊ฐ€ SG๋ฅผ ์†Œ์œ ํ•˜์ง€ ์•Š์Œ)
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "azure-northeu-config", "ReqInfo": { "CSPId":"/subscriptions/a20fed83-96bd-4480-92a9-140b8e3b7c3a/resourceGroups/cb-group-wip/providers/Microsoft.Network/networkSecurityGroups/not-used"} }'

{"NameId":"","SystemId":""}
  • ๋Œ€์ƒ SG๊ฐ€ CSP์— ์กด์žฌํ•˜์ง€ ์•Š๋Š” ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "azure-northeu-config", "ReqInfo": { "CSPId":"/subscriptions/a20fed83-96bd-4480-92a9-140b8e3b7c3a/resourceGroups/cb-group-wip/providers/Microsoft.Network/networkSecurityGroups/not-exist"} }'

{"message":"network.SecurityGroupsClient#Get: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code=\"ResourceNotFound\" Message=\"The Resource 'Microsoft.Network/networkSecurityGroups/not-exist' under resource group 'cb-group-wip' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix\""}
[Alibaba]
  • ๋Œ€์ƒ SG๊ฐ€ ์ด๋ฏธ Spider ๋งตํ•‘๋œ ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "alibaba-beijing-config", "ReqInfo": { "CSPId":"sg-2zebc0fjar27rxah6b0o"} }'

{"message":"sg-sg-2zebc0fjar27rxah6b0o already exists with sg-01!"}
  • ๋Œ€์ƒ SG๋ฅผ ์†Œ์œ ํ•œ VPC๊ฐ€ Spider์— ๋งตํ•‘๋œ ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "alibaba-beijing-config", "ReqInfo": { "CSPId":"sg-2zeef27fei4gk96vkhi0"} }'

{"NameId":"vpc-01","SystemId":"vpc-2zeqyg16b8njzhhnybg3s"}
  • ๋Œ€์ƒ SG๋ฅผ ์†Œ์œ ํ•œ VPC๊ฐ€ Spider์— ๋งตํ•‘์•ˆ๋œ ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "alibaba-beijing-config", "ReqInfo": { "CSPId":"sg-2ze9mgpkb99gy9ny0cjh"} }'

{"NameId":"","SystemId":"vpc-2zexrx06j0r42k73mde46"}
  • ๋Œ€์ƒ SG๊ฐ€ CSP์— ์กด์žฌํ•˜์ง€ ์•Š๋Š” ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getsecuritygroupowner -H 'Content-Type: application/json' -d '{"ConnectionName": "alibaba-beijing-config", "ReqInfo": { "CSPId":"sg-abcd"} }'

{"message":"Notfound: 'sg-abcd' SecurityGroup Not found"}

2. GetVMUsingRS() ์‹œํ—˜ ํ•ญ๋ชฉ ๋ฐ ๊ฒฐ๊ณผ

  • ์‹œํ—˜ ๋ฒ„์ „: 03929ed

[AWS]

  • ๋Œ€์ƒ VM์ด ์ด๋ฏธ Spider์— ๋งตํ•‘๋œ ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getvmusingresources -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"i-093f0f5d3fc46ff60"} }' | json_pp

{"message":"vm-i-093f0f5d3fc46ff60 already exists with vm-01!"}
  • ๋Œ€์ƒ VM์ด ์‚ฌ์šฉ ์ค‘์ธ ์ž์›(VPC, SG, Key)๋“ค์ด ์ด๋ฏธ Spider์— ๋งตํ•‘๋œ ์ผ€์ด์Šค
    • ํ•„์š”์‹œ ์ฐธ๊ณ : ์‹œํ—˜์„ ์œ„ํ•ด์„œ VM์„ unregister ํ•˜๋Š” ๋ฐฉ๋ฒ• 
      curl -sX DELETE http://localhost:1024/spider/regvm/vm-01 -H 'Content-Type: application/json' -d \
            '{ 
                    "ConnectionName": "aws-ohio-config"
            }' |json_pp

curl -sX GET http://localhost:1024/spider/getvmusingresources -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"i-093f0f5d3fc46ff60"} }' | json_pp

{
   "Resources" : {
      "VPC" : {
         "NameId" : "vpc-01",
         "SystemId" : "vpc-042e2ed141a12d1a2"
      },
      "VMKey" : {
         "NameId" : "keypair-01",
         "SystemId" : "keypair-01-ca1k3gaba5o9dvmgrbi0"
      },
      "SGList" : [
         {
            "NameId" : "sg-01",
            "SystemId" : "sg-0b4bdaa8a6d7a745d"
         }
      ]
   }
}
  • ๋Œ€์ƒ VM์ด ์‚ฌ์šฉ ์ค‘์ธ VPC๊ฐ€ Spider์— ๋งตํ•‘ ์•ˆ๋œ ์ผ€์ด์Šค
    • ํ•„์š”์‹œ ์ฐธ๊ณ : ์‹œํ—˜์„ ์œ„ํ•ด์„œ VPC๋ฅผ unregister ํ•˜๋Š” ๋ฐฉ๋ฒ• 
      curl -sX DELETE http://localhost:1024/spider/regvpc/vpc-01 -H 'Content-Type: application/json' -d \
            '{
                    "ConnectionName": "aws-ohio-config"
            }' |json_pp

curl -sX GET http://localhost:1024/spider/getvmusingresources -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"i-093f0f5d3fc46ff60"} }' | json_pp

{
   "Resources" : {
      "VPC" : {
         "NameId" : "",
         "SystemId" : "vpc-042e2ed141a12d1a2"
      },
      "SGList" : [
         {
            "SystemId" : "sg-0b4bdaa8a6d7a745d",
            "NameId" : "sg-01"
         }
      ],
      "VMKey" : {
         "SystemId" : "keypair-01-ca1k3gaba5o9dvmgrbi0",
         "NameId" : "keypair-01"
      }
   }
}
  • ๋Œ€์ƒ VM์ด CSP์— ์กด์žฌํ•˜์ง€ ์•Š๋Š” ์ผ€์ด์Šค
    • ์ฐธ๊ณ : AWS ๊ฒฝ์šฐ์—๋Š” terminating ์‹œ์ผœ๋„ ํ•œ๋™์•ˆ ๋ชฉ๋ก์— ๋‚˜ํƒ€๋‚จ
      • ์ด๋•Œ, VM์˜ VPC, SG๋Š” Relationship ์ •๋ณด๋Š” ์‚ฌ๋ผ์ง 
        curl -sX GET http://localhost:1024/spider/getvmusingresources -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"i-093f0f5d3fc46ff60"} }' | json_pp

        {
   "Resources" : {
      "VMKey" : {
         "NameId" : "keypair-01",
         "SystemId" : "keypair-01-ca1k3gaba5o9dvmgrbi0"
      },
      "SGList" : null,
      "VPC" : {
         "NameId" : "",
         "SystemId" : ""
      }
   }
}

curl -sX GET http://localhost:1024/spider/getvmusingresources -H 'Content-Type: application/json' -d '{"ConnectionName": "aws-ohio-config", "ReqInfo": { "CSPId":"i-novm"} }' | json_pp

{
   "message" : "InvalidInstanceID.Malformed: Invalid id: \"i-093f0f5d3fc46ff61\"\n\tstatus code: 400, request id: 4845ee16-831c-4434-bf39-ad81b6fc3838"
}

[Azure]

  • ๋Œ€์ƒ VM์ด ์ด๋ฏธ Spider์— ๋งตํ•‘๋œ ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getvmusingresources -H 'Content-Type: application/json' -d '{"ConnectionName": "azure-northeu-config", "ReqInfo": { "CSPId":"/subscriptions/a20fed83-96bd-4480-92a9-140b8e3b7c3a/resourceGroups/cb-group-wip/providers/Microsoft.Compute/virtualMachines/vm-01-ca1klhqba5o9dvmgrbl0"} }' | json_pp

{
   "message" : "vm-/subscriptions/a20fed83-96bd-4480-92a9-140b8e3b7c3a/resourceGroups/cb-group-wip/providers/Microsoft.Compute/virtualMachines/vm-01-ca1klhqba5o9dvmgrbl0 already exists with vm-01!"
}
  • ๋Œ€์ƒ VM์ด ์‚ฌ์šฉ ์ค‘์ธ ์ž์›(VPC, SG, Key)๋“ค์ด ์ด๋ฏธ Spider์— ๋งตํ•‘๋œ ์ผ€์ด์Šค
    • ํ•„์š”์‹œ ์ฐธ๊ณ : ์‹œํ—˜์„ ์œ„ํ•ด์„œ VM์„ unregister ํ•˜๋Š” ๋ฐฉ๋ฒ• 
      curl -sX DELETE http://localhost:1024/spider/regvm/vm-01 -H 'Content-Type: application/json' -d \
            '{ 
                    "ConnectionName": "azure-northeu-config"
            }' |json_pp

curl -sX GET http://localhost:1024/spider/getvmusingresources -H 'Content-Type: application/json' -d '{"ConnectionName": "azure-northeu-config", "ReqInfo": { "CSPId":"/subscriptions/a20fed83-96bd-4480-92a9-140b8e3b7c3a/resourceGroups/cb-group-wip/providers/Microsoft.Compute/virtualMachines/vm-01-ca1klhqba5o9dvmgrbl0"} }' | json_pp

{
   "Resources" : {
      "VMKey" : {
         "SystemId" : "keypair-01-ca1kldiba5o9dvmgrbkg",
         "NameId" : "keypair-01"
      },
      "SGList" : [
         {
            "NameId" : "sg-01",
            "SystemId" : "sg01-ca1kl4iba5o9dvmgrbk0"
         }
      ],
      "VPC" : {
         "NameId" : "vpc-01",
         "SystemId" : "vpc-01-ca1kkuiba5o9dvmgrbj0"
      }
   }
}
  • ๋Œ€์ƒ VM์ด ์‚ฌ์šฉ ์ค‘์ธ VPC๊ฐ€ Spider์— ๋งตํ•‘ ์•ˆ๋œ ์ผ€์ด์Šค
    • ํ•„์š”์‹œ ์ฐธ๊ณ : ์‹œํ—˜์„ ์œ„ํ•ด์„œ VPC๋ฅผ unregister ํ•˜๋Š” ๋ฐฉ๋ฒ• 
      curl -sX DELETE http://localhost:1024/spider/regvpc/vpc-01 -H 'Content-Type: application/json' -d \
            '{
                    "ConnectionName": "azure-northeu-config"
            }' |json_pp

curl -sX GET http://localhost:1024/spider/getvmusingresources -H 'Content-Type: application/json' -d '{"Connectio
nName": "azure-northeu-config", "ReqInfo": { "CSPId":"/subscriptions/a20fed83-96bd-4480-92a9-140b8e3b7c3a/resourceGroups/cb-group-wip/providers/M
icrosoft.Compute/virtualMachines/vm-01-ca1klhqba5o9dvmgrbl0"} }' | json_pp

{
   "Resources" : {
      "VPC" : {
         "SystemId" : "vpc-01-ca1kkuiba5o9dvmgrbj0",
         "NameId" : ""
      },
      "VMKey" : {
         "SystemId" : "keypair-01-ca1kldiba5o9dvmgrbkg",
         "NameId" : "keypair-01"
      },
      "SGList" : [
         {
            "NameId" : "sg-01",
            "SystemId" : "sg01-ca1kl4iba5o9dvmgrbk0"
         }
      ]
  • ๋Œ€์ƒ VM์ด CSP์— ์กด์žฌํ•˜์ง€ ์•Š๋Š” ์ผ€์ด์Šค
curl -sX GET http://localhost:1024/spider/getvmusingresources -H 'Content-Type: application/json' -d '{"Connectio
nName": "azure-northeu-config", "ReqInfo": { "CSPId":"/subscriptions/a20fed83-96bd-4480-92a9-140b8e3b7c3a/resourceGroups/cb-group-wip/providers/M
icrosoft.Compute/virtualMachines/vm-01-ca1klhqba5o9dvmgrbl0"} }' | json_pp

{
   "message" : "Failed to Get VM. err = compute.VirtualMachinesClient#Get: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code=\"ResourceNotFound\" Message=\"The Resource 'Microsoft.Compute/virtualMachines/vm-01-ca1klhqba5o9dvmgrbl0' under resource group 'cb-group-wip' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix\""
}