[injector] feat(backend): add dump config (#4386)

Signed-off-by: Antoine MAZEAS <antoine.mazeas@filigran.io>
Co-authored-by: Antoine MAZEAS <antoine.mazeas@filigran.io>

Author: camrrx

.circleci/config.yml

@@ -125,19 +125,19 @@ jobs:
           name: Build Docker image openaev/injector-aws
           command: |
             if [ "${CIRCLE_BRANCH}" = "release/current" ]; then
-              docker build --progress=plain -t openaev/injector-aws:${CIRCLE_SHA1} --build-arg PYOAEV_GIT_BRANCH_OVERRIDE="${CIRCLE_BRANCH}" .
+              docker build --progress=plain --build-context injector_common=../injector_common -t openaev/injector-aws:${CIRCLE_SHA1} --build-arg PYOAEV_GIT_BRANCH_OVERRIDE="${CIRCLE_BRANCH}" .
             else
-              docker build --progress=plain -t openaev/injector-aws:${CIRCLE_SHA1} .
+              docker build --progress=plain --build-context injector_common=../injector_common -t openaev/injector-aws:${CIRCLE_SHA1} .
             fi
             docker save -o ~/openaev/images/injector-aws openaev/injector-aws:${CIRCLE_SHA1}
       - run:
           working_directory: ~/openaev/http-query
           name: Build Docker image openaev/injector-http-query
           command: |
             if [ "${CIRCLE_BRANCH}" = "release/current" ]; then
-              docker build --progress=plain -t openaev/injector-http-query:${CIRCLE_SHA1} --build-arg PYOAEV_GIT_BRANCH_OVERRIDE="${CIRCLE_BRANCH}" .
+              docker build --progress=plain --build-context injector_common=../injector_common -t openaev/injector-http-query:${CIRCLE_SHA1} --build-arg PYOAEV_GIT_BRANCH_OVERRIDE="${CIRCLE_BRANCH}" .
             else
-              docker build --progress=plain -t openaev/injector-http-query:${CIRCLE_SHA1} .
+              docker build --progress=plain --build-context injector_common=../injector_common -t openaev/injector-http-query:${CIRCLE_SHA1} .
             fi
             docker save -o ~/openaev/images/injector-http-query openaev/injector-http-query:${CIRCLE_SHA1}
       - run:

.gitignore

@@ -133,3 +133,8 @@ dmypy.json
 
 # Cython debug symbols
 cython_debug/
+
+# custom
+# ignoring the poetry.lock files for now
+# as we don't have a good release scheme for keeping them up to date at the moment
+poetry.lock

aws/Dockerfile

@@ -2,6 +2,9 @@ FROM python:3.13-alpine AS builder
 
 RUN apk update && apk upgrade
 
+WORKDIR /opt/injector_common
+COPY --from=injector_common ./ ./
+
 # poetry version available on Ubuntu 24.04
 RUN pip3 install poetry==2.1.3
 
@@ -12,6 +15,9 @@ RUN poetry build
 
 FROM python:3.13-alpine AS runner
 
+WORKDIR /opt/injector_common
+COPY --from=injector_common ./ ./
+
 ARG installdir=/opt/injector
 WORKDIR ${installdir}
 COPY --from=builder ${installdir} ${installdir}

aws/README.md

@@ -117,7 +117,7 @@ Below are the parameters you'll need to set for running the injector properly:
 1. Build the Docker image:
 ```bash
 cd aws
-docker build -t openaev/injector-aws:latest .
+docker build --build-context injector_common=../injector_common -t openaev/injector-aws:latest .
 ```
 
 2. Run with docker-compose:

aws/aws/configuration/__init__.py

@@ -0,0 +1,27 @@
+from pydantic import Field
+from pyoaev.configuration import ConfigLoaderOAEV, Configuration, SettingsLoader
+
+from aws.configuration.injector_config_override import InjectorConfigOverride
+from aws.contracts_aws import AWSContracts
+
+
+class ConfigLoader(SettingsLoader):
+    openaev: ConfigLoaderOAEV = Field(default_factory=ConfigLoaderOAEV)
+    injector: InjectorConfigOverride = Field(default_factory=InjectorConfigOverride)
+
+    def to_daemon_config(self) -> Configuration:
+        return Configuration(
+            config_hints={
+                # OpenAEV configuration (flattened)
+                "openaev_url": {"data": str(self.openaev.url)},
+                "openaev_token": {"data": self.openaev.token},
+                # Injector configuration (flattened)
+                "injector_id": {"data": self.injector.id},
+                "injector_name": {"data": self.injector.name},
+                "injector_type": {"data": self.injector.type},
+                "injector_contracts": {"data": AWSContracts.build_contract()},
+                "injector_log_level": {"data": self.injector.log_level},
+                "injector_icon_filepath": {"data": self.injector.icon_filepath},
+            },
+            config_base_model=self,
+        )

aws/aws/configuration/config_loader.py

@@ -0,0 +1,25 @@
+from pydantic import Field
+from pyoaev.configuration import ConfigLoaderCollector
+
+
+# To be change ConfigLoaderCollector
+class InjectorConfigOverride(ConfigLoaderCollector):
+    id: str = Field(
+        description="A unique UUIDv4 identifier for this injector instance.",
+    )
+    name: str = Field(
+        default="AWS",
+        description="Name of the injector.",
+    )
+    icon_filepath: str | None = Field(
+        default="aws/img/icon-aws.png",
+        description="Path to the icon file",
+    )
+    type: str = Field(
+        description="Type of the injector.",
+        default="openaev_aws",
+    )
+    log_level: str = Field(
+        description="Determines the verbosity of the logs. Options: debug, info, warn, or error.",
+        default="error",
+    )

aws/aws/configuration/injector_config_override.py

@@ -4,6 +4,7 @@
 
 from pyoaev.helpers import OpenAEVConfigHelper, OpenAEVInjectorHelper
 
+from aws.configuration.config_loader import ConfigLoader
 from aws.contracts_aws import (
     CLOUDTRAIL_ENUM_CONTRACT,
     COGNITO_ENUM_CONTRACT,
@@ -32,42 +33,17 @@
     SNS_ENUM_CONTRACT,
     SSM_ENUM_PARAMETERS_CONTRACT,
     VPC_ENUM_CONTRACT,
-    AWSContracts,
 )
 from aws.helpers.pacu_executor import PacuExecutor
+from injector_common.dump_config import intercept_dump_argument
 
 
 class OpenAEVAWS:
     def __init__(self):
-        self.config = OpenAEVConfigHelper(
-            __file__,
-            {
-                # API information
-                "openaev_url": {"env": "OPENAEV_URL", "file_path": ["openaev", "url"]},
-                "openaev_token": {
-                    "env": "OPENAEV_TOKEN",
-                    "file_path": ["openaev", "token"],
-                },
-                # Config information
-                "injector_id": {"env": "INJECTOR_ID", "file_path": ["injector", "id"]},
-                "injector_name": {
-                    "env": "INJECTOR_NAME",
-                    "file_path": ["injector", "name"],
-                },
-                "injector_type": {
-                    "env": "INJECTOR_TYPE",
-                    "file_path": ["injector", "type"],
-                    "default": "openaev_aws",
-                },
-                "injector_log_level": {
-                    "env": "INJECTOR_LOG_LEVEL",
-                    "file_path": ["injector", "log_level"],
-                    "default": "error",
-                },
-                "injector_contracts": {"data": AWSContracts.build_contract()},
-            },
+        self.config = OpenAEVConfigHelper.from_configuration_object(
+            ConfigLoader().to_daemon_config()
         )
-
+        intercept_dump_argument(self.config.get_config_obj())
         self.helper = OpenAEVInjectorHelper(
             self.config, open("aws/img/icon-aws.png", "rb")
         )

aws/aws/openaev_aws.py

@@ -0,0 +1,18 @@
+{
+  "title": "Amazon Web Service",
+  "slug": "aws_injector",
+  "description": "This Injector use the credentials provided to enumerate through contract the AWS ressources like S3, IAM, Lambda, CloudTrail, Route53, etc. ",
+  "short_description": "Use OpenAEV to perform AWS assessment through credentials sets",
+  "use_cases": ["Injector", "Technical"],
+  "verified": true,
+  "last_verified_date": "",
+  "playbook_supported": false,
+  "max_confidence_level": 80,
+  "support_version": "",
+  "subscription_link": "https://aws.amazon.com/",
+  "source_code": "",
+  "manager_supported": true,
+  "container_version": "rolling",
+  "container_image": "openaev/injector-aws",
+  "container_type": "INJECTOR"
+}