Duo Auth - 18610 - Updated dependencies and SDK to the latest version (#3055)

Author: igorski-r7

plugins/duo_auth/.CHECKSUM

@@ -1,15 +1,15 @@
 {
-	"spec": "9a9da19b82f3ad4f23ab7a0725695422",
-	"manifest": "48735bedd2e407af0784bdd90e706896",
-	"setup": "d0fc4557b513a4944506a2e885cd0a32",
+	"spec": "ff85d692a483975710c09a54310d6e74",
+	"manifest": "c0f72d9ea137585ca83d612bfd3c23bb",
+	"setup": "426658221d9fe1e3eca5dca34163072a",
 	"schemas": [
 		{
 			"identifier": "auth/schema.py",
-			"hash": "fbc5545cf3c14ba63cabf57255f3273d"
+			"hash": "3730109fc4e5ae4a226cec9d4caaed6c"
 		},
 		{
 			"identifier": "connection/schema.py",
-			"hash": "b4dd28f9a040343bb03350fc8a29d096"
+			"hash": "3507436916c3cb62d4113a3d5092ac33"
 		}
 	]
 }

plugins/duo_auth/Dockerfile

@@ -1,19 +1,20 @@
-FROM  komand/python-3-37-slim-plugin:3
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.3
 
-# Add any custom package dependencies here
-# NOTE: Add pip packages to requirements.txt
+LABEL organization=rapid7
+LABEL sdk=python
 
-# End package dependencies
-
-# Add source code
 WORKDIR /python/src
+
 ADD ./plugin.spec.yaml /plugin.spec.yaml
-ADD . /python/src
+ADD ./requirements.txt /python/src/requirements.txt
 
-# Install pip dependencies
 RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
 
-# Install plugin
+ADD . /python/src
+
 RUN python setup.py build && python setup.py install
 
-ENTRYPOINT ["/usr/local/bin/komand_duo_auth"]
+# User to run plugin code. The two supported users are: root, nobody
+USER nobody
+
+ENTRYPOINT ["/usr/local/bin/komand_duo_auth"]

plugins/duo_auth/bin/komand_duo_auth

@@ -1,30 +1,44 @@
 #!/usr/bin/env python
-# GENERATED BY KOMAND SDK - DO NOT EDIT
-import komand
-from komand_duo_auth import connection, actions, triggers
-
+# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
+import os
+import json
+from sys import argv
 
 Name = "Duo Auth API"
 Vendor = "rapid7"
-Version = "1.0.3"
-Description = "Duo's Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. The Duo Auth plugin for Rapid7 InsightConnect enables users to create and send two-factor authentication push notifications"
+Version = "1.0.4"
+Description = "[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. The Duo Auth InsightConnect plugin enables users to create and send push notifications from within automation workflows"
 
 
-class ICONDuoAuth(komand.Plugin):
-    def __init__(self):
-        super(self.__class__, self).__init__(
+def main():
+    if 'http' in argv:
+        if os.environ.get("GUNICORN_CONFIG_FILE"):
+            with open(os.environ.get("GUNICORN_CONFIG_FILE")) as gf:
+                gunicorn_cfg = json.load(gf)
+                if gunicorn_cfg.get("worker_class", "sync") == "gevent":
+                    from gevent import monkey
+                    monkey.patch_all()
+        elif 'gevent' in argv:
+            from gevent import monkey
+            monkey.patch_all()
+
+    import insightconnect_plugin_runtime
+    from komand_duo_auth import connection, actions, triggers, tasks
+
+    class ICONDuoAuth(insightconnect_plugin_runtime.Plugin):
+        def __init__(self):
+            super(self.__class__, self).__init__(
                 name=Name,
                 vendor=Vendor,
                 version=Version,
                 description=Description,
                 connection=connection.Connection()
-                )
-        self.add_action(actions.Auth())
+            )
+            self.add_action(actions.Auth())
+        
 
-
-def main():
     """Run plugin"""
-    cli = komand.CLI(ICONDuoAuth())
+    cli = insightconnect_plugin_runtime.CLI(ICONDuoAuth())
     cli.run()
 
 

plugins/duo_auth/help.md

@@ -1,7 +1,6 @@
 # Description
 
-[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and
-security health of their devices before they connect to the apps they use. The Duo Auth InsightConnect plugin enables users to create and send push notifications from within automation workflows.
+[Duo](https://duo.com/)'s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps they use. The Duo Auth InsightConnect plugin enables users to create and send push notifications from within automation workflows
 
 # Key Features
 
@@ -13,119 +12,116 @@ security health of their devices before they connect to the apps they use. The D
 * Requires a Duo secret key
 * Requires a Duo hostname
 
-# Documentation
-
-## Setup
+# Supported Product Versions
 
-|Name|Type|Default|Required|Description|Enum|
-|----|----|-------|--------|-----------|----|
-|hostname|string|None|True|Enter the Duo API hostname and secret key|None|
-|integration_key|credential_secret_key|None|True|API integration key|None|
-|secret_key|credential_secret_key|None|True|API secret key|None|
-
-## Technical Details
+* Duo Client 5.3.0
 
-### Actions
-
-#### Auth
+# Documentation
 
-This action is used to perform second-factor authentication.
+## Setup
 
-##### Options
+The connection configuration accepts the following parameters:  
 
-The "Options" field is used to specify additional parameters that may be necessary depending on the authentication factor selected. "Options" accepts the following parameters in JSON format `username`, `passcode`, `pushinfo`, `type`.
+|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
+| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
+|hostname|string|None|True|Enter the Duo API hostname and secret key|None|ExampleHostname|None|None|
+|integration_key|credential_secret_key|None|True|API integration key|None|{"secretKey": "9de5069c5afe602b2ea0a04b66beb2c0"}|None|None|
+|secret_key|credential_secret_key|None|True|API secret key|None|{"secretKey": "9de5069c5afe602b2ea0a04b66beb2c0"}|None|None|
 
 Example input:
 
 ```
 {
-    "type": "Transfer",
-    "pushinfo": {
-        "hello": "world",
-        "host": "suspicious-host"
-    }
+  "hostname": "ExampleHostname",
+  "integration_key": {
+    "secretKey": "9de5069c5afe602b2ea0a04b66beb2c0"
+  },
+  "secret_key": {
+    "secretKey": "9de5069c5afe602b2ea0a04b66beb2c0"
+  }
 }
 ```
 
-###### Push
-
-|Parameter|Required?|Description|
-|---------|---------|-----------|
-|device|Required|ID of the device. This device must have the "push" capability. You may also specify "auto" to use the first of the user's devices with the "push" capability.|
-|type|Optional|This string is displayed in the Duo Mobile app before the word "request". The default is "Login", so the phrase "Login request" appears in the push notification text and on the request details screen. You may want to specify "Transaction", "Transfer", etc.|
-|display_username|Optional|String to display in Duo Mobile in place of the user's Duo username.|
-|pushinfo|Optional|A set of URL-encoded key/value pairs with additional contextual information associated with this authentication attempt. The Duo Mobile app will display this information to the user. For example: from=login%20portal&domain=example.com. The URL-encoded string's total length must be less than 20,000 bytes.|
-
-###### Passcode
-
-|Parameter|Required?|Description|
-|---------|---------|-----------|
-|passcode|true|Passcode entered by the user.|
+## Technical Details
 
-###### Phone
+### Actions
 
-|Parameter|Required?|Description|
-|---------|---------|-----------|
-|device|true|ID of the device to call. This device must have the "phone" capability. You may also specify "auto" to use the first of the user's devices with the "phone" capability.|
 
-###### SMS
+#### Auth
 
-|Parameter|Required?|Description|
-|---------|---------|-----------|
-|device|true|ID of the device to send passcodes to. This device must have the "sms" capability. You may also specify "auto" to use the first of the user's devices with the "sms" capability.|
+This action is used to perform second-factor authentication
 
 ##### Input
 
-|Name|Type|Default|Required|Description|Enum|
-|----|----|-------|--------|-----------|----|
-|username|string|None|False|Username is required if user_id is not provided|None|
-|user_id|string|None|False|User ID|None|
-|factor|string|auto|False|Factor to use for authentication|['auto', 'push', 'passcode', 'sms', 'phone']|
-|device|string|auto|False|Device ID to use for auth|None|
-|async|bool|None|False|Set to true for an async response|None|
-|ipaddr|string|None|False|The IP address of the user to be authenticated, in dotted quad format. This will cause an 'allow' response to be sent if appropriate for requests from a trusted network|None|
-|options|object|None|False|Additional options required by the API|None|
+|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
+| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
+|async|bool|None|False|Set to true for an async response|None|False|None|None|
+|device|string|auto|False|Device ID to use for auth|None|auto|None|None|
+|factor|string|auto|False|Factor to use for authentication|["auto", "push", "passcode", "sms", "phone"]|auto|None|None|
+|ipaddr|string|None|False|The IP address of the user to be authenticated, in dotted quad format. This will cause an 'allow' response to be sent if appropriate for requests from a trusted network|None|192.168.0.1|None|None|
+|options|object|None|False|Additional options required by the API. This field is used to specify additional parameters that may be necessary depending on the authentication factor selected. Accepts the following parameters in JSON format `username`, `passcode`, `pushinfo`, `type`|None|{"type":"Transfer","pushinfo":{"hello":"world","host":"suspicious-host"}}|None|None|
+|user_id|string|None|False|Permanent, unique identifier for the user as generated by Duo upon user creation. Exactly one of user_id or username must be specified|None|DUYHV6TJBC3O4RITS1WC|None|None|
+|username|string|None|False|Unique identifier for the user that is commonly specified by your application during user creation. This value may also represent a username alias assigned to a user. Exactly one of user_id or username must be specified|None|[email protected]|None|None|
+  
+Example input:
 
-##### Output
+```
+{
+  "async": false,
+  "device": "auto",
+  "factor": "auto",
+  "ipaddr": "192.168.0.1",
+  "options": {
+    "pushinfo": {
+      "hello": "world",
+      "host": "suspicious-host"
+    },
+    "type": "Transfer"
+  },
+  "user_id": "DUYHV6TJBC3O4RITS1WC",
+  "username": "[email protected]"
+}
+```
 
-|Name|Type|Required|Description|
-|----|----|--------|-----------|
-|status|string|False|Status|
-|status_msg|string|False|Status message|
-|trusted_device_token|string|False|Trusted device token|
-|result|string|False|Either allow or deny|
-|txid|string|False|TX ID|
+##### Output
 
+|Name|Type|Required|Description|Example|
+| :--- | :--- | :--- | :--- | :--- |
+|result|string|False|Either "allow" or "deny". If "allow" was returned, your application should grant access to the user. If "deny", it should not|allow|
+|status|string|False|String detailing the progress or outcome of the authentication attempt|allow|
+|status_msg|string|False|The message describing the status of the authentication attempt. If the authentication attempt was denied, it may identify a reason|Success. Logging you in...|
+|trusted_device_token|string|False|A string containing a token for that trusted device|REkxS00Ld4ddEVTRZOUlYMEldJ05HwUldRRThJR1VTNE0=|35|835c28ca9b042e05e|
+|txid|string|False|A transaction ID|45f7c92b-f45f-4862-8545-e0f58e78075a|
+  
 Example output:
 
 ```
-
 {
-  "log": "Connect: Connecting..\n",
-  "status": "ok",
-  "meta": {},
-  "output": {
-    "result": "allow",
-    "status": "allow",
-    "status_msg": "Success. Logging you in..."
-  }
-
+  "result": "allow",
+  "status": "allow",
+  "status_msg": "Success. Logging you in...",
+  "trusted_device_token": "REkxS00Ld4ddEVTRZOUlYMEldJ05HwUldRRThJR1VTNE0=|35|835c28ca9b042e05e",
+  "txid": "45f7c92b-f45f-4862-8545-e0f58e78075a"
+}
 ```
-
 ### Triggers
+  
+*This plugin does not contain any triggers.*
+### Tasks
+  
+*This plugin does not contain any tasks.*
 
-This plugin does not contain any triggers.
-
-### Custom Output Types
-
-_This plugin does not contain any custom output types._
+### Custom Types
+  
+*This plugin does not contain any custom output types.*
 
 ## Troubleshooting
-
-This plugin does not contain any troubleshooting information.
+  
+*This plugin does not contain a troubleshooting.*
 
 # Version History
 
+* 1.0.4 - Updated dependencies and SDK to the latest version
 * 1.0.3 - Upgraded `duo_client` in requirements.txt to version `4.0.0` | Upgraded `duo_client` in vendor folder to version `4.0.0` | Use input and output constants |  Change docker image from `komand/python-3-plugin:2` to `komand/python-3-37-slim-plugin:3` to reduce plugin image size
 * 1.0.2 - New spec and help.md format for the Extension Library
 * 1.0.1 - Support `type` parameter as `push_type` in the `options` input of the Auth action
@@ -135,7 +131,9 @@ This plugin does not contain any troubleshooting information.
 
 # Links
 
+* [Duo](https://duo.com/)
+
 ## References
 
 * [Duo](https://duo.com/)
-* [Duo Auth API V2](https://duo.com/docs/authapi)
+* [Duo Auth API V2](https://duo.com/docs/authapi)

plugins/duo_auth/komand_duo_auth/actions/__init__.py

@@ -1,2 +1,4 @@
-# GENERATED BY KOMAND SDK - DO NOT EDIT
+# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
+
 from .auth.action import Auth
+

plugins/duo_auth/komand_duo_auth/actions/auth/__init__.py

@@ -1,2 +1,2 @@
-# GENERATED BY KOMAND SDK - DO NOT EDIT
+# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
 from .action import Auth