Managing Credential Tests

Download this manual as a PDF file

This section describes how to create, run, and manage Credential Tests in SL1.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

What are Credential Tests?

Credential Tests define a series of steps that SL1 can execute on-demand to validate whether a credential works as expected. This section describes how to manage existing credential tests and create new credential tests. For information about executing a credential test, see the Credentials section.

A number of commonly user Credential Tests, such as AWS, Azure, and PowerShell, are included in SL1 by default.

You can also include Credential Tests in PowerPacks. For information about including a credential test in a PowerPack, see the PowerPacks section.

Default Credential Tests

This section describes the credential tests included in the default SL1 installation.

AWS Credential Test

The AWS Credential Test can only be used to test a SOAP/XML credential or a SOAP/XML with AWS subtype credential for monitoring AWS using the Dynamic Applications in the "Amazon Web Services" PowerPack. The AWS Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to the URL for the EC2 service in the region specified in the credential. If a region is not specified in the credential, the us-east-1 region is used.
  • Test Port Availability. Performs an NMAP request to TCP port 443 on the URL for the EC2 service in the region specified in the credential. If a region is not specified in the credential, the us-east-1 region is used.
  • Test Name Resolution. Performs an nslookup request on the URL for the EC2 service in the region specified in the credential. If a region is not specified in the credential, the us-east-1 region is used.
  • Make connection to AWS account. Attempts to connect to the AWS service using the account specified in the credential.
  • Scan AWS services. Verifies that the account specified in the credential has access to the services.

Azure Credential Test

The Azure Credential Test can be used to test a SOAP/XML credential for monitoring Microsoft Azure using the Dynamic Applications in the "Microsoft: Azure" PowerPack. The Azure Credential Test performs the following steps:

  • Test Port Availability. Performs an NMAP request to TCP port 443 on management.azure.com.
  • Test Name Resolution. Performs an nslookup request on management.azure.com.
  • Make connection to Azure account. Attempts to connect to the Azure service using the account specified in the credential.
  • Make Azure Active Directory Request. Verifies that the account specified in the credential has the permissions required to discover the Azure account.

Basic/Snippet Credential Test

The Basic/Snippet Credential Test can be used to test a Basic/Snippet credential for connectivity. The Basic/Snippet Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to the host specified in the credential.
  • Test Port Availability. Performs an NMAP request to the TCP port specified in the credential on the host specified in the credential.
  • Test Name Resolution. Performs an nslookup request on the host specified in the credential.

Database Credential Test

The Database Credential Test can be used to test a Database credential for connectivity. The Database Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to the host specified in the credential.
  • Test Port Availability. Performs an NMAP request to the TCP port specified in the credential on the host specified in the credential.
  • Test Name Resolution. Performs an nslookup request on the host specified in the credential.
  • Make DB Connection. Attempts to make a database connection using the credential and executes the query "SELECT 1;".
  • Verify Table Existence. Attempts to make a database connection using the credential and executes the query "SELECT * FROM master.system_settings_core;".

PowerShell Credential Test

The PowerShell Credential Test can be used to test a PowerShell credential for connectivity. The PowerShell Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to the host specified in the credential.
  • Test Port Availability. Performs an NMAP request to the TCP port specified in the credential on the host specified in the credential.
  • Test Name Resolution. Performs an nslookup request on the host specified in the credential.
  • Test Kerberos. If the credential does not specify local authentication, attempts to acquire a kerberos ticket using the credential.
  • Test WinRM Connection. Attempts a WinRM connection using the credential.
  • Execute PowerShell Cmdlet. Attempts to execute the 'Get-WmiObject Win32_Process | Select Name' PowerShell Cmdlet using the credential.

SNMP Credential Test

The SNMP Credential Test can be used to test an SNMP credential for connectivity. The SNMP Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to the host specified in the credential.
  • Test Port Availability. Performs an NMAP request to the UDP port specified in the credential on the host specified in the credential.
  • Test SNMP Availability. Attempts an SNMP getnext request to .1.3.6.1 using the credential.

SOAP/XML Credential Test

The SOAP/XML Credential Test can be used to test a SOAP/XML credential for connectivity. The SOAP/XML Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to the host specified in the credential.
  • Test Port Availability. Performs an NMAP request to the TCP port specified in the credential on the host specified in the credential.
  • Test Name Resolution. Performs an nslookup request on the host specified in the credential.
  • Make cURL Request. Attempts to make a cURL request connection using the credential.
  • Verify Content. Attempts to make a cURL request connection using the credential and verifies whether "discovery_session" appears in the response.

SoftLayer Credential Test

The SoftLayer Credential Test can be used to test a SOAP/XML credential for monitoring SoftLayer using the Dynamic Applications in the SoftLayer: Cloud PowerPack. The SoftLayer Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to api.softlayer.com.
  • Test Port Availability. Performs an NMAP request to TCP port 443 on api.softlayer.com.
  • Test Name Resolution. Performs an nslookup request on api.softlayer.com.
  • Make connection to SoftLayer account. Attempts to connect to the Softlayer Account endpoint using the account specified in the credential.
  • Query SoftLayer Resource. Performs a getDatacenters request to the Softlayer Location endpoint using the account specified in the credential.

SSH/Key Credential Test

The SSH/Key Credential Test can be used to test a SSH/Key credential for connectivity. This test supports testing RSA and ECDSA keys in PEM format. The SSH/Key Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to the host specified in the credential.
  • Test Port Availability. Performs an NMAP request to the TCP port specified in the credential on the host specified in the credential. If no port is specified in the credential, port 22 is used.
  • Test Name Resolution. Performs an nslookup request on the host specified in the credential.
  • Make SSH Connection. Attempts to make an SSH connection using the credential.
  • Execute Command via SSH. Attempts to make an SSH connection using the credential and executes the command "ping localhost -c1".

VMware Credential Test

The VMware Credential Test can be used to test a SOAP/XML credential for monitoring VMware using the Dynamic Applications in the "VMware: vSphere Base PackPowerPack. The VMware Credential Test performs the following steps:

  • Test Reachability. Attempts to reach the vCenter server using ICMP.
  • Attempt VMware Connection. Attempts to connect to the VMware service using the account specified in the credential.

Viewing Information About Credential Tests

The Credential Test Management page (System > Customize > Credential Tests) allows you to view a list of all credential tests. From this page, you can also create, edit, run, and delete credential tests.

To sort the list of credential tests, click on a column heading. The list will be sorted by the column value, in ascending order. To sort by descending order, click the column heading again. The Last Edited column sorts by descending order on the first click; to sort by ascending order, click the column heading again.

For each credential test, the page displays:

  • Test Name. Name of the credential test.
  • Type. The type of credential that can be tested using this credential test. Possible types are SNMP, Database, SOAP/XML, LDAP/AD, Basic/Snippet, SSH/Key, and Powershell.
  • PowerPack. The PowerPack that contains the credential test.
  • ID. Unique numeric ID, automatically assigned by SL1 to each credential test.
  • Last Edited. Date and time the credential test was created or last edited.
  • Edited By. The username of the user who created or last edited the credential test.

Filtering the List of Credential Tests

To filter the list of credentials in the Credential Test Management page (System > Customize > Credential Tests), use the search fields at the top of each column. The search fields are find-as-you-type filters; as you type, the page is filtered to match the text in the search field, including partial matches. Text matches are not case-sensitive. Additionally, you can use the following special characters in each filter:

  • , (comma). Specifies an "or" operation. For example:

"dell, micro" would match all values that contain the string "dell" OR the string "micro".

  • & (ampersand). Specifies an "and" operation. For example:

"dell & micro" would match all values that contain the string "dell" AND the string "micro".

  • ! (exclamation mark). Specifies a "not" operation. For example:

"!dell" would match all values that do not contain the string "dell".

  • ^ (caret mark). Specifies "starts with." For example:

"^micro" would match all strings that start with "micro", like "microsoft".

"^" will include all rows that have a value in the column.

"!^" will include all rows that have no value in the column.

  • $ (dollar sign). Specifies "ends with." For example:

"$ware" would match all strings that end with "ware", like "VMware".

"$" will include all rows that have a value in the column.

"!$" will include all rows that have no value in the column.

  • min-max. Matches numeric values only. Specifies any value between the minimum value and the maximum value, including the minimum and the maximum. For example:

"1-5" would match 1, 2, 3, 4, and 5.

  • - (dash). Matches numeric values only. A "half open" range. Specifies values including the minimum and greater or including the maximum and lesser. For example:

"1-" matches 1 and greater, so it would match 1, 2, 6, 345, etc.

"-5" matches 5 and less, so it would match 5, 3, 1, 0, etc.

  • > (greater than). Matches numeric values only. Specifies any value "greater than." For example:

">7" would match all values greater than 7.

  • < (less than). Matches numeric values only. Specifies any value "less than." For example:

"<12" would match all values less than 12.

  • >= (greater than or equal to). Matches numeric values only. Specifies any value "greater than or equal to." For example:

"=>7" would match all values 7 and greater.

  • <= (less than or equal to). Matches numeric values only. Specifies any value "less than or equal to." For example:

"=<12" would match all values 12 and less.

  • = (equal). Matches numeric values only. For numeric values, allows you to match a negative value. For example:

"=-5 " would match "-5" instead of being evaluated as the "half open range" as described above.

Testing a Credential

This section describes the following methods for testing a credential in SL1:

Testing a Credential During Guided or Unguided Discovery

You can test a credential from the Credentials page during guided or unguided discovery. To do so:

  1. Complete steps 1-6 from the section on Adding Devices Using Universal or Guided Discovery, or steps 1-5 from the section on Adding Devices Using Unguided Discovery.
  2. Complete the steps from the next section, Testing a Credential Using the Credential Tester Panel.

Testing a Credential Using the Credential Tester Panel

When defining or editing a credential in SL1, you can test the credential using the Credential Tester panel.

To test a credential using the Credential Tester panel:

  1. From the Credentials page (Manage > Credentials) or from the Credential Selection page during guided or unguided discovery, click Create New to create a new credential or click the Actions icon () of a credential that you want to test and then select Edit/Test.
  2. While defining or editing the credential, supply values in the required fields. Required fields may vary depending on the type of credential you create.
  3. Click the Save & Test button. This activates the Credential Tester fields.
  4. In the Credential Tester panel, supply values in the following fields:
  • Select Credential Test. Select a credential test to run. This drop-down list includes the ScienceLogic Default Credential Tests, credential tests included in any PowerPacks that have been optionally installed on your system, and credential tests that users have created on your system.
  • Select Collector. Select the All-In-One Appliance or Data Collector that will run the test.
  • IP or Hostname to test. Type a hostname or IP address that will be used during the test. For example, if you are testing an SNMP credential, the hostname/IP address you supply will be used to perform a test SNMP request.
  1. Click the Test Credential button to run the credential test. The Testing Credential window appears.

    The Testing Credential window displays a log entry for each step in the credential test. The steps performed are different for each credential test. The log entry for each step includes the following information:

    • Step. The name of the step.
    • Description. A description of the action performed during the step.
    • Log Message. The result of the step for this execution of the credential test.
    • Status. Whether the result of this step indicates the credential and/or the network environment is configured correctly (Passed) or incorrectly (Failed).
    • Step Tip. Mouse over the question mark icon () to display the tip text. The tip text recommends what to do to change the credential and/or the network environment if the step has a status of "Failed".

Testing a Credential from the Credential Management Page in the Classic SL1 User Interface

You can test a credential from the Credential Management page in the classic SL1 user interface using a predefined credential test.

To run a credential test from the Credential Management page:

  1. Go to the Credential Management page (System > Manage > Credentials).
  2. Click the Actions menu, and then select Test Credential. The Credential Tester modal page appears:
  3. Supply values in the following fields:
    • Test Type. Select a credential test to run. This list includes the ScienceLogic Default Credential Tests, credential tests included in any PowerPacks that have been optionally installed on your system, and credential tests that users have created on your system.
    • Credential. Select the credential to test. This drop-down list includes only credentials that you have access to that can be tested using the selected credential test.
    • Hostname/IP. Enter a hostname or IP address that will be used during the test. For example, if you are testing an SNMP credential, the hostname/IP address you supply will be used to perform a test SNMP request.
    • Collector. Select the All-In-One Appliance or Data Collector that will run the test.
  4. Click the Run Test button to run the credential test. The Test Credential window appears.
  5. The Test Credential window displays a log entry for each step in the credential test. The steps performed are different for each credential test. The log entry for each step includes the following information:

    • Step. The name of the step.
    • Description. A description of the action performed during the step.
    • Log Message. The result of the step for this execution of the credential test.
    • Status. Whether the result of this step indicates the credential and/or the network environment is configured correctly (Passed) or incorrectly (Failed).
    • Step Tip. Mouse over the question mark icon () to display the tip text. The tip text recommends what to do to change the credential and/or the network environment if the step has a status of "Failed".
  6. Optionally, you can click the Execute Discovery Session button to run a discovery session using the Credential, Hostname/IP, and Collector you selected in the Credential Tester modal page.

Testing a Credential from the Credential Test Management Page in the Classic SL1 User Interface

The Credential Test Management page in the classic SL1 user interface allows you to run a credential test to validate that a credential works as expected. To do so:

  1. Go to the Credential Test Management page (System > Customize > Credential Tests).
  2. Find the credential test that you want to run and click its lightning bolt icon (). The Credential Tester modal page appears:
  3. Supply values in the following fields:
  • Test Type. This field is pre-populated with the credential test you selected.
  • Credential. Select the credential to test. This drop-down list includes only credentials that you have access to that can be tested using the selected credential test.
  • Hostname/IP. Enter a hostname or IP address that will be used during the test. For example, if you are testing an SNMP credential, the hostname/IP address you supply will be used to perform a test SNMP request.
  • Collector. Select which All-In-One Appliance or Data Collector will run the test from the drop-down list.
  1. Click the Run Test button to run the credential test. The Test Credential window appears.

The Test Credential window displays a log entry for each step in the credential test. The steps performed are different for each credential test. The log entry for each step includes the following information:

  • Step. The name of the step.
  • Description. A description of the action performed during the step.
  • Log Message. The result of the step for this execution of the credential test.
  • Status. Whether the result of this step indicates the credential and/or the network environment is configured correctly (Passed) or incorrectly (Failed).
  • Step Tip. Mouse over the question mark icon () to display the tip text. The tip text recommends what to do to change the credential and/or the network environment if the step has a status of "Failed".
  1. Optionally, you can click the Execute Discovery Session button to run a discovery session using the Credential, Hostname/IP, and Collector you selected in the Credential Tester modal page.

Creating a Credential Test

The Credential Test Management page allows you to create a new credential test. To do so:

  1. Go to the Credential Test Management page (System > Customize > Credential Tests).
  2. Click the Create button. The Add Credential Test modal page appears.
  3. Supply values in the following fields:
    • Test Name. Enter a name for the credential test.
    • Credential Type. Select the type of credential that can be used with this test. Possible types are SNMP, Database, SOAP/XML, LDAP/AD, Basic/Snippet, SSH/Key, and PowerShell.
    • Execution Environment. Select the execution environment to which you want to align the credential test. An execution environment contains the supporting modules, code, scripts, directories, and files (packaged in ScienceLogic Libraries) for the credential test. An execution environment includes its own installation directories, doesn’t share libraries with other environments, and allows granular control of dependencies, versions, and permissions. The default execution environment is "EM7 Credential Tests". For more information, see the section on Managing Execution Environments.
    • Steps. Enter the JSON structure that defines how each step in the credential test will be executed. The JSON structure must specify an array (square-bracket notation) of objects (curly-braces notation). Each object in the list defines a step to be executed by the credential test. The object for a step must include the following keys:
      • name. The name of the step. This text will be displayed in the Step column in the credential test results.
      • description. A description of the step. This text will be displayed in the Description column in the credential test results.
      • pass_message. The log message to display when the success criteria of the specified function are met. To use the output from a function in the log message, you can include substitutions in this field.
      • fail_message. The log message to display when the success criteria of the specified function are not met. To use the output from a function in the log message, you can include substitutions in this field.
      • step_tip. Information for the user to troubleshoot their credential if this step fails. This text will be displayed if the user hovers over the information icon () in the credential test results.
      • function. The name of the function that will be called by SL1 to execute the step. For a list of available functions, see the Available Step Functions section.

      For step functions that accept additional arguments, add an additional key/value pair in the object for that step to specify additional arguments.

      The pass_message and fail_message can include substitutions. Substitutions are specified using the following format:

      %([Return Value Name])s

      Where [Return Value Name] is the name of the return value you want to substitute in to the pass_message and fail_message. For example, the ping function returns the latency in milliseconds in the variable "result". Suppose your step uses the ping function with the following pass_message:

      Latency is %(result)s ms

      Suppose that when a user runs the credential test, the ping function returns "10" in the variable "result". The following log message is displayed to the user:

      Latency is 10 ms

  4. Click the Save button to save your changes to the credential test.

Editing a Credential Test

The Credential Test Management page allows you to edit an existing credential test. To do so:

  1. Go to the Credential Test Management page (System > Customize > Credential Tests).
  2. Find the credential test that you want to edit and click its wrench icon (). The Edit_Credential_Test modal page appears.
  3. Edit one or more parameters for the credential test. For a description of each field, see the Creating a Credential Test section.
  4. Click the Save button to save your changes to the credential test.

Deleting Credential Tests

The Credential Test Management page allows you to delete one or more credential tests from SL1. To do so:

  1. Go to the Credential Test Management page (System > Customize > Credential Tests).
  2. Select the checkbox for each credential test you want to delete.
  3. Click the Select Actions menu (in the lower right) and select DELETE Credential Test, then click the Go button.
  4. In the pop-up window that appears, click OK. The selected credential tests will be deleted.

Available Step Functions

ping

This function executes the following ping command using the provided IP address or hostname:

sudo /bin/ping -c1 [IP address/Hostname]

  • Success/Failure Criteria. Successful if a response is received.
  • Arguments. None.
  • Return values on success:
    • success. Returns True.
    • result. Returns the response time, in ms.
  • Return values on failure:
    • success. Returns False.

nmap_udp

This function executes the following nmap command using the provided IP address or hostname and the port in the provided credential:

sudo /usr/bin/nmap -sU -p [port][IP address/Hostname]

  • Success/Failure Criteria. Successful if the NMAP command returns "open" or "open|filtered" as the state of the port.
  • Arguments. None.

  • Return values on success:
    • port. Returns the port number from the credential.
    • success. Returns True.
    • result. Returns the state of the port from the NMAP output.

  • Return values on failure:
    • port. Returns the port number from the credential or "Undefined" if no port is specified in the credential.
    • success. Returns False.
    • result. Returns the state of the port from the NMAP output.

nmap_tcp

This function executes the following nmap command using the provided IP address or hostname and the port in the provided credential:

sudo /usr/bin/nmap -P0 -p [port][IP address/Hostname]

  • Success/Failure Criteria. Successful if the NMAP command returns "open" or "open|filtered" as the state of the port.
  • Arguments. None.
  • Return values on success:
    • port. Returns the port number from the credential.
    • success. Returns True.
    • result. Returns the state of the port from the NMAP output.
  • Return values on failure:
    • port. Returns the port number from the credential or "Undefined" if no port is specified in the credential.
    • success. Returns False.
    • result. Returns the state of the port from the NMAP output.

nslookup_forward

This function executes the nslookup command-line utility using the provided hostname.

  • Success/Failure Criteria. Successful if the forward lookup returns one or more results.
  • Arguments. None.

  • Return values on success:
    • success. Returns True.
    • result. Returns a string in the following format: Forward returned [number] result[s]

  • Return values on failure:
    • success. Returns False.
    • result. Returns "Forward Failed".

nslookup

If the user provides a hostname, this function:

  1. Executes the nslookup command-line utility using the provided hostname.
  2. Executes the nslookup command-line utility using the IP address returned by the first nslookup command.

If the user provides an IP address, this function:

  1. Executes the nslookup command-line utility using the provided IP address.
  2. Executes the nslookup command-line utility using the hostname returned by the first nslookup command.
  • Success/Failure Criteria. Successful if both the forward and reverse lookups return one or more results.
  • Arguments. None.
  • Return values on success:
    • success. Returns True.
    • result. Returns a string in the following format: [direction] returned [number] result[s], [direction] returned [number] result[s]
  • Return values on failure:
    • success. Returns False.
    • result. Returns a string in one of the following formats:
      • [direction] failed, [direction] returned [number] result[s]
      • [direction] returned [number] result[s], [direction] failed
      • [direction] failed, [direction] failed

dynapp_execute

This function performs collection of a specified Dynamic Application using the credential and IP/hostname provided by the user.

  • Success/Failure Criteria. Successful if Dynamic Application collection is successful.

  • Arguments. One of the following arguments is required. If both are specified, only app_id is used:
    • app_id. Integer. The ID of the Dynamic Application to execute.
    • app_guid. String. The GUID of the Dynamic Application to execute.

  • Return values on success:
    • success. Returns True.

  • Return values on failure:
    • success. Returns False.

snmp_getnext

This function executes an SNMP getnext request on .1.3.6.1 using the credential and IP/hostname provided by the user. This function works only with SNMP credentials.

  • Success/Failure Criteria. Successful if a value is returned by the getnext request.
  • Arguments. None.
  • Return values on success:
    • success. Returns True.
    • result. Returns the value returned by the request (typically the System Name).
  • Return values on failure:
    • success. Returns False.

ssh_request

This function attempts to make an SSH connection using the following values:

  • The IP address/hostname from the provided Credential. The host to use for the SSH connection.
  • The SSH Key from the provided SSH/Key Credential. The private key to use for the SSH connection.
  • The Username from the provided Credential. The username for the SSH connection.
  • The Password from the provided Credential. The password for the SSH connection.
  • The Port from the provided Credential. The port for the SSH connection. If no port is supplied, port 22 is used.
  • The command argument supplied to the function. The command that is executed using the SSH connection. If the command argument is not supplied, no command is executed.

If the connection is successful and the command argument is supplied to the function, the function executes the command specified in the command argument.

  • Success/Failure Criteria. If a command is not specified in the arguments, successful if an SSH connection is established. If a command is specified in the arguments, successful if the an SSH connection is established and the command returns an exit code of 0.
  • Arguments. The following argument is optional:
    • command. String. SSH command to execute.
  • Return values on success:
    • success. Returns True.
  • Return values on failure:
    • success. Returns False.
    • result. Returns an error message.

db_query

This function attempts to make a database connection and execute a query using the credential and IP/hostname provided by the user. This function works only with Database credentials.

  • Success/Failure Criteria. Successful if the database query returns rows.
  • Arguments. The following argument is optional:
    • query. String. Database query to execute. If no query is supplied, "SELECT 1;" is executed.
  • Return values on success:
    • success. Returns True.
  • Return values on failure:
    • success. Returns False.
    • result. Returns an error message.

curl

This function executes a cURL request using the credential and IP/hostname provided by the user. Optionally, this function can perform an expression match on the returned content. This function works only with SOAP/XML credentials.

  • Success/Failure Criteria. If match text is not specified in the arguments, successful if the cURL request returns an HTTP status code that does not begin with a 4 or 5. If match text is specified in the arguments, successful if the cURL request returns an HTTP status code that does not begin with a 4 or 5 and the supplied expression match is included in the response.
  • Arguments. The following argument is optional:
    • match_text. String. Text to match to the response.
  • Return values on success:
    • success. Returns True.
    • result. Returns one of the following:
      • If no match text is specified, the string "HTTP [Status Code]" is returned.
      • If match text is specified, the string "Match text found" is returned.
  • Return values on failure:
    • success. Returns False.
    • result. Returns one of the following:
      • If no match text is specified and the HTTP request returned a 400-series or 500-series status code, the string "HTTP [Status Code]" is returned.
      • If match text is specified and the HTTP request was successful, the string "Match text not found" is returned.
      • If an error is encountered executing the cURL request, an error message is returned.

aws_connect

Using the boto3 library, this function creates an IAM client object using the following values:

  • Username from the provided credential. Used as the AWS Access Key ID.
  • Password from the provided credential. Used as the AWS Secret Access Key.
  • %1 value from the provided SOAP/XML Credential. Used as the AWS region. If the region is not supplied in the credential, "us-east-1" is used.

After creating the object, the function calls the get_user() request using the object.

  • Success/Failure Criteria. Successful if the get_user() request is successful.
  • Arguments. None
  • Return values on success:
    • success. Returns True.
  • Return values on failure:
    • success. Returns False.
    • result. Returns an error message.

aws_service_scan

Using the boto3 library, this function creates an AWS session object using the following values:

  • Username from the provided credential. Used as the AWS Access Key ID.
  • Password from the provided credential. Used as the AWS Secret Access Key.
  • %1 value from the provided SOAP/XML Credential. Used as the AWS region. If the region is not supplied in the credential, "us-east-1" is used.

After creating the object, the function iterates through the list of services specified in the expected_services argument. For each expected_services argument, the function attempts to connect to the service using the AWS session object.

  • Success/Failure Criteria. Successful if the connection to every service in the expected_services argument was successful.
  • Arguments. The following argument is required:
    • expected_services. Specify a list of service names. The service names must match the possible service names returned by the get_available_resources() function for an AWS session object.
  • Return values on success:
    • success. Returns True.
  • Return values on failure:
    • success. Returns False.
    • result. Returns one of the following:
      • If a client error occurs creating the AWS session object, returns an error message.
      • If the AWS session object was created successfully, returns the following string: "cannot access the following services: [comma-separated list of failed services]"

nmap_aws

This function performs a port scan of port 443 on the URL of a specific AWS service and region. The function uses the following values to build the URL:

  • %1 value from the provided SOAP/XML Credential. Used as the AWS region. If the region is not supplied in the credential, "us-east-1" is used.
  • The service argument supplied to the function. Used as the AWS service. If the service argument is not supplied, "ec2" is used.

For services that do not use regions, this function executes the following nmap command:

sudo /usr/bin/nmap -P0 -p 443 [service].[region].amazonaws.com

For services that use regions, this function executes the following nmap command:

sudo /usr/bin/nmap -P0 -p 443 [service].amazonaws.com

  • Success/Failure Criteria. Successful if the NMAP command returns "open" or "open|filtered" as the state of the port.
  • Arguments. The following argument is optional:
    • service. The service to use in the URL. If the service argument is not supplied, "ec2" is used.
  • Return values on success:
    • port. Returns "443".
    • success. Returns True.
    • result. Returns the state of the port from the NMAP output.
  • Return values on failure:
    • port. Returns "443".
    • success. Returns False.
    • result. Returns the state of the port from the NMAP output.

nslookup_aws

This function executes the nslookup command-line utility URL of a specific AWS service and region. The function uses the following values to build the URL:

  • %1 value form the provided SOAP/XML Credential. Used as the AWS region. If the region is not supplied in the credential, "us-east-1" is used.
  • The service argument supplied to the function. Used as the AWS service. If the service argument is not supplied, "ec2" is used.

For services that do not use regions, the URL is in the following format:

[service].[region].amazonaws.com

For services that use regions, the URL is in the following format:

[service].amazonaws.com

  • Success/Failure Criteria. Successful if the forward lookup returns one or more results.
  • Arguments. The following argument is optional:
    • service. The service to use in the URL. If the service argument is not supplied, "ec2" is used.
  • Return values on success:
    • success. Returns True.
    • result. Returns a string in the following format: Forward returned [number] result[s]
  • Return values on failure:
    • success. Returns False.
    • result. Returns "Forward Failed".

ping_aws

This function executes a ping command to the URL of a specific AWS service and region. The function uses the following values to build the URL:

  • %1 value form the provided SOAP/XML Credential. Used as the AWS region. If the region is not supplied in the credential, "us-east-1" is used.
  • The service argument supplied to the function. Used as the AWS service. If the service argument is not supplied, "ec2" is used.

For services that do not use regions, the ping command is in the following format:

sudo /bin/ping -c1 [service].[region].amazonaws.com

For services that use regions, the ping command is in the following format:

sudo /bin/ping -c1 [service].amazonaws.com

  • Success/Failure Criteria. Successful if a response is received.
  • Arguments. The following argument is optional:
    • service. The service to use in the URL. If the service argument is not supplied, "ec2" is used.
  • Return values on success:
    • success. Returns True.
    • result. Returns the response time, in ms.
  • Return values on failure:
    • success. Returns False.