Add possibility to do auth for Aqua SaaS near default auth Aqua.

tasks/connectors/aqua/aqua.rb

@@ -91,9 +91,10 @@ def run(opts)
         max_batch_size = @options[:batch_pages_count]
 
         cont_pagenum = 0
-        pagenum = 0
-        batch_count = 0
-        page_size = 500
+        pagenum      = 0
+        batch_count  = 0
+        page_size    = 500
+
         @output_dir = "#{$basedir}/#{@options[:output_directory]}"
         @kenna_api_host = @options[:kenna_api_host]
         @kenna_api_key = @options[:kenna_api_key]
@@ -102,6 +103,8 @@ def run(opts)
         token = aqua_get_token(aqua_url, username, password)
         fail_task "Unable to authenticate with Aqua, please check credentials" unless token
 
+        aqua_url = get_wp_url(token) if cloud_url?(aqua_url)
+
         if container_data
           print_debug "Container_data flag set to true"
           containers = {}
@@ -198,7 +201,7 @@ def run(opts)
             os = "#{vuln_obj['os']}-#{vuln_obj['os_version']}" if vuln_obj.key?("os_version")
             arch = resource_obj.fetch("arch") if resource_obj.key?("arch")
             ack_date = vuln_obj["acknowledged_date"]
-            aqua_score = (vuln_obj["aqua_score"]).ceil
+            aqua_score = (vuln_obj["aqua_score"])&.ceil
             print_debug "Vuln name: #{vuln_name}"
 
             vuln_details = {

tasks/connectors/aqua/lib/aqua_helper.rb

@@ -5,32 +5,93 @@
 module Kenna
   module Toolkit
     module AquaHelper
+      SAAS_AUTH_URL = "https://api.cloudsploit.com/v2/signin"
+      WP_URL_API    = "https://prov.cloud.aquasec.com/v1/envs"
+
       def aqua_get_token(aqua_url, username, password)
-        print_debug "Getting Auth Token"
-        aqua_auth_api = "#{aqua_url}/api/v1/login"
-        # auth_headers = { "content-type" => "application/json",
-        #            "accept" => "application/json" }
-        # auth_body = { "id" => "administrator",
-        #              "password" => "My@rvgicmx1" }
-
-        @headers = { "Content-Type" => "application/json" }
-        payload = {
-          "id": username.to_s,
-          "password": password.to_s
-        }
+        if cloud_url?(aqua_url)
+          get_token_from_cloud(username, password)
+        else
+          get_token_from_on_prem(aqua_url, username, password)
+        end
+      end
+
+      def get_token_from_on_prem(aqua_url, username, password)
+        get_token("#{aqua_url}/api/v1/login", username, password)
+      end
+
+      def get_token_from_cloud(username, password)
+        get_token(SAAS_AUTH_URL, username, password)
+      end
+
+      def get_token(auth_url, username, password)
+        print_debug "Getting Auth Token from #{auth_url}"
+
+        headers = { "Content-Type" => "application/json" }
+        payload = if auth_url == SAAS_AUTH_URL
+                    { "email": username, "password": password }.to_json
+                  else
+                    { "id": username.to_s, "password": password }.to_json
+                  end
 
         begin
-          auth_response = http_post(aqua_auth_api, @headers, payload.to_json)
-          auth_json = JSON.parse(auth_response.body)
+          auth_response = http_post(auth_url, headers, payload)
 
-          auth_json["token"]
-        rescue JSON::ParserError
-          print_error "Unable to process Auth Token response!"
+          if auth_response.code == 200
+            auth_json = JSON.parse(auth_response.body)
+            token = auth_json.dig("data", "token")
+
+            print_error "Login failed: No token received" unless token
+          else
+            print_error "Request failed with response code #{auth_response.code} and message #{auth_response.body}"
+          end
+
+          token
+        rescue JSON::ParserError => e
+          print_error "Failed to parse JSON response: #{e.message}"
+          nil
         rescue StandardError => e
-          print_error "Failed to retrieve Auth Token #{e.message}"
+          print_error "Exception occurred: #{e.message}"
+          nil
         end
       end
 
+      def get_wp_url(token)
+        print_debug "Getting Workload Protection URL"
+        headers  = { "Authorization" => "Bearer #{token}", "Content-Type" => "application/json" }
+        response = safe_http_get(WP_URL_API, headers)
+
+        return unless response
+
+        wp_url = "https://#{JSON.parse(response.body).dig('data', 'ese_url')}"
+
+        if wp_url
+          print_debug("Workload Protection URL retrieved successfully")
+        else
+          print_error("Failed to retrieve Workload Protection URL")
+        end
+        wp_url
+      end
+
+      def safe_http_get(url, headers)
+        http_get(url, headers)
+      rescue JSON::ParserError
+        print_error "Unable to process response!"
+      rescue StandardError => e
+        print_error "HTTP GET request failed: #{e.message}"
+        nil
+      end
+
+      def cloud_url?(url)
+        uri = URI.parse(url)
+        return false unless uri.is_a?(URI::HTTP) || uri.is_a?(URI::HTTPS)
+        return false if uri.host.nil?
+
+        !!(uri.host =~ /(\.|^)cloud\.aquasec\.com$/)
+      rescue URI::InvalidURIError
+        false
+      end
+
       def aqua_get_vuln(aqua_url, token, pagesize, pagenum)
         print_debug "Getting All Image Vulnerabilities"
         aqua_query_api = "#{aqua_url}/api/v2/risks/vulnerabilities?pagesize=#{pagesize}&page=#{pagenum}"