Module: check_mk
Branch: master
Commit: d920f74a52cfa703d5bf30654a800dcdd56ddc0f
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d920f74a52cfa7…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Mar 13 11:00:28 2017 +0100
4496 The site ID can now be used as match condition
Setting the site ID as condition is now possible to be configured in
notification rules. This is useful for setups where centralized
notifications are used and you want to configured rules depending
on the origin site.
Change-Id: I3a061c5f5ff70ead97d111c5ab254668f2103725
---
.werks/4496 | 14 ++++++++++++++
modules/events.py | 15 +++++++++++++++
web/htdocs/wato.py | 12 ++++++++++--
3 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/.werks/4496 b/.werks/4496
new file mode 100644
index 0000000..3597b9c
--- /dev/null
+++ b/.werks/4496
@@ -0,0 +1,14 @@
+Title: The site ID can now be used as match condition
+Level: 1
+Component: notifications
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1489399160
+Class: feature
+
+Setting the site ID as condition is now possible to be configured in
+notification rules. This is useful for setups where centralized
+notifications are used and you want to configured rules depending
+on the origin site.
+
diff --git a/modules/events.py b/modules/events.py
index 5c617d8..cfa9b8d 100644
--- a/modules/events.py
+++ b/modules/events.py
@@ -349,6 +349,7 @@ def complete_raw_context(raw_context, with_dump, event_log):
def event_match_rule(rule, context):
return \
+ event_match_site(rule, context) or \
event_match_folder(rule, context) or \
event_match_hosttags(rule, context) or \
event_match_hostgroups(rule, context) or \
@@ -368,6 +369,20 @@ def event_match_rule(rule, context):
event_match_servicelevel(rule, context)
+def event_match_site(rule, context):
+ if "match_site" not in rule:
+ return
+
+ required_site_ids = rule["match_site"]
+
+ # Fallback to local site ID in case there is none in the context
+ site_id = context.get("OMD_SITE", omd_site())
+
+ if site_id not in required_site_ids:
+ return "The site '%s' is not in the required sites list: %s" % \
+ (site_id, ",".join(required_site_ids))
+
+
def event_match_folder(rule, context):
if "match_folder" in rule:
mustfolder = rule["match_folder"]
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 83bd489..8a1cc43 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -7492,7 +7492,7 @@ def vs_notification_rule(userid = None):
),
],
- optional_keys = [ "match_folder", "match_hosttags", "match_hostgroups", "match_hosts", "match_exclude_hosts",
+ optional_keys = [ "match_site", "match_folder", "match_hosttags", "match_hostgroups", "match_hosts", "match_exclude_hosts",
"match_servicegroups", "match_exclude_servicegroups", "match_servicegroups_regex", "match_exclude_servicegroups_regex",
"match_services", "match_exclude_services",
"match_contacts", "match_contactgroups",
@@ -7506,7 +7506,7 @@ def vs_notification_rule(userid = None):
( _("Notification Method"), [ "notify_plugin", "notify_method", "bulk" ] ),]
+ contact_headers
+ [
- ( _("Conditions"), [ "match_folder", "match_hosttags", "match_hostgroups",
+ ( _("Conditions"), [ "match_site", "match_folder", "match_hosttags", "match_hostgroups",
"match_hosts", "match_exclude_hosts", "match_servicegroups",
"match_exclude_servicegroups", "match_servicegroups_regex", "match_exclude_servicegroups_regex",
"match_services", "match_exclude_services",
@@ -7524,6 +7524,14 @@ def vs_notification_rule(userid = None):
def simple_host_rule_match_conditions():
return [
+ ( "match_site",
+ DualListChoice(
+ title = _("Match site"),
+ help = _("This condition makes the rule match only notifications that have been "
+ "created on the selected sites."),
+ choices = config.site_choices,
+ ),
+ ),
( "match_folder",
FolderChoice(
title = _("Match folder"),
Module: check_mk
Branch: master
Commit: 2190f03b766bb7093ad91638452db294e2915d49
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2190f03b766bb7…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Mar 13 09:32:05 2017 +0100
CME: Customer are not allowed to login to the central site anymore
Change-Id: I812767a73212947f94c2e79d3ab10c0e6038b00d
---
web/htdocs/login.py | 6 ++++++
web/htdocs/userdb.py | 19 +++++++++++++++++++
2 files changed, 25 insertions(+)
diff --git a/web/htdocs/login.py b/web/htdocs/login.py
index a189574..0dc45a6 100644
--- a/web/htdocs/login.py
+++ b/web/htdocs/login.py
@@ -268,6 +268,12 @@ def check_auth(mod_python_req):
if (user_id is not None and type(user_id) != unicode) or user_id == u'':
raise MKInternalError(_("Invalid user authentication"))
+ if user_id and not userdb.is_customer_user_allowed_to_login(user_id):
+ # A CME not assigned with the current sites customer
+ # is not allowed to login
+ auth_logger.debug("User '%s' is not allowed to login: Invalid customer" % user_id)
+ return None
+
return user_id
diff --git a/web/htdocs/userdb.py b/web/htdocs/userdb.py
index 8fc965e..0fb9351 100644
--- a/web/htdocs/userdb.py
+++ b/web/htdocs/userdb.py
@@ -216,6 +216,20 @@ def is_automation_user(user_id):
return os.path.isfile(cmk.paths.var_dir + "/web/" + user_id.encode("utf-8") + "/automation.secret")
+def is_customer_user_allowed_to_login(user_id):
+ if not cmk.is_managed_edition():
+ return True
+
+ import managed
+ user = config.LoggedInUser(user_id)
+ customer_id = managed.get_customer_id(user.attributes)
+
+ if managed.is_global(customer_id):
+ return True
+
+ return managed.is_current_customer(customer_id)
+
+
# This function is called very often during regular page loads so it has to be efficient
# even when having a lot of users.
#
@@ -1174,6 +1188,11 @@ def hook_login(username, password):
# Check whether or not the user exists (and maybe create it)
create_non_existing_user(connection_id, username)
+ if not is_customer_user_allowed_to_login(username):
+ # A CME not assigned with the current sites customer
+ # is not allowed to login
+ return False
+
# Now, after successfull login (and optional user account
# creation), check whether or not the user is locked.
# In e.g. htpasswd connector this is checked by validating the
Module: check_mk
Branch: master
Commit: 3a136876caaac92b902dd1e644da5ba946f241a0
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3a136876caaac9…
Author: Simon Betz <si(a)mathias-kettner.de>
Date: Fri Mar 10 07:55:35 2017 +0100
4490 Reporting & scheduler: Date & time option is now available in time range options
Change-Id: I2998af90181e39938807f05505aa21364a38f232
---
.werks/4490 | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/.werks/4490 b/.werks/4490
new file mode 100644
index 0000000..57b298d
--- /dev/null
+++ b/.werks/4490
@@ -0,0 +1,10 @@
+Title: Reporting & scheduler: Date & time option is now available in time range options
+Level: 1
+Component: reporting
+Compatible: compat
+Edition: cee
+Version: 1.5.0i1
+Date: 1489128658
+Class: feature
+
+