Checkmk git commits October 2018

checkmk-commits@lists.checkmk.com

15 participants
308 discussions

Fixed icons after toggling of BI assumptions

by Lars Michelsen

Module: check_mk Branch: master Commit: b12b4882eb41b9e15501dd4166e37d385765f3c1 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b12b4882eb41b9… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Oct 22 07:45:01 2018 +0200 Fixed icons after toggling of BI assumptions Change-Id: I993560eb682f04108b39934a97a12bca071b1655 --- web/htdocs/js/checkmk.js | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/web/htdocs/js/checkmk.js b/web/htdocs/js/checkmk.js index 4bfa019..d1d7569 100644 --- a/web/htdocs/js/checkmk.js +++ b/web/htdocs/js/checkmk.js @@ -3559,10 +3559,9 @@ function toggle_assumption(link, site, host, service) var img = link.getElementsByTagName("img")[0]; // get current state - var current = img.src; - while (current.indexOf('/') > -1) - current = current.substr(current.indexOf('/') + 1); - current = current.replace(/button_assume_/, "").replace(/.png/, ""); + var path_parts = img.src.split("/"); + var file_part = path_parts.pop(); + var current = file_part.replace(/icon_assume_/, "").replace(/.png/, ""); if (current == 'none') // Assume WARN when nothing assumed yet @@ -3574,7 +3573,7 @@ function toggle_assumption(link, site, host, service) // Disable assumption when ok assumed current = 'none'; else - // In all other cases increas the assumption + // In all other cases increase the assumption current = parseInt(current) + 1; var url = "bi_set_assumption.py?site=" + encodeURIComponent(site) @@ -3583,7 +3582,7 @@ function toggle_assumption(link, site, host, service) url += '&service=' + encodeURIComponent(service); } url += '&state=' + current; - img.src = "images/button_assume_" + current + ".png"; + img.src = path_parts.join("/") + "/icon_assume_" + current + ".png"; get_url(url); }

5 years, 8 months

Removed theme.css.map referece to prevent browser warnings

by Lars Michelsen

Module: check_mk Branch: master Commit: 4fe29a35f0d4db713f6ba3d1f71bc263fb2989cf URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4fe29a35f0d4db… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Oct 22 13:41:17 2018 +0200 Removed theme.css.map referece to prevent browser warnings Change-Id: I12c0c579b5279a017264567fdbf43720fcb8367a --- web/htdocs/themes/facelift/theme.css | 2 -- 1 file changed, 2 deletions(-) diff --git a/web/htdocs/themes/facelift/theme.css b/web/htdocs/themes/facelift/theme.css index fa3d339..c3cdfe3 100644 --- a/web/htdocs/themes/facelift/theme.css +++ b/web/htdocs/themes/facelift/theme.css @@ -1795,5 +1795,3 @@ img.glass { display: block; } #hover_menu .graph_container div.time { letter-spacing: 0px; } - -/*# sourceMappingURL=theme.css.map */

5 years, 8 months

df.include: some cleanup

by Moritz Kiemer

Module: check_mk Branch: master Commit: 3afa61bd95f51a6086ef97b7cba9a701180d4975 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3afa61bd95f51a… Author: Moritz Kiemer <mo(a)mathias-kettner.de> Date: Fri Oct 19 16:37:06 2018 +0200 df.include: some cleanup Change-Id: I461b618858df02da23afbc2fec1d593c1ed94510 --- checks/df.include | 125 +++++++++++---------- .../generictests/datasets/df_lnx_regression.py | 4 +- .../generictests/datasets/df_win_regression.py | 2 +- 3 files changed, 69 insertions(+), 62 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=3afa61bd95…

5 years, 8 months

agent_3par: Now able to use passwords from the password store

by Lars Michelsen

Module: check_mk Branch: master Commit: 8ad10f120261487d922998ed9e6b632a8e1c1d41 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8ad10f12026148… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Oct 19 20:42:19 2018 +0200 agent_3par: Now able to use passwords from the password store Change-Id: Icb49efe26f7ffcd0f8d3f18ec6410a08215010d8 --- agents/special/agent_3par | 4 ++++ checks/agent_3par | 12 +++++----- cmk/gui/plugins/wato/active_checks.py | 2 +- cmk/gui/plugins/wato/datasource_programs.py | 5 +++-- tests/testlib/__init__.py | 13 +++++++++++ tests/unit/checks/test_agent_3par.py | 35 +++++++++++++++++++++++++++++ 6 files changed, 62 insertions(+), 9 deletions(-) diff --git a/agents/special/agent_3par b/agents/special/agent_3par index 3cf8ccb..c8eb568 100755 --- a/agents/special/agent_3par +++ b/agents/special/agent_3par @@ -31,6 +31,10 @@ import sys import requests import urllib3 +import cmk.password_store + +cmk.password_store.replace_passwords() + # .--Arguments-----------------------------------------------------------. # | _ _ | diff --git a/checks/agent_3par b/checks/agent_3par index cb74add..5469c8d 100644 --- a/checks/agent_3par +++ b/checks/agent_3par @@ -25,16 +25,16 @@ # Boston, MA 02110-1301 USA. def agent_3par_arguments(params, hostname, ipaddress): - args = '' + args = [] - args += " -u " + quote_shell_string(params["user"]) - args += " -p " + quote_shell_string(params["password"]) - args += " --verify-certs=%s" % ("yes" if params.get("verify_cert", False) else "no") + args += [ "-u", params["user"] ] + args += [ passwordstore_get_cmdline("-p%s", params["password"]) ] + args += [ "--verify-certs=%s" % ("yes" if params.get("verify_cert", False) else "no") ] if "values" in params: - args += " -v " + quote_shell_string(",".join(params["values"])) + args += [ "-v", ",".join(params["values"]) ] - args += " " + quote_shell_string(ipaddress) + args.append(ipaddress) return args diff --git a/cmk/gui/plugins/wato/active_checks.py b/cmk/gui/plugins/wato/active_checks.py index 4669e43..05a32fe 100644 --- a/cmk/gui/plugins/wato/active_checks.py +++ b/cmk/gui/plugins/wato/active_checks.py @@ -29,7 +29,7 @@ from cmk.gui.i18n import _ # TODO: Clean this * import up! from cmk.gui.valuespec import * -from . import ( +from cmk.gui.plugins.wato import ( register_rulegroup, register_rule, PluginCommandLine, diff --git a/cmk/gui/plugins/wato/datasource_programs.py b/cmk/gui/plugins/wato/datasource_programs.py index 3c109b4..66ad3a1 100644 --- a/cmk/gui/plugins/wato/datasource_programs.py +++ b/cmk/gui/plugins/wato/datasource_programs.py @@ -28,10 +28,11 @@ import cmk.gui.watolib as watolib from cmk.gui.i18n import _ from cmk.gui.valuespec import * -from . import ( +from cmk.gui.plugins.wato import ( register_rulegroup, register_rule, monitoring_macro_help, + IndividualOrStoredPassword, ) register_rulegroup("datasource_programs", @@ -1166,7 +1167,7 @@ register_rule("datasource_programs", ("user", TextAscii(title = _("Username"), allow_empty = False, )), - ("password", Password(title = _("Password"), + ("password", IndividualOrStoredPassword(title = _("Password"), allow_empty = False, )), ("verify_cert", DropdownChoice( diff --git a/tests/testlib/__init__.py b/tests/testlib/__init__.py index c5adeca..2e33ff1 100644 --- a/tests/testlib/__init__.py +++ b/tests/testlib/__init__.py @@ -1815,6 +1815,10 @@ class CheckManager(object): self.load([name]) return ActiveCheck(name) + def get_special_agent(self, name): + self.load([name]) + return SpecialAgent(name) + class MissingCheckInfoError(KeyError): pass @@ -1918,3 +1922,12 @@ class ActiveCheck(BaseCheck): def run_service_description(self, params): return self.info['service_description'](params) + + +class SpecialAgent(object): + def __init__(self, name): + import cmk_base.config as config + super(SpecialAgent, self).__init__() + self.name = name + assert self.name.startswith('agent_'), 'Specify the full name of the active check, e.g. agent_3par' + self.argument_func = config.special_agent_info[self.name[len('agent_'):]] diff --git a/tests/unit/checks/test_agent_3par.py b/tests/unit/checks/test_agent_3par.py new file mode 100644 index 0000000..739e323 --- /dev/null +++ b/tests/unit/checks/test_agent_3par.py @@ -0,0 +1,35 @@ +import pytest + +(a)pytest.mark.parametrize("params,result", [ + ({ + "user": "user", + "password": "d1ng", + "verify_cert": False, + "values": ["x","y"], + }, ['-u', 'user', '-pd1ng', '--verify-certs=no', '-v', 'x,y', "address"]), + ({ + "user": "user", + "password": "d1ng", + "values": ["x","y"], + }, ['-u', 'user', '-pd1ng', '--verify-certs=no', '-v', 'x,y', "address"]), + ({ + "user": "user", + "password": "d1ng", + "verify_cert": True, + "values": ["x","y"], + }, ['-u', 'user', '-pd1ng', '--verify-certs=yes', '-v', 'x,y', "address"]), + ({ + "user": "user", + "password": "d1ng", + "verify_cert": True, + }, ['-u', 'user', '-pd1ng', '--verify-certs=yes', "address"]), + ({ + "user": "user", + "password": ("store", "pw-id"), + "verify_cert": True, + }, ['-u', 'user', ('store', 'pw-id', '-p%s'), '--verify-certs=yes', "address"]), +]) +def test_3par(check_manager, params, result): + agent = check_manager.get_special_agent("agent_3par") + arguments = agent.argument_func(params, "host", "address") + assert arguments == result

5 years, 8 months

Special agents can now use the password store

by Lars Michelsen

Module: check_mk Branch: master Commit: 7aca4178dbe09584ce5483f6718e145b8141a5ac URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7aca4178dbe095… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Oct 19 20:37:24 2018 +0200 Special agents can now use the password store * The special agent arguments need to be produced as list by the special_agent_info function. * The function passwordstore_get_cmdline() can be used to add a password from the password store to the command line arguments. Have a look at the 3par special agent related files for an example. CMK-531 Change-Id: I686c0f7923eba8b3839a2624321a2af899b4c83e --- cmk_base/config.py | 55 +++++++++++++++++++++++++++++++++ cmk_base/core_config.py | 41 ++---------------------- cmk_base/data_sources/programs.py | 3 +- tests/unit/cmk_base/test_config.py | 34 ++++++++++++++++++++ tests/unit/cmk_base/test_core_config.py | 16 ++++++++++ 5 files changed, 110 insertions(+), 39 deletions(-) diff --git a/cmk_base/config.py b/cmk_base/config.py index 86bfb08..da49014 100644 --- a/cmk_base/config.py +++ b/cmk_base/config.py @@ -1527,6 +1527,61 @@ def get_service_translations(hostname): translations_cache[hostname] = translations return translations + +def prepare_check_command(command_spec, hostname, service_description): + """Prepares a check command for execution by Check_MK. + + This function either accepts a string or a list of arguments as + command_spec. In case a list is given it quotes the single elements. It + also prepares password store entries for the command line. These entries + will be completed by the executed program later to get the password from + the password store. + """ + if isinstance(command_spec, basestring): + return command_spec + + if not isinstance(command_spec, list): + raise NotImplementedError() + + passwords, formated = [], [] + for arg in command_spec: + arg_type = type(arg) + + if arg_type in [ int, float ]: + formated.append("%s" % arg) + + elif arg_type in [ str, unicode ]: + formated.append(cmk_base.utils.quote_shell_string(arg)) + + elif arg_type == tuple and len(arg) == 3: + pw_ident, preformated_arg = arg[1:] + try: + password = stored_passwords[pw_ident]["password"] + except KeyError: + if hostname and service_description: + descr = " used by service \"%s\" on host \"%s\"" % (service_description, hostname) + elif hostname: + descr = " used by host host \"%s\"" % (hostname) + else: + descr = "" + + console.warning("The stored password \"%s\"%s does not exist (anymore)." % + (pw_ident, descr)) + password = "%%%" + + pw_start_index = str(preformated_arg.index("%s")) + formated.append(cmk_base.utils.quote_shell_string(preformated_arg % ("*" * len(password)))) + passwords.append((str(len(formated)), pw_start_index, pw_ident)) + + else: + raise MKGeneralException("Invalid argument for command line: %r" % (arg,)) + + if passwords: + formated = [ "--pwstore=%s" % ",".join([ "@".join(p) for p in passwords ]) ] + formated + + return " ".join(formated) + + #. # .--Service rules-------------------------------------------------------. # | ____ _ _ | diff --git a/cmk_base/core_config.py b/cmk_base/core_config.py index 1c6e1f3..e1dc126 100644 --- a/cmk_base/core_config.py +++ b/cmk_base/core_config.py @@ -33,7 +33,6 @@ import cmk.tty as tty import cmk.password_store from cmk.exceptions import MKGeneralException -import cmk_base.utils import cmk_base.console as console import cmk_base.config as config import cmk_base.ip_lookup as ip_lookup @@ -303,46 +302,12 @@ def do_update(core, with_precompile): # '----------------------------------------------------------------------' def active_check_arguments(hostname, description, args): - if type(args) in [ str, unicode ]: - return args - - elif type(args) == list: - passwords, formated = [], [] - for arg in args: - arg_type = type(arg) - - if arg_type in [ int, float ]: - formated.append("%s" % arg) - - elif arg_type in [ str, unicode ]: - formated.append(cmk_base.utils.quote_shell_string(arg)) - - elif arg_type == tuple and len(arg) == 3: - pw_ident, preformated_arg = arg[1:] - try: - password = config.stored_passwords[pw_ident]["password"] - except KeyError: - warning("The stored password \"%s\" used by service \"%s\" on host " - "\"%s\" does not exist (anymore)." % - (pw_ident, description, hostname)) - password = "%%%" - - pw_start_index = str(preformated_arg.index("%s")) - formated.append(cmk_base.utils.quote_shell_string(preformated_arg % ("*" * len(password)))) - passwords.append((str(len(formated)), pw_start_index, pw_ident)) - - else: - raise MKGeneralException("Invalid argument for command line: %s" % arg) - - if passwords: - formated = [ "--pwstore=%s" % ",".join([ "@".join(p) for p in passwords ]) ] + formated - - return " ".join(formated) - - else: + if not isinstance(args, (str, unicode, list)): raise MKGeneralException("The check argument function needs to return either a list of arguments or a " "string of the concatenated arguments (Host: %s, Service: %s)." % (hostname, description)) + return config.prepare_check_command(args, hostname, description) + #. # .--HostAttributes------------------------------------------------------. diff --git a/cmk_base/data_sources/programs.py b/cmk_base/data_sources/programs.py index db33c54..3fa555c 100644 --- a/cmk_base/data_sources/programs.py +++ b/cmk_base/data_sources/programs.py @@ -185,6 +185,7 @@ class SpecialAgentDataSource(ProgramDataSource): """Create command line using the special_agent_info""" info_func = config.special_agent_info[self._special_agent_id] cmd_arguments = info_func(self._params, self._hostname, self._ipaddress) + final_arguments = config.prepare_check_command(cmd_arguments, self._hostname, service_description=None) special_agents_dir = cmk.paths.agents_dir + "/special" local_special_agents_dir = cmk.paths.local_agents_dir + "/special" @@ -194,4 +195,4 @@ class SpecialAgentDataSource(ProgramDataSource): else: path = special_agents_dir + "/agent_" + self._special_agent_id - return path + " " + cmd_arguments + return path + " " + final_arguments diff --git a/tests/unit/cmk_base/test_config.py b/tests/unit/cmk_base/test_config.py index ffc2283..419fe9b 100644 --- a/tests/unit/cmk_base/test_config.py +++ b/tests/unit/cmk_base/test_config.py @@ -1,3 +1,5 @@ +# encoding: utf-8 + import pytest import cmk_base.config as config @@ -91,3 +93,35 @@ def test_is_all_agents_host(monkeypatch, hostname, tags, result): def test_is_all_special_agents_host(monkeypatch, hostname, tags, result): monkeypatch.setattr(config, "tags_of_host", lambda h: {hostname: tags}[h]) assert config.is_all_special_agents_host(hostname) == result + + +def test_prepare_check_command_basics(): + assert config.prepare_check_command(u"args 123 -x 1 -y 2", "bla", "blub") \ + == u"args 123 -x 1 -y 2" + + assert config.prepare_check_command(["args", "123", "-x", "1", "-y", "2"], "bla", "blub") \ + == "'args' '123' '-x' '1' '-y' '2'" + + assert config.prepare_check_command(["args", "1 2 3", "-d=2", "--hallo=eins", 9], "bla", "blub") \ + == "'args' '1 2 3' '-d=2' '--hallo=eins' 9" + + with pytest.raises(NotImplementedError): + config.prepare_check_command((1, 2), "bla", "blub") + + +(a)pytest.mark.parametrize("pw", ["abc", "123", "x'äd!?", u"aädg"]) +def test_prepare_check_command_password_store(monkeypatch, pw): + monkeypatch.setattr(config, "stored_passwords", { + "pw-id": { + "password": pw, + } + }) + assert config.prepare_check_command(["arg1", ("store", "pw-id", "--password=%s"), "arg3"], "bla", "blub") \ + == "--pwstore=2@11@pw-id 'arg1' '--password=%s' 'arg3'" % ("*" * len(pw)) + + +def test_prepare_check_command_not_existing_password(capsys): + assert config.prepare_check_command(["arg1", ("store", "pw-id", "--password=%s"), "arg3"], "bla", "blub") \ + == "--pwstore=2@11@pw-id 'arg1' '--password=***' 'arg3'" + stderr = capsys.readouterr().err + assert "The stored password \"pw-id\" used by service \"blub\" on host \"bla\"" in stderr diff --git a/tests/unit/cmk_base/test_core_config.py b/tests/unit/cmk_base/test_core_config.py new file mode 100644 index 0000000..e4d0236 --- /dev/null +++ b/tests/unit/cmk_base/test_core_config.py @@ -0,0 +1,16 @@ +import pytest + +from cmk.exceptions import MKGeneralException +import cmk_base.config as config +import cmk_base.core_config as core_config + +def test_active_check_arguments(mocker): + with pytest.raises(MKGeneralException): + core_config.active_check_arguments("bla", "blub", 1) + + with pytest.raises(MKGeneralException): + core_config.active_check_arguments("bla", "blub", (1, 2)) + + prepare_check_command = mocker.patch.object(config, "prepare_check_command") + core_config.active_check_arguments("bla", "blub", u"args 123 -x 1 -y 2") + assert prepare_check_command.called_once()

5 years, 8 months

Fixed crash after internal refactoring

by Lars Michelsen

Module: check_mk Branch: master Commit: b33288749d4e77a03b1ef4437b86a044b9dc4f39 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b33288749d4e77… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Oct 22 07:32:10 2018 +0200 Fixed crash after internal refactoring Change-Id: I13ca6f3227259d3d53f3456494bb3fc68e1ce454 --- cmk/gui/bi.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmk/gui/bi.py b/cmk/gui/bi.py index 87edc8d..161e0e9 100644 --- a/cmk/gui/bi.py +++ b/cmk/gui/bi.py @@ -3022,7 +3022,7 @@ class FoldableTreeRenderer(object): html.icon_button( url=None, - help=_("Assume another state for this item (reload page to activate)"), + title=_("Assume another state for this item (reload page to activate)"), icon="assume_%s" % current_state, onclick="toggle_assumption(this, '%s', '%s', '%s');" % (site, host, service.replace('\\', '\\\\') if service else ''), cssclass="assumption",

5 years, 8 months

6845 Add permission "Use CSV export" to control access to this feature

by Lars Michelsen

Module: check_mk Branch: master Commit: 5b01f3644be67d6257ba1012dbac729e714a9ae3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5b01f3644be67d… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Oct 22 08:02:38 2018 +0200 6845 Add permission "Use CSV export" to control access to this feature Change-Id: I3ddd09dd0dd0961586f37aba827a2e15d866711c --- .werks/6845 | 10 ++++++++++ cmk/gui/default_permissions.py | 5 +++++ cmk/gui/htmllib.py | 2 +- cmk/gui/plugins/views/availability.py | 8 ++++---- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/.werks/6845 b/.werks/6845 new file mode 100644 index 0000000..a7e802d --- /dev/null +++ b/.werks/6845 @@ -0,0 +1,10 @@ +Title: Add permission "Use CSV export" to control access to this feature +Level: 1 +Component: multisite +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1540068749 +Class: feature + + diff --git a/cmk/gui/default_permissions.py b/cmk/gui/default_permissions.py index 299ce53..0c0a5a5 100644 --- a/cmk/gui/default_permissions.py +++ b/cmk/gui/default_permissions.py @@ -107,6 +107,11 @@ def load_plugins(force): _("See the availability views of hosts and services"), [ "admin", "user", "guest" ]) + config.declare_permission("general.csv_export", + _("Use CSV export"), + _("Export data of views using the CSV export"), + [ "admin", "user", "guest" ]) + config.declare_permission('general.edit_notifications', _('Edit personal notification settings'), _('This allows a user to edit his personal notification settings. You also need the permission ' diff --git a/cmk/gui/htmllib.py b/cmk/gui/htmllib.py index ddc9f59..ea1781b 100644 --- a/cmk/gui/htmllib.py +++ b/cmk/gui/htmllib.py @@ -3003,7 +3003,7 @@ hy "pageurl", target="_top", cssclass="inline") # TODO: Move this away from here. Make a context button. The view should handle this - if self.myfile == "view" and self.var('mode') != 'availability': + if self.myfile == "view" and self.var('mode') != 'availability' and config.user.may("general.csv_export"): self.icon_button(self.makeuri([("output_format", "csv_export")]), _("Export as CSV"), "download_csv", target="_top", cssclass="inline") diff --git a/cmk/gui/plugins/views/availability.py b/cmk/gui/plugins/views/availability.py index 82a9dcb..034817f 100644 --- a/cmk/gui/plugins/views/availability.py +++ b/cmk/gui/plugins/views/availability.py @@ -206,7 +206,7 @@ def render_availability_page(view, datasource, context, filterheaders, only_site av_data = availability.compute_availability(what, av_rawdata, avoptions) # Do CSV ouput - if html.output_format == "csv_export": + if html.output_format == "csv_export" and config.user.may("general.csv_export"): output_availability_csv(what, av_data, avoptions) return @@ -232,7 +232,7 @@ def render_availability_page(view, datasource, context, filterheaders, only_site if config.reporting_available() and config.user.may("general.reporting"): html.context_button(_("Export as PDF"), html.makeuri([], filename="report_instant.py"), "report") - if av_mode == "table": + if av_mode == "table" and config.user.may("general.csv_export"): html.context_button(_("Export as CSV"), html.makeuri([("output_format", "csv_export")]), "download_csv") if av_mode == "timeline" or av_object: @@ -526,7 +526,7 @@ def render_bi_availability(title, aggr_rows): html.context_button(_("Status View"), html.makeuri([("mode", "status")]), "status") if config.reporting_available() and config.user.may("general.reporting"): html.context_button(_("Export as PDF"), html.makeuri([], filename="report_instant.py"), "report") - if av_mode == "availability": + if av_mode == "availability" and config.user.may("general.csv_export"): html.context_button(_("Export as CSV"), html.makeuri([("output_format", "csv_export")]), "download_csv") if av_mode == "timeline": @@ -654,7 +654,7 @@ def render_bi_availability(title, aggr_rows): html.makeuri([("_unset_logrow_limit", "1")])) html.show_warning(text) - if html.output_format == "csv_export": + if html.output_format == "csv_export" and config.user.may("general.csv_export"): output_availability_csv("bi", av_data, avoptions) return

5 years, 8 months

Fixed processing of HTTP vars with equal sign in name

by Lars Michelsen

Module: check_mk Branch: master Commit: a9bd04fa333a16e3f48cac42b22b0d7cd1d0da30 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a9bd04fa333a16… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Oct 22 08:10:43 2019 +0200 Fixed processing of HTTP vars with equal sign in name This issue was introduced during some internal cleanups where the valid characters for variable names have been made stricter. This disallowed base64 encoded parts in the names which is now possible again. This is used at least on the user edit dialog and the service discovery page. Change-Id: Ia896b7f9a88f91bce806ff178d9a13744339b6a9 --- cmk/gui/http.py | 2 +- tests/unit/cmk/gui/test_http.py | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/cmk/gui/http.py b/cmk/gui/http.py index 9d98f90..cd30716 100644 --- a/cmk/gui/http.py +++ b/cmk/gui/http.py @@ -83,7 +83,7 @@ class Request(object): # alphanumeric characters plus any character from set('%*+-._'), which is probably still a # bit too broad. We should really figure out what we need and make sure that we only use # that restricted set. - varname_regex = re.compile(r'^[\w.%*+-]+$') + varname_regex = re.compile(r'^[\w.%*+=-]+$') for field in fields.list: varname = field.name diff --git a/tests/unit/cmk/gui/test_http.py b/tests/unit/cmk/gui/test_http.py index 196175d..bcf03d0 100644 --- a/tests/unit/cmk/gui/test_http.py +++ b/tests/unit/cmk/gui/test_http.py @@ -2,11 +2,27 @@ # encoding: utf-8 import time +import io import cmk.gui.http as http from cmk.gui.globals import html +def test_http_request_allowed_vars(): + wsgi_environ = { + # Please note: This is no complete WSGI environment + "REQUEST_METHOD" : "POST", + # Contains a variable that has a base64 coded value in it's name. This + # is done for example on the service discovery page or on the user + # editing page. + "wsgi.input" : io.BytesIO("asd=x&_Y21rYWRtaW4%3D=aaa"), + "SCRIPT_NAME" : "", + "REQUEST_URI" : "", + } + req = http.Request(wsgi_environ) + assert req.var("asd") == "x" + assert req.var("_Y21rYWRtaW4=") == "aaa" + def test_cookie_handling(register_builtin_html, monkeypatch): monkeypatch.setattr(html.request, "cookies", {"cookie1": {"key": "1a"}}) assert html.request.get_cookie_names() == ["cookie1"]

5 years, 8 months

Improved nested group lookup performance

by Lars Michelsen

Module: check_mk Branch: master Commit: 7c4db93c6d3a844e5b5dd068c98dfa72a39f02f3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7c4db93c6d3a84… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Jul 6 11:45:46 2018 +0200 Improved nested group lookup performance * Don't rely on the incedibly slow memberOf:1.2.840.113556.1.4.1941: chain matching mechanism anymore. * Use nested resolutions of group memberships including runtime cache of group memberships which is renewed for each sync process. * Group members are now sorted for better testability Change-Id: Ieb992a9a03b251b2a14d2fd3b26f353706e0e59a --- cmk/gui/plugins/userdb/ldap_connector.py | 98 +++++++++++++++++++++++++++----- 1 file changed, 85 insertions(+), 13 deletions(-) diff --git a/cmk/gui/plugins/userdb/ldap_connector.py b/cmk/gui/plugins/userdb/ldap_connector.py index e6936a4..4f6970b 100644 --- a/cmk/gui/plugins/userdb/ldap_connector.py +++ b/cmk/gui/plugins/userdb/ldap_connector.py @@ -181,6 +181,7 @@ class LDAPUserConnector(UserConnector): self._num_queries = 0 self._user_cache = {} self._group_cache = {} + self._group_search_cache = {} # File for storing the time of the last success event self._sync_time_file = cmk.paths.var_dir + '/web/ldap_%s_sync_time.mk'% self.id() @@ -765,15 +766,17 @@ class LDAPUserConnector(UserConnector): def get_group_memberships(self, filters, filt_attr = 'cn', nested = False): cache_key = (tuple(filters), nested, filt_attr) - if cache_key in self._group_cache: - return self._group_cache[cache_key] + if cache_key in self._group_search_cache: + return self._group_search_cache[cache_key] + + self._group_cache.setdefault(nested, {}) if not nested: groups = self._get_direct_group_memberships(filters, filt_attr) else: groups = self._get_nested_group_memberships(filters, filt_attr) - self._group_cache[cache_key] = groups + self._group_search_cache[cache_key] = groups return groups @@ -797,18 +800,27 @@ class LDAPUserConnector(UserConnector): self._config['group_scope']): groups[dn] = { 'cn' : obj['cn'][0], - 'members' : [ m.lower() for m in obj.get(member_attr,[]) ], + 'members' : sorted([ m.lower() for m in obj.get(member_attr,[]) ]), } else: # Special handling for OpenLDAP when searching for groups by DN for f_dn in filters: + # Try to get members from group cache + try: + groups[f_dn] = self._group_cache[False][f_dn] + continue + except KeyError: + pass + for dn, obj in self._ldap_search(self._replace_macros(f_dn), filt, ['cn', member_attr], 'base'): groups[f_dn] = { 'cn' : obj['cn'][0], - 'members' : [ m.lower() for m in obj.get(member_attr,[]) ], + 'members' : sorted([ m.lower() for m in obj.get(member_attr,[]) ]), } + self._group_cache[False].update(groups) + return groups @@ -817,9 +829,17 @@ class LDAPUserConnector(UserConnector): # memberof filter to get all group memberships of that group. We need one query for each group. def _get_nested_group_memberships(self, filters, filt_attr): groups = {} + + # Search group members in common ancestor of group and user base DN to be able to use a single + # query instead of one for groups and one for users below when searching for the members. + base_dn = self._group_and_user_base_dn() + for filter_val in filters: matched_groups = {} + # The memberof query below is only possible when knowing the DN of groups. We need + # to look for the DN when the caller gives us CNs (e.g. when using the the groups + # to contact groups plugin). if filt_attr == 'cn': result = self._ldap_search(self.get_group_dn(), '(&%s(cn=%s))' % (self.ldap_filter('groups'), filter_val), @@ -832,22 +852,73 @@ class LDAPUserConnector(UserConnector): else: # in case of asking with DNs in nested mode, the resulting objects have the # cn set to None for all objects. We do not need it in that case. - matched_groups[filter_val] = None + dn = filter_val + matched_groups[dn] = None + # Now lookup the memberships. Previously we used the filter "memberOf:1.2.840.113556.1.4.1941:" + # here which seemed to be a performance problem. Resolving the nesting involves more single + # queries but performs much better. for dn, cn in matched_groups.items(): - filt = '(&%s(memberOf:1.2.840.113556.1.4.1941:=%s))' % \ - (self.ldap_filter('users'), dn) + # Try to get members from group cache + try: + groups[dn] = self._group_cache[True][dn] + continue + except KeyError: + pass + + # In case we don't have the cn we need to fetch it. It may be needed, e.g. by the contact group + # sync plugin + if cn is None: + group = self._ldap_search(dn, filt="(objectclass=group)", columns=['cn'], scope='base') + if group: + cn = group[0][1]["cn"][0] + + filt = '(memberof=%s)' % dn groups[dn] = { - 'members' : [], - 'cn' : cn, + 'members' : [], + 'cn' : cn, } - for user_dn, _obj in self._ldap_search(self._get_user_dn(), - filt, ['dn'], self._config['user_scope']): - groups[dn]['members'].append(user_dn.lower()) + + sub_group_filters = [] + for obj_dn, obj in self._ldap_search(base_dn, filt, ['dn', 'objectclass'], 'sub'): + if "user" in obj['objectclass']: + groups[dn]['members'].append(obj_dn) + + elif "group" in obj['objectclass']: + sub_group_filters.append(obj_dn) + + # TODO: This could be optimized by first collecting all sub groups of all searched + # groups, then collecting them all together + for _sub_group_dn, sub_group in self.get_group_memberships(sub_group_filters, filt_attr='dn', nested=True).items(): + groups[dn]['members'] += sub_group["members"] + + groups[dn]['members'].sort() + + self._group_cache[True][dn] = groups[dn] return groups + def _group_and_user_base_dn(self): + user_dn = ldap.dn.str2dn(self._get_user_dn()) + group_dn = ldap.dn.str2dn(self.get_group_dn()) + + common_len = min(len(user_dn), len(group_dn)) + user_dn, group_dn = user_dn[-common_len:], group_dn[-common_len:] + + base_dn = None + for i in range(common_len): + if user_dn[i:] == group_dn[i:]: + base_dn = user_dn[i:] + break + + if base_dn is None: + raise MKLDAPException(_("Unable to synchronize nested groups (Found no common base DN for user base " + "DN \"%s\" and group base DN \"%s\")") % (self._get_user_dn(), self.get_group_dn())) + + return ldap.dn.dn2str(base_dn) + + # # USERDB API METHODS # @@ -1137,6 +1208,7 @@ class LDAPUserConnector(UserConnector): self._num_queries = 0 self._user_cache.clear() self._group_cache.clear() + self._group_search_cache.clear() def _set_last_sync_time(self):

5 years, 8 months

Fixed LDAP config tests

by Lars Michelsen

Module: check_mk Branch: master Commit: 62e0166ec18db0ea0e9c7592690ff28e3cf81254 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=62e0166ec18db0… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Oct 18 07:45:25 2018 +0200 Fixed LDAP config tests Change-Id: I5dc40617f64b114bc7bed4e9e1ede7e1d442a996 --- cmk/gui/plugins/userdb/ldap_connector.py | 47 +++++++++++++++++------- cmk/gui/wato/pages/ldap.py | 25 +++++++------ tests/unit/cmk/gui/test_userdb_ldap_connector.py | 2 +- 3 files changed, 48 insertions(+), 26 deletions(-) diff --git a/cmk/gui/plugins/userdb/ldap_connector.py b/cmk/gui/plugins/userdb/ldap_connector.py index 53c8a60..b93d433 100644 --- a/cmk/gui/plugins/userdb/ldap_connector.py +++ b/cmk/gui/plugins/userdb/ldap_connector.py @@ -68,7 +68,7 @@ from cmk.gui.valuespec import * from cmk.gui.i18n import _ from cmk.gui.globals import html from cmk.gui.exceptions import MKGeneralException, MKUserError -from . import UserConnector, user_connector_registry +from cmk.gui.plugins.userdb.utils import UserConnector, user_connector_registry if cmk.is_managed_edition(): import cmk.gui.cme.managed as managed @@ -710,7 +710,7 @@ class LDAPUserConnector(UserConnector): - def _get_users(self, add_filter = ''): + def get_users(self, add_filter = ''): user_id_attr = self._user_id_attr() columns = [ @@ -750,6 +750,21 @@ class LDAPUserConnector(UserConnector): return result + def get_groups(self, specific_dn = None): + filt = self.ldap_filter('groups') + dn = self.get_group_dn() + + if specific_dn: + # When using AD, the groups can be filtered by the DN attribute. With + # e.g. OpenLDAP this is not possible. In that case, change the DN. + if self.is_active_directory(): + filt = '(&%s(distinguishedName=%s))' % (filt, specific_dn) + else: + dn = specific_dn + + return self._ldap_search(dn, filt, ['cn'], self._config['group_scope']) + + # TODO: Use get_group_memberships()? def _get_filter_group_members(self, filter_group_dn): member_attr = self._member_attr().lower() @@ -1072,7 +1087,7 @@ class LDAPUserConnector(UserConnector): self._logger.info('SYNC STARTED') self._logger.info(' SYNC PLUGINS: %s' % ', '.join(self._config['active_plugins'].keys())) - ldap_users = self._get_users() + ldap_users = self.get_users() import cmk.gui.userdb as userdb # TODO: Cleanup users = userdb.load_users(lock = True) @@ -2251,15 +2266,7 @@ ldap_attribute_plugins['groups_to_attributes'] = { # '----------------------------------------------------------------------' def ldap_sync_groups_to_roles(connection, plugin, params, user_id, ldap_user, user): - import cmk.gui.userdb as userdb # TODO: Cleanup - - # Load the needed LDAP groups, which match the DNs mentioned in the role sync plugin config - ldap_groups = {} - for connection_id, group_dns in get_groups_to_fetch(connection, params).items(): - conn = userdb.get_connection(connection_id) - ldap_groups.update(dict(conn.get_group_memberships(group_dns, - filt_attr = 'distinguishedname', - nested = params.get('nested', False)))) + ldap_groups = fetch_needed_groups_for_groups_to_roles(connection, params) # posixGroup objects use the memberUid attribute to specify the group # memberships. This is the username instead of the users DN. So the @@ -2294,7 +2301,21 @@ def ldap_sync_groups_to_roles(connection, plugin, params, user_id, ldap_user, us return {'roles': list(roles)} -def get_groups_to_fetch(connection, params): +def fetch_needed_groups_for_groups_to_roles(connection, params): + import cmk.gui.userdb as userdb # TODO: Cleanup + + # Load the needed LDAP groups, which match the DNs mentioned in the role sync plugin config + ldap_groups = {} + for connection_id, group_dns in _get_groups_to_fetch(connection, params).items(): + conn = userdb.get_connection(connection_id) + ldap_groups.update(dict(conn.get_group_memberships(group_dns, + filt_attr = 'distinguishedname', + nested = params.get('nested', False)))) + + return ldap_groups + + +def _get_groups_to_fetch(connection, params): groups_to_fetch = {} for group_specs in params.itervalues(): if type(group_specs) == list: diff --git a/cmk/gui/wato/pages/ldap.py b/cmk/gui/wato/pages/ldap.py index 638da55..d9ecb9a 100644 --- a/cmk/gui/wato/pages/ldap.py +++ b/cmk/gui/wato/pages/ldap.py @@ -31,6 +31,7 @@ import cmk.gui.config as config import cmk.gui.watolib as watolib import cmk.gui.userdb as userdb import cmk.gui.table as table +import cmk.gui.plugins.userdb.ldap_connector from cmk.gui.log import logger from cmk.gui.htmllib import HTML from cmk.gui.exceptions import MKUserError @@ -262,7 +263,7 @@ class ModeEditLDAPConnection(LDAPMode): 'href="https://mathias-kettner.com/checkmk_multisite_ldap_integration.html">' 'LDAP Documentation</a>.')))) else: - connection = userdb.get_connection(self._connection_id) + connection = userdb.get_connection(self._connection_id) # type: cmk.gui.plugins.userdb.ldap_connector.LDAPUserConnector for address in connection.servers(): html.h3("%s: %s" % (_('Server'), address)) table.begin('test', searchable = False) @@ -382,22 +383,22 @@ class ModeEditLDAPConnection(LDAPMode): if 'groups_to_roles' not in active_plugins: return True, _('Skipping this test (Plugin is not enabled)') + params = active_plugins['groups_to_roles'] connection.connect(enforce_new = True, enforce_server = address) - num = 0 + + ldap_groups = cmk.gui.plugins.userdb.ldap_connector.fetch_needed_groups_for_groups_to_roles(connection, params) + + num_groups = 0 for role_id, group_distinguished_names in active_plugins['groups_to_roles'].items(): if type(group_distinguished_names) != list: group_distinguished_names = [group_distinguished_names] - for dn in group_distinguished_names: - if type(dn) in [ str, unicode ]: - num += 1 - try: - ldap_groups = connection.get_groups(dn) - if not ldap_groups: - return False, _('Could not find the group specified for role %s') % role_id - except Exception, e: - return False, _('Error while fetching group for role %s: %s') % (role_id, e) - return True, _('Found all %d groups.') % num + for dn, _search_connection_id in group_distinguished_names: + if dn.lower() not in ldap_groups: + return False, _('Could not find the group specified for role %s') % role_id + + num_groups += 1 + return True, _('Found all %d groups.') % num_groups def _valuespec(self): diff --git a/tests/unit/cmk/gui/test_userdb_ldap_connector.py b/tests/unit/cmk/gui/test_userdb_ldap_connector.py index e9f8584..6d62510 100644 --- a/tests/unit/cmk/gui/test_userdb_ldap_connector.py +++ b/tests/unit/cmk/gui/test_userdb_ldap_connector.py @@ -353,7 +353,7 @@ def test_non_contact_attributes(mocked_ldap): def test_get_users(mocked_ldap): - users = mocked_ldap._get_users() + users = mocked_ldap.get_users() assert len(users) == 3 assert u"härry" in users

5 years, 8 months

← Newer
1
...
6
7
8
9
10
11
12
...
31
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits October 2018