[checkmk-commits] Check_MK Git: check_mk: #1589 FIX Restructured SNMP credentials rule specification

Module: check_mk Branch: master Commit: ab8293853b1e8dd25e40ab28b821960baafb1137 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ab8293853b1e8d… Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt; Date: Wed Dec 3 11:21:49 2014 +0100 #1589 FIX Restructured SNMP credentials rule specification Previous valuespec allowed wrong configurations which lead to non working SNMP credential values. --- .werks/1589 | 10 +++ ChangeLog | 1 + web/htdocs/check_mk.css | 8 +-- web/htdocs/valuespec.py | 5 ++ web/plugins/wato/check_mk_configuration.py | 104 ++++++++++++++++++---------- 5 files changed, 85 insertions(+), 43 deletions(-) diff --git a/.werks/1589 b/.werks/1589 new file mode 100644 index 0000000..b169304 --- /dev/null +++ b/.werks/1589 @@ -0,0 +1,10 @@ +Title: Restructured SNMP credentials rule specification +Level: 1 +Component: wato +Compatible: compat +Version: 1.2.5i7 +Date: 1417602070 +Class: fix + +Previous valuespec allowed wrong configurations which lead to non +working SNMP credential values. diff --git a/ChangeLog b/ChangeLog index 4f1e0ff..cf8be8c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -120,6 +120,7 @@ * 1556 FIX: WATO inventory ignores already inventorized checks which does not exist anymore... * 1576 FIX: SNMP Community host attribute is now visible for IE<=8... * 1588 FIX: Renamed SNMP communities rule to SNMP credentials + * 1589 FIX: Restructured SNMP credentials rule specification... Notifications: * 1512 Bulk notification can now be grouped according to custom macro values... diff --git a/web/htdocs/check_mk.css b/web/htdocs/check_mk.css index 9e60aa1..a2cd9c9 100644 --- a/web/htdocs/check_mk.css +++ b/web/htdocs/check_mk.css @@ -393,13 +393,7 @@ table.valuespec_tuple td { } table.valuespec_tuple td.tuple_left { - padding-right: 8px; - padding-top: 5px; -} - -table.valuespec_tuple td.tuple_right, -table.valuespec_tuple td.tuple_left { - /* padding-bottom: 3px; */ + vertical-align: middle; } table.valuespec_tuple span.title { diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py index 24a7c41..1d21eb6 100644 --- a/web/htdocs/valuespec.py +++ b/web/htdocs/valuespec.py @@ -353,6 +353,7 @@ class TextAscii(ValueSpec): self._regex = kwargs.get("regex") self._regex_error = kwargs.get("regex_error", _("Your input does not match the required format.")) + self._minlen = kwargs.get('minlen', None) if type(self._regex) == str: self._regex = re.compile(self._regex) self._prefix_buttons = kwargs.get("prefix_buttons", []) @@ -430,6 +431,10 @@ class TextAscii(ValueSpec): if value and self._regex: if not self._regex.match(value): raise MKUserError(varprefix, self._regex_error) + + if self._minlen != None and len(value) < self._minlen: + raise MKUserError(varprefix, _("You need to provide at least %d characters.") % self._minlen) + ValueSpec.custom_validate(self, value, varprefix) class TextUnicode(TextAscii): diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py index 30fab55..29936a1 100644 --- a/web/plugins/wato/check_mk_configuration.py +++ b/web/plugins/wato/check_mk_configuration.py @@ -2247,47 +2247,79 @@ register_rule(group, "and can change.")) group = "agent/" + _("SNMP") -_snmpv3_basic_elements = [ - DropdownChoice( - choices = [ - ( "authPriv", _("authPriv")), - ( "authNoPriv", _("authNoPriv")), - ( "noAuthNoPriv", _("noAuthNoPriv")), - ], - title = _("Security level")), - DropdownChoice( - choices = [ - ( "md5", _("MD5") ), - ( "sha", _("SHA1") ), - ], - title = _("Authentication protocol")), - TextAscii(title = _("Security name"), attrencode = True), - Password(title = _("Authentication password"))] +_snmpv3_auth_elements = [ + DropdownChoice( + choices = [ + ( "md5", _("MD5") ), + ( "sha", _("SHA1") ), + ], + title = _("Authentication protocol") + ), + TextAscii( + title = _("Security name"), + attrencode = True + ), + Password( + title = _("Authentication password"), + minlen = 8, + ) +] register_rule(group, "snmp_communities", Alternative( - elements = [ - TextAscii( - title = _("SNMP community (SNMP Versions 1 and 2c)"), - allow_empty = False, - attrencode = True, - ), - Tuple( - title = _("Credentials for SNMPv3"), - elements = _snmpv3_basic_elements), - Tuple( - title = _("Credentials for SNMPv3 including privacy options"), - elements = _snmpv3_basic_elements + [ - DropdownChoice( - choices = [ - ( "DES", _("DES") ), - ( "AES", _("AES") ), - ], - title = _("Privacy protocol")), - Password(title = _("Privacy pass phrase")), - ])], + elements = [ + TextAscii( + title = _("SNMP community (SNMP Versions 1 and 2c)"), + allow_empty = False, + attrencode = True, + ), + Tuple( + title = _("Credentials for SNMPv3 without authentication and privacy (noAuthNoPriv)"), + elements = [ + FixedValue("noAuthNoPriv", + title = _("Security Level"), + totext = _("No authentication, no privacy"), + ), + ] + ), + Tuple( + title = _("Credentials for SNMPv3 with authentication but without privacy (authNoPriv)"), + elements = [ + FixedValue("authNoPriv", + title = _("Security Level"), + totext = _("authentication but no privacy"), + ), + ] + _snmpv3_auth_elements + ), + Tuple( + title = _("Credentials for SNMPv3 with authentication and privacy (authPriv)"), + elements = [ + FixedValue("authPriv", + title = _("Security Level"), + totext = _("authentication and encryption"), + ), + ] + _snmpv3_auth_elements + [ + DropdownChoice( + choices = [ + ( "DES", _("DES") ), + ( "AES", _("AES") ), + ], + title = _("Privacy protocol") + ), + Password( + title = _("Privacy pass phrase"), + minlen = 8, + ), + ] + ), + ], + + match = lambda x: type(x) == tuple and ( \ + len(x) == 1 and 1 or \ + len(x) == 4 and 2 or 3) or 0, + style = "dropdown", default_value = "public", title = _("SNMP credentials of monitored hosts"), help = _("By default Check_MK uses the community \"public\" to contact hosts via SNMP v1/v2. This rule "