[checkmk-commits] [Checkmk/checkmk] 89b83a: fix typo: Not all werks are NOT_COMPATIBLE

Branch: refs/heads/master Home: https://github.com/Checkmk/checkmk Commit: 89b83afc27e7d4c9811c481cc6fe5251f6bf44fa https://github.com/Checkmk/checkmk/commit/89b83afc27e7d4c9811c481cc6fe5251f… Author: Benedikt Seidl &lt;benedikt.seidl(a)checkmk.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: M cmk/utils/werks/werkv1.py Log Message: ----------- fix typo: Not all werks are NOT_COMPATIBLE Change-Id: I71aee915ec0b54d6a020a9b8cec2db8f058be418 Commit: 0ffe9fd2831998be765a72275af46b0fb2408bea https://github.com/Checkmk/checkmk/commit/0ffe9fd2831998be765a72275af46b0fb… Author: Benedikt Seidl &lt;benedikt.seidl(a)checkmk.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: M CHANGES Log Message: ----------- Update CHANGES Change-Id: If2166e33c12f3aff19dcf27d047ad4742a87c7a9 Commit: e458e6fddbf2cece6801dd94b7c814f01cf2be3e https://github.com/Checkmk/checkmk/commit/e458e6fddbf2cece6801dd94b7c814f01… Author: Hannes Rantzsch &lt;hannes.rantzsch(a)tribe29.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: A .werks/15189 M cmk/base/diagnostics.py Log Message: ----------- 15189 SEC Don't log automation user credentials when generating performance graph diagnostics Prior to this Werk, creating a Support Diagnostic report including the option "Performance Graphs of Checkmk Server" caused the automation secret of the user "automation" to be logged to the site Apache access log file (var/log/apache/access_log). This affected both creating the diagnostic report via the GUI (Setup > Maintenance > Support diagnostics) and via the command line (cmk --create-diagnostics-dump --performance-graphs). With this Werk the credentials are no longer written to the log file. Note that no automatic sanitization of the log file is attempted by applying this patch. This issue was discovered during internal review. Affected Versions: - 2.2.0 (beta) - 2.1.0 - 2.0.0 Mitigations: Users are advised to change the secret of the user "automation" via the User Management UI. If this is not an option for you, delete or manually sanitize the Apache access log file and any backup of the file. Remove any line that contains a POST to <your site URL>/report.py?_username=automation&_secret=<...>. Refrain from using the affected functionality before applying this patch or manually sanitize the file afterwards. Vulnerability Management: We have rated the issue with a CVSS Score of 4.4 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</tt>. We have assigned CVE-2023-31207. Change-Id: I5b903fb3c1d186219f7718acf3d6efa498e9f5cf Commit: ad9de1d7ef2bb8f58bda1c1f001e59b0470bc2ca https://github.com/Checkmk/checkmk/commit/ad9de1d7ef2bb8f58bda1c1f001e59b04… Author: Joerg Herbel &lt;joerg.herbel(a)checkmk.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: M cmk/gui/watolib/activate_changes.py M omd/packages/omd/skel.permissions R omd/packages/omd/skel/etc/omd/allocated_ports M tests/integration/omd/test_permissions.py M tests/unit/cmk/gui/watolib/test_activate_changes.py Log Message: ----------- Purge remainders of allocated_ports In 2.2, we have an update action to remove this file. Hence, when a user will update to 2.3, this file will not be present, which means that we can now completely purge the last remainders. FEED-7861 Change-Id: I59bcec08a83103f77a541c74e8226d5901cc9987 Commit: 1dd13a068067a359a565cec1cd2f16aacfd21b52 https://github.com/Checkmk/checkmk/commit/1dd13a068067a359a565cec1cd2f16aac… Author: Joerg Herbel &lt;joerg.herbel(a)checkmk.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: M omd/packages/apache-omd/APACHE_TCP_PORT M omd/packages/check_mk/AGENT_RECEIVER_PORT M omd/packages/mk-livestatus/LIVESTATUS_TCP_PORT A omd/packages/omd/next_free_port M omd/packages/omd/omd.make R omd/packages/omd/port_is_used Log Message: ----------- Give better name to script which finds next free port Change-Id: Iaf1f978ae5c8c13d395ede9e17d75d621644ec28 Commit: 7279e22687bb1c84133810c7c62f1211b9ce41c6 https://github.com/Checkmk/checkmk/commit/7279e22687bb1c84133810c7c62f1211b… Author: Solomon Jacobs &lt;solomon.jacobs(a)tribe29.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: M cmk/special_agents/agent_kube.py M cmk/special_agents/utils_kubernetes/api_server.py M cmk/special_agents/utils_kubernetes/query.py Log Message: ----------- kube: introduce requests session as api_client I This commit prepares the making the calls to the Kubernetes API server asynchronous. The Kubernetes Python client does offer an async option itself. With this option, the HTTP requests not be executed in the main thread. However, they will still be blocking each other. Moreover, the client cannot be pickled, thus multiprocessing is also not possible. Therefore, we now move to a different option. This change modifies the smallest of the API classes. More updates will follow. CMK-12359 Change-Id: Ia111cb8d320257162823aed3604657d19b6da9c2 Commit: 8858a1c748d240e5448831d57a2b1d1c02ab39f4 https://github.com/Checkmk/checkmk/commit/8858a1c748d240e5448831d57a2b1d1c0… Author: Solomon Jacobs &lt;solomon.jacobs(a)tribe29.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: M cmk/base/plugins/agent_based/kube_cluster_api_health.py M cmk/base/plugins/agent_based/kube_node_kubelet.py M cmk/base/plugins/agent_based/utils/kube.py M cmk/special_agents/utils_kubernetes/api_server.py M cmk/special_agents/utils_kubernetes/schemata/api.py M tests/unit/cmk/base/plugins/agent_based/test_inventory_kube_node.py M tests/unit/cmk/base/plugins/agent_based/test_kube_cluster_api_health.py M tests/unit/cmk/base/plugins/agent_based/test_kube_node_kubelet.py M tests/unit/cmk/special_agents/utils_kubernetes/test_api_server.py Log Message: ----------- kube: delete unnecessary secondary query Based on the Kubernetes source https://github.com/kubernetes/kubernetes/blob/release-1.22/staging/src/k8s.… our logic duplicates what Kubernetes does internally anyway. This was confirmed with two separate kinds of Kubelet errors. CMK-12359 Change-Id: I6b83358db172d9ced596086097c2eac1b956858c Commit: c7a8be4d9bb5f3b76537dc377e55ab0ea055b1dd https://github.com/Checkmk/checkmk/commit/c7a8be4d9bb5f3b76537dc377e55ab0ea… Author: Solomon Jacobs &lt;solomon.jacobs(a)tribe29.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: M cmk/special_agents/utils_kubernetes/api_server.py M tests/unit/cmk/special_agents/utils_kubernetes/test_api_server.py Log Message: ----------- kube: introduce requests session as api_client II This commit prepares the making the calls to the Kubernetes API server asynchronous. The Kubernetes Python client does offer an async option itself. With this option, the HTTP requests not be executed in the main thread. However, they will still be blocking each other. Moreover, the client cannot be pickled, thus multiprocessing is also not possible. Therefore, we now move to a different option. This change modifies the CoreAPI calls, which did not use the client for deserialization. CMK-12359 Change-Id: Ieac2633aa7db94e53ab89d3cd16369409a732974 Commit: 3cbc44d54eb3456dea75a81fd8e67d3980a124da https://github.com/Checkmk/checkmk/commit/3cbc44d54eb3456dea75a81fd8e67d398… Author: Solomon Jacobs &lt;solomon.jacobs(a)tribe29.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: M cmk/special_agents/agent_kube.py M cmk/special_agents/utils_kubernetes/api_server.py Log Message: ----------- kube: introduce requests session as api_client III This commit prepares the making the calls to the Kubernetes API server asynchronous. The Kubernetes Python client does offer an async option itself. With this option, the HTTP requests not be executed in the main thread. However, they will still be blocking each other. Moreover, the client cannot be pickled, thus multiprocessing is also not possible. Therefore, we now move to a different option. This change completes the transition. It also introduces a new way of calling the Kubernetes client to still perform the deserialization. CMK-12359 Change-Id: I0cd8f14f4d6c79b6abb602533d57fb0ccd5445f7 Commit: 0eee86e9ca3f0e98ea0bab1d0618130239d6a8b2 https://github.com/Checkmk/checkmk/commit/0eee86e9ca3f0e98ea0bab1d061813023… Author: Solomon Jacobs &lt;solomon.jacobs(a)tribe29.com&gt; Date: 2023-05-04 (Thu, 04 May 2023) Changed paths: M cmk/special_agents/utils_kubernetes/api_server.py Log Message: ----------- kube: centralize kubelet calls CMK-12359 Change-Id: Ieadc7ac66bcd3a457d4d32eed93865b473a148bb Compare: https://github.com/Checkmk/checkmk/compare/f67967b775fb...0eee86e9ca3f