Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: c6121d7a172c2d31d41bacd4145fb5ef3e75508c
https://github.com/tribe29/checkmk/commit/c6121d7a172c2d31d41bacd4145fb5ef3…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-02-01 (Tue, 01 Feb 2022)
Changed paths:
A .werks/13633
M cmk/gui/watolib/activate_changes.py
M cmk/utils/encryption.py
M cmk/utils/password_store.py
M tests/unit/cmk/gui/watolib/test_activate_changes.py
M tests/unit/cmk/gui/watolib/test_config_sync.py
M tests/unit/cmk/utils/test_password_store.py
Log Message:
-----------
13633 The password store is now storing passwords obfuscated
The password stores primary use is to centralize stored credentials. Instead of
spreading the credentials in the whole configuration, we have this as a central
place for sensitive information.
We are a monitoring system. We definitely need credentials in clear text to
contact remote some systems all the time. And we also need to be able do this
after restarting the whole system without user interaction (for providing some
kind of master key). This means the secrets need to be available to the site
user on disk in clear text.
To underline this fact, we kept the password store file in clear text on disk
for a long time. This approach made the situation clearly visible to everyone.
We are faced with the requirement that no credential shall be stored in clear
text on disk, they need to be encrypted. We'd love to have that too. But since
securing is not possible, we are now "obfuscating". In fact it's
encryption,
but we are doing it with a secret that is stored in the same context as the
password store itself - this is why we call it obfuscation. The best we can do
in this case.
The password store file <tt>var/check_mk/stored_passwords</tt> is now
encrypted
using the new password store key (<tt>etc/password_store.secret</tt>). This
key
is created during update to Checkmk 2.1 automatically. You are free to replace
the secret with what ever text you want. But please note that the password store
needs to be initialized again after changing the secret.
All existing passwords stores will be obfuscated automatically during update to
Checkmk 2.1.
Change-Id: I0b0e1c8b5e821a2c0784437e55feef805e09d0d8
Commit: 2d6b766dd1732e9d8f1308427b49b1b460fa572a
https://github.com/tribe29/checkmk/commit/2d6b766dd1732e9d8f1308427b49b1b46…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-02-01 (Tue, 01 Feb 2022)
Changed paths:
M cmk/base/config.py
M cmk/base/core_config.py
M cmk/base/core_nagios.py
R cmk/core_helpers/config_path.py
M cmk/core_helpers/controller.py
A cmk/utils/config_path.py
M tests/scripts/misc/fetcher_ram_usage_test
M tests/unit/cmk/base/test_config.py
M tests/unit/cmk/base/test_core_config.py
M tests/unit/cmk/base/test_core_nagios.py
R tests/unit/cmk/core_helpers/test_config_paths.py
A tests/unit/cmk/utils/test_config_paths.py
Log Message:
-----------
Move cmk.core_helpers.config_path to cmk.utils.config_path
We need that module in cmk.utils.password_store. To make this possible,
we move the config_path module to the more generic package cmk.utils.
Change-Id: I17c26a1912acc7642e193397d3c3a07a9965a813
Commit: b361c4d6a04d704df209983ef0e8542b73d9a259
https://github.com/tribe29/checkmk/commit/b361c4d6a04d704df209983ef0e8542b7…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-02-01 (Tue, 01 Feb 2022)
Changed paths:
M cmk/base/core_config.py
M cmk/utils/password_store.py
M tests/unit/cmk/special_agents/test_agent_mqtt.py
M tests/unit/cmk/utils/test_password_store.py
Log Message:
-----------
Password store: Use paths computed by core_config
Change-Id: I6ddd3fb15ae17daeb173c2200737d4c320473c4a
Commit: 095d89a248d6683e2f4225f4237861bc3363d74e
https://github.com/tribe29/checkmk/commit/095d89a248d6683e2f4225f4237861bc3…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-02-01 (Tue, 01 Feb 2022)
Changed paths:
M cmk/update_config.py
M cmk/utils/password_store.py
M tests/unit/cmk/test_update_config.py
M tests/unit/cmk/utils/test_password_store.py
Log Message:
-----------
Migrate existing password stores to new format
Change-Id: I8d1c9f5162133631d0ef55ffbd6a156e67e177e5
Commit: fdcd2b628047bc6d868e8823997d47abe2b5cb9f
https://github.com/tribe29/checkmk/commit/fdcd2b628047bc6d868e8823997d47abe…
Author: Marcel Arentz <marcel.arentz(a)tribe29.com>
Date: 2022-02-01 (Tue, 01 Feb 2022)
Changed paths:
M cmk/gui/plugins/views/builtin_inventory_plugins.py
M tests/unit/cmk/gui/plugins/views/test_painters.py
M tests/unit/cmk/gui/test_views.py
M tests/unit/cmk/gui/test_visuals.py
Log Message:
-----------
make more options available in inventory dashlet
Change-Id: I1dedfbe405244b644bd6dff5506b01f4af601efe
Compare:
https://github.com/tribe29/checkmk/compare/8ac7b67d994a...fdcd2b628047