Branch: refs/heads/master
Home:
https://github.com/Checkmk/checkmk
Commit: 226b81706e5e349815184960395b74e1aef7b7cd
https://github.com/Checkmk/checkmk/commit/226b81706e5e349815184960395b74e1a…
Author: Max Linke <max.linke(a)checkmk.com>
Date: 2024-02-23 (Fri, 23 Feb 2024)
Changed paths:
M cmk/gui/wato/_permissions.py
Log Message:
-----------
disable add_or_modify_executables on cse for admins
We have a few rules that allow modification of executables on the
server. Those options can be set via some rules. Current approach has
been to disable the corresponding rules. However those rules are
valuable to customers. For example "Host Check Command" was requested a
lot from our beta customers. We deactivate the rule because it allows
arbitrary commands to be executed on the server. Now with the
add_or_modify_executables permission removed the rule cannot be used
anymore for arbitrary code execution. Currently this works great because
on the CSE users cannot modify roles.
I also like this approach as it is more of a "catch all" than reviewing
individual rules.
Long term it would be nice if we could globally disable some permissions
on the CSE.
Change-Id: Ib1eb2743dc6811d95dbab233a0cbc64c350a427a
Commit: 03e830a28c2525201767df0ec3311310f1a08d2b
https://github.com/Checkmk/checkmk/commit/03e830a28c2525201767df0ec3311310f…
Author: Gav <gavin.mcguigan(a)checkmk.com>
Date: 2024-02-23 (Fri, 23 Feb 2024)
Changed paths:
A .werks/16521.md
M cmk/bi/search.py
M tests/unit/cmk/bi/test_bi_search.py
M tests/unit/cmk/gui/openapi/test_openapi_bi.py
Log Message:
-----------
16521 FIX bi_rule: schema update to match the api docs
The Open API schema previously did not reflect the response or the request
schema format that was required to create or show bi_rules. This werk
addresses this issue.
Previously, when creating or getting a bi-rule, via the REST-API, the
schema for host_label_groups or service_label_groups looked something
like this
```
"host_label_groups": [
[
"and",
[
["and", "mystery/switch:yes"],
["or", "mystery/switch:no"],
],
],
]
```
This did not match the schema documented in the Open API docs.
To fix this, we have now changed the format to the following
```
"host_label_groups": [
{
"operator": "and",
"label_group": [
{"operator": "and", "label":
"mystery/switch:yes"},
{"operator": "or", "label":
"mystery/switch:no"},
],
},
]
```
This also aligns with other endpoints that use our new
host_label_groups or service_label_groups, for example the
rules endpoints.
As this is a breaking change, user scripts should be adjusted
accordingly.
Change-Id: I14657ad8bf37e71c69210b9d7e4f2dfaa2f4d94d
Compare:
https://github.com/Checkmk/checkmk/compare/a2dc0852200e...03e830a28c25
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications