update project

92caedae · thl-cmk · 07183efb · 92caedae · 92caedae · 92caedae
Commit 92caedae authored 1 year ago by thl-cmk
--- a/README.md
+++ b/README.md
+[PACKAGE]: ../../raw/master/mkp/checkpoint_l2l_vpn-0.2.1-20231028.mkp "checkpoint_l2l_vpn-0.2.1-20231028.mkp"
 # Check Point L2L VPN

 Monitors status of Check Point L2L VPN tunnel

--- a/agent_based/checkpoint_l2l_vpn.py
+++ b/agent_based/checkpoint_l2l_vpn.py
@@ -16,6 +16,10 @@
 # 2021-09-01: rewritten for CMK 2.0
 # 2022-10-23: fixed warning in upgrade "non-empty params vanished" for vpn_entry
 # 2023-05-29: moved gui files to ~/local/lib/check_mk/gui/plugins/...
+# 2023-10-28: fixed crash on empty l2lpeerobjname (THX to andreas doehler)
+#             renamed parameters. needs tabularasa
+#             removed ":" from service name
+#             some cleanup

 from dataclasses import dataclass
 from typing import List, Dict
@@ -41,17 +45,17 @@ from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (

 @dataclass
 class CheckpointL2lPeer:
-    l2lpeeripaddr: str
-    l2lpeerobjname: str
-    l2lstate: int
-    l2lcommunity: str
-    l2lnexthop: str
-    l2linterface: str
-    l2lsourceipaddr: str
-    l2llinkpriority: int
-    l2lpeertype: int
-    l2ltype: int
-    l2lprobstate: int
+    peer_ipaddr: str
+    peer_obj_name: str
+    state: int
+    community: str
+    next_hop: str
+    interface: str
+    source_ip_addr: str
+    link_priority: int
+    peer_type: int
+    type: int
+    probe_state: int


 _permanentTunnelState = {
@@ -91,34 +95,36 @@ def parse_checkpoint_l2l_vpn(string_table: List[StringTable]) -> Dict[str, Check
    parsed: Dict[str, CheckpointL2lPeer] = {}

    def add_vpn_entry():
-        parsed[l2lpeerobjname] = CheckpointL2lPeer(
-            l2lpeeripaddr=l2lpeeripaddr,
-            l2lpeerobjname=l2lpeerobjname,
-            l2lstate=int(l2lstate),
-            l2lcommunity=l2lcommunity,
-            l2lnexthop=l2lnexthop,
-            l2linterface=l2linterface,
-            l2lsourceipaddr=l2lsourceipaddr,
-            l2llinkpriority=int(l2llinkpriority),
-            l2lpeertype=int(l2lpeertype),
-            l2ltype=int(l2ltype),
-            l2lprobstate=int(l2lprobstate),
+        parsed[peer_obj_name] = CheckpointL2lPeer(
+            peer_ipaddr=peer_ip_addr,
+            peer_obj_name=peer_obj_name,
+            state=int(state),
+            community=community,
+            next_hop=next_hop,
+            interface=interface,
+            source_ip_addr=source_ip_addr,
+            link_priority=int(link_priority),
+            peer_type=int(peer_type),
+            type=int(l2l_type),
+            probe_state=int(probe_state),
        )

    # non permanent tunnel
    for vpn_entry in string_table[0]:
-        l2lpeeripaddr, l2lpeerobjname, l2lstate, l2lcommunity, l2lnexthop, l2linterface, l2lsourceipaddr, \
-        l2llinkpriority, l2lprobstate, l2lpeertype, l2ltype = vpn_entry
-        l2lpeeripaddr = l2lpeeripaddr[:-2]
-        add_vpn_entry()
+        peer_ip_addr, peer_obj_name, state, community, next_hop, interface, source_ip_addr, \
+            link_priority, probe_state, peer_type, l2l_type = vpn_entry
+        peer_ip_addr = peer_ip_addr[:-2]
+        if peer_obj_name:
+            add_vpn_entry()

    # permanent tunnel
    for vpn_entry in string_table[1]:
-        l2lpeeripaddr, l2lpeerobjname, l2lstate, l2lcommunity, l2lnexthop, l2linterface, l2lsourceipaddr, \
-        l2llinkpriority, l2lprobstate, l2lpeertype = vpn_entry
-        l2lpeeripaddr = l2lpeeripaddr[:-2]
-        l2ltype = u'2'
-        add_vpn_entry()
+        peer_ip_addr, peer_obj_name, state, community, next_hop, interface, source_ip_addr, \
+            link_priority, probe_state, peer_type = vpn_entry
+        peer_ip_addr = peer_ip_addr[:-2]
+        l2l_type = u'2'
+        if peer_obj_name:
+            add_vpn_entry()

    return parsed

@@ -128,8 +134,8 @@ def discovery_checkpoint_l2l_vpn(section: Dict[str, CheckpointL2lPeer]) -> Disco
        yield Service(
            item=l2lpeerobjname,
            parameters={'vpn_entry': {
-                'l2lcommunity': section[l2lpeerobjname].l2lcommunity,
-                'l2lpeeripaddr': section[l2lpeerobjname].l2lpeeripaddr,
+                'community': section[l2lpeerobjname].community,
+                'peer_ip_addr': section[l2lpeerobjname].peer_ipaddr,
            }}
        )

@@ -149,77 +155,77 @@ def check_checkpoint_l2l_vpn(item, params, section: Dict[str, CheckpointL2lPeer]
        yield Result(
            state=State(not_found_state),
            notice=f'Tunnel not found. Expected: '
-                   f'Community: {vpn_entry["l2lcommunity"]}, '
-                   f'Peer IP: {vpn_entry["l2lpeeripaddr"]}'
+                   f'Community: {vpn_entry["community"]}, '
+                   f'Peer IP: {vpn_entry["peer_ip_addr"]}'
        )
        return

-    yield Result(state=State.OK, summary=f'Community: {vpn_entry.l2lcommunity}')
-    yield Result(state=State.OK, summary=f'Peer IP: {vpn_entry.l2lpeeripaddr}')
+    yield Result(state=State.OK, summary=f'Community: {vpn_entry.community}')
+    yield Result(state=State.OK, summary=f'Peer IP: {vpn_entry.peer_ipaddr}')

-    if vpn_entry.l2lsourceipaddr != '0.0.0.0':
-        yield Result(state=State.OK, summary=f'Local IP: {vpn_entry.l2lsourceipaddr}')
+    if vpn_entry.source_ip_addr != '0.0.0.0':
+        yield Result(state=State.OK, summary=f'Local IP: {vpn_entry.source_ip_addr}')

-    if vpn_entry.l2lnexthop != '0.0.0.0':
-        yield Result(state=State.OK, summary=f'Next hop IP: {vpn_entry.l2lnexthop}')
+    if vpn_entry.next_hop != '0.0.0.0':
+        yield Result(state=State.OK, summary=f'Next hop IP: {vpn_entry.next_hop}')

-    if vpn_entry.l2linterface != '':
-        yield Result(state=State.OK, summary=f'Local interface: {vpn_entry.l2linterface}')
+    if vpn_entry.interface != '':
+        yield Result(state=State.OK, summary=f'Local interface: {vpn_entry.interface}')

    # backup or on-demand tunnel
-    if vpn_entry.l2llinkpriority == 1:
+    if vpn_entry.link_priority == 1:
        yield Result(
            state=State.warn,
-            summary=f'Tunnel priority: {_permanentTunnelLinkPriority.get(vpn_entry.l2llinkpriority)}'
+            summary=f'Tunnel priority: {_permanentTunnelLinkPriority.get(vpn_entry.link_priority)}'
        )
-    elif vpn_entry.l2llinkpriority != 0:
+    elif vpn_entry.link_priority != 0:
        yield Result(
            state=State.OK,
-            summary=f'Tunnel priority: {_permanentTunnelLinkPriority.get(vpn_entry.l2llinkpriority, "unknown")}'
+            summary=f'Tunnel priority: {_permanentTunnelLinkPriority.get(vpn_entry.link_priority, "unknown")}'
        )

    # not non permanent tunnel
-    if vpn_entry.l2ltype != 1:
-        yield Result(state=State.OK, summary=f'Tunnel type: {_tunnelType.get(vpn_entry.l2ltype)}')
+    if vpn_entry.type != 1:
+        yield Result(state=State.OK, summary=f'Tunnel type: {_tunnelType.get(vpn_entry.type)}')

    # daip or robo tunnel
-    if vpn_entry.l2lpeertype != 1:
-        yield Result(state=State.OK, summary=f'Peer type: {_permanentTunnelPeerType.get(vpn_entry.l2lpeertype)}')
+    if vpn_entry.peer_type != 1:
+        yield Result(state=State.OK, summary=f'Peer type: {_permanentTunnelPeerType.get(vpn_entry.peer_type)}')

    # tunnel probe state 'dead'
-    if vpn_entry.l2lprobstate == 2:
+    if vpn_entry.probe_state == 2:
        yield Result(state=State.CRIT, summary='Tunnel probe state "dead"')

    # tunnel state 'down'
-    if vpn_entry.l2lstate == 131:
+    if vpn_entry.state == 131:
        yield Result(state=State.CRIT, summary='Tunnel down')

    # tunnel state not active
-    elif vpn_entry.l2lstate != 3:
+    elif vpn_entry.state != 3:
        yield Result(
            state=State.WARN,
-            summary=f'Tunnel state: {_permanentTunnelState.get(vpn_entry.l2lstate, "unknown")}'
+            summary=f'Tunnel state: {_permanentTunnelState.get(vpn_entry.state, "unknown")}'
        )

    yield Result(
        state=State.OK,
-        notice=f'Tunnel state: {_permanentTunnelState.get(vpn_entry.l2lstate, vpn_entry.l2lstate)}'
+        notice=f'Tunnel state: {_permanentTunnelState.get(vpn_entry.state, vpn_entry.state)}'
    )
    yield Result(
        state=State.OK,
-        notice=f'Tunnel probe state: {_permanentTunnelProbState.get(vpn_entry.l2lprobstate, vpn_entry.l2lprobstate)}'
+        notice=f'Tunnel probe state: {_permanentTunnelProbState.get(vpn_entry.probe_state, vpn_entry.probe_state)}'
    )
-    yield Result(state=State.OK, notice=f'Tunnel peer IP: {vpn_entry.l2lpeeripaddr}')
-    yield Result(state=State.OK, notice=f'Tunnel local IP: {vpn_entry.l2lsourceipaddr}')
-    yield Result(state=State.OK, notice=f'Tunnel next hop IP: {vpn_entry.l2lnexthop}')
-    yield Result(state=State.OK, notice=f'Tunnel local interface: {vpn_entry.l2linterface}:')
+    yield Result(state=State.OK, notice=f'Tunnel peer IP: {vpn_entry.peer_ipaddr}')
+    yield Result(state=State.OK, notice=f'Tunnel local IP: {vpn_entry.source_ip_addr}')
+    yield Result(state=State.OK, notice=f'Tunnel next hop IP: {vpn_entry.next_hop}')
+    yield Result(state=State.OK, notice=f'Tunnel local interface: {vpn_entry.interface}:')
    yield Result(
        state=State.OK,
-        notice=f'Tunnel priority: {_permanentTunnelLinkPriority.get(vpn_entry.l2llinkpriority)}'
+        notice=f'Tunnel priority: {_permanentTunnelLinkPriority.get(vpn_entry.link_priority)}'
    )
-    yield Result(state=State.OK, notice=f'Tunnel type: {_tunnelType.get(vpn_entry.l2ltype)}')
-    yield Result(state=State.OK, notice=f'Peer type: {_permanentTunnelPeerType.get(vpn_entry.l2lpeertype)}')
-    yield Result(state=State.OK, notice=f'Community: {vpn_entry.l2lcommunity}')
+    yield Result(state=State.OK, notice=f'Tunnel type: {_tunnelType.get(vpn_entry.type)}')
+    yield Result(state=State.OK, notice=f'Peer type: {_permanentTunnelPeerType.get(vpn_entry.peer_type)}')
+    yield Result(state=State.OK, notice=f'Community: {vpn_entry.community}')


 register.snmp_section(
@@ -270,7 +276,7 @@ register.snmp_section(

 register.check_plugin(
    name='checkpoint_l2l_vpn',
-    service_name='L2L VPN: %s',
+    service_name='L2L VPN %s',
    discovery_function=discovery_checkpoint_l2l_vpn,
    check_function=check_checkpoint_l2l_vpn,
    check_ruleset_name='checkpoint_l2l_vpn',

--- a/gui/wato/check_parameters/checkpoint_l2l_vpn.py
+++ b/gui/wato/check_parameters/checkpoint_l2l_vpn.py
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL   : https://thl-cmk.hopto.org
+#
+# 2023-10-28: moved from ~/local/lib/check_mk/gui/plugins/wato to ~local/lib/check_mk/gui/plugins/wato/check_parameters
+#
+
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+    Dictionary,
+    TextAscii,
+    Tuple,
+    ListOf,
+    TextUnicode,
+    MonitoringState,
+)
+
+from cmk.gui.plugins.wato.utils import (
+    CheckParameterRulespecWithItem,
+    rulespec_registry,
+    RulespecGroupCheckParametersNetworking,
+)
+
+
+def _parameter_valuespec_checkpoint_l2l_vpn():
+    return Dictionary(
+        elements=[
+            ('not_found_state',
+             MonitoringState(
+                 title=_('Default state to report when tunnel can not be found anymore'),
+                 help=_('Default state if a tunnel, which is not listed above in this rule, '
+                        'can no longer be found.'),
+                 default_value=3,
+             )),
+            ('tunnels',
+             ListOf(
+                 Tuple(
+                     title=_('VPN Tunnel Endpoints'),
+                     elements=[
+                         TextUnicode(
+                             title=_('Peer object name'),
+                             help=_('The configured value must match a tunnel reported by the monitored '
+                                    'device.'),
+                             allow_empty=False,
+                         ),
+                         TextUnicode(
+                             title=_('Tunnel Alias'),
+                             help=_('You can configure an individual alias here for the tunnel matching '
+                                    'the Name configured in the field above.'),
+                         ),
+                         MonitoringState(
+                             default_value=2,
+                             title=_('State if tunnel is not found'),
+                         )]),
+                 add_label=_('Add tunnel'),
+                 movable=False,
+                 title=_('VPN tunnel specific configuration'),
+             )),
+            ('vpn_entry',  # added by plugin discovery function
+             Dictionary(
+                 elements=[
+                     ('community', TextUnicode()),
+                     ('peer_ip_addr', TextUnicode())
+                 ]
+             )),
+        ],
+        hidden_keys=['vpn_entry'],
+    )
+
+
+rulespec_registry.register(
+    CheckParameterRulespecWithItem(
+        check_group_name='checkpoint_l2l_vpn',
+        group=RulespecGroupCheckParametersNetworking,
+        match_type='dict',
+        parameter_valuespec=_parameter_valuespec_checkpoint_l2l_vpn,
+        title=lambda: _('Check Point L2L VPN'),
+        item_spec=lambda: TextAscii(title=_('Peer object name'), ),
+    ))
--- a/mkp/checkpoint_l2l_vpn-0.2.1-20231028.mkp
+++ b/mkp/checkpoint_l2l_vpn-0.2.1-20231028.mkp
--- a/mkp/checkpoint_l2l_vpn.mkp
+++ b/mkp/checkpoint_l2l_vpn.mkp
--- a/packages/checkpoint_l2l_vpn
+++ b/packages/checkpoint_l2l_vpn
@@ -2,10 +2,10 @@
 'description': 'monitor Check Point firewall L2L VPN tunnel\n',
 'download_url': 'https://thl-cmk.hopto.org',
 'files': {'agent_based': ['checkpoint_l2l_vpn.py'],
-           'gui': ['wato/checkpoint_l2l_vpn.py']},
+           'gui': ['wato/check_parameters/checkpoint_l2l_vpn.py']},
 'name': 'checkpoint_l2l_vpn',
 'title': 'monitor Check Point firewall L2L VPN tunnel',
- 'version': '0.2.0-20230529',
+ 'version': '0.2.1-20231028',
 'version.min_required': '2.1.0b1',
- 'version.packaged': '2.1.0p21',
- 'version.usable_until': None}
\ No newline at end of file
+ 'version.packaged': '2.2.0p11',
+ 'version.usable_until': None}