Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com

Skip to content
Snippets Groups Projects
Commit 2062769f authored by thl-cmk's avatar thl-cmk :flag_na:
Browse files

Delete curl.py

parent 775d212d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 453 deletions
agents/bakery/curl.py deleted 100755 → 0
+ 0
453
View file @ 775d212d
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
# Author: thl-cmk[at]outlook[dot]com
# URL : https://thl-cmk.hopto.org
# Date : 2022-02-15
#
# bakery curl plugin
#
# 2022-02-19: integrated per url settings
# added proxy settings (--proxy, --proxy-user, --proxy-digest/--proxy-basic/--proxy-ntlm/--proxy-anyauth)
# moved the curl.exe deployment to curl_windows.mkp package
# 2022-02-23: fixed handling aof user_auth settings
# fixed options in curl.cfg for windows
# 2022-02-24: removed deployment of curl.format
# added noproxy option in per url settings
# 2022-02-25: optimized plugin file write code
# added double quotas to curl options for linux to be equal with windows
# added plugin interval and timeout
# added noproxy option to default settings
# 2022-02-26: removed 'http://' prefix from proxy server address
# added proxy protocol
# 2022-02-27: added expected_strings options
# 2022-03-01: added options --limit-rate, --max-filesize, --max-time, --speed-limit, --speed-time,
# --connect-timeout and --user-agent
# 2022-03-02: added options --referer -header and api_key_header (header from password store)
# 2022-03-04: fixed Requests headers per url settings
# 2022-03-05: added option --dump-header
# 2022-03-06: added option --stderr, --verbose
# 2022-03-11: added redirection (--location, --location-trust, --max-redirs)
# added cert_verify (--insecure, --cert-status, --ssl-no-revoke)
# added advanced_settings (--no-alpn, --no-npn, --tcp-fastopen, -tcp-nodelay)
# removed get_session_data. moved to curl default options
# 2022-03-12: added --cacert option
# fixed api-key-header handling
# 2022-03-13: moved curl_item files to curl sub directory under MK_CONFDIR
# changed url/service_name from separate dict entries to tuple
# changed headers to read from curl_item_x.header file
# 2022-03-15: moved curl options from curl.cfg to curl_item_#.options
# added regex pattern match
# 2022-03-20: added dns_options, ftp_options
# 2022-03-21: fixed handling of limits and sub directories from wato
# 2022-03-24: added options --hostpubmd5, --hostpubsha256, --pubkey
# 2022-03-24: added options --key --passs
# 2022-03-25: added options --compressed-ssh, --list-only, --use-ascii
# added options --path-as-is, --ssl-allow-beast, --no-buffer, --no-keepalive, --no-sessionid
# 2022-03-28: added option --crlf
# added SMTP settings: --mail-auth, --mail-from, --mail-rcpt, --mail-rcpt-allowfails, --upload-file (SMTP)
# 2022-04-10: added deployment of cURL executables
# no separate WATO rules per OS necessary anymore
# reworked to make scalable for multiple OSs (THX to andreas.doehler[at]gmail[dot]com)
#
from pathlib import Path
from typing import List, Tuple, Dict, Any
from dataclasses import dataclass
from cmk.utils import (
password_store,
)
from cmk.base.cee.plugins.bakery.bakery_api.v1 import (
FileGenerator,
OS,
Plugin,
PluginConfig,
register
)
@dataclass
class CurlConfig:
base_os: OS
curl_output: str
temp_path: str
conf_path: str
traget_path_bin: str
plugin_name: str
curl_executable_src: Dict[str, str]
curl_executable_dest: str
CURL_CONFIGS: List[CurlConfig] = [
CurlConfig(
base_os=OS.LINUX,
curl_output="--output /dev/null",
temp_path="/var/tmp/",
conf_path="/etc/check_mk/",
traget_path_bin='../bin/curl',
plugin_name='curl.sh',
curl_executable_src={'64bit': 'curl-amd64', '32bit': 'curl-i386'},
curl_executable_dest='../bin/curl',
),
CurlConfig(
base_os=OS.WINDOWS,
curl_output="--output NUL",
temp_path="c:/windows/temp/",
conf_path="C:/ProgramData/checkmk/agent/config/",
traget_path_bin='..\\bin\\curl.exe',
plugin_name='curl.ps1',
curl_executable_src={'64bit': 'curl.exe.64', '32bit': 'curl.exe.32'},
curl_executable_dest='..\\bin\\curl.exe',
),
]
bakery_version = '20220410.v0.0.7'
def get_curl_files(conf) -> FileGenerator:
field_separator: str = '|' # needs matching separator in the shell scripts
# catch pre 20220410 WATO format
options: Dict[str, Any] = conf[1].copy() if type(conf) == tuple else conf
url_cfg_lines = []
url_list = options['url_list']
default_settings = options.get('default_settings', {})
interval = options['interval'] * 60 if options.get('interval') else None
timeout = options['timeout'] * 60 if options.get('timeout') else None
if options.get('curl_executable'):
for curl_config in CURL_CONFIGS:
yield Plugin(
base_os=curl_config.base_os,
source=Path(curl_config.curl_executable_src[str(options['curl_executable'])]),
target=Path(curl_config.curl_executable_dest),
)
yield Plugin(base_os=curl_config.base_os, source=Path('curl-ca-bundle.crt'))
curl_item = 0
for entry in url_list:
curl_item += 1
regex_option = 'no_regex'
save_output = False
# get service name and url, first try new format, then old format
try:
service_name, url = entry['curl_service']
except KeyError:
service_name = entry['service_name']
url = entry['url']
url_settings = default_settings.copy()
entry = entry.get('url_settings', {}).copy()
# merge subdirectories
for key in [
'ftp_settings',
'ip_address_resolution',
'limits',
'mail_settings',
]:
if (key in url_settings.keys()) and (key in entry.keys()):
url_settings[key].update(entry[key])
entry.pop(key)
elif key in entry.keys():
url_settings.update({key: entry[key]})
entry.pop(key)
# merge sub directory with url_settings for back ward compatibility
for key in [
'limits'
]:
if key in url_settings.keys():
url_settings.update(url_settings[key])
url_settings.pop(key)
# merge per url settings with default settings
url_settings.update(entry)
for curl_config in CURL_CONFIGS:
_os = curl_config.base_os
_curl_output = curl_config.curl_output
_temp_path = curl_config.temp_path
_conf_path = curl_config.conf_path
_options = [f'--url "{url}"']
_headers = []
# filter options
_options.append(url_settings['get_header_only']) if url_settings.get('get_header_only') else None
_options.append(url_settings['compressed']) if url_settings.get('compressed') else None
_options.append(f'--max-time {url_settings["max_time"]}') if url_settings.get('max_time') else None
_options.append(f'--speed-time {url_settings["speed_time"]}') if url_settings.get('speed_time') else None
_options.append(f'--connect-timeout {url_settings["connect_timeout"]}') if url_settings.get('connect_timeout') else None
_options.append(f'--user-agent "{url_settings["user_agent"]}"') if url_settings.get('user_agent') else None
_options.append(f'--referer {url_settings["referer"]}') if url_settings.get('referer') else None
_options.append(f'{url_settings["tls_ssl_version"]}') if url_settings.get('tls_ssl_version') else None
_options.append(f'{url_settings["http_version"]}') if url_settings.get('http_version') else None
if url_settings.get('max_file_size'):
max_size, unit = url_settings['max_file_size']
_options.append(f'--max-filesize {max_size}{unit}')
if url_settings.get('speed_limit'):
speed, unit = url_settings['speed_limit']
_options.append(f'--speed-limit {speed * unit}')
if url_settings.get('limit_rate'):
speed, unit = url_settings['limit_rate']
_options.append(f'--limit-rate {speed}{unit}')
if url_settings.get('http_proxy'):
if url_settings['http_proxy'] == '--noproxy':
_options.append("--noproxy '*'")
else:
proxy_protocol, proxy_server, proxy_port = url_settings['http_proxy']['proxy_server']
_options.append(f'{proxy_protocol} {proxy_server}:{proxy_port}')
if url_settings['http_proxy'].get('proxy_auth'):
proxy_user, proxy_password, proxy_auth = url_settings['http_proxy']['proxy_auth']
if proxy_password[0] == 'store':
pw = password_store.extract(proxy_password[1])
else:
pw = proxy_password[1]
_options.append(f'--proxy-user {proxy_user}:{pw}')
_options.append(proxy_auth)
if url_settings.get('request_headers'):
for header in url_settings['request_headers']:
key, value = header
_headers.append(f'{key}:{value}')
if url_settings.get('api_key_header'):
api_header, api_key = url_settings['api_key_header']
api_header = api_header.rstrip(':')
if api_key[0] == 'store':
api_key = password_store.extract(api_key[1])
else:
api_key = api_key[1]
_headers.append(f'{api_header}:{api_key}')
if url_settings.get('redirects'):
location, location_trusted, max_redirects = url_settings['redirects']
_options.append(f'--location') if location else None
_options.append(f'--location-trusted') if location_trusted else None
_options.append(f'--max-redirs {max_redirects}') if max_redirects else None
if url_settings.get('advanced_settings'):
allow_beast, cr2lf, no_apln, no_buffering, no_npn, no_sessionid, no_keepalive, \
path_as_is, tcp_fastopen, tcp_nodelay = url_settings['advanced_settings']
_options.append(f'--ssl-allow-beast') if allow_beast else None
_options.append(f'--crlf') if cr2lf else None
_options.append(f'--no-alpn') if no_apln else None
_options.append(f'--no-buffer') if no_buffering else None
_options.append(f'--no-npn') if no_npn else None
_options.append(f'--no-sessionid') if no_sessionid else None
_options.append(f'--no-keepalive') if no_keepalive else None
_options.append(f'--path-as-is') if path_as_is else None
_options.append(f'--tcp-fastopen') if tcp_fastopen else None
_options.append(f'--tcp-nodelay') if tcp_nodelay else None
if url_settings.get('ip_address_resolution'):
dns_options = url_settings['ip_address_resolution']
_options.append(dns_options['dns_resolve_names']) if dns_options.get('dns_resolve_names') else None
_options.append(f'--dns-interface {dns_options["dns_source_interface"]}') if dns_options.get('dns_source_interface') else None
_options.append(f'--dns-ipv4-addr {dns_options["dns_source_ipv4"]}') if dns_options.get('dns_source_ipv4') else None
_options.append(f'--dns-ipv6-addr {dns_options["dns_source_ipv6"]}') if dns_options.get('dns_source_ipv6') else None
_options.append(f'--dns-servers {",".join(dns_options["dns_servers"])}') if dns_options.get('dns_servers') else None
if url_settings.get('ftp_settings'):
ftp_options = url_settings['ftp_settings']
_options.append(f'--compressed-ssh') if ftp_options.get('compressed_ssh') else None
_options.append(f'--list-only') if ftp_options.get('list_only') else None
_options.append(f'--use-ascii') if ftp_options.get('use_ascii') else None
_options.append(f'--ftp-create-dirs') if ftp_options.get('ftp_create_dirs') else None
_options.append(f'--ftp-account {ftp_options["ftp_account"]}') if ftp_options.get('ftp_account') else None
_options.append(f'--ftp-alternative-to-user {ftp_options["ftp_alternate_to_user"]}') if ftp_options.get('ftp_alternate_to_user') else None
_options.append(f'--ftp-method {ftp_options["ftp_change_cwd_method"]}') if ftp_options.get('ftp_change_cwd_method') else None
if ftp_options.get('ftp_mode'):
ftp_mode = ftp_options['ftp_mode']
if ftp_mode[0] == 'ftp_pass':
no_send_epsv, send_pret, skip_ip = ftp_mode[1]
_options.append(f'--ftp-pasv')
_options.append(f'--disable-epsv') if no_send_epsv else None
_options.append(f'--ftp-pret') if send_pret else None
_options.append(f'--ftp-skip-pasv-ip') if skip_ip else None
else:
no_send_eprt, active_address = ftp_options[1]
_options.append(f'--disable-eprt') if no_send_eprt else None
_options.append(f'--ftp-port {active_address}') if active_address else None
if ftp_options.get('ftp_ssl_control'):
_options.append(f'--ftp-ssl-control')
ftp_ssl_ccc, ftp_ssl_ccc_mode = ftp_options['ftp_ssl_control']
if ftp_ssl_ccc:
_options.append(f'--ftp-ssl-ccc')
_options.append(f'--ftp-ssl-ccc-mode {ftp_ssl_ccc_mode}')
if url_settings.get('user_auth'):
if url_settings['user_auth'][0] == 'user_auth':
user, user_password, user_auth = url_settings['user_auth'][1]
pw = password_store.extract(user_password[1]) if user_password[0] == 'store' else user_password[1]
_options.append(f'--user {user}:{pw}')
_options.append(user_auth)
elif url_settings['user_auth'][0] == 'priv_key_auth':
user, pass_phrase, priv_key = url_settings['user_auth'][1]
pw = password_store.extract(pass_phrase[1]) if pass_phrase[0] == 'store' else pass_phrase[1]
_options.append(f'--user {user}:')
_options.append(f'--key {_conf_path}curl/curl_item_{curl_item}.priv_key')
_options.append(f'--pass {pw}')
yield PluginConfig(
base_os=_os,
lines=[priv_key],
target=Path(f'curl/curl_item_{curl_item}.priv_key'),
include_header=False,
)
if url_settings.get('expected_strings'):
save_output = True
yield PluginConfig(
base_os=_os,
lines=url_settings['expected_strings'],
target=Path(f'curl/curl_item_{curl_item}.search_response'),
include_header=False,
)
if url_settings.get('header_strings'):
_options.append(f'--dump-header {_temp_path}curl_header')
yield PluginConfig(
base_os=_os,
lines=url_settings['header_strings'],
target=Path(f'curl/curl_item_{curl_item}.search_header'),
include_header=False,
)
if url_settings.get('cert_verify'):
pub_md5 = None
pub_sha256 = None
pub_key = None
try: # 2022-03-23: added ssh settings
insecure, ocsp, no_revoke, cert_chain = url_settings['cert_verify']
except ValueError: # 2022-03-23: added ssh settings
insecure, ocsp, no_revoke, cert_chain, pub_md5, pub_sha256, pub_key = url_settings['cert_verify']
_options.append(f'--insecure') if insecure else None
_options.append(f'--cert-status') if ocsp else None
_options.append(f'--ssl-no-revoke') if no_revoke else None
_options.append(f'--hostpubmd5 {pub_md5}') if pub_md5 else None
_options.append(f'--hostpubsha256 {pub_sha256}') if pub_sha256 else None
if cert_chain:
cert_chain = cert_chain[cert_chain.find('-----BEGIN CERTIFICATE-----'):]
yield PluginConfig(
base_os=_os,
lines=[cert_chain],
target=Path(f'curl/curl_item_{curl_item}.ca_cert'),
include_header=False,
)
_options.append(f'--cacert {_conf_path}curl/curl_item_{curl_item}.ca_cert')
if pub_key:
yield PluginConfig(
base_os=_os,
lines=[pub_key],
target=Path(f'curl/curl_item_{curl_item}.pub_key'),
include_header=False,
)
_options.append(f'--pubkey {_conf_path}curl/curl_item_{curl_item}.pub_key')
if url_settings.get('post_binary'):
_headers.append(f'content-type: {url_settings["post_binary"][0]}')
yield PluginConfig(
base_os=_os,
lines=[url_settings["post_binary"][1]],
target=Path(f'curl/curl_item_{curl_item}.post_binary'),
include_header=False,
)
_options.append(f'--data-binary @{_conf_path}curl/curl_item_{curl_item}.post_binary')
if url_settings.get('regex_response'):
regex_str, no_case, multi_line = url_settings['regex_response']
if regex_str:
save_output = True
yield PluginConfig(
base_os=_os,
lines=[regex_str],
target=Path(f'curl/curl_item_{curl_item}.regex'),
include_header=False,
)
regex_option = 'nocase' if no_case else 'case'
regex_option += '_multiline' if multi_line else '_nomultiline'
if url_settings.get('mail_settings'):
mail_options = url_settings['mail_settings']
_options.append(f'--mail-from {mail_options["mail_from"]}') if mail_options.get('mail_from') else None
_options.append(f'--mail-auth {mail_options["mail_auth"]}') if mail_options.get('mail_auth') else None
_options.append(f'--request {mail_options["request"]}') if mail_options.get('request') else None
_options.append(f'--mail-rcpt-allowfails') if mail_options.get('mail_rpct_allowfail') else None
if mail_options.get('mail_rcpt'):
for address in mail_options['mail_rcpt']:
_options.append(f'--mail-rcpt {address}')
message = []
message.append(mail_options['message']) if mail_options.get('message') else None
if mail_options.get('request_headers'):
for header, value in mail_options['request_headers']:
message.append(f'{header}: {value}')
if message:
_options.append(f'--upload-file {_conf_path}curl/curl_item_{curl_item}.message')
yield PluginConfig(
base_os=_os,
lines=message,
target=Path(f'curl/curl_item_{curl_item}.message'),
include_header=False,
)
_options.append(f'--output {_temp_path}curl_output') if save_output else _options.append(_curl_output)
if _headers:
yield PluginConfig(
base_os=_os,
lines=_headers,
target=Path(f'curl/curl_item_{curl_item}.header'),
include_header=False,
)
_options.append(f'--header @{_conf_path}curl/curl_item_{curl_item}.header')
yield PluginConfig(
base_os=_os,
lines=_options,
target=Path(f'curl/curl_item_{curl_item}.options'),
include_header=True,
)
url_cfg_lines.append(
f'{service_name}{field_separator}'
f'curl_item_{curl_item}{field_separator}'
f'{regex_option}{field_separator}'
)
for curl_config in CURL_CONFIGS:
yield Plugin(
base_os=curl_config.base_os,
source=Path(curl_config.plugin_name),
interval=interval,
timeout=timeout
)
yield PluginConfig(
base_os=curl_config.base_os,
lines=url_cfg_lines,
target=Path('curl.cfg'),
include_header=False
)
register.bakery_plugin(
name='curl',
files_function=get_curl_files,
)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Collection of CheckMK checks (see https://checkmk.com/). All checks and plugins are provided as is. Absolutely no warranty. Send any comments to thl-cmk[at]outlook[dot]com