diff --git a/agents/bakery/curl.py b/agents/bakery/curl.py
deleted file mode 100755
index 50f3ac01cba327cba5ddbbbd0ee29a2b382091a0..0000000000000000000000000000000000000000
--- a/agents/bakery/curl.py
+++ /dev/null
@@ -1,453 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-#
-# License: GNU General Public License v2
-#
-# Author: thl-cmk[at]outlook[dot]com
-# URL : https://thl-cmk.hopto.org
-# Date : 2022-02-15
-#
-# bakery curl plugin
-#
-# 2022-02-19: integrated per url settings
-# added proxy settings (--proxy, --proxy-user, --proxy-digest/--proxy-basic/--proxy-ntlm/--proxy-anyauth)
-# moved the curl.exe deployment to curl_windows.mkp package
-# 2022-02-23: fixed handling aof user_auth settings
-# fixed options in curl.cfg for windows
-# 2022-02-24: removed deployment of curl.format
-# added noproxy option in per url settings
-# 2022-02-25: optimized plugin file write code
-# added double quotas to curl options for linux to be equal with windows
-# added plugin interval and timeout
-# added noproxy option to default settings
-# 2022-02-26: removed 'http://' prefix from proxy server address
-# added proxy protocol
-# 2022-02-27: added expected_strings options
-# 2022-03-01: added options --limit-rate, --max-filesize, --max-time, --speed-limit, --speed-time,
-# --connect-timeout and --user-agent
-# 2022-03-02: added options --referer -header and api_key_header (header from password store)
-# 2022-03-04: fixed Requests headers per url settings
-# 2022-03-05: added option --dump-header
-# 2022-03-06: added option --stderr, --verbose
-# 2022-03-11: added redirection (--location, --location-trust, --max-redirs)
-# added cert_verify (--insecure, --cert-status, --ssl-no-revoke)
-# added advanced_settings (--no-alpn, --no-npn, --tcp-fastopen, -tcp-nodelay)
-# removed get_session_data. moved to curl default options
-# 2022-03-12: added --cacert option
-# fixed api-key-header handling
-# 2022-03-13: moved curl_item files to curl sub directory under MK_CONFDIR
-# changed url/service_name from separate dict entries to tuple
-# changed headers to read from curl_item_x.header file
-# 2022-03-15: moved curl options from curl.cfg to curl_item_#.options
-# added regex pattern match
-# 2022-03-20: added dns_options, ftp_options
-# 2022-03-21: fixed handling of limits and sub directories from wato
-# 2022-03-24: added options --hostpubmd5, --hostpubsha256, --pubkey
-# 2022-03-24: added options --key --passs
-# 2022-03-25: added options --compressed-ssh, --list-only, --use-ascii
-# added options --path-as-is, --ssl-allow-beast, --no-buffer, --no-keepalive, --no-sessionid
-# 2022-03-28: added option --crlf
-# added SMTP settings: --mail-auth, --mail-from, --mail-rcpt, --mail-rcpt-allowfails, --upload-file (SMTP)
-# 2022-04-10: added deployment of cURL executables
-# no separate WATO rules per OS necessary anymore
-# reworked to make scalable for multiple OSs (THX to andreas.doehler[at]gmail[dot]com)
-#
-
-from pathlib import Path
-from typing import List, Tuple, Dict, Any
-from dataclasses import dataclass
-
-from cmk.utils import (
- password_store,
-)
-from cmk.base.cee.plugins.bakery.bakery_api.v1 import (
- FileGenerator,
- OS,
- Plugin,
- PluginConfig,
- register
-)
-
-
-@dataclass
-class CurlConfig:
- base_os: OS
- curl_output: str
- temp_path: str
- conf_path: str
- traget_path_bin: str
- plugin_name: str
- curl_executable_src: Dict[str, str]
- curl_executable_dest: str
-
-
-CURL_CONFIGS: List[CurlConfig] = [
- CurlConfig(
- base_os=OS.LINUX,
- curl_output="--output /dev/null",
- temp_path="/var/tmp/",
- conf_path="/etc/check_mk/",
- traget_path_bin='../bin/curl',
- plugin_name='curl.sh',
- curl_executable_src={'64bit': 'curl-amd64', '32bit': 'curl-i386'},
- curl_executable_dest='../bin/curl',
- ),
- CurlConfig(
- base_os=OS.WINDOWS,
- curl_output="--output NUL",
- temp_path="c:/windows/temp/",
- conf_path="C:/ProgramData/checkmk/agent/config/",
- traget_path_bin='..\\bin\\curl.exe',
- plugin_name='curl.ps1',
- curl_executable_src={'64bit': 'curl.exe.64', '32bit': 'curl.exe.32'},
- curl_executable_dest='..\\bin\\curl.exe',
- ),
-]
-
-bakery_version = '20220410.v0.0.7'
-
-
-def get_curl_files(conf) -> FileGenerator:
- field_separator: str = '|' # needs matching separator in the shell scripts
-
- # catch pre 20220410 WATO format
- options: Dict[str, Any] = conf[1].copy() if type(conf) == tuple else conf
-
- url_cfg_lines = []
- url_list = options['url_list']
- default_settings = options.get('default_settings', {})
-
- interval = options['interval'] * 60 if options.get('interval') else None
- timeout = options['timeout'] * 60 if options.get('timeout') else None
-
- if options.get('curl_executable'):
- for curl_config in CURL_CONFIGS:
- yield Plugin(
- base_os=curl_config.base_os,
- source=Path(curl_config.curl_executable_src[str(options['curl_executable'])]),
- target=Path(curl_config.curl_executable_dest),
- )
- yield Plugin(base_os=curl_config.base_os, source=Path('curl-ca-bundle.crt'))
-
- curl_item = 0
- for entry in url_list:
- curl_item += 1
- regex_option = 'no_regex'
- save_output = False
- # get service name and url, first try new format, then old format
- try:
- service_name, url = entry['curl_service']
- except KeyError:
- service_name = entry['service_name']
- url = entry['url']
-
- url_settings = default_settings.copy()
-
- entry = entry.get('url_settings', {}).copy()
- # merge subdirectories
- for key in [
- 'ftp_settings',
- 'ip_address_resolution',
- 'limits',
- 'mail_settings',
- ]:
- if (key in url_settings.keys()) and (key in entry.keys()):
- url_settings[key].update(entry[key])
- entry.pop(key)
- elif key in entry.keys():
- url_settings.update({key: entry[key]})
- entry.pop(key)
-
- # merge sub directory with url_settings for back ward compatibility
- for key in [
- 'limits'
- ]:
- if key in url_settings.keys():
- url_settings.update(url_settings[key])
- url_settings.pop(key)
-
- # merge per url settings with default settings
- url_settings.update(entry)
-
- for curl_config in CURL_CONFIGS:
- _os = curl_config.base_os
- _curl_output = curl_config.curl_output
- _temp_path = curl_config.temp_path
- _conf_path = curl_config.conf_path
-
- _options = [f'--url "{url}"']
- _headers = []
-
- # filter options
- _options.append(url_settings['get_header_only']) if url_settings.get('get_header_only') else None
- _options.append(url_settings['compressed']) if url_settings.get('compressed') else None
- _options.append(f'--max-time {url_settings["max_time"]}') if url_settings.get('max_time') else None
- _options.append(f'--speed-time {url_settings["speed_time"]}') if url_settings.get('speed_time') else None
- _options.append(f'--connect-timeout {url_settings["connect_timeout"]}') if url_settings.get('connect_timeout') else None
- _options.append(f'--user-agent "{url_settings["user_agent"]}"') if url_settings.get('user_agent') else None
- _options.append(f'--referer {url_settings["referer"]}') if url_settings.get('referer') else None
- _options.append(f'{url_settings["tls_ssl_version"]}') if url_settings.get('tls_ssl_version') else None
- _options.append(f'{url_settings["http_version"]}') if url_settings.get('http_version') else None
-
- if url_settings.get('max_file_size'):
- max_size, unit = url_settings['max_file_size']
- _options.append(f'--max-filesize {max_size}{unit}')
-
- if url_settings.get('speed_limit'):
- speed, unit = url_settings['speed_limit']
- _options.append(f'--speed-limit {speed * unit}')
-
- if url_settings.get('limit_rate'):
- speed, unit = url_settings['limit_rate']
- _options.append(f'--limit-rate {speed}{unit}')
-
- if url_settings.get('http_proxy'):
- if url_settings['http_proxy'] == '--noproxy':
- _options.append("--noproxy '*'")
- else:
- proxy_protocol, proxy_server, proxy_port = url_settings['http_proxy']['proxy_server']
- _options.append(f'{proxy_protocol} {proxy_server}:{proxy_port}')
- if url_settings['http_proxy'].get('proxy_auth'):
- proxy_user, proxy_password, proxy_auth = url_settings['http_proxy']['proxy_auth']
- if proxy_password[0] == 'store':
- pw = password_store.extract(proxy_password[1])
- else:
- pw = proxy_password[1]
- _options.append(f'--proxy-user {proxy_user}:{pw}')
- _options.append(proxy_auth)
-
- if url_settings.get('request_headers'):
- for header in url_settings['request_headers']:
- key, value = header
- _headers.append(f'{key}:{value}')
-
- if url_settings.get('api_key_header'):
- api_header, api_key = url_settings['api_key_header']
- api_header = api_header.rstrip(':')
- if api_key[0] == 'store':
- api_key = password_store.extract(api_key[1])
- else:
- api_key = api_key[1]
- _headers.append(f'{api_header}:{api_key}')
-
- if url_settings.get('redirects'):
- location, location_trusted, max_redirects = url_settings['redirects']
- _options.append(f'--location') if location else None
- _options.append(f'--location-trusted') if location_trusted else None
- _options.append(f'--max-redirs {max_redirects}') if max_redirects else None
-
- if url_settings.get('advanced_settings'):
- allow_beast, cr2lf, no_apln, no_buffering, no_npn, no_sessionid, no_keepalive, \
- path_as_is, tcp_fastopen, tcp_nodelay = url_settings['advanced_settings']
-
- _options.append(f'--ssl-allow-beast') if allow_beast else None
- _options.append(f'--crlf') if cr2lf else None
- _options.append(f'--no-alpn') if no_apln else None
- _options.append(f'--no-buffer') if no_buffering else None
- _options.append(f'--no-npn') if no_npn else None
- _options.append(f'--no-sessionid') if no_sessionid else None
- _options.append(f'--no-keepalive') if no_keepalive else None
- _options.append(f'--path-as-is') if path_as_is else None
- _options.append(f'--tcp-fastopen') if tcp_fastopen else None
- _options.append(f'--tcp-nodelay') if tcp_nodelay else None
-
- if url_settings.get('ip_address_resolution'):
- dns_options = url_settings['ip_address_resolution']
- _options.append(dns_options['dns_resolve_names']) if dns_options.get('dns_resolve_names') else None
- _options.append(f'--dns-interface {dns_options["dns_source_interface"]}') if dns_options.get('dns_source_interface') else None
- _options.append(f'--dns-ipv4-addr {dns_options["dns_source_ipv4"]}') if dns_options.get('dns_source_ipv4') else None
- _options.append(f'--dns-ipv6-addr {dns_options["dns_source_ipv6"]}') if dns_options.get('dns_source_ipv6') else None
- _options.append(f'--dns-servers {",".join(dns_options["dns_servers"])}') if dns_options.get('dns_servers') else None
-
- if url_settings.get('ftp_settings'):
- ftp_options = url_settings['ftp_settings']
- _options.append(f'--compressed-ssh') if ftp_options.get('compressed_ssh') else None
- _options.append(f'--list-only') if ftp_options.get('list_only') else None
- _options.append(f'--use-ascii') if ftp_options.get('use_ascii') else None
- _options.append(f'--ftp-create-dirs') if ftp_options.get('ftp_create_dirs') else None
- _options.append(f'--ftp-account {ftp_options["ftp_account"]}') if ftp_options.get('ftp_account') else None
- _options.append(f'--ftp-alternative-to-user {ftp_options["ftp_alternate_to_user"]}') if ftp_options.get('ftp_alternate_to_user') else None
- _options.append(f'--ftp-method {ftp_options["ftp_change_cwd_method"]}') if ftp_options.get('ftp_change_cwd_method') else None
-
- if ftp_options.get('ftp_mode'):
- ftp_mode = ftp_options['ftp_mode']
- if ftp_mode[0] == 'ftp_pass':
- no_send_epsv, send_pret, skip_ip = ftp_mode[1]
- _options.append(f'--ftp-pasv')
- _options.append(f'--disable-epsv') if no_send_epsv else None
- _options.append(f'--ftp-pret') if send_pret else None
- _options.append(f'--ftp-skip-pasv-ip') if skip_ip else None
- else:
- no_send_eprt, active_address = ftp_options[1]
- _options.append(f'--disable-eprt') if no_send_eprt else None
- _options.append(f'--ftp-port {active_address}') if active_address else None
- if ftp_options.get('ftp_ssl_control'):
- _options.append(f'--ftp-ssl-control')
- ftp_ssl_ccc, ftp_ssl_ccc_mode = ftp_options['ftp_ssl_control']
- if ftp_ssl_ccc:
- _options.append(f'--ftp-ssl-ccc')
- _options.append(f'--ftp-ssl-ccc-mode {ftp_ssl_ccc_mode}')
-
- if url_settings.get('user_auth'):
- if url_settings['user_auth'][0] == 'user_auth':
- user, user_password, user_auth = url_settings['user_auth'][1]
- pw = password_store.extract(user_password[1]) if user_password[0] == 'store' else user_password[1]
- _options.append(f'--user {user}:{pw}')
- _options.append(user_auth)
- elif url_settings['user_auth'][0] == 'priv_key_auth':
- user, pass_phrase, priv_key = url_settings['user_auth'][1]
- pw = password_store.extract(pass_phrase[1]) if pass_phrase[0] == 'store' else pass_phrase[1]
- _options.append(f'--user {user}:')
- _options.append(f'--key {_conf_path}curl/curl_item_{curl_item}.priv_key')
- _options.append(f'--pass {pw}')
- yield PluginConfig(
- base_os=_os,
- lines=[priv_key],
- target=Path(f'curl/curl_item_{curl_item}.priv_key'),
- include_header=False,
- )
-
- if url_settings.get('expected_strings'):
- save_output = True
- yield PluginConfig(
- base_os=_os,
- lines=url_settings['expected_strings'],
- target=Path(f'curl/curl_item_{curl_item}.search_response'),
- include_header=False,
- )
-
- if url_settings.get('header_strings'):
- _options.append(f'--dump-header {_temp_path}curl_header')
- yield PluginConfig(
- base_os=_os,
- lines=url_settings['header_strings'],
- target=Path(f'curl/curl_item_{curl_item}.search_header'),
- include_header=False,
- )
-
- if url_settings.get('cert_verify'):
- pub_md5 = None
- pub_sha256 = None
- pub_key = None
- try: # 2022-03-23: added ssh settings
- insecure, ocsp, no_revoke, cert_chain = url_settings['cert_verify']
- except ValueError: # 2022-03-23: added ssh settings
- insecure, ocsp, no_revoke, cert_chain, pub_md5, pub_sha256, pub_key = url_settings['cert_verify']
-
- _options.append(f'--insecure') if insecure else None
- _options.append(f'--cert-status') if ocsp else None
- _options.append(f'--ssl-no-revoke') if no_revoke else None
- _options.append(f'--hostpubmd5 {pub_md5}') if pub_md5 else None
- _options.append(f'--hostpubsha256 {pub_sha256}') if pub_sha256 else None
-
- if cert_chain:
- cert_chain = cert_chain[cert_chain.find('-----BEGIN CERTIFICATE-----'):]
- yield PluginConfig(
- base_os=_os,
- lines=[cert_chain],
- target=Path(f'curl/curl_item_{curl_item}.ca_cert'),
- include_header=False,
- )
- _options.append(f'--cacert {_conf_path}curl/curl_item_{curl_item}.ca_cert')
-
- if pub_key:
- yield PluginConfig(
- base_os=_os,
- lines=[pub_key],
- target=Path(f'curl/curl_item_{curl_item}.pub_key'),
- include_header=False,
- )
- _options.append(f'--pubkey {_conf_path}curl/curl_item_{curl_item}.pub_key')
-
- if url_settings.get('post_binary'):
- _headers.append(f'content-type: {url_settings["post_binary"][0]}')
- yield PluginConfig(
- base_os=_os,
- lines=[url_settings["post_binary"][1]],
- target=Path(f'curl/curl_item_{curl_item}.post_binary'),
- include_header=False,
- )
- _options.append(f'--data-binary @{_conf_path}curl/curl_item_{curl_item}.post_binary')
-
- if url_settings.get('regex_response'):
- regex_str, no_case, multi_line = url_settings['regex_response']
- if regex_str:
- save_output = True
- yield PluginConfig(
- base_os=_os,
- lines=[regex_str],
- target=Path(f'curl/curl_item_{curl_item}.regex'),
- include_header=False,
- )
- regex_option = 'nocase' if no_case else 'case'
- regex_option += '_multiline' if multi_line else '_nomultiline'
-
- if url_settings.get('mail_settings'):
- mail_options = url_settings['mail_settings']
-
- _options.append(f'--mail-from {mail_options["mail_from"]}') if mail_options.get('mail_from') else None
- _options.append(f'--mail-auth {mail_options["mail_auth"]}') if mail_options.get('mail_auth') else None
- _options.append(f'--request {mail_options["request"]}') if mail_options.get('request') else None
- _options.append(f'--mail-rcpt-allowfails') if mail_options.get('mail_rpct_allowfail') else None
-
- if mail_options.get('mail_rcpt'):
- for address in mail_options['mail_rcpt']:
- _options.append(f'--mail-rcpt {address}')
-
- message = []
- message.append(mail_options['message']) if mail_options.get('message') else None
- if mail_options.get('request_headers'):
- for header, value in mail_options['request_headers']:
- message.append(f'{header}: {value}')
- if message:
- _options.append(f'--upload-file {_conf_path}curl/curl_item_{curl_item}.message')
- yield PluginConfig(
- base_os=_os,
- lines=message,
- target=Path(f'curl/curl_item_{curl_item}.message'),
- include_header=False,
- )
-
- _options.append(f'--output {_temp_path}curl_output') if save_output else _options.append(_curl_output)
-
- if _headers:
- yield PluginConfig(
- base_os=_os,
- lines=_headers,
- target=Path(f'curl/curl_item_{curl_item}.header'),
- include_header=False,
- )
- _options.append(f'--header @{_conf_path}curl/curl_item_{curl_item}.header')
-
- yield PluginConfig(
- base_os=_os,
- lines=_options,
- target=Path(f'curl/curl_item_{curl_item}.options'),
- include_header=True,
- )
-
- url_cfg_lines.append(
- f'{service_name}{field_separator}'
- f'curl_item_{curl_item}{field_separator}'
- f'{regex_option}{field_separator}'
- )
-
- for curl_config in CURL_CONFIGS:
- yield Plugin(
- base_os=curl_config.base_os,
- source=Path(curl_config.plugin_name),
- interval=interval,
- timeout=timeout
- )
- yield PluginConfig(
- base_os=curl_config.base_os,
- lines=url_cfg_lines,
- target=Path('curl.cfg'),
- include_header=False
- )
-
-
-register.bakery_plugin(
- name='curl',
- files_function=get_curl_files,
-)