edit_tag_group,
is_builtin,
load_tag_config,
load_tag_group,
OperationRemoveTagGroup,
RepairError,
save_tag_group,
tag_group_exists,
TagCleanupMode,
update_tag_config,
)
from cmk import fields
PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.hosttags"),
permissions.Optional(permissions.Perm("wato.all_folders")),
])
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.edit"),
permissions.Perm("wato.hosttags"),
permissions.Optional(permissions.Perm("wato.all_folders")),
])
class HostTagGroupName(fields.String):
"""A field representing the host tag group"""
default_error_messages = {
"should_exist": "Host tag group missing: {name!r}",
permissions,
request_schemas,
response_schemas,
)
from cmk.gui.plugins.openapi.restful_objects.parameters import NAME_FIELD
from cmk.gui.plugins.openapi.utils import problem
from cmk.gui.watolib.passwords import (
load_password,
load_password_to_modify,
load_passwords,
Password,
remove_password,
save_password,
)
PERMISSIONS = permissions.Perm("wato.edit_all_passwords")
@Endpoint(
constructors.collection_href("password"),
"cmk/create",
method="post",
request_schema=request_schemas.InputPassword,
etag="output",
response_schema=response_schemas.PasswordObject,
permissions_required=PERMISSIONS,
)
def create_password(params):
"""Create a password"""
body = params["body"]
ident = body["ident"]
RuleObject,
RuleSearchOptions,
)
from cmk.gui.plugins.openapi.restful_objects import constructors, Endpoint, permissions
from cmk.gui.plugins.openapi.restful_objects.constructors import serve_json
from cmk.gui.plugins.openapi.restful_objects.datastructures import denilled
from cmk.gui.plugins.openapi.restful_objects.type_defs import DomainObject
from cmk.gui.plugins.openapi.utils import problem, ProblemException
from cmk.gui.utils import gen_id
from cmk.gui.utils.escaping import strip_tags
from cmk.gui.watolib.changes import add_change
from cmk.gui.watolib.hosts_and_folders import CREFolder
from cmk.gui.watolib.rulesets import AllRulesets, FolderRulesets, Rule, RuleConditions, Ruleset
PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.rulesets"),
permissions.Optional(permissions.Perm("wato.all_folders")),
])
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.edit"),
*PERMISSIONS.perms,
])
# NOTE: This is a dataclass and no namedtuple because it needs to be mutable. See `move_rule_to`
@dataclasses.dataclass
class RuleEntry:
rule: Rule
ruleset: Ruleset
all_rulesets: AllRulesets
def _serialized_signed_cert(csr: CertificateSigningRequest) -> str:
return _get_root_ca().sign_csr(csr).public_bytes(Encoding.PEM).decode()
@Endpoint(
"/root_cert",
"cmk/show",
method="get",
tag_group="Checkmk Internal",
additional_status_codes=[403],
status_descriptions={
403: _403_STATUS_DESCRIPTION,
},
permissions_required=permissions.Perm("general.agent_pairing"),
response_schema=response_schemas.X509PEM,
)
def root_cert(param: Mapping[str, Any]) -> Response:
"""X.509 PEM-encoded root certificate"""
if not _user_is_authorized():
raise ProblemException(
status=403,
title=_403_STATUS_DESCRIPTION,
)
return constructors.serve_json(
{
"cert": _serialized_root_cert(),
}
)
BAKE_AGENT_PARAM = {
BAKE_AGENT_PARAM_NAME:
fields.Boolean(
load_default=False,
required=False,
example=False,
description=
("Tries to bake the agents for the just created hosts. This process is started in the "
"background after configuring the host. Please note that the backing may take some "
"time and might block subsequent API calls. "
"This only works when using the Enterprise Editions."),
)
}
PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.manage_hosts"),
permissions.Optional(permissions.Perm("wato.all_folders")),
])
@Endpoint(
constructors.collection_href("host_config"),
"cmk/create",
method="post",
etag="output",
request_schema=request_schemas.CreateHost,
response_schema=response_schemas.HostConfigSchema,
query_params=[BAKE_AGENT_PARAM],
permissions_required=PERMISSIONS,
)
def create_host(params):
permissions,
request_schemas,
response_schemas,
)
from cmk.gui.plugins.openapi.restful_objects.parameters import NAME_FIELD
from cmk.gui.watolib.groups import add_group, edit_group
@Endpoint(
constructors.collection_href("host_group_config"),
"cmk/create",
method="post",
etag="output",
request_schema=request_schemas.InputHostGroup,
response_schema=response_schemas.HostGroup,
permissions_required=permissions.Perm("wato.groups"),
)
def create(params):
"""Create a host group"""
body = params["body"]
name = body["name"]
group_details = {"alias": body.get("alias")}
if version.is_managed_edition():
group_details = update_customer_info(group_details, body["customer"])
add_group(name, "host", group_details)
group = fetch_group(name, "host")
return serve_group(group, serialize_group("host_group_config"))
@Endpoint(
constructors.domain_type_action_href("host_group_config", "bulk-create"),
@Endpoint(
constructors.object_action_href(
"host_config",
"{host_name}",
action_name="link_uuid",
),
"cmk/link_uuid",
method="put",
tag_group="Checkmk Internal",
additional_status_codes=[401],
status_descriptions={
401: "You do not have the permissions to edit this host.",
},
path_params=[HOST_NAME],
request_schema=request_schemas.LinkHostUUID,
permissions_required=permissions.Perm("wato.all_folders"),
output_empty=True,
)
def link_with_uuid(params) -> Response:
"""Link a host to a UUID"""
with may_fail(MKAuthException):
host = _check_host_editing_permissions(host_name := params["host_name"])
_link_with_uuid(
host_name,
host,
params["body"]["uuid"],
)
return Response(status=204)
tag_group="Setup",
path_params=[{
"host_name":
gui_fields.HostField(
description="The host of the service which shall be updated.",
example="example.com",
),
}],
status_descriptions={
404: "Host could not be found",
},
request_schema=UpdateDiscoveryPhase,
permissions_required=permissions.AnyPerm([
permissions.Optional(
permissions.AnyPerm([
permissions.Perm("wato.service_discovery_to_monitored"),
permissions.Perm("wato.service_discovery_to_ignored"),
permissions.Perm("wato.service_discovery_to_undecided"),
permissions.Perm("wato.service_discovery_to_removed"),
])),
]),
)
def update_service_phase(params) -> Response:
"""Update the phase of a service"""
body = params["body"]
host = Host.load_host(params["host_name"])
target_phase = body["target_phase"]
check_type = body["check_type"]
service_item = body["service_item"]
_update_single_service_phase(
SERVICE_DISCOVERY_PHASES[target_phase],
request_schemas,
)
from cmk.gui.plugins.openapi.utils import ProblemException
from cmk import fields
SERVICE_DESCRIPTION = {
"service_description":
fields.String(
description="The service description.",
example="Memory",
)
}
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("action.acknowledge"),
permissions.Ignore(
permissions.AnyPerm([
permissions.Perm("general.see_all"),
permissions.Perm("bi.see_all"),
permissions.Perm("mkeventd.seeall"),
])),
])
@Endpoint(
constructors.collection_href("acknowledge", "host"),
"cmk/create",
method="post",
tag_group="Monitoring",
skip_locking=True,
edit_tag_group,
is_builtin,
load_tag_config,
load_tag_group,
OperationRemoveTagGroup,
RepairError,
save_tag_group,
tag_group_exists,
TagCleanupMode,
update_tag_config,
)
from cmk import fields
PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.hosttags"),
permissions.Optional(permissions.Perm("wato.all_folders")),
])
class HostTagGroupName(fields.String):
"""A field representing the host tag group"""
default_error_messages = {
"should_exist": "Host tag group missing: {name!r}",
}
def _validate(self, value):
super()._validate(value)
if not tag_group_exists(value, builtin_included=True):
request_schemas,
response_schemas,
)
from cmk.gui.plugins.openapi.restful_objects.parameters import NAME_FIELD
from cmk.gui.plugins.openapi.utils import problem
from cmk.gui.watolib.passwords import (
load_password,
load_password_to_modify,
load_passwords,
Password,
remove_password,
save_password,
)
PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.passwords"),
permissions.Optional(permissions.Perm("wato.edit_all_passwords")),
])
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.edit"),
permissions.Perm("wato.passwords"),
permissions.Optional(permissions.Perm("wato.edit_all_passwords")),
])
@Endpoint(
constructors.collection_href("password"),
"cmk/create",
method="post",
request_schema=request_schemas.InputPassword,
permissions,
request_schemas,
response_schemas,
)
from cmk.gui.plugins.openapi.restful_objects.parameters import NAME_FIELD
from cmk.gui.plugins.openapi.utils import ProblemException
from cmk.gui.watolib.timeperiods import (
load_timeperiod,
load_timeperiods,
save_timeperiod,
save_timeperiods,
)
TIME_RANGE = Tuple[str, str]
PERMISSIONS = permissions.Perm("wato.timeperiods")
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.edit"),
PERMISSIONS,
])
@Endpoint(
constructors.collection_href("time_period"),
"cmk/create",
method="post",
etag="output",
request_schema=request_schemas.InputTimePeriod,
response_schema=response_schemas.DomainObject,
permissions_required=RW_PERMISSIONS,
navigation_bar_icons: Literal["show", "hide"]
mega_menu_icons: Literal["topic", "entry"]
show_mode: Literal["default", "default_show_less", "default_show_more",
"enforce_show_more"]
class InternalInterfaceAttributes(TypedDict, total=False):
ui_theme: Optional[Literal["modern-dark", "facelift"]]
ui_sidebar_position: Optional[Literal["left"]]
nav_hide_icons_title: Optional[Literal["hide"]]
icons_per_item: Optional[Literal["entry"]]
show_mode: Optional[Literal["default_show_less", "default_show_more",
"enforce_show_more"]]
PERMISSIONS = permissions.Perm("wato.users")
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.edit"),
PERMISSIONS,
])
@Endpoint(
constructors.object_href("user_config", "{username}"),
"cmk/show",
method="get",
path_params=[USERNAME],
etag="output",
response_schema=response_schemas.UserObject,
permissions_required=PERMISSIONS,
serialize_group_list,
serve_group,
update_customer_info,
update_groups,
updated_group_details,
)
from cmk.gui.plugins.openapi.restful_objects import (
constructors,
Endpoint,
permissions,
request_schemas,
response_schemas,
)
from cmk.gui.plugins.openapi.restful_objects.parameters import NAME_FIELD
PERMISSIONS = permissions.Perm("wato.groups")
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.edit"),
PERMISSIONS,
])
@Endpoint(
constructors.collection_href("service_group_config"),
"cmk/create",
method="post",
etag="output",
request_schema=request_schemas.InputServiceGroup,
response_schema=response_schemas.DomainObject,
permissions_required=RW_PERMISSIONS,
RuleObject,
RuleSearchOptions,
)
from cmk.gui.plugins.openapi.restful_objects import constructors, Endpoint, permissions
from cmk.gui.plugins.openapi.restful_objects.constructors import serve_json
from cmk.gui.plugins.openapi.restful_objects.type_defs import DomainObject
from cmk.gui.plugins.openapi.utils import problem
from cmk.gui.utils import gen_id
from cmk.gui.utils.escaping import strip_tags
from cmk.gui.watolib import add_change, make_diff_text
from cmk.gui.watolib.rulesets import RuleConditions
# TODO: move a rule within a ruleset
PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.rulesets"),
permissions.Optional(permissions.Perm("wato.all_folders")),
])
@Endpoint(
constructors.collection_href("rule"),
"cmk/create",
method="post",
etag="output",
request_schema=InputRuleObject,
response_schema=RuleObject,
permissions_required=PERMISSIONS,
)
def create_rule(param):
"""Create rule"""
endpoint,
Endpoint,
permissions,
request_schemas,
response_schemas,
)
from cmk.gui.plugins.openapi.restful_objects.parameters import NAME_FIELD
from cmk.gui.watolib.groups import (
add_group,
check_modify_group_permissions,
delete_group,
edit_group,
load_contact_group_information,
)
PERMISSIONS = permissions.Perm("wato.users")
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.edit"),
PERMISSIONS,
])
@Endpoint(
constructors.collection_href("contact_group_config"),
"cmk/create",
method="post",
etag="output",
request_schema=request_schemas.InputContactGroup,
response_schema=response_schemas.DomainObject,
permissions_required=RW_PERMISSIONS,
from cmk import fields
ACTIVATION_ID = {
"activation_id":
fields.String(
description="The activation-id.",
example="d3b07384d113e0ec49eaa6238ad5ff00",
required=True,
),
}
# NOTE: These are not needed for the activation of changes, but are asked for different queries
RO_PERMISSIONS = permissions.Ignore(
permissions.AnyPerm([
permissions.Perm("general.see_all"),
permissions.Perm("bi.see_all"),
permissions.Perm("mkeventd.seeall"),
]), )
PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.activate"),
RO_PERMISSIONS, # to make perm system happy
])
@Endpoint(
constructors.domain_type_action_href("activation_run", "activate-changes"),
"cmk/activate",
method="post",
status_descriptions={
# | |_| \_\\__,_|_|\___||___/ |
# | |
# +----------------------------------------------------------------------+
class BIRuleEndpointSchema(BIRuleSchema):
pack_id = ReqString(
dump_default="",
example="pack1",
description="The identifier of the BI pack.",
)
RO_PERMISSIONS = permissions.AllPerm(
[
permissions.Perm("wato.bi_rules"),
permissions.Ignore(
permissions.AnyPerm(
[
permissions.Perm("bi.see_all"),
permissions.Perm("general.see_all"),
permissions.Perm("mkeventd.seeall"),
]
)
),
]
)
RW_BI_RULES_PERMISSION = permissions.AllPerm(
[
permissions.Perm("wato.edit"),
}
HOST_NAME_SHOW = {
"host_name":
gui_fields.HostField(
description=
"The host name. No exception is raised when the specified host name does not exist",
should_exist=None, # we do not care
example="example.com",
required=False,
)
}
PERMISSIONS = permissions.Ignore(
permissions.AnyPerm([
permissions.Perm("general.see_all"),
permissions.Perm("bi.see_all"),
permissions.Perm("mkeventd.seeall"),
]))
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("action.downtimes"),
PERMISSIONS,
])
class DowntimeParameter(BaseSchema):
query = gui_fields.query_field(Downtimes, required=False)
@Endpoint(
RulesetSearchOptions,
)
from cmk.gui.plugins.openapi.restful_objects import constructors, Endpoint, permissions
from cmk.gui.plugins.openapi.restful_objects.constructors import serve_json
from cmk.gui.plugins.openapi.restful_objects.type_defs import DomainObject
from cmk.gui.plugins.openapi.utils import problem, ProblemException
from cmk.gui.utils.escaping import strip_tags
from cmk.gui.watolib.rulesets import (
AllRulesets,
FolderRulesets,
Ruleset,
SearchedRulesets,
SingleRulesetRecursively,
)
PERMISSIONS = permissions.Perm("wato.rulesets")
@Endpoint(
constructors.collection_href(domain_type="ruleset"),
".../collection",
method="get",
query_params=[RulesetSearchOptions],
response_schema=RulesetCollection,
permissions_required=PERMISSIONS,
)
def list_rulesets(param):
"""Search rule sets"""
user.need_permission("wato.rulesets")
all_sets = FolderRulesets(
param["folder"]) if param.get("folder") else AllRulesets()
from cmk import fields
PATH_FOLDER_FIELD = {
"folder":
gui_fields.FolderField(
description=
("The path of the folder being requested. Please be aware that slashes can't "
"be used in the URL. Also, escaping the slashes via %2f will not work. Please "
"replace the path delimiters with the tilde character `~`."),
example="~my~fine~folder",
required=True,
)
}
RW_PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.edit"),
permissions.Perm("wato.manage_folders"),
# If a folder to be deleted still contains hosts, the mange_hosts permission is required.
permissions.Optional(permissions.Perm("wato.manage_hosts")),
permissions.Optional(permissions.Perm("wato.all_folders")),
])
UPDATE_PERMISSIONS = permissions.AllPerm([
permissions.Perm("wato.edit"),
permissions.Perm("wato.edit_folders"),
permissions.Optional(permissions.Perm("wato.all_folders")),
])
@Endpoint(
constructors.collection_href("folder_config"),
"""
sites = fields.List(
gui_fields.SiteField(),
description="Restrict the query to this particular site.",
load_default=[],
)
query = gui_fields.query_field(Hosts, required=False)
columns = gui_fields.column_field(Hosts, mandatory=[Hosts.name], example=["name"])
PERMISSIONS = permissions.Ignore(
permissions.AnyPerm(
[
permissions.Perm("general.see_all"),
permissions.Perm("bi.see_all"),
permissions.Perm("mkeventd.seeall"),
]
)
)
@Endpoint(
constructors.collection_href("host"),
".../collection",
method="get",
tag_group="Monitoring",
blacklist_in=["swagger-ui"],
query_params=[HostParameters],
response_schema=response_schemas.DomainObjectCollection,
PATH_FOLDER_FIELD = {
"folder": gui_fields.FolderField(
description=(
"The path of the folder being requested. Please be aware that slashes can't "
"be used in the URL. Also, escaping the slashes via %2f will not work. Please "
"replace the path delimiters with the tilde character `~`."
),
example="~my~fine~folder",
required=True,
)
}
CREATE_DELETE_PERMISSIONS = permissions.AllPerm(
[
permissions.Perm("wato.manage_folders"),
permissions.Optional(permissions.Perm("wato.all_folders")),
]
)
UPDATE_PERMISSIONS = permissions.AllPerm(
[
permissions.Perm("wato.edit_folders"),
permissions.Optional(permissions.Perm("wato.all_folders")),
],
)
@Endpoint(
constructors.collection_href("folder_config"),
"cmk/create",
