-
Notifications
You must be signed in to change notification settings - Fork 56
/
Copy pathrules.py
268 lines (231 loc) · 7.98 KB
/
rules.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
# Copyright: (c) 2023, Lars Getwan <lars.getwan@checkmk.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = """
name: rules
author: Lars Getwan (@lgetwan)
version_added: "3.5.0"
short_description: Get a list rules
description:
- Returns a list of Rules
options:
server_url:
description: URL of the Checkmk server.
required: True
vars:
- name: ansible_lookup_checkmk_server_url
env:
- name: ANSIBLE_LOOKUP_CHECKMK_SERVER_URL
ini:
- section: checkmk_lookup
key: server_url
site:
description: Site name.
required: True
vars:
- name: ansible_lookup_checkmk_site
env:
- name: ANSIBLE_LOOKUP_CHECKMK_SITE
ini:
- section: checkmk_lookup
key: site
automation_user:
description: Automation user for the REST API access.
required: True
vars:
- name: ansible_lookup_checkmk_automation_user
env:
- name: ANSIBLE_LOOKUP_CHECKMK_AUTOMATION_USER
ini:
- section: checkmk_lookup
key: automation_user
automation_secret:
description: Automation secret for the REST API access.
required: True
vars:
- name: ansible_lookup_checkmk_automation_secret
env:
- name: ANSIBLE_LOOKUP_CHECKMK_AUTOMATION_SECRET
ini:
- section: checkmk_lookup
key: automation_secret
validate_certs:
description: Whether or not to validate TLS certificates.
type: boolean
required: False
default: True
vars:
- name: ansible_lookup_checkmk_validate_certs
env:
- name: ANSIBLE_LOOKUP_CHECKMK_VALIDATE_CERTS
ini:
- section: checkmk_lookup
key: validate_certs
ruleset:
description: The ruleset name.
required: True
description_regex:
description: A regex to filter for certain descriptions.
required: False
default: ""
comment_regex:
description: A regex to filter for certain comment strings.
required: False
default: ""
folder_regex:
description: A regex to filter for certain folders.
required: False
default: ""
notes:
- Like all lookups, this runs on the Ansible controller and is unaffected by other keywords such as 'become'.
If you need to use different permissions, you must change the command or run Ansible as another user.
- Alternatively, you can use a shell/command task that runs against localhost and registers the result.
- The directory of the play is used as the current working directory.
- It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section!
This is a limitation of Ansible itself.
"""
EXAMPLES = """
- name: Get all rules of the ruleset host_groups
ansible.builtin.debug:
msg: "Rule: {{ item.extensions }}"
loop: "{{
lookup('checkmk.general.rules',
ruleset='host_groups',
server_url=server_url,
site=site,
automation_user=automation_user,
automation_secret=automation_secret,
validate_certs=False
)
}}"
loop_control:
label: "{{ item.id }}"
- name: Get all rules of the ruleset host_groups in folder /test
ansible.builtin.debug:
msg: "Rule: {{ item.extensions }}"
loop: "{{
lookup('checkmk.general.rules',
ruleset='host_groups',
folder_regex='^/test$',
server_url=server_url,
site=site,
automation_user=automation_user,
automation_secret=automation_secret,
validate_certs=False
)
}}"
loop_control:
label: "{{ item.id }}"
- name: actice_checks:http rules that match a certain description AND comment
ansible.builtin.debug:
msg: "Rule: {{ item.extensions }}"
loop: "{{
lookup('checkmk.general.rules',
ruleset='actice_checks:http',
description_regex='foo.*bar',
comment_regex='xmas-edition',
server_url=server_url,
site=site,
automation_user=automation_user,
automation_secret=automation_secret,
validate_certs=False
)
}}"
loop_control:
label: "{{ item.id }}"
- name: "Use variables outside the module call."
ansible.builtin.debug:
msg: "Rule: {{ item.extensions }}"
vars:
ansible_lookup_checkmk_server_url: "http://myserver/"
ansible_lookup_checkmk_site: "mysite"
ansible_lookup_checkmk_automation_user: "myuser"
ansible_lookup_checkmk_automation_secret: "mysecret"
ansible_lookup_checkmk_validate_certs: false
loop: "{{
lookup('checkmk.general.rules', ruleset='host_groups') }}"
loop_control:
label: "{{ item.id }}"
"""
RETURN = """
_list:
description:
- A list of all rules of a particular ruleset
type: list
elements: str
"""
import json
import re
from ansible.errors import AnsibleError
from ansible.plugins.lookup import LookupBase
from ansible_collections.checkmk.general.plugins.module_utils.lookup_api import (
CheckMKLookupAPI,
)
class LookupModule(LookupBase):
def run(self, terms, variables, **kwargs):
regex_params = {}
self.set_options(var_options=variables, direct=kwargs)
ruleset = self.get_option("ruleset")
regex_params["description"] = self.get_option("description_regex")
regex_params["comment"] = self.get_option("comment_regex")
regex_params["folder"] = self.get_option("folder_regex")
server_url = self.get_option("server_url")
site = self.get_option("site")
user = self.get_option("automation_user")
secret = self.get_option("automation_secret")
validate_certs = self.get_option("validate_certs")
site_url = server_url + "/" + site
api = CheckMKLookupAPI(
site_url=site_url,
user=user,
secret=secret,
validate_certs=validate_certs,
)
parameters = {
"ruleset_name": ruleset,
}
response = json.loads(api.get("/domain-types/rule/collections/all", parameters))
if "code" in response:
raise AnsibleError(
"Received error for %s - %s: %s"
% (
response.get("url", ""),
response.get("code", ""),
response.get("msg", ""),
)
)
rule_list = response.get("value")
log = []
log.append("PARAMS: %s" % str(regex_params))
for what, regex in regex_params.items():
try:
if regex:
log.append("ITEMS: %s" % str((what, regex)))
def _rule_attribute(rule, what, regex):
if what == "folder":
log.append(
"Folder: %s regex: %s"
% (rule.get("extensions", {}).get("folder", ""), regex)
)
return rule.get("extensions", {}).get("folder", "")
return (
rule.get("extensions", {})
.get("properties", {})
.get(what, "")
)
rule_list = [
r
for r in rule_list
if re.search(
regex,
_rule_attribute(r, what, regex),
)
]
except re.error as e:
raise AnsibleError(
"Invalid regex for %s, pattern: %s, position: %s error: %s"
% (what, e.pattern, e.pos, e.msg)
)
# return [log]
return [rule_list]