Merge branch 'develop' into MON-81801

.github/actions/veracode-create-jira-ticket/action.yml

@@ -21,14 +21,15 @@ runs:
     - name: Check if ticket exists already
       id: check_ticket
       run: |
+        # Checking if an incident ticket already exists
         check_if_ticket_exists=$( curl --request POST \
           --url '${{ inputs.jira_base_url }}/rest/api/3/search' \
           --user '${{ inputs.jira_user_email }}:${{ inputs.jira_api_token }}' \
           --header 'Accept: application/json' \
           --header 'Content-Type: application/json' \
           --data '{
             "fields": ["summary"],
-            "jql": "project = MON AND parentEpic = AT-268 AND issueType = Technical AND summary ~ \"PR-${{ github.event.pull_request.number }} incident on ${{ inputs.module_name }}\" AND resolution = unresolved",
+            "jql": "project = MON AND parentEpic = AT-268 AND issueType = Technical AND summary ~ \"PR-${{ github.event.pull_request.number }} incident\" AND component = \"${{ inputs.module_name }}\" AND resolution = unresolved ORDER BY key ASC",
             "maxResults": 1
         }' | jq .issues[0].key )
 
@@ -41,6 +42,7 @@ runs:
     - name: Create Jira Issue
       if: ${{ env.abort_ticket_creation != 'true' }}
       run: |
+        # Creating a new incident ticket on Jira
         DATA=$( cat <<-EOF
         {
           "fields": {

.github/docker/Dockerfile.gorgone-testing-alma8

@@ -2,13 +2,13 @@ FROM almalinux:8
 
 RUN bash -e <<EOF
 
-dnf install -y dnf-plugins-core zstd curl mariadb
+dnf install -y dnf-plugins-core zstd curl mariadb iproute
 dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
 dnf config-manager --set-enabled 'powertools'
 dnf -y config-manager --add-repo https://packages.centreon.com/rpm-standard/23.10/el8/centreon-23.10.repo
 dnf -y clean all --enablerepo=*
 dnf install -y python3.11 python3.11-pip
-pip3.11 install robotframework robotframework-examples
+pip3.11 install robotframework robotframework-examples robotframework-databaselibrary pymysql robotframework-requests
 
 dnf clean all
 

.github/docker/Dockerfile.gorgone-testing-bullseye

@@ -6,7 +6,7 @@ ENV DEBIAN_FRONTEND noninteractive
 RUN bash -e <<EOF
 
 apt-get update
-apt-get install -y locales libcurl4-openssl-dev curl wget zstd jq lsb-release mariadb-client
+apt-get install -y locales libcurl4-openssl-dev curl wget zstd jq lsb-release mariadb-client iproute2
 rm -rf /var/lib/apt/lists/*
 localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
 apt-get clean
@@ -19,7 +19,7 @@ RUN bash -e <<EOF
 apt-get update
 # Install Robotframework
 apt-get install -y python3 python3-dev python3-pip ca-certificates apt-transport-https software-properties-common wget gnupg2
-pip3 install robotframework robotframework-examples
+pip3 install robotframework robotframework-examples robotframework-databaselibrary pymysql robotframework-requests
 
 echo "deb https://packages.centreon.com/apt-standard-23.10-stable/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/centreon.list
 echo "deb https://packages.centreon.com/apt-plugins-stable/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/centreon-plugins.list

.github/workflows/gorgone.yml

@@ -155,7 +155,7 @@ jobs:
         ports:
           - 3306
         env:
-          MYSQL_USER: user
+          MYSQL_USER: centreon
           MYSQL_PASSWORD: password
           MYSQL_ROOT_PASSWORD: password
 
@@ -170,7 +170,7 @@ jobs:
           key: ${{ github.sha }}-${{ github.run_id }}-${{ matrix.package_extension }}-${{ matrix.distrib }}
           fail-on-cache-miss: true
 
-      - name: Install gorgogne
+      - name: Install gorgogne from just built package
         shell: bash
         run: |
           if [[ "${{ matrix.package_extension }}" == "deb" ]]; then
@@ -181,15 +181,29 @@ jobs:
             # this is not the case for debian, and for now I don't know why it was made any different between the 2 Os.
           fi
 
-      - name: Create database
+      - name: Create databases
         run: |
           mysql -h mariadb -u root -ppassword -e "CREATE DATABASE \`centreon\`"
           mysql -h mariadb -u root -ppassword -e "CREATE DATABASE \`centreon-storage\`"
+          mysql -h mariadb -u root -ppassword -e "GRANT ALL PRIVILEGES ON centreon.* TO 'centreon'@'%'"
+          mysql -h mariadb -u root -ppassword -e "GRANT ALL PRIVILEGES ON  \`centreon-storage\`.* TO 'centreon'@'%'"
           mysql -h mariadb -u root -ppassword 'centreon' < centreon/www/install/createTables.sql
           mysql -h mariadb -u root -ppassword 'centreon-storage' < centreon/www/install/createTablesCentstorage.sql
 
       - name: Run tests
-        run: robot centreon-gorgone/tests
+        run: robot -v 'DBHOST:mariadb' -v 'DBNAME:centreon' -v 'DBUSER:centreon' centreon-gorgone/tests
+
+
+      - name: Upload gorgone and robot debug artifacts
+        if: failure()
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: gorgone-debug-${{ matrix.distrib }}
+          path: |
+            log.html
+            /var/log/centreon-gorgone
+            /etc/centreon-gorgone
+          retention-days: 1
 
   deliver-sources:
     runs-on: [self-hosted, common]

centreon-gorgone/contrib/gorgone_key_generation.pl

@@ -0,0 +1,41 @@
+#!/usr/bin/perl
+use strict;
+use warnings FATAL => 'all';
+use Try::Tiny;
+use Crypt::PK::RSA;
+use File::Basename qw( fileparse );
+
+# generate key if there is none.
+# Gorgone can generate it's own key, but as we need the thumbprint in the configuration we need to generate them before launching gorgone.
+# this script only create key if the files don't exists, and silently finish if the files already exists.
+
+my ($privkey, $pubkey);
+
+my $priv_dest =  '/var/lib/centreon-gorgone/.keys/rsakey.priv.pem';
+my $pub_dest = '/var/lib/centreon-gorgone/.keys/rsakey.pub.pem';
+$ARGV[0] and $priv_dest = $ARGV[0];
+$ARGV[1] and $pub_dest = $ARGV[1];
+if (-f $priv_dest or -f $pub_dest){
+    print("files already exist, no overriding is done.\n");
+    exit 0;
+}
+try {
+    my $pkrsa = Crypt::PK::RSA->new();
+    $pkrsa->generate_key(256, 65537);
+    $pubkey  = $pkrsa->export_key_pem('public_x509');
+    $privkey = $pkrsa->export_key_pem('private');
+} catch {
+    die("Cannot generate server keys: $_\n");
+};
+
+my ( $priv_key_name, $priv_folder_name ) = fileparse $priv_dest;
+`mkdir -p $priv_folder_name`;
+open(my $priv_fh, '>', $priv_dest) or die("failed opening $priv_dest : $!");
+print $priv_fh $privkey;
+print "private key saved to file.\n";
+
+my ( $pub_key_name, $pub_folder_name ) = fileparse $pub_dest;
+`mkdir -p $pub_folder_name`;
+open(my $pub_fh, '>', $pub_dest) or die("failed opening $pub_dest : $!");
+print $pub_fh $pubkey;
+print "pub key saved to file.\n";

centreon-gorgone/gorgone/modules/core/action/class.pm

@@ -387,14 +387,14 @@ sub action_command {
         }
 
         if ($self->is_command_authorized(command => $command->{command})) {
-            $self->{logger}->writeLogInfo("[action] command not allowed (whitelist): " . $command->{command});
+            $self->{logger}->writeLogError("[action] command not allowed (whitelist): " . $command->{command});
             $self->send_log(
                 socket => $options{socket_log},
                 code => GORGONE_ACTION_FINISH_KO,
                 token => $options{token},
                 logging => $options{data}->{logging},
                 data => {
-                    message => "command not allowed (whitelist) at array index '" . $index . "'"
+                    message => "command not allowed (whitelist) at array index '$index' : $command->{command}"
                 }
             );
             return -1;
@@ -679,14 +679,14 @@ sub action_actionengine {
     }
 
     if ($self->is_command_authorized(command => $options{data}->{content}->{command})) {
-        $self->{logger}->writeLogInfo("[action] command not allowed (whitelist): " . $options{data}->{content}->{command});
+        $self->{logger}->writeLogError("[action] command not allowed (whitelist): " . $options{data}->{content}->{command});
         $self->send_log(
             socket => $options{socket_log},
             code => GORGONE_ACTION_FINISH_KO,
             token => $options{token},
             logging => $options{data}->{logging},
             data => {
-                message => 'command not allowed (whitelist)'
+                message => 'command not allowed (whitelist)' . $options{data}->{content}->{command}
             }
         );
         return -1;

centreon-gorgone/packaging/centreon-gorgone.yaml

@@ -143,6 +143,11 @@ contents:
     file_info:
       mode: 0750
 
+  - src: "../contrib/gorgone_key_generation.pl"
+    dst: "/usr/local/bin/"
+    file_info:
+      mode: 0750
+
 scripts:
   preinstall: ./scripts/centreon-gorgone-preinstall.sh
   postinstall: ./scripts/centreon-gorgone-postinstall.sh
@@ -183,6 +188,7 @@ overrides:
       - perl(DateTime)
       - perl(Try::Tiny)
       - tar
+      - perl(JSON) # gorgone_key_thumbprint.pl needs the json module, even when json::xs is already installed
   deb:
     depends:   # those dependencies are taken from centreon-gorgone/packaging/debian/control
       - centreon-common
@@ -213,6 +219,7 @@ overrides:
       - libev-perl
       - libzmq-ffi-perl
       - libclone-choose-perl
+      - libjson-perl # gorgone_key_thumbprint.pl needs the json module, even when json::xs is already installed
 
 rpm:
   summary: Centreon gorgone daemon

centreon-gorgone/tests/robot/config/includer.yaml

@@ -0,0 +1,3 @@
+name: config.yaml
+description: Configuration of centreon-gorgone. Use config.d directory to change configuration
+configuration: !include /etc/centreon-gorgone/@UNIQ_ID_FROM_ROBOT_TESTING_CONFIG_FILE@/config.d/*.yaml

centreon-gorgone/tests/robot/config/push_central_config.yaml

@@ -0,0 +1,43 @@
+gorgone:
+  gorgonecore:
+    internal_com_type: ipc
+    internal_com_path: /etc/centreon-gorgone/@UNIQ_ID_FROM_ROBOT_TESTING_CONFIG_FILE@/routing.ipc
+    external_com_type: tcp
+
+    gorgone_db_type: SQLite
+    gorgone_db_name: dbname=/etc/centreon-gorgone/@UNIQ_ID_FROM_ROBOT_TESTING_CONFIG_FILE@/history.sdb
+    id: 1
+    privkey: "/var/lib/centreon-gorgone/.keys/rsakey.priv.pem"
+    pubkey: "/var/lib/centreon-gorgone/.keys/rsakey.pub.pem"
+  modules:
+    - name: proxy
+      package: "gorgone::modules::core::proxy::hooks"
+      enable: true
+
+    - name: nodes
+      package: "gorgone::modules::centreon::nodes::hooks"
+      enable: true
+
+    - name: httpserver
+      package: "gorgone::modules::core::httpserver::hooks"
+      enable: true
+      address: "0.0.0.0"
+      port: "8085"
+      ssl: false
+      auth:
+        enabled: false
+      allowed_hosts:
+        enabled: true
+        subnets:
+          - 127.0.0.1/32
+
+centreon:
+  database:
+    db_configuration:
+      dsn: "mysql:host=@DBHOST@:port=3306;dbname=@DBNAME@"
+      username: "@DBUSER@"
+      password: "@DBPASSWORD@"
+    db_realtime:
+      dsn: "mysql:host=@DBHOST@:port=3306;dbname=centreon_storage"
+      username: "@DBUSER@"
+      password: "@DBPASSWORD@"

centreon-gorgone/tests/robot/config/push_db_1_poller.sql

@@ -0,0 +1,68 @@
+INSERT IGNORE INTO `nagios_server`
+  VALUES
+  (
+    1, 'Central', '1', 1, 1711560733, '127.0.0.1', 
+    '1', '0', 'service centengine start', 
+    'service centengine stop', 'service centengine restart', 
+    'service centengine reload', '/usr/sbin/centengine', 
+    '/usr/sbin/centenginestats', '/var/log/centreon-engine/service-perfdata', 
+    'service cbd reload', '/etc/centreon-broker', 
+    '/usr/share/centreon/lib/centreon-broker', 
+    '/usr/lib64/centreon-connector', 
+    22, '1', 5556, 'centreontrapd', '/etc/snmp/centreon_traps/', 
+    NULL, NULL, NULL, NULL, '1', '0'
+  ), 
+  (
+    2, 'pushpoller', '0', 0, NULL, '127.0.0.1',
+    '1', '0', 'service centengine start', 
+    'service centengine stop', 'service centengine restart', 
+    'service centengine reload', '/usr/sbin/centengine', 
+    '/usr/sbin/centenginestats', '/var/log/centreon-engine/service-perfdata', 
+    'service cbd reload', '/etc/centreon-broker', 
+    '/usr/share/centreon/lib/centreon-broker', 
+    '/usr/lib64/centreon-connector', 
+    22, '1', 5556, 'centreontrapd', '/etc/snmp/centreon_traps/', 
+    NULL, NULL, '/var/log/centreon-broker/', 
+    NULL, '1', '0'
+  );
+INSERT IGNORE INTO `cfg_nagios`
+  VALUES
+  (
+    1, 'Centreon Engine Central', NULL, 
+    '/var/log/centreon-engine/centengine.log', 
+    '/etc/centreon-engine', '/var/log/centreon-engine/status.dat', 
+    60, '1', '1', '1', '1', '1', '1', '1', 
+    4096, '1s', '/var/lib/centreon-engine/rw/centengine.cmd', 
+    '1', '/var/log/centreon-engine/retention.dat', 
+    60, '1', '1', '0', '1', '1', '1', '1', 
+    NULL, '1', '1', NULL, NULL, NULL, 's', 
+    's', 's', 0, 15, 15, 5, '0', NULL, NULL, 
+    '0', '25.0', '50.0', '25.0', '50.0', 
+    '0', 60, 12, 30, 30, '1', '1', '0', NULL, 
+    NULL, '0', NULL, 'euro', 30, '~!$%^&*\"|\'<>?,()=', 
+    '`~$^&\"|\'<>', '0', '0', 'admin@localhost', 
+    'admin@localhost', 'Centreon Engine configuration file for a central instance', 
+    '1', '-1', 1, '1', '1', 15, 15, NULL, 
+    '0', 15, '/var/log/centreon-engine/centengine.debug', 
+    0, '0', '1', 1000000000, 'centengine.cfg', 
+    '1', '0', '', 'log_v2_enabled'
+  ), 
+  (
+    15, 'pushpoller', NULL, '/var/log/centreon-engine/centengine.log', 
+    '/etc/centreon-engine/', '/var/log/centreon-engine/status.dat', 
+    60, '1', '1', '1', '1', '1', '1', '1', 
+    4096, '1s', '/var/lib/centreon-engine/rw/centengine.cmd', 
+    '1', '/var/log/centreon-engine/retention.dat', 
+    60, '1', '0', '0', '1', '1', '1', '1', 
+    '1', '1', '1', NULL, NULL, '0.5', 's', 
+    's', 's', 0, 15, 15, 5, '0', 30, 180, '0', 
+    '25.0', '50.0', '25.0', '50.0', '0', 
+    60, 30, 30, 30, '1', '1', '0', NULL, NULL, 
+    '0', NULL, 'euro', 30, '~!$%^&*\"|\'<>?,()=', 
+    '`~$^&\"|\'<>', '0', '0', 'admin@localhost', 
+    'admin@localhost', 'Centreon Engine config file for a polling instance', 
+    '1', '-1', 2, '1', '1', 15, 15, NULL, 
+    '0', 15, '/var/log/centreon-engine/centengine.debug', 
+    0, '0', '1', 1000000000, 'centengine.cfg', 
+    '1', '0', '', 'log_v2_enabled'
+  );

centreon-gorgone/tests/robot/config/push_db_1_poller_delete.sql

@@ -0,0 +1,2 @@
+delete from cfg_nagios;
+delete from nagios_server;

centreon-gorgone/tests/robot/config/push_poller_config.yaml

@@ -0,0 +1,21 @@
+name:  gorgoned-pushpoller
+description: Configuration for poller pushpoller
+gorgone:
+  gorgonecore:
+    internal_com_type: ipc
+    internal_com_path: /etc/centreon-gorgone/@UNIQ_ID_FROM_ROBOT_TESTING_CONFIG_FILE@/routing.ipc
+    gorgone_db_type: SQLite
+    gorgone_db_name: dbname=/etc/centreon-gorgone/@UNIQ_ID_FROM_ROBOT_TESTING_CONFIG_FILE@/history.sdb
+    id: 2
+    external_com_type: tcp
+    external_com_path: "*:5556"
+    authorized_clients:
+      - key:@KEYTHUMBPRINT@
+
+    privkey: "/var/lib/centreon-gorgone/.keys/rsakey.priv.pem"
+    pubkey: "/var/lib/centreon-gorgone/.keys/rsakey.pub.pem"
+
+  modules:
+    - name: action
+      package: gorgone::modules::core::action::hooks
+      enable: true

centreon-gorgone/tests/robot/resources/import.resource

@@ -4,3 +4,4 @@ Library             Examples
 Library             OperatingSystem
 Library             String
 Resource            resources.resource
+Library             DatabaseLibrary