sdepassio · sdepassio · Dec 6, 2023 · May 13, 2024 · May 14, 2024 · May 14, 2024
diff --git a/.github/packaging/centreon-plugin.yaml.template b/.github/packaging/centreon-plugin.yaml.template
@@ -47,6 +47,7 @@ overrides:
       perl(Storable),
       perl(POSIX),
       perl(Encode),
+      perl(XML::LibXML),
       @RPM_DEPENDENCIES@
     ]
     conflicts:
@@ -72,6 +73,7 @@ overrides:
       libcrypt-argon2-perl,
       libkeepass-reader-perl,
       libdatetime-perl,
+      libxml-libxml-perl,
       @DEB_DEPENDENCIES@
     ]
     conflicts:

diff --git a/.github/scripts/test-all-plugins.py b/.github/scripts/test-all-plugins.py
@@ -1,4 +1,5 @@
 #!/usr/bin/env python3
+import glob
 import subprocess
 import sys
 import os
@@ -87,6 +88,10 @@ def remove_plugin(plugin, archi):
         else:
             print(f"Unknown architecture, expected deb or rpm, got {archi}. Exiting.")
             exit(1)
+    # Remove cache files
+    tmp_files = glob.glob('/tmp/centreon_*')
+    for file in tmp_files:
+        os.remove(file)
     return output_status
 
 

diff --git a/src/apps/hashicorp/vault/restapi/custom/api.pm b/src/apps/hashicorp/vault/restapi/custom/api.pm
@@ -50,6 +50,7 @@ sub new {
             'proto:s'                => { name => 'proto' },
             'warning-http-status:s'  => { name => 'warning_http_status' },
             'auth-method:s'          => { name => 'auth_method', default => 'token' },
+            'auth-path:s'            => { name => 'auth_path' },
             'auth-settings:s%'       => { name => 'auth_settings' },
             'unknown-http-status:s'  => { name => 'unknown_http_status' },
             'vault-token:s'          => { name => 'vault_token'}
@@ -80,6 +81,10 @@ sub check_options {
         $self->{output}->option_exit();
     };
 
+    if (defined($options{option_results}->{auth_path})) {		
+        $self->{auth_path} = lc($options{option_results}->{auth_path});
+    };
+
     $self->{hostname} = (defined($self->{option_results}->{hostname})) ? $self->{option_results}->{hostname} : '';
     $self->{port} = (defined($self->{option_results}->{port})) ? $self->{option_results}->{port} : 8200;
     $self->{proto} = (defined($self->{option_results}->{proto})) ? $self->{option_results}->{proto} : 'http';
@@ -151,7 +156,10 @@ sub get_access_token {
         my $decoded;
         my $login = $self->parse_auth_method(method => $self->{auth_method}, settings => $self->{auth_settings});
         my $post_json = JSON::XS->new->utf8->encode($login);
-        my $url_path = '/' . $self->{api_version} . '/auth/'. $self->{auth_method} . '/login/';
+        if (!defined($self->{auth_path}) || $self->{auth_path} eq '') {
+            $self->{auth_path} = $self->{auth_method};
+        }
+        my $url_path = '/' . $self->{api_version} . '/auth/'. $self->{auth_path} . '/login/';
         $url_path .= $self->{auth_settings}->{username} if (defined($self->{auth_settings}->{username}) && $self->{auth_method} =~ 'userpass|login') ;
 
         my $content = $self->{http}->request(
@@ -284,6 +292,12 @@ Specify the Vault authentication specific settings.
 Syntax: --auth-settings='<setting>=<value>'.Example for the 'userpass' method:
 --auth-method='userpass' --auth-settings='username=my_account' --auth-settings='password=my_password'
 
+=item B<--auth-path>
+
+Authentication path for 'userpass'. Is an optional setting.
+
+More information here: https://developer.hashicorp.com/vault/docs/auth/userpass#configuration
+
 =item B<--timeout>
 
 Set timeout in seconds (default: 10).

diff --git a/src/centreon/plugins/passwordmgr/hashicorpvault.pm b/src/centreon/plugins/passwordmgr/hashicorpvault.pm
@@ -45,6 +45,7 @@ sub new {
 
     $options{options}->add_options(arguments => {
         'auth-method:s'    => { name => 'auth_method', default => 'token' },
+        'auth-path:s'      => { name => 'auth_path' },
         'auth-settings:s%' => { name => 'auth_settings' },
         'map-option:s@'    => { name => 'map_option' },
         'secret-path:s@'   => { name => 'secret_path' },
@@ -66,7 +67,10 @@ sub get_access_token {
     my $decoded;
     my $login = $self->parse_auth_method(method => $self->{auth_method}, settings => $self->{auth_settings});
     my $post_json = JSON::XS->new->utf8->encode($login);
-    my $url_path = '/v1/auth/'. $self->{auth_method} . '/login/';
+    if (!defined($self->{auth_path}) || $self->{auth_path} eq '') {
+        $self->{auth_path} = $self->{auth_method};
+    }
+    my $url_path = '/v1/auth/'. $self->{auth_path} . '/login/';
     $url_path .= $self->{auth_settings}->{username} if (defined($self->{auth_settings}->{username}) && $self->{auth_method} =~ 'userpass|login') ;
 
     my $content = $self->{http}->request(
@@ -145,6 +149,10 @@ sub settings {
         $self->{output}->option_exit();
     }
 
+    if (defined($options{option_results}->{auth_path})) {		
+        $self->{auth_path} = lc($options{option_results}->{auth_path});
+    }
+
     $self->{auth_method} = lc($options{option_results}->{auth_method});
     $self->{auth_settings} = defined($options{option_results}->{auth_settings}) && $options{option_results}->{auth_settings} ne '' ? $options{option_results}->{auth_settings} : {};
     $self->{vault_address} = $options{option_results}->{vault_address};
@@ -277,6 +285,12 @@ Can be: 'http', 'https' (default: http).
 Authentication method to log in against the Vault server.
 Can be: 'azure', 'cert', 'github', 'ldap', 'okta', 'radius', 'userpass' (default: 'token');
 
+=item B<--auth-path>
+
+Authentication path for 'userpass'. Is an optional setting.
+
+More information here: https://developer.hashicorp.com/vault/docs/auth/userpass#configuration
+
 =item B<--vault-token>
 
 Directly specify a valid token to log in (only for --auth-method='token').

diff --git a/tests/resources/resources.resource b/tests/resources/resources.resource
@@ -18,6 +18,6 @@ Start Mockoon
     ...    ${MOCKOON_JSON}
     ...    --port
     ...    3000
-    Sleep    5s
+    Sleep    10s
 Stop Mockoon
     Terminate All Processes
diff --git a/tests/resources/spellcheck/stopwords.t b/tests/resources/spellcheck/stopwords.t
@@ -1,4 +1,5 @@
 --add-sysdesc
+--api-version
 --display-transform-dst
 --display-transform-src
 --exclude-fs
@@ -22,6 +23,8 @@ df
 eth
 Fortigate
 Fortinet
+HashiCorp
+hashicorpvault
 ifAlias
 ifDesc
 ifName
@@ -30,10 +33,12 @@ in-mcast
 in-ucast
 interface-dsl-name
 IpAddr
+ldap
 license-instances-usage-prct
 MBean
 NagVis
 OID
+okta
 oneaccess-sys-mib
 out-bcast
 out-mcast
@@ -52,6 +57,9 @@ topic-messages-inflighted
 total-oper-down
 total-oper-up
 uptime
+userpass
 VDSL2
 Veeam
+v1
+v2
 WSMAN
diff --git a/tests/robot/apps/protocols/snmp/hashicorp-password-manager.robot b/tests/robot/apps/protocols/snmp/hashicorp-password-manager.robot
@@ -0,0 +1,47 @@
+*** Settings ***
+Resource            ${CURDIR}${/}..${/}..${/}..${/}..${/}resources/import.resource
+Suite Setup         Start Mockoon    ${MOCKOON_JSON}
+Suite Teardown      Stop Mockoon
+Test Timeout        120s
+
+
+*** Variables ***
+${MOCKOON_JSON}         ${CURDIR}${/}vault-authentication-hashicorp.json
+
+${CMD}                  ${CENTREON_PLUGINS} --plugin apps::protocols::snmp::plugin --hostname=127.0.0.1
+
+
+*** Test Cases ***
+check hashicorp vault manager${Name}
+    [Documentation]    Check hashicorp vaultmanager
+    [Tags]    snmp    vault
+    ${cmd_hashicorp}    Catenate
+    ...    ${CMD}
+    ...    --pass-manager=hashicorpvault
+    ...    --vault-address=127.0.0.1
+    ...    --vault-port=3000
+    ...    --vault-protocol=http
+    ...    --auth-method=userpass
+    ...    --auth-settings="username=hcvaultuser"
+    ...    --secret-path="path/of/the/secret"
+    ...    --snmp-port=2024
+    ...    --map-option="snmp_community=\\%{value_path/of/the/secret}"
+    ...    --mode=string-value
+    ...    --snmp-version=2c
+    ...    --snmp-community=apps/protocols/snmp/snmp-single-oid
+    ...    --oid='.1.3.6.1.2.1.1.1.0' ${path-param}
+    ...    --format-ok='current value is: \\%{details_ok}'
+    ...    --format-details-warning='current value is: \\%{details_warning}'
+    ...    --format-details-critical='current value is: \\%{details_critical}'
+    ${output}    Run
+    ...    ${cmd_hashicorp}
+    ${output}    Strip String    ${output}
+    Should Be Equal As Strings
+    ...    ${output}
+    ...    ${result}
+    ...    ${cmd_hashicorp}\n\n Wrong output result for hashicorp auth manager on snmp generic plugin, output got :\n${output} \nExpected : \n ${result}\n
+
+    Examples:    Name    path-param    result   --
+    ...    default path    --auth-path='' --auth-settings="password=secrethashicorpPassword"    OK: current value is: Linux centreon-devbox 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64
+    ...    wrong path    --auth-path='specific-url' --auth-settings="password=secrethashicorpPassword"    OK: current value is: Linux centreon-devbox 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64
+    ...    wrong password    --auth-path='' --auth-settings="password=WrongPassword"    UNKNOWN: 401 Unauthorized
diff --git a/tests/robot/apps/protocols/snmp/snmp-single-oid.snmpwalk b/tests/robot/apps/protocols/snmp/snmp-single-oid.snmpwalk
@@ -0,0 +1 @@
+.1.3.6.1.2.1.1.1.0 = STRING: "Linux centreon-devbox 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		.1.3.6.1.2.1.1.1.0 = STRING: "Linux centreon-devbox 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64"