diff --git a/centreon-plugins/apps/wazuh/restapi/custom/api.pm b/centreon-plugins/apps/wazuh/restapi/custom/api.pm index 3793a1e33..5a9d956d6 100644 --- a/centreon-plugins/apps/wazuh/restapi/custom/api.pm +++ b/centreon-plugins/apps/wazuh/restapi/custom/api.pm @@ -23,7 +23,9 @@ package apps::wazuh::restapi::custom::api; use strict; use warnings; use centreon::plugins::http; +use centreon::plugins::statefile; use JSON::XS; +use Digest::MD5; sub new { my ($class, %options) = @_; @@ -41,18 +43,23 @@ sub new { if (!defined($options{noptions})) { $options{options}->add_options(arguments => { - 'hostname:s@' => { name => 'hostname' }, - 'username:s@' => { name => 'username' }, - 'password:s@' => { name => 'password' }, - 'timeout:s@' => { name => 'timeout' }, - 'port:s@' => { name => 'port' }, - 'proto:s@' => { name => 'proto' } + 'hostname:s' => { name => 'hostname' }, + 'username:s' => { name => 'username' }, + 'password:s' => { name => 'password' }, + 'token:s' => { name => 'token' }, + 'timeout:s' => { name => 'timeout' }, + 'port:s' => { name => 'port' }, + 'proto:s' => { name => 'proto' }, + 'unknown-http-status:s' => { name => 'unknown_http_status' }, + 'warning-http-status:s' => { name => 'warning_http_status' }, + 'critical-http-status:s' => { name => 'critical_http_status' } }); } $options{options}->add_help(package => __PACKAGE__, sections => 'REST API OPTIONS', once => 1); $self->{output} = $options{output}; $self->{http} = centreon::plugins::http->new(%options); + $self->{cache} = centreon::plugins::statefile->new(%options); return $self; } @@ -68,23 +75,35 @@ sub set_defaults {} sub check_options { my ($self, %options) = @_; - $self->{hostname} = (defined($self->{option_results}->{hostname})) ? shift(@{$self->{option_results}->{hostname}}) : undef; - $self->{username} = (defined($self->{option_results}->{username})) ? shift(@{$self->{option_results}->{username}}) : ''; - $self->{password} = (defined($self->{option_results}->{password})) ? shift(@{$self->{option_results}->{password}}) : ''; - $self->{timeout} = (defined($self->{option_results}->{timeout})) ? shift(@{$self->{option_results}->{timeout}}) : 10; - $self->{port} = (defined($self->{option_results}->{port})) ? shift(@{$self->{option_results}->{port}}) : 55000; - $self->{proto} = (defined($self->{option_results}->{proto})) ? shift(@{$self->{option_results}->{proto}}) : 'https'; + $self->{hostname} = (defined($self->{option_results}->{hostname})) ? $self->{option_results}->{hostname} : ''; + $self->{api_username} = (defined($self->{option_results}->{username})) ? $self->{option_results}->{username} : ''; + $self->{api_password} = (defined($self->{option_results}->{password})) ? $self->{option_results}->{password} : ''; + $self->{timeout} = (defined($self->{option_results}->{timeout})) ? $self->{option_results}->{timeout} : 30; + $self->{port} = (defined($self->{option_results}->{port})) ? $self->{option_results}->{port} : 55000; + $self->{proto} = (defined($self->{option_results}->{proto})) ? $self->{option_results}->{proto} : 'https'; + $self->{unknown_http_status} = (defined($self->{option_results}->{unknown_http_status})) ? $self->{option_results}->{unknown_http_status} : '%{http_code} < 200 or %{http_code} >= 300'; + $self->{warning_http_status} = (defined($self->{option_results}->{warning_http_status})) ? $self->{option_results}->{warning_http_status} : ''; + $self->{critical_http_status} = (defined($self->{option_results}->{critical_http_status})) ? $self->{option_results}->{critical_http_status} : ''; + $self->{token} = $self->{option_results}->{token}; - if (!defined($self->{hostname})) { + if ($self->{hostname} eq '') { $self->{output}->add_option_msg(short_msg => 'Need to specify hostname option.'); $self->{output}->option_exit(); } - if (!defined($self->{hostname}) || - scalar(@{$self->{option_results}->{hostname}}) == 0) { - return 0; + if ($self->{api_username} eq '') { + $self->{output}->add_option_msg(short_msg => 'Need to specify --username option.'); + $self->{output}->option_exit(); } - return 1; + if ($self->{api_password} eq '') { + $self->{output}->add_option_msg(short_msg => 'Need to specify --password option.'); + $self->{output}->option_exit(); + } + if (defined($self->{token})) { + $self->{cache}->check_options(option_results => $self->{option_results}); + } + + return 0; } sub get_hostname { @@ -99,45 +118,125 @@ sub get_port { return $self->{port}; } -sub build_options_for_httplib { - my ($self, %options) = @_; - - $self->{option_results}->{hostname} = $self->{hostname}; - $self->{option_results}->{timeout} = $self->{timeout}; - $self->{option_results}->{port} = $self->{port}; - $self->{option_results}->{proto} = $self->{proto}; - $self->{option_results}->{credentials} = 1; - $self->{option_results}->{basic} = 1; - $self->{option_results}->{username} = $self->{username}; - $self->{option_results}->{password} = $self->{password}; - - if (!defined($self->{option_results}->{ssl_opt})) { - $self->{option_results}->{ssl_opt} = ['SSL_verify_mode => SSL_VERIFY_NONE']; - } - if (!defined($self->{option_results}->{curl_opt})) { - $self->{option_results}->{curl_opt} = ['CURLOPT_SSL_VERIFYPEER => 0', 'CURLOPT_SSL_VERIFYHOST => 0']; - } -} - sub settings { my ($self, %options) = @_; - $self->build_options_for_httplib(); + return if (defined($self->{settings_done})); $self->{http}->add_header(key => 'Accept', value => 'application/json'); $self->{http}->set_options(%{$self->{option_results}}); + $self->{settings_done} = 1; +} + +sub get_token { + my ($self, %options) = @_; + + my $has_cache_file = $self->{cache}->read(statefile => 'wazuh_api_' . Digest::MD5::md5_hex($self->{hostname} . '_' . $self->{api_username})); + my $token = $self->{cache}->get(name => 'token'); + my $md5_secret_cache = $self->{cache}->get(name => 'md5_secret'); + my $md5_secret = Digest::MD5::md5_hex($self->{api_username} . $self->{api_password}); + + if ($has_cache_file == 0 || + !defined($token) || + (defined($md5_secret_cache) && $md5_secret_cache ne $md5_secret) + ) { + $self->settings(); + my $content = $self->{http}->request( + method => 'GET', + url_path => '/security/user/authenticate', + credentials => 1, + basic => 1, + username => $self->{api_username}, + password => $self->{api_password} + ); + + my $decoded; + eval { + $decoded = JSON::XS->new->utf8->decode($content); + }; + if ($@) { + $self->{output}->add_option_msg(short_msg => "Cannot decode json response"); + $self->{output}->option_exit(); + } + if (!defined($decoded->{data}->{token})) { + $self->{output}->add_option_msg(short_msg => 'Cannot get token'); + $self->{output}->option_exit(); + } + + $token = $decoded->{data}->{token}; + my $datas = { + updated => time(), + token => $token, + md5_secret => $md5_secret + }; + $self->{cache}->write(data => $datas); + } + + return $token; +} + +sub clean_token { + my ($self, %options) = @_; + + my $datas = { updated => time() }; + $self->{cache}->write(data => $datas); +} + +sub credentials { + my ($self, %options) = @_; + + my $token = $self->{token}; + if (defined($self->{token})) { + $token = $self->get_token(); + } + + my $creds = {}; + if (defined($self->{token})) { + $creds = { + header => ['Authorization: Bearer ' . $token], + unknown_status => '', + warning_status => '', + critical_status => '' + }; + } else { + $creds = { + credentials => 1, + basic => 1, + username => $self->{api_username}, + password => $self->{api_password}, + unknown_status => $self->{unknown_http_status}, + warning_status => $self->{warning_http_status}, + critical_status => $self->{critical_http_status} + }; + } + + return $creds; } sub request { my ($self, %options) = @_; $self->settings(); + my $creds = $self->credentials(); my $content = $self->{http}->request( url_path => $options{path}, - unknown_status => '', warning_status => '', critical_status => '', + %$creds ); - if ($self->{http}->get_code() != 200) { - $self->{output}->add_option_msg(short_msg => 'Connection issue : ' . $self->{http}->get_message() . ' (' . $self->{http}->get_code() . ')'); + # Maybe token is invalid. so we retry + if (defined($self->{token}) && $self->{http}->get_code() < 200 || $self->{http}->get_code() >= 300) { + $self->clean_token(); + $creds = $self->credentials(); + $content = $self->{http}->request( + url_path => $options{path}, + %$creds, + unknown_status => $self->{unknown_http_status}, + warning_status => $self->{warning_http_status}, + critical_status => $self->{critical_http_status} + ); + } + + if (!defined($content) || $content eq '') { + $self->{output}->add_option_msg(short_msg => "API returns empty content [code: '" . $self->{http}->get_code() . "'] [message: '" . $self->{http}->get_message() . "']"); $self->{output}->option_exit(); } @@ -185,9 +284,13 @@ Wazuh username. Wazuh password. +=item B<--token> + +Use token authentication. + =item B<--timeout> -Set HTTP timeout in seconds (Default: '10'). +Set HTTP timeout in seconds (Default: 30). =item B<--proto> diff --git a/centreon-plugins/apps/wazuh/restapi/mode/manager.pm b/centreon-plugins/apps/wazuh/restapi/mode/manager.pm index 05bcffe6f..4f54200bc 100644 --- a/centreon-plugins/apps/wazuh/restapi/mode/manager.pm +++ b/centreon-plugins/apps/wazuh/restapi/mode/manager.pm @@ -25,84 +25,15 @@ use base qw(centreon::plugins::templates::counter); use strict; use warnings; use Digest::MD5 qw(md5_hex); -use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold catalog_status_calc); +use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold_ng); sub custom_status_output { my ($self, %options) = @_; - my $msg = sprintf('status: %s', - $self->{result_values}->{status}, + return sprintf( + 'status: %s', + $self->{result_values}->{status} ); - return $msg; -} - -sub set_counters { - my ($self, %options) = @_; - - $self->{maps_counters_type} = [ - { name => 'global', type => 0, cb_prefix_output => 'prefix_global_output' }, - { name => 'process', type => 1, cb_prefix_output => 'prefix_process_output', message_multiple => 'All manager processes are ok' }, - { name => 'log', type => 1, cb_prefix_output => 'prefix_log_output', message_multiple => 'All manager logs are ok' } - ]; - - $self->{maps_counters}->{global} = []; - foreach ('stopped', 'running') { - push @{$self->{maps_counters}->{global}}, { - label => 'processes-' . $_, nlabel => 'manager.processes.' . $_ . '.count', display_ok => 0, set => { - key_values => [ { name => $_ } ], - output_template => $_ . ': %s', - perfdatas => [ - { value => $_ , template => '%s', min => 0 }, - ], - } - }; - } - - $self->{maps_counters}->{process} = [ - { label => 'process-status', threshold => 0, set => { - key_values => [ { name => 'status' }, { name => 'display' } ], - closure_custom_calc => \&catalog_status_calc, - closure_custom_output => $self->can('custom_status_output'), - closure_custom_perfdata => sub { return 0; }, - closure_custom_threshold_check => \&catalog_status_threshold, - } - }, - ]; - - $self->{maps_counters}->{log} = []; - foreach ('error', 'critical', 'warning') { - push @{$self->{maps_counters}->{log}}, { - label => 'log-' . $_, nlabel => 'manager.log.' . $_ . '.count', set => { - key_values => [ { name => $_, diff => 1 } ], - output_template => $_ . ': %s', - perfdatas => [ - { value => $_ , template => '%s', min => 0 }, - ], - } - }; - } -} - -sub new { - my ($class, %options) = @_; - my $self = $class->SUPER::new(package => __PACKAGE__, %options, , statefile => 1, force_new_perfdata => 1); - bless $self, $class; - - $options{options}->add_options(arguments => { - 'filter-process:s' => { name => 'filter_process' }, - 'filter-log:s' => { name => 'filter_log' }, - 'warning-process-status:s' => { name => 'warning_process_status', default => '' }, - 'critical-process-status:s' => { name => 'critical_process_status', default => '' }, - }); - - return $self; -} - -sub check_options { - my ($self, %options) = @_; - $self->SUPER::check_options(%options); - - $self->change_macros(macros => ['warning_process_status', 'critical_process_status']); } sub prefix_global_output { @@ -123,31 +54,107 @@ sub prefix_log_output { return "Log '" . $options{instance_value}->{display} . "' "; } +sub set_counters { + my ($self, %options) = @_; + + $self->{maps_counters_type} = [ + { name => 'global', type => 0, cb_prefix_output => 'prefix_global_output' }, + { name => 'process', type => 1, cb_prefix_output => 'prefix_process_output', message_multiple => 'All manager processes are ok' }, + { name => 'log', type => 1, cb_prefix_output => 'prefix_log_output', message_multiple => 'All manager logs are ok' } + ]; + + $self->{maps_counters}->{global} = []; + foreach ('stopped', 'running') { + push @{$self->{maps_counters}->{global}}, { + label => 'processes-' . $_, nlabel => 'manager.processes.' . $_ . '.count', display_ok => 0, set => { + key_values => [ { name => $_ } ], + output_template => $_ . ': %s', + perfdatas => [ + { value => $_ , template => '%s', min => 0 } + ] + } + }; + } + + $self->{maps_counters}->{process} = [ + { label => 'process-status', type => 2, set => { + key_values => [ { name => 'status' }, { name => 'display' } ], + closure_custom_output => $self->can('custom_status_output'), + closure_custom_perfdata => sub { return 0; }, + closure_custom_threshold_check => \&catalog_status_threshold_ng + } + } + ]; + + $self->{maps_counters}->{log} = []; + foreach ('error', 'critical', 'warning') { + push @{$self->{maps_counters}->{log}}, { + label => 'log-' . $_, nlabel => 'manager.log.' . $_ . '.count', set => { + key_values => [ { name => $_, diff => 1 } ], + output_template => $_ . ': %s', + perfdatas => [ + { value => $_ , template => '%s', min => 0 } + ] + } + }; + } +} + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options, , statefile => 1, force_new_perfdata => 1); + bless $self, $class; + + $options{options}->add_options(arguments => { + 'filter-process:s' => { name => 'filter_process' }, + 'filter-log:s' => { name => 'filter_log' } + }); + + return $self; +} + +sub get_summary_logs { + my ($self, %options) = @_; + + my $result = $options{custom}->request(path => '/manager/logs/summary'); + return $result->{data} if (!defined($result->{data}->{affected_items})); + + my $entries = {}; + foreach my $items (@{$result->{data}->{affected_items}}) { + foreach my $name (keys %$items) { + $entries->{$name} = $items->{$name}; + } + } + + return $entries; +} + sub manage_selection { my ($self, %options) = @_; $self->{global} = { running => 0, stopped => 0 }; $self->{process} = {}; my $result = $options{custom}->request(path => '/manager/status'); - foreach (keys %{$result->{data}}) { + my $entry = defined($result->{data}->{affected_items}) ? $result->{data}->{affected_items}->[0] : $result->{data}; + foreach (keys %$entry) { if (defined($self->{option_results}->{filter_process}) && $self->{option_results}->{filter_process} ne '' && $_ !~ /$self->{option_results}->{filter_process}/) { $self->{output}->output_add(long_msg => "skipping process '" . $_ . "': no matching filter.", debug => 1); next; } - my $status = lc($result->{data}->{$_}); + my $status = lc($entry->{$_}); $self->{process}->{$_} = { display => $_, - status => $status, + status => $status }; - + $self->{global}->{$status}++; } + $result = $self->get_summary_logs(custom => $options{custom}); $self->{log} = {}; - $result = $options{custom}->request(path => '/manager/logs/summary?'); - foreach (keys %{$result->{data}}) { + foreach (keys %$result) { if (defined($self->{option_results}->{filter_log}) && $self->{option_results}->{filter_log} ne '' && $_ !~ /$self->{option_results}->{filter_log}/) { $self->{output}->output_add(long_msg => "skipping log '" . $_ . "': no matching filter.", debug => 1); @@ -156,10 +163,10 @@ sub manage_selection { $self->{log}->{$_} = { display => $_, - error => $result->{data}->{$_}->{error}, - warning => $result->{data}->{$_}->{warning}, - critical => $result->{data}->{$_}->{critical}, - }; + error => $result->{$_}->{error}, + warning => $result->{$_}->{warning}, + critical => $result->{$_}->{critical} + }; } $self->{cache_name} = 'wazuh_' . $options{custom}->get_hostname() . '_' . $options{custom}->get_port() . '_' . $self->{mode} . '_' .