icingaweb2/modules/monitoring/doc/10-Restrict-Custom-Variable...

# Restrict Access to Custom Variables <a id="monitoring-module-restrict-access-custom-variables"></a>

* Restriction name: monitoring/blacklist/properties
* Restriction value: Comma separated list of GLOB like filters

Imagine the following host custom variable structure.

```
host.vars.
|-- cmdb_name
|-- cmdb_id
|-- cmdb_location
|-- wiki_id
|-- passwords.
|   |-- mysql_password
|   |-- ldap_password
|   `-- mongodb_password
|-- legacy.
|   |-- cmdb_name
|   |-- mysql_password
|   `-- wiki_id
`-- backup.
    `-- passwords.
        |-- mysql_password
        `-- ldap_password
```

`host.vars.cmdb_name`

Blacklists `cmdb_name` in the first level of the custom variable structure only.
`host.vars.legacy.cmdb_name` is not blacklisted.


`host.vars.cmdb_*`

All custom variables in the first level of the structure which begin with `cmdb_` become blacklisted.
Deeper custom variables are ignored. `host.vars.legacy.cmdb_name` is not blacklisted.

`host.vars.*id`

All custom variables in the first level of the structure which end with `id` become blacklisted.
Deeper custom variables are ignored. `host.vars.legacy.wiki_id` is not blacklisted.

`host.vars.*.mysql_password`

Matches all custom variables on the second level which are equal to `mysql_password`.

`host.vars.*.*password`

Matches all custom variables on the second level which end with `password`.

`host.vars.*.mysql_password,host.vars.*.ldap_password`

Matches all custorm variables on the second level which equal `mysql_password` or `ldap_password`.

`host.vars.**.*password`

Matches all custom variables on all levels which end with `password`.

Please note the two asterisks, `**`, here for crossing level boundaries. This syntax is used for matching the complete
custom variable structure.

If you want to restrict all custom variables that end with password for both hosts and services, you have to define
the following restriction.

`host.vars.**.*password,service.vars.**.*password`

## Escape Meta Characters <a id="restrict-access-custom-variables-escape-meta-chars"></a>

Use backslash to escape the meta characters

* *
* ,

`host.vars.\*fall`

Matches all custom variables in the first level which equal `*fall`.
Enhance the documentation and fix outdated information (preferences, etc.) This applies a new structure for the main doc/ and modules/*/doc tree with 01-About.md 02-Installation.md ... This allows us to link from the main doc directory into module specific documentation entries. Furthermore table formatting, examples, and missing settings have been added where applicable. This patch also takes care about proper URL anchors and file names and directories. fixes #2950 2017-09-26 18:52:32 +02:00			`# Restrict Access to Custom Variables <a id="monitoring-module-restrict-access-custom-variables"></a>`
doc: Add syntax draft for restricting custom variables refs #10965 2016-02-17 13:35:48 +01:00
			`* Restriction name: monitoring/blacklist/properties`
Enhance the documentation and fix outdated information (preferences, etc.) This applies a new structure for the main doc/ and modules/*/doc tree with 01-About.md 02-Installation.md ... This allows us to link from the main doc directory into module specific documentation entries. Furthermore table formatting, examples, and missing settings have been added where applicable. This patch also takes care about proper URL anchors and file names and directories. fixes #2950 2017-09-26 18:52:32 +02:00			`* Restriction value: Comma separated list of GLOB like filters`
doc: Add syntax draft for restricting custom variables refs #10965 2016-02-17 13:35:48 +01:00
			`Imagine the following host custom variable structure.`

doc: Use only three backticks for code blocks refs #10965 2016-02-17 15:26:24 +01:00			```
doc: Add syntax draft for restricting custom variables refs #10965 2016-02-17 13:35:48 +01:00			`host.vars.`
			`\|-- cmdb_name`
			`\|-- cmdb_id`
			`\|-- cmdb_location`
			`\|-- wiki_id`
			`\|-- passwords.`
			`\| \|-- mysql_password`
			`\| \|-- ldap_password`
			\| `-- mongodb_password
			`\|-- legacy.`
			`\| \|-- cmdb_name`
			`\| \|-- mysql_password`
			\| `-- wiki_id
			`-- backup.
			`-- passwords.
			`\|-- mysql_password`
			`-- ldap_password
doc: Use only three backticks for code blocks refs #10965 2016-02-17 15:26:24 +01:00			```
doc: Add syntax draft for restricting custom variables refs #10965 2016-02-17 13:35:48 +01:00
			`host.vars.cmdb_name`

Enhance the documentation and fix outdated information (preferences, etc.) This applies a new structure for the main doc/ and modules/*/doc tree with 01-About.md 02-Installation.md ... This allows us to link from the main doc directory into module specific documentation entries. Furthermore table formatting, examples, and missing settings have been added where applicable. This patch also takes care about proper URL anchors and file names and directories. fixes #2950 2017-09-26 18:52:32 +02:00			Blacklists `cmdb_name` in the first level of the custom variable structure only.
doc: Add syntax draft for restricting custom variables refs #10965 2016-02-17 13:35:48 +01:00			`host.vars.legacy.cmdb_name` is not blacklisted.


			`host.vars.cmdb_*`

			All custom variables in the first level of the structure which begin with `cmdb_` become blacklisted.
			Deeper custom variables are ignored. `host.vars.legacy.cmdb_name` is not blacklisted.

			`host.vars.*id`

			All custom variables in the first level of the structure which end with `id` become blacklisted.
			Deeper custom variables are ignored. `host.vars.legacy.wiki_id` is not blacklisted.

			`host.vars.*.mysql_password`

			Matches all custom variables on the second level which are equal to `mysql_password`.

			`host.vars..password`

			Matches all custom variables on the second level which end with `password`.

doc: Remove curly brace expansion for custom var restriction refs #10965 2016-03-21 14:49:37 +01:00			`host.vars..mysql_password,host.vars..ldap_password`
doc: Add syntax draft for restricting custom variables refs #10965 2016-02-17 13:35:48 +01:00
			Matches all custorm variables on the second level which equal `mysql_password` or `ldap_password`.

			`host.vars.*.password`

			Matches all custom variables on all levels which end with `password`.

			Please note the two asterisks, `**`, here for crossing level boundaries. This syntax is used for matching the complete
			`custom variable structure.`

			`If you want to restrict all custom variables that end with password for both hosts and services, you have to define`
			`the following restriction.`

			`host.vars.*.password,service.vars.*.password`

Enhance the documentation and fix outdated information (preferences, etc.) This applies a new structure for the main doc/ and modules/*/doc tree with 01-About.md 02-Installation.md ... This allows us to link from the main doc directory into module specific documentation entries. Furthermore table formatting, examples, and missing settings have been added where applicable. This patch also takes care about proper URL anchors and file names and directories. fixes #2950 2017-09-26 18:52:32 +02:00			`## Escape Meta Characters <a id="restrict-access-custom-variables-escape-meta-chars"></a>`
doc: Add syntax draft for restricting custom variables refs #10965 2016-02-17 13:35:48 +01:00
			`Use backslash to escape the meta characters`

			`* *`
			`* ,`

			`host.vars.\*fall`

			Matches all custom variables in the first level which equal `*fall`.