Merge branch 'master' into master

.pylintrc

@@ -146,7 +146,10 @@ disable=
     missing-timeout,
     #---------------------------------------------------------------------------
     # New in version 2.16.0 which causes a few findings
-    broad-exception-raised
+    broad-exception-raised,
+    #---------------------------------------------------------------------------
+    # Import order is checked by isort
+    wrong-import-order
 
 [IMPORTS]
 # This complies with PEP 8 and avoids code duplication in some cases.

.werks/15195

@@ -0,0 +1,15 @@
+Title: Protect automation user secret against timing attacks
+Class: security
+Compatible: compat
+Component: wato
+Date: 1700216645
+Edition: cre
+Level: 1
+Version: 2.3.0b1
+
+This Werks improves how the secret of an automation user is validated during login.
+Prior to the Werk, the automation user's password was not checked in a way that is safe against (theoretical) timing attacks.
+This is fixed now.
+
+Even though this Werk improves security, it does not address an exploitable vulnerability.
+To aid automated scanning we assign a CVSS score of 0.0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).

.werks/15210

@@ -6,10 +6,9 @@ Date: 1675686406
 Edition: cre
 Knowledge: doc
 Level: 1
-Version: 2.2.0i1
+Version: 2.3.0b1
 
 The Oracle plugin allowed the user to configure Login options without
 actually configuring any details. This also resulted in the default values
 for 'Hostname' or 'TCP-Port for Listener' to be ignored. This werk fixes
 this issue.
-

.werks/15303

@@ -0,0 +1,14 @@
+Title: logwatch_ec: remove spool files after reading them
+Class: fix
+Compatible: compat
+Component: checks
+Date: 1698764921
+Edition: cre
+Level: 1
+Version: 2.3.0b1
+
+Before this fix spool files were only removed when they were too old or if
+there were too many of them.
+
+Spool files that got deleted after reading will be recreated if there was
+an error while sending a message.

.werks/15307

@@ -0,0 +1,36 @@
+Title: logwatch_ec: tcp remote forwarding: create one spool file per service
+Class: fix
+Compatible: compat
+Component: checks
+Date: 1699863833
+Edition: cre
+Knowledge: doc
+Level: 1
+Version: 2.3.0b1
+
+This Werk affects you if you have a logwatch_ec check which forwards events to
+a remote syslog hosts and if you activated the option "Create a separate check
+for each logfile".
+
+In this case all separate services shared one spoolfile. This lead to the
+problem, that one event in the spoolfile was displayed as one event for each
+separate service (but it was only sent out once, when the remote was reachable
+again).
+
+In some conditions events might been unnoticeable dropped, because the
+spoolfile was overwritten by another logwatch service.
+
+Now each logwatch service will have their own spoolfile.
+
+The spoolfiles will be automatically assigned to their logwatch service.
+
+After all your logwatch_ec services sent all their spoolfiles out, you may
+manually consult the following folder for <tt>spoolfile.*</tt> files:
+
+<tt>./var/check_mk/logwatch_spool/&lt;hostname&gt;</tt>
+
+If there are any spoolfiles in this folder, they could not be assigned to a
+logwatch service. If you still want them to be forwarded, move them to one of
+the folders, otherwise they can be deleted.
+
+<tt>./var/check_mk/logwatch_spool/&lt;hostname&gt;/item_&lt;url_encode(item)&gt;</tt>

.werks/15309

@@ -0,0 +1,11 @@
+Title: mk_oracle: broken section due to missing redirect
+Class: fix
+Compatible: compat
+Component: agents
+Date: 1700058856
+Edition: cre
+Level: 1
+Version: 2.3.0b1
+
+<a href="https://checkmk.com/werk/15293">Werk #15293</a> broke mk_oracle sections.
+The falsely generated output is now redirected to /dev/null

.werks/15310

@@ -0,0 +1,16 @@
+Title: oracle_crs_res: TypeError: Resource.__init__() got an unexpected keyword argument 'enabled'
+Class: fix
+Compatible: compat
+Component: checks
+Date: 1700145397
+Edition: cre
+Level: 1
+Version: 2.3.0b1
+
+Agent output changed with newer oracle databases, it now includes "enabled"
+data. Previous version of this check could not handle this and crashed with
+the following error:
+
+<tt>TypeError: Resource.<strong>init</strong>() got an unexpected keyword argument 'enabled'</tt>
+
+oracle_crs_res now ignores all additional data.

.werks/15311

@@ -0,0 +1,27 @@
+Title: align quoting of synchronous and asynchronous MRPE
+Class: fix
+Compatible: incomp
+Component: checks
+Date: 1700489068
+Edition: cre
+Level: 1
+Version: 2.3.0b1
+
+You are affected by this change if you use asynchronous MRPE and used double
+quotes (<tt>"</tt>) in the MRPE command.
+
+Quoting of mrpe commands differed between cached and non cached mrpe checks.
+
+With this Werk the quoting rules for the normal/synchronous execution of MRPE
+are applied to asynchronous MRPE commands.
+
+The following can now be applied to both asynchronous and normal/synchronous
+execution of MRPE commands: Use single quotes on the first level of quoting.
+
+This command will correctly show <tt>output with spaces</tt> in the Service
+output:
+
+<tt>bash -c 'echo "output with spaces"'</tt>
+
+If you execute asynchronous MRPE and the command uses double quotes on the
+first level of quoting, adapt it accordingly.

.werks/15609

@@ -6,7 +6,7 @@ Date: 1682683781
 Edition: cre
 Knowledge: doc
 Level: 1
-Version: 2.2.0b7
+Version: 2.3.0b1
 
 This change affects those using the <tt>Kubernetes</tt> together with the feature <tt>Collect
 information about Persistent Volume Claims & Persistent Volumes</tt> (available in 2.2.0 and above).

.werks/15610

@@ -6,7 +6,7 @@ Date: 1683186871
 Edition: cre
 Knowledge: doc
 Level: 2
-Version: 2.2.0b7
+Version: 2.3.0b1
 
 If a user ran the command <tt>omd config</tt> and selected <tt>Distributed Monitoring >
 LIVESTATUS_TCP_ONLY_FROM</tt>, then the following error was shown

.werks/15626

@@ -6,7 +6,7 @@ Date: 1686249924
 Edition: cre
 Knowledge: undoc
 Level: 1
-Version: 2.2.0p3
+Version: 2.3.0b1
 
 This feature extends the Kubernetes monitoring. The inventory of a CronJob host now features the
 'Metadata' path, which is already available for other piggybacked hosts.

.werks/15635

@@ -6,7 +6,7 @@ Date: 1687522021
 Edition: cre
 Knowledge: doc
 Level: 1
-Version: 2.2.0p5
+Version: 2.3.0b1
 
 This is a follow-up to Werk 15623. The following checks were not properly migrated in the 2.2.0
 release:
@@ -16,4 +16,3 @@ LI: <tt>citrix_state.controller</tt>
 LI: <tt>citrix_state</tt>
 
 With this Werk, they continue to work as they did in 2.1.0.
-

.werks/15641

@@ -6,7 +6,7 @@ Date: 1694340058
 Edition: cre
 Knowledge: doc
 Level: 1
-Version: 2.2.0p10
+Version: 2.3.0b1
 
 The Prometheus agent allows specifying PromQL queries via the option <tt>Service creation using
 PromQL queries</tt>. In 2.2.0, any query containing a '+' would not be encoded properly. For

.werks/15643

@@ -7,7 +7,7 @@ Edition: cre
 Knowledge: doc
 Level: 1
 State: unknown
-Version: 2.2.0p11
+Version: 2.3.0b1
 
 This change affects users of the following checks:
 * nvidia_smi_memory_util

.werks/15976

@@ -0,0 +1,19 @@
+Title: mssql_backup: Correct timezone difference for last backup date
+Class: fix
+Compatible: compat
+Component: checks
+Date: 1696949130
+Edition: cre
+Knowledge: doc
+Level: 1
+Version: 2.3.0b1
+
+This werk is relevant for users monitoring the age of the last backup time of mssql databases in different timezones.
+
+The date/time of the last backup of a mssql database is currently stored in local host time without the information about the host timezone. When this time is used to check the age of the last backup, it is interpreted in the Checkmk server timezone.
+When using different timezones, this leads to incorrect values for "Age of last database backup" and  if the age is negative, in newer Checkmk versions to the warning "Cannot reasonably calculate time since last backup (hosts time running ahead)".
+
+The mssql agent plugin will now store the time in UTC and the mssql_backup check will interpret the time accordingly.
+
+You will need to update the agent plugin mssql.vbs to receive the corrected times.
+

.werks/16191

@@ -0,0 +1,11 @@
+Title: Activate changes: Performance improvement in CME
+Class: feature
+Compatible: compat
+Component: checks
+Date: 1698068521
+Edition: cme
+Level: 1
+Version: 2.3.0b1
+
+The preparation phase for distributing changes to remote sites typically takes longer in a managed edition to ensure that each customer is handled separately.
+This phase has been accelerated with additional caching and improved storage of intermediate results.

.werks/16204

@@ -0,0 +1,12 @@
+Title: metrics: Fix Internal Server Error when decimal timestamps are provided
+Class: fix
+Compatible: compat
+Component: rest-api
+Date: 1700216654
+Edition: cre
+Level: 1
+Version: 2.3.0b1
+
+Prior to this werk, when a timestamp contained decimal values the endpoint would return status 500 (Internal server error). This change fixes that and now it returns 400 (Bad Request) and a brief explanation of the error.
+
+

.werks/16303

@@ -0,0 +1,14 @@
+Title: Fix "Metric history" context filter on view edit
+Class: fix
+Compatible: compat
+Component: multisite
+Date: 1700552738
+Edition: cee
+Level: 1
+Version: 2.3.0b1
+
+If you edited a view with the context filter "Metric history", the value was
+always "Only first 10 sorted results", even if another value was set before.
+
+This was just a problem with the default choice of the dropdown. If you used
+the view, the filter should have been worked as expected.

.werks/first_free

@@ -1 +1 @@
-16303
+16323

CONTRIBUTING.md

@@ -17,12 +17,11 @@ Here are the links to major sections of this document:
 * [Style Guide](#style-guide)
 
 If you have questions, please create a post at the [Checkmk Forum](https://forum.checkmk.com).
-For bug reports, please send an e-mail to [email protected].
 
 We are interested in all feature extensions, which fit to the product and extend it reasonably.
 Occasionally, we have to decline a change, if e.g. it breaks other functionality, collides with our product roadmap or affects non-functional requirements of the product.
 Any contribution must also comply with the coding requirements detailed out below.
-For feature requests, please share your idea via the [Checkmk feature portal](https://features.checkmk.com).
+For feature requests, please share your idea via the [Checkmk ideas portal](https://ideas.checkmk.com).
 
 ## Contributing code
 

Makefile

@@ -23,10 +23,6 @@ ARTIFACT_STORAGE   := https://artifacts.lan.tribe29.com
 PIPENV             := PIPENV_PYPI_MIRROR=$(PIPENV_PYPI_MIRROR) scripts/run-pipenv
 BLACK              := scripts/run-black
 
-LIVESTATUS_API_SOURCES := api/c++/{Makefile,*.{h,cc}} \
-                      api/perl/* \
-                      api/python/{README,*.py}
-
 WERKS              := $(wildcard .werks/[0-9]*)
 
 JAVASCRIPT_SOURCES := $(filter-out %_min.js, \
@@ -182,7 +178,6 @@ packages:
 $(LIVESTATUS_INTERMEDIATE_ARCHIVE):
 	rm -rf mk-livestatus-$(VERSION)
 	mkdir -p mk-livestatus-$(VERSION)
-	set -o pipefail; tar chf - $(TAROPTS) -C livestatus $$(cd livestatus ; echo $(LIVESTATUS_API_SOURCES) )  | tar xf - -C mk-livestatus-$(VERSION)
 	set -o pipefail; tar chf - $(TAROPTS) --exclude=build packages/livestatus packages/unixcat packages/neb third_party/re2 third_party/asio third_party/googletest third_party/rrdtool | tar xf - -C mk-livestatus-$(VERSION)
 	tar czf omd/packages/mk-livestatus/mk-livestatus-$(VERSION).tar.gz $(TAROPTS) mk-livestatus-$(VERSION)
 	rm -rf mk-livestatus-$(VERSION)

Pipfile

@@ -89,7 +89,7 @@ dill = "*"
 jsonschema = "*"
 polyfactory = "*" # used for generating mock data for unit tests
 pylint-pydantic = "*"
-checkmk-dev-tools = "==0.1.24"  # provides tooling for build artifacts
+checkmk-dev-tools = "~=0.1.28"  # provides tooling for build artifacts
 fastapi = "*"  # needed to run fake idp for cse tests
 uvicorn = "*"
 types-xmltodict = "*" # used by xmltodict
@@ -186,6 +186,7 @@ cmk-mkp-tool = {editable = true, path = "./packages/cmk-mkp-tool"}
 cmk-rulesets = {editable = true, path = "./packages/cmk-rulesets"}
 cmk-server-side-calls = {editable = true, path = "./packages/cmk-server-side-calls"}
 cmk-werks = {editable = true, path = "./packages/cmk-werks"}
+cmk-livestatus-client = {editable = true, path = "./packages/cmk-livestatus-client"}
 pysmb = "==1.2.9.1"  # used by SMB share special agent
 google-cloud-monitoring = "~=2.11"  # used by the gcp special agent
 google-cloud-asset = "~=3.14"  # used by the gcp special agent