1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219
|
<?php
// Icinga Web 2 Cube Module | (c) 2016 Icinga GmbH | GPLv2
namespace Icinga\Module\Cube\Ido;
use Icinga\Application\Config;
use Icinga\Authentication\Auth;
use Icinga\Data\Filter\Filter;
use Icinga\Exception\ConfigurationError;
use Icinga\Exception\QueryException;
use Icinga\Module\Monitoring\Backend\MonitoringBackend;
use Icinga\Util\GlobFilter;
/**
* IdoCube
*
* Base class for IDO-related cubes
*
* @package Icinga\Module\Cube\Ido
*/
abstract class IdoCube extends DbCube
{
/** @var array */
protected $availableFacts = array();
/** @var string We ask for the IDO version for compatibility reasons */
protected $idoVersion;
/** @var MonitoringBackend */
protected $backend;
/**
* Cache for {@link filterProtectedCustomvars()}
*
* @var string|null
*/
protected $protectedCustomvars;
/** @var GlobFilter The properties to hide from the user */
protected $blacklistedProperties;
public const IS_USING_ICINGADB = false;
/**
* Add a specific named dimension
*
* Right now these are just custom vars, we might support group memberships
* or other properties in future
*
* @param string $name
*
* @return $this
*/
public function addDimensionByName($name): self
{
if (count($this->filterProtectedCustomvars([$name])) === 1) {
$this->addDimension($this->createDimension($name));
}
return $this;
}
/**
* We can steal the DB connection directly from a Monitoring backend
*
* @param MonitoringBackend $backend
* @return $this
*/
public function setBackend(MonitoringBackend $backend)
{
$this->backend = $backend;
$resource = $backend->getResource();
$resource->getDbAdapter()
->getConnection()
->setAttribute(\PDO::ATTR_CASE, \PDO::CASE_NATURAL);
$this->setConnection($resource);
return $this;
}
/**
* Provice access to our DB resource
*
* This lazy-loads the default monitoring backend in case no DB has been
* given
*
* @return \Zend_Db_Adapter_Abstract
*/
public function db()
{
$this->requireBackend();
return parent::db();
}
/**
* Returns the Icinga IDO version
*
* @return string
*/
protected function getIdoVersion()
{
if ($this->idoVersion === null) {
$db = $this->db();
$this->idoVersion = $db->fetchOne(
$db->select()->from('icinga_dbversion', 'version')
);
}
return $this->idoVersion;
}
/**
* Steal the default monitoring DB resource...
*
* ...in case none has been defined otherwise
*
* @return void
*/
protected function requireBackend()
{
if ($this->db === null) {
$this->setBackend(MonitoringBackend::instance());
}
}
protected function getMonitoringRestriction()
{
$restriction = Filter::matchAny();
$restriction->setAllowedFilterColumns(array(
'host_name',
'hostgroup_name',
'instance_name',
'service_description',
'servicegroup_name',
function ($c) {
return preg_match('/^_(?:host|service)_/i', $c);
}
));
$filters = Auth::getInstance()->getUser()->getRestrictions('monitoring/filter/objects');
foreach ($filters as $filter) {
if ($filter === '*') {
return Filter::matchAny();
}
try {
$restriction->addFilter(Filter::fromQueryString($filter));
} catch (QueryException $e) {
throw new ConfigurationError(
'Cannot apply restriction %s using the filter %s. You can only use the following columns: %s',
'monitoring/filter/objects',
$filter,
implode(', ', array(
'instance_name',
'host_name',
'hostgroup_name',
'service_description',
'servicegroup_name',
'_(host|service)_<customvar-name>'
)),
$e
);
}
}
return $restriction;
}
/**
* Return the given array without values matching the custom variables protected by the monitoring module
*
* @param string[] $customvars
*
* @return string[]
*/
protected function filterProtectedCustomvars(array $customvars)
{
if ($this->blacklistedProperties === null) {
$this->blacklistedProperties = new GlobFilter(
Auth::getInstance()->getRestrictions('monitoring/blacklist/properties')
);
}
if ($this instanceof IdoServiceStatusCube) {
$type = 'service';
} else {
$type = 'host';
}
$customvars = $this->blacklistedProperties->removeMatching(
[$type => ['vars' => array_flip($customvars)]]
);
$customvars = isset($customvars[$type]['vars']) ? array_flip($customvars[$type]['vars']) : [];
if ($this->protectedCustomvars === null) {
$config = Config::module('monitoring')->get('security', 'protected_customvars');
$protectedCustomvars = array();
foreach (preg_split('~,~', $config, -1, PREG_SPLIT_NO_EMPTY) as $pattern) {
$regex = array();
foreach (explode('*', $pattern) as $literal) {
$regex[] = preg_quote($literal, '/');
}
$protectedCustomvars[] = implode('.*', $regex);
}
$this->protectedCustomvars = empty($protectedCustomvars)
? '/^$/'
: '/^(?:' . implode('|', $protectedCustomvars) . ')$/';
}
return preg_grep($this->protectedCustomvars, $customvars, PREG_GREP_INVERT);
}
}
|