Merge branch 'devel' into build/new-testing-ideas

.gitignore

@@ -14,4 +14,5 @@ playbooks/hosts
 playbooks/hosts.bak
 venv/
 Vagrantfile
-Vagrantfile.bak
+Vagrantfile.bak
+venv

Makefile

@@ -127,9 +127,9 @@ venv:
 	@echo
 	@(. venv/bin/activate && python3 -m pip install pip --upgrade && python3 -m pip install -r requirements.txt)
 
-clean: clean-vm
-
-clean-vm:
+clean:
+	@rm -rf .tox/
+	@rm -rf venv/
 	@vagrant destroy --force
 
 vm:

SUPPORT.md

@@ -53,4 +53,4 @@ Collection Version | Checkmk Versions | Ansible Versions | Remarks
 4.3.1 | 2.0.0p39, 2.1.0p39, 2.2.0p22 | 2.14, 2.15, 2.16 | None
 4.4.0 | 2.0.0p39, 2.1.0p41, 2.2.0p24 | 2.14, 2.15, 2.16 | None
 4.4.1 | 2.0.0p39, 2.1.0p41, 2.2.0p24 | 2.14, 2.15, 2.16 | None
-5.0.0 | 2.1.0p43, 2.2.0p26, 2.3.0p3 | 2.15, 2.16, 2.17 | Breaking changes to the following modules: `lookup_folder`, `rule`.
+5.0.0 | 2.1.0p44, 2.2.0p27, 2.3.0p5 | 2.15, 2.16, 2.17 | Breaking changes to the following modules: `lookup_folder`, `rule` and role: `agent`.

changelogs/fragments/agent.yml

@@ -0,0 +1,6 @@
+minor_changes:
+  - Agent role - Add support to open firewall for a list of IPs.
+
+breaking_changes:
+  - Agent role - Not really a breaking change, but we removed the internal variable `checkmk_agent_server_ip`.
+    If you set this variable in your inventory, please make sure to update your configuration accordingly!

changelogs/fragments/build.yml

@@ -4,3 +4,5 @@ minor_changes:
   - Testing - The Molecule tests now run on Ubuntu 22.04.
   - Testing - Add Ubuntu 24.04 to the Molecule tests.
   - Testing - Remove Ansible 2.14 from all tests, as it is EOL.
+  - Testing - Add Ansible 2.17 to all tests.
+    Be advised, that this Ansible release drops support for Python 2.7 and 3.6.

changelogs/fragments/discovery.yml

@@ -0,0 +1,4 @@
+major_changes:
+  - Discovery module - The module now fully supports Checkmk 2.3.0.
+    Additionally, two new parameters were introduced, `update_service_labels` and `monitor_undecided_services`.
+    Refer to the module documentation for further details.

changelogs/fragments/http.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - Several modules - Remove unnecessary HTTP codes which get already imported via utils.py.

changelogs/fragments/lookup_folder.yml

@@ -1,3 +1,4 @@
 breaking_changes:
   - Folder lookup module - Return the complete folder information, not only the extensions.
-    Refer to the module documentation for more details.
+    To keep the current behavior in your playbooks, you want to use `{{ my_lookup_result.extensions }}`
+    instead of `{{ my_lookup_result }}`.

changelogs/fragments/release_summary.yml

@@ -0,0 +1 @@
+release_summary: "(Re)writing history with overhauled modules and updated Checkmk, Ansible, Distribution and Python support."

changelogs/fragments/roles.yml

@@ -0,0 +1,3 @@
+minor_changes:
+  - Agent role - Replace `ansible.builtin.yum` with the succeeding `ansible.builtin.dnf`.
+  - Server role - Replace `ansible.builtin.yum` with the succeeding `ansible.builtin.dnf`.

changelogs/fragments/rule.yml

@@ -1,4 +1,4 @@
-minor_changes:
+major_changes:
   - Rule module - The complete module was rewritten to use the new module API.
     Additionally, a parameter "rule_id" was introduced to modify existing rules.
     Refer to the module documentation for further details.

meta/runtime.yml

@@ -1,4 +1,4 @@
-requires_ansible: '>=2.12.0'
+requires_ansible: '>=2.14.0'
 
 action_groups:
   checkmk:

plugins/lookup/folder.py

@@ -88,24 +88,23 @@
 """
 
 EXAMPLES = """
-- name: Get the attributes of folder /tests
+- name: Get the attributes of folders /tests and /snmp
   ansible.builtin.debug:
-    msg: "Attributes of folder /network: {{ attributes }}"
-  vars:
-    attributes: "{{
-                    lookup('checkmk.general.folder',
-                        '~tests',
-                        server_url=my_server_url,
-                        site=mysite,
-                        automation_user=myuser,
-                        automation_secret=mysecret,
-                        validate_certs=False
-                        )
-                 }}"
+    msg: "Extended attributes of folder /network: {{ attributes.extensions }}"
+  loop: "{{
+           lookup('checkmk.general.folder',
+                  '~tests', '~snmp',
+                  server_url=my_server_url,
+                  site=mysite,
+                  automation_user=myuser,
+                  automation_secret=mysecret,
+                  validate_certs=False
+                  )
+         }}"
 
 - name: "Use variables outside the module call."
   ansible.builtin.debug:
-    msg: "Attributes of folder /network: {{ attributes }}"
+    msg: "Extended attributes of folder /network: {{ attributes.extensions }}"
   vars:
     ansible_lookup_checkmk_server_url: "http://myserver/"
     ansible_lookup_checkmk_site: "mysite"
@@ -118,7 +117,8 @@
 RETURN = """
   _list:
     description:
-      - A list of dicts of attributes of the folder(s)
+      - A dict of attributes of the folder if you query a single folder
+      - A list of dicts of attributes of the folders if you query multiple folders
     type: list
     elements: str
 """

plugins/module_utils/api.py

@@ -44,7 +44,7 @@ def __init__(self, module):
         # may be "present", "abesent" or an individual one
         self.state = ""
 
-    def _fetch(self, code_mapping, endpoint="", data=None, method="GET"):
+    def _fetch(self, code_mapping="", endpoint="", data=None, method="GET"):
         http_mapping = GENERIC_HTTP_CODES.copy()
         http_mapping.update(code_mapping)
 

plugins/module_utils/utils.py

@@ -20,12 +20,20 @@ def result_as_dict(result):
 
 
 GENERIC_HTTP_CODES = {
-    204: (True, False, "Successfully executed"),
+    200: (True, False, "OK: The operation was done successfully"),
+    204: (True, False, "Operation done successfully. No further output."),
     400: (False, True, "Bad request: Parameter or validation failure"),
+    401: (False, True, "The user is not authorized to do this request"),
     403: (False, True, "Forbidden: Configuration via Setup is disabled"),
-    404: (False, True, "Not found"),
-    406: (False, True, "Required headers are not satisfied"),
-    412: (False, True, "If-Match does not match ETag"),
-    415: (False, True, "Wrong content-type in header"),
-    428: (False, True, "If-Match header is missing"),
+    404: (False, True, "Not Found: The requested object has not been found"),
+    405: (
+        False,
+        True,
+        "This request is only allowed with other HTTP methods",
+    ),
+    406: (False, True, "The requests accept headers can not be satisfied"),
+    412: (False, True, "If-Match header doesn't match the object's ETag"),
+    415: (False, True, "The submitted content-type is not supported"),
+    428: (False, True, "The required If-Match header is missing"),
+    500: (False, True, "General Server Error"),
 }

plugins/modules/bakery.py

@@ -95,29 +95,6 @@
     result_as_dict,
 )
 
-HTTP_CODES = {
-    # http_code: (changed, failed, "Message")
-    200: (True, False, "The operation was done successfully."),
-    204: (
-        True,
-        False,
-        "No Content: Operation done successfully. No further output.",
-    ),
-    400: (False, True, "Bad Request: Parameter or validation failure."),
-    403: (False, True, "Forbidden: Configuration via WATO is disabled."),
-    406: (
-        False,
-        True,
-        "Not Acceptable: The requests accept headers can not be satisfied.",
-    ),
-    415: (
-        False,
-        True,
-        "Unsupported Media Type: The submitted content-type is not supported.",
-    ),
-    500: (False, True, "General Server Error."),
-}
-
 
 class BakeryAPI(CheckmkAPI):
     def post(self):
@@ -137,7 +114,6 @@ def post(self):
             action = "bake_and_sign"
 
         return self._fetch(
-            code_mapping=HTTP_CODES,
             endpoint="/domain-types/agent/actions/%s/invoke" % action,
             data=data,
             method="POST",

plugins/modules/discovery.py

@@ -40,7 +40,7 @@
         description: The action to perform during discovery.
         type: str
         default: new
-        choices: [new, remove, fix_all, refresh, tabula_rasa, only_host_labels, update_service_labels, monitor_undecided_services]
+        choices: [new, remove, fix_all, refresh, tabula_rasa, only_host_labels, only_service_labels, monitor_undecided_services]
     do_full_scan:
         description: The option whether to perform a full scan or not. (Bulk mode only).
         type: bool
@@ -131,13 +131,8 @@
         False,
         "The service discovery background job has been initialized. Redirecting to the 'Wait for service discovery completion' endpoint.",
     ),
-    400: (False, True, "Bad Request."),
-    403: (False, True, "Forbidden: Configuration via WATO is disabled."),
     404: (False, True, "Not Found: Host could not be found."),
-    406: (False, True, "Not Acceptable."),
     409: (False, False, "Conflict: A discovery background job is already running"),
-    415: (False, True, "Unsupported Media Type."),
-    500: (False, True, "General Server Error."),
 }
 
 HTTP_CODES_SC = {
@@ -148,30 +143,19 @@
         False,
         "The service discovery is still running. Redirecting to the 'Wait for completion' endpoint.",
     ),
-    403: (False, True, "Forbidden: Configuration via Setup is disabled."),
     404: (False, False, "Not Found: There is no running service discovery"),
-    406: (False, True, "Not Acceptable."),
-    500: (False, True, "General Server Error."),
 }
 
 HTTP_CODES_BULK = {
     # http_code: (changed, failed, "Message")
     200: (True, False, "Discovery successful."),
-    400: (False, True, "Bad Request."),
-    403: (False, True, "Forbidden: Configuration via WATO is disabled."),
-    406: (False, True, "Not Acceptable."),
     409: (False, False, "Conflict: A bulk discovery job is already active"),
-    415: (False, True, "Unsupported Media Type."),
-    500: (False, True, "General Server Error."),
 }
 
 HTTP_CODES_BULK_SC = {
     # http_code: (changed, failed, "Message")
     200: (True, False, "The service discovery has been completed."),
-    403: (False, True, "Forbidden: Configuration via WATO is disabled."),
     404: (False, False, "Not Found: There is no running bulk_discovery job"),
-    406: (False, True, "Not Acceptable."),
-    500: (False, True, "General Server Error."),
 }
 
 
@@ -255,7 +239,7 @@ def post(self):
             options["monitor_undecided_services"] = True
         if self.params.get("state") in ["remove", "fix_all"]:
             options["remove_vanished_services"] = True
-        if self.params.get("state") in ["update_service_labels"]:
+        if self.params.get("state") in ["only_service_labels"]:
             options["update_service_labels"] = True
         if self.params.get("state") in ["new", "fix_all", "only_host_labels"]:
             options["update_host_labels"] = True
@@ -336,7 +320,7 @@ def run_module():
                 "refresh",
                 "tabula_rasa",
                 "only_host_labels",
-                "update_service_labels",
+                "only_service_labels",
                 "monitor_undecided_services",
             ],
         ),
@@ -400,7 +384,7 @@ def run_module():
         module.params["state"] = "refresh"
 
     if module.params.get("state") in [
-        "update_service_labels",
+        "only_service_labels",
         "monitor_undecided_services",
     ]:
         if ver < CheckmkVersion("2.3.0"):
@@ -426,7 +410,7 @@ def run_module():
                 module.fail_json(**result_as_dict(result))
             if module.params.get(
                 "state"
-            ) == "update_service_labels" and ver < CheckmkVersion("2.3.0p3"):
+            ) == "only_service_labels" and ver < CheckmkVersion("2.3.0p3"):
                 result = RESULT(
                     http_code=0,
                     msg="State can only be used in bulk mode",

plugins/modules/password.py

@@ -132,90 +132,12 @@
 # We count 404 not as failed, because we want to know if the password exists or not.
 HTTP_CODES_GET = {
     # http_code: (changed, failed, "Message")
-    200: (True, False, "OK: The operation was done successfully."),
-    400: (False, True, "Bad Request: Parameter or validation failure."),
-    403: (False, True, "Forbidden: Configuration via Setup is disabled."),
     404: (False, False, "Not Found: The requested object has not been found."),
-    406: (
-        False,
-        True,
-        "Not Acceptable: The requests accept headers can not be satisfied.",
-    ),
-    415: (
-        False,
-        True,
-        "Unsupported Media Type: The submitted content-type is not supported.",
-    ),
-    500: (False, True, "General Server Error."),
 }
 
 HTTP_CODES_DELETE = {
     # http_code: (changed, failed, "Message")
-    200: (True, False, "OK: The operation was done successfully."),
-    400: (False, True, "Bad Request: Parameter or validation failure."),
-    403: (False, True, "Forbidden: Configuration via Setup is disabled."),
     404: (False, False, "Not Found: The requested object has not been found."),
-    406: (
-        False,
-        True,
-        "Not Acceptable: The requests accept headers can not be satisfied.",
-    ),
-    415: (
-        False,
-        True,
-        "Unsupported Media Type: The submitted content-type is not supported.",
-    ),
-    500: (False, True, "General Server Error."),
-}
-
-HTTP_CODES_CREATE = {
-    # http_code: (changed, failed, "Message")
-    200: (True, False, "OK: The operation was done successfully."),
-    400: (False, True, "Bad Request: Parameter or validation failure."),
-    403: (False, True, "Forbidden: Configuration via Setup is disabled."),
-    406: (
-        False,
-        True,
-        "Not Acceptable: The requests accept headers can not be satisfied.",
-    ),
-    415: (
-        False,
-        True,
-        "Unsupported Media Type: The submitted content-type is not supported.",
-    ),
-    500: (False, True, "General Server Error."),
-}
-
-HTTP_CODES_UPDATE = {
-    # http_code: (changed, failed, "Message")
-    200: (
-        True,
-        False,
-        "No Content: Operation was done successfully. No further output",
-    ),
-    403: (False, True, "Forbidden: Configuration via Setup is disabled."),
-    404: (False, True, "Not Found: The requested object has not been found."),
-    406: (
-        False,
-        True,
-        "Not Acceptable: The requests accept headers can not be satisfied.",
-    ),
-    412: (
-        False,
-        True,
-        "Precondition Failed: The value of the If-Match header doesn't match the object's ETag.",
-    ),
-    415: (
-        False,
-        True,
-        "Unsupported Media Type: The submitted content-type is not supported.",
-    ),
-    428: (
-        False,
-        True,
-        "Precondition Required: The required If-Match header is missing.",
-    ),
-    500: (False, True, "General Server Error."),
 }
 
 
@@ -236,7 +158,6 @@ def post(self):
         data = {key: val for key, val in data.items() if val}
 
         return self._fetch(
-            code_mapping=HTTP_CODES_CREATE,
             endpoint="/domain-types/password/collections/all",
             data=data,
             method="POST",
@@ -259,7 +180,6 @@ def put(self):
         data = {key: val for key, val in data.items() if val}
 
         return self._fetch(
-            code_mapping=HTTP_CODES_UPDATE,
             endpoint="/objects/password/%s" % self.params.get("name"),
             data=data,
             method="PUT",