Skip to content

Commit

Permalink
fix: add support for security level (#1050)
Browse files Browse the repository at this point in the history
  • Loading branch information
ajasnosz authored Jul 24, 2024
1 parent 175c57f commit 0379281
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
- added `yamllint` validation for the `values.yaml` formatting
- added "in code" validation of groups and profiles
- added logs configuration to docker compose deployment
- add support for different security level in snmp v3

### Fixed
- fixed a bug with configuration from values.yaml not being transferred to the UI while migrating to SC4SNMP-UI
Expand Down
5 changes: 2 additions & 3 deletions splunk_connect_for_snmp/snmp/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -136,8 +136,8 @@ def get_auth_v3(logger, ir: InventoryRecord, snmp_engine: SnmpEngine) -> UsmUser
)
return UsmUserData(
username,
authKey=auth_key,
privKey=priv_key,
authKey=auth_key if auth_key else None,
privKey=priv_key if priv_key else None,
authProtocol=auth_protocol,
privProtocol=priv_protocol,
securityEngineId=security_engine_id,
Expand All @@ -161,7 +161,6 @@ def get_auth_v1(ir: InventoryRecord) -> CommunityData:
def get_auth(
logger, ir: InventoryRecord, snmp_engine: SnmpEngine
) -> Union[UsmUserData, CommunityData]:

if ir.version == "1":
return get_auth_v1(ir)
elif ir.version == "2c":
Expand Down
62 changes: 62 additions & 0 deletions test/snmp/test_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
from pysnmp.entity.config import (
usmAesBlumenthalCfb192Protocol,
usmHMAC128SHA224AuthProtocol,
usmNoAuthProtocol,
usmNoPrivProtocol,
)
from pysnmp.proto.rfc1902 import OctetString

Expand Down Expand Up @@ -169,6 +171,7 @@ def test_get_auth_v3(self, m_get_secret_value, m_exists):
self.assertEqual("secret1", result.userName)
self.assertEqual("secret2", result.authKey)
self.assertEqual("secret3", result.privKey)
self.assertEqual("authPriv", result.securityLevel)
self.assertEqual(usmHMAC128SHA224AuthProtocol, result.authProtocol)
self.assertEqual(usmAesBlumenthalCfb192Protocol, result.privProtocol)
self.assertEqual(security_engine_result._value, result.securityEngineId._value)
Expand Down Expand Up @@ -218,6 +221,7 @@ def test_get_auth_v3_security_engine_not_str(
self.assertEqual("secret1", result.userName)
self.assertEqual("secret2", result.authKey)
self.assertEqual("secret3", result.privKey)
self.assertEqual("authPriv", result.securityLevel)
self.assertEqual(usmHMAC128SHA224AuthProtocol, result.authProtocol)
self.assertEqual(usmAesBlumenthalCfb192Protocol, result.privProtocol)
self.assertEqual("ENGINE123", result.securityEngineId)
Expand Down Expand Up @@ -246,6 +250,64 @@ def test_get_auth_v3_exception(self, m_get_secret_value, m_exists):
get_auth_v3(logger, ir, snmpEngine)
self.assertEqual("invalid username from secret secret_ir", e.exception.args[0])

@patch("os.path.exists")
@patch("splunk_connect_for_snmp.snmp.auth.get_secret_value")
def test_get_auth_v3_noauthnopriv(self, m_get_secret_value, m_exists):
m_exists.return_value = True
m_get_secret_value.side_effect = [
"secret1",
"",
"",
"SHA224",
"AES192BLMT",
"1",
"2",
]
logger = Mock()
snmpEngine = Mock()

result = get_auth_v3(logger, ir, snmpEngine)
security_engine_result = OctetString(hexValue="80003a8c04")
self.assertEqual("secret1", result.userName)
self.assertEqual(None, result.authKey)
self.assertEqual(None, result.privKey)
self.assertEqual("noAuthNoPriv", result.securityLevel)
self.assertEqual(usmNoAuthProtocol, result.authProtocol)
self.assertEqual(usmNoPrivProtocol, result.privProtocol)
self.assertEqual(security_engine_result._value, result.securityEngineId._value)
self.assertEqual("secret1", result.securityName)
self.assertEqual(1, result.authKeyType)
self.assertEqual(2, result.privKeyType)

@patch("os.path.exists")
@patch("splunk_connect_for_snmp.snmp.auth.get_secret_value")
def test_get_auth_v3_authnopriv(self, m_get_secret_value, m_exists):
m_exists.return_value = True
m_get_secret_value.side_effect = [
"secret1",
"secret2",
"",
"SHA224",
"AES192BLMT",
"1",
"2",
]
logger = Mock()
snmpEngine = Mock()

result = get_auth_v3(logger, ir, snmpEngine)
security_engine_result = OctetString(hexValue="80003a8c04")
self.assertEqual("secret1", result.userName)
self.assertEqual("secret2", result.authKey)
self.assertEqual(None, result.privKey)
self.assertEqual("authNoPriv", result.securityLevel)
self.assertEqual(usmHMAC128SHA224AuthProtocol, result.authProtocol)
self.assertEqual(usmNoPrivProtocol, result.privProtocol)
self.assertEqual(security_engine_result._value, result.securityEngineId._value)
self.assertEqual("secret1", result.securityName)
self.assertEqual(1, result.authKeyType)
self.assertEqual(2, result.privKeyType)

def test_get_auth_v2c(self):
result = get_auth_v2c(ir)
self.assertEqual("public", result.communityName)
Expand Down

0 comments on commit 0379281

Please sign in to comment.