15354 FIX Remove "Encrypt notification daemon communication" check fr…

…om "Analyze Configuration" in Checkmk Raw "Encrypt notification daemon communication" is a Checkmk Enterprise feature, so this check needs to be omitted in Checkmk Raw. It previously failed with the following traceback: ``` error executing configuration test ACTestMknotifydCommunicationEncrypted Traceback (most recent call last): File "/omd/sites/site/lib/python3/cmk/gui/watolib/analyze_configuration.py", line 157, in run results = list(self.execute()) ^^^^^^^^^^^^^^^^^^^^ File "/omd/sites/site/lib/python3/cmk/gui/wato/_ac_tests.py", line 527, in execute config = self._get_effective_global_setting("notification_spooler_config") ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/omd/sites/site/lib/python3/cmk/gui/watolib/analyze_configuration.py", line 204, in _get_effective_global_setting return get_effective_global_setting( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/omd/sites/site/lib/python3/cmk/gui/watolib/sites.py", line 762, in get_effective_global_setting return default_values[varname] ~~~~~~~~~~~~~~^^^^^^^^^ KeyError: 'notification_spooler_config' ``` CMK-21599 Change-Id: I359a94ac566c1361e5bfd66a5c31d88353222227
Checkmk · Feb 13, 2025 · b0ac976 · b0ac976
1 parent e80a745
commit b0ac976
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 55 deletions.
diff --git a/.werks/15354.md b/.werks/15354.md
@@ -0,0 +1,35 @@
+[//]: # (werk v2)
+# Remove "Encrypt notification daemon communication" check from "Analyze Configuration" in Checkmk Raw
+
+key        | value
+---------- | ---
+date       | 2025-02-11T09:59:14+00:00
+version    | 2.5.0b1
+class      | fix
+edition    | cre
+component  | wato
+level      | 1
+compatible | yes
+
+"Encrypt notification daemon communication" is a Checkmk Enterprise feature,
+so this check needs to be omitted in Checkmk Raw.
+
+It previously failed with the following traceback:
+
+```
+error executing configuration test ACTestMknotifydCommunicationEncrypted
+Traceback (most recent call last):
+  File "/omd/sites/site/lib/python3/cmk/gui/watolib/analyze_configuration.py", line 157, in run
+    results = list(self.execute())
+              ^^^^^^^^^^^^^^^^^^^^
+  File "/omd/sites/site/lib/python3/cmk/gui/wato/_ac_tests.py", line 527, in execute
+    config = self._get_effective_global_setting("notification_spooler_config")
+             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/omd/sites/site/lib/python3/cmk/gui/watolib/analyze_configuration.py", line 204, in _get_effective_global_setting
+    return get_effective_global_setting(
+           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  File "/omd/sites/site/lib/python3/cmk/gui/watolib/sites.py", line 762, in get_effective_global_setting
+    return default_values[varname]
+           ~~~~~~~~~~~~~~^^^^^^^^^
+KeyError: 'notification_spooler_config'
+```
diff --git a/cmk/gui/wato/_ac_tests.py b/cmk/gui/wato/_ac_tests.py
@@ -68,7 +68,6 @@ def register(ac_test_registry: ACTestRegistry) -> None:
     ac_test_registry.register(ACTestNumberOfUsers)
     ac_test_registry.register(ACTestHTTPSecured)
     ac_test_registry.register(ACTestOldDefaultCredentials)
-    ac_test_registry.register(ACTestMknotifydCommunicationEncrypted)
     ac_test_registry.register(ACTestBackupConfigured)
     ac_test_registry.register(ACTestBackupNotEncryptedConfigured)
     ac_test_registry.register(ACTestEscapeHTMLDisabled)
@@ -503,60 +502,6 @@ def execute(self) -> Iterator[ACSingleResult]:
             )
 
 
-class ACTestMknotifydCommunicationEncrypted(ACTest):
-    def category(self) -> str:
-        return ACTestCategories.security
-
-    def title(self) -> str:
-        return _("Encrypt notification daemon communication")
-
-    def help(self) -> str:
-        return _(
-            "Since version 2.1 it is possible to encrypt the communication of the notification "
-            "daemon with TLS. After an upgrade of an existing site incoming connections will still "
-            "use plain text communication and outgoing connections will try to use TLS and fall "
-            "back to plain text communication if the remote site does not support TLS. It is "
-            "recommended to enforce TLS encryption as soon as all sites support it."
-        )
-
-    def is_relevant(self) -> bool:
-        return True
-
-    def execute(self) -> Iterator[ACSingleResult]:
-        only_encrypted = True
-        config = self._get_effective_global_setting("notification_spooler_config")
-
-        if (incoming := config.get("incoming", {})) and incoming.get("encryption") == "unencrypted":
-            only_encrypted = False
-            yield ACSingleResult(
-                state=ACResultState.CRIT,
-                text=_("Incoming connections on port %s communicate via plain text")
-                % incoming["listen_port"],
-            )
-
-        for outgoing in config["outgoing"]:
-            socket = f"{outgoing['address']}:{outgoing['port']}"
-            if outgoing["encryption"] == "upgradable":
-                only_encrypted = False
-                yield ACSingleResult(
-                    state=ACResultState.WARN,
-                    text=_("Encryption for %s is only used if it is enabled on the remote site")
-                    % socket,
-                )
-            if outgoing["encryption"] == "unencrypted":
-                only_encrypted = False
-                yield ACSingleResult(
-                    state=ACResultState.CRIT,
-                    text=_("Plain text communication is enabled for %s") % socket,
-                )
-
-        if only_encrypted:
-            yield ACSingleResult(
-                state=ACResultState.OK,
-                text="Encrypted communication is enabled for all configured connections",
-            )
-
-
 class ACTestBackupConfigured(ACTest):
     def category(self) -> str:
         return ACTestCategories.reliability