community.zabbix icon indicating copy to clipboard operation
community.zabbix copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

tls_accept param should accept multiple values

Open maxxer opened this issue 3 years ago • 5 comments

SUMMARY

API docs says:

tls_accept | integer | Connections from host. Possible bitmap values are: 1 - (default) No encryption; 2 - PSK; 4 - certificate.

While tls_connect is a simple integer.

ISSUE TYPE
  • Bug Report
COMPONENT NAME
  • zabbix_proxy
  • zabbix_host

maxxer avatar Nov 13 '21 17:11 maxxer

While thinking about it, it has different meaning for the agent/proxy config file and for the api/backend: the multi value option is only for this last entity. I guess this can be probably left as is. Unless the plugin just takes the first option for the config and all for the api/backend.

maxxer avatar Nov 14 '21 08:11 maxxer

It is currently not clear to me what actually is needed. Can you provide some more information what the problem is and what is expected? (Maybe just follow the template and fill in the questions).

dj-wasabi avatar Nov 28 '21 09:11 dj-wasabi

I presume that this is related to plugins as roles have #526 open already and zabbix_host doesn't have its counterpart within roles as proxy does.

Excerpt from zabbix_host doc:

    tls_accept:
        description:
            - Specifies what types of connections are allowed for incoming connections.
            - The tls_accept parameter accepts values of 1 to 7
            - Possible values, 1 (no encryption), 2 (PSK), 4 (certificate).
            - Values can be combined.
            - Works only with >= Zabbix 3.0
        default: 1
        type: int

Excerpt from zabbix_proxy says:

    tls_accept:
        description:
            - Connections from proxy.
        required: false
        choices: ['no_encryption','PSK','certificate']
        default: 'no_encryption'
        type: str

They both implement it in the same way in the background (we send the integer value to the actual API), but our "frontend" (meaning choices for parameter options) are in desync where one is accepting integers and the other one strings.

Maybe you mean that this parameter should accept multiple values at the same time? Because I think that is not correct, API allows only single value in the call. But I can see Zabbix documentation being confusing.

D3DeFi avatar Nov 28 '21 13:11 D3DeFi

I also created #544 for unifying the "frontend"

D3DeFi avatar Nov 28 '21 13:11 D3DeFi

The API accepts an integer because it's a bitmap (like chmod).

immagine

In proxy config the Connections from proxy option accepts multiple values, this is what I was referring to. I'll try to sort out #526 before, then take a look at this

maxxer avatar Nov 29 '21 08:11 maxxer