fix: add support for security level (#1050)

splunk · Jul 24, 2024 · 0379281 · 0379281
1 parent 175c57f
commit 0379281
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@
 - added `yamllint` validation for the `values.yaml` formatting
 - added "in code" validation of groups and profiles
 - added logs configuration to docker compose deployment
+- add support for different security level in snmp v3
 
 ### Fixed
 - fixed a bug with configuration from values.yaml not being transferred to the UI while migrating to SC4SNMP-UI

diff --git a/splunk_connect_for_snmp/snmp/auth.py b/splunk_connect_for_snmp/snmp/auth.py
@@ -136,8 +136,8 @@ def get_auth_v3(logger, ir: InventoryRecord, snmp_engine: SnmpEngine) -> UsmUser
         )
         return UsmUserData(
             username,
-            authKey=auth_key,
-            privKey=priv_key,
+            authKey=auth_key if auth_key else None,
+            privKey=priv_key if priv_key else None,
             authProtocol=auth_protocol,
             privProtocol=priv_protocol,
             securityEngineId=security_engine_id,
@@ -161,7 +161,6 @@ def get_auth_v1(ir: InventoryRecord) -> CommunityData:
 def get_auth(
     logger, ir: InventoryRecord, snmp_engine: SnmpEngine
 ) -> Union[UsmUserData, CommunityData]:
-
     if ir.version == "1":
         return get_auth_v1(ir)
     elif ir.version == "2c":

diff --git a/test/snmp/test_auth.py b/test/snmp/test_auth.py
@@ -4,6 +4,8 @@
 from pysnmp.entity.config import (
     usmAesBlumenthalCfb192Protocol,
     usmHMAC128SHA224AuthProtocol,
+    usmNoAuthProtocol,
+    usmNoPrivProtocol,
 )
 from pysnmp.proto.rfc1902 import OctetString
 
@@ -169,6 +171,7 @@ def test_get_auth_v3(self, m_get_secret_value, m_exists):
         self.assertEqual("secret1", result.userName)
         self.assertEqual("secret2", result.authKey)
         self.assertEqual("secret3", result.privKey)
+        self.assertEqual("authPriv", result.securityLevel)
         self.assertEqual(usmHMAC128SHA224AuthProtocol, result.authProtocol)
         self.assertEqual(usmAesBlumenthalCfb192Protocol, result.privProtocol)
         self.assertEqual(security_engine_result._value, result.securityEngineId._value)
@@ -218,6 +221,7 @@ def test_get_auth_v3_security_engine_not_str(
         self.assertEqual("secret1", result.userName)
         self.assertEqual("secret2", result.authKey)
         self.assertEqual("secret3", result.privKey)
+        self.assertEqual("authPriv", result.securityLevel)
         self.assertEqual(usmHMAC128SHA224AuthProtocol, result.authProtocol)
         self.assertEqual(usmAesBlumenthalCfb192Protocol, result.privProtocol)
         self.assertEqual("ENGINE123", result.securityEngineId)
@@ -246,6 +250,64 @@ def test_get_auth_v3_exception(self, m_get_secret_value, m_exists):
             get_auth_v3(logger, ir, snmpEngine)
         self.assertEqual("invalid username from secret secret_ir", e.exception.args[0])
 
+    @patch("os.path.exists")
+    @patch("splunk_connect_for_snmp.snmp.auth.get_secret_value")
+    def test_get_auth_v3_noauthnopriv(self, m_get_secret_value, m_exists):
+        m_exists.return_value = True
+        m_get_secret_value.side_effect = [
+            "secret1",
+            "",
+            "",
+            "SHA224",
+            "AES192BLMT",
+            "1",
+            "2",
+        ]
+        logger = Mock()
+        snmpEngine = Mock()
+
+        result = get_auth_v3(logger, ir, snmpEngine)
+        security_engine_result = OctetString(hexValue="80003a8c04")
+        self.assertEqual("secret1", result.userName)
+        self.assertEqual(None, result.authKey)
+        self.assertEqual(None, result.privKey)
+        self.assertEqual("noAuthNoPriv", result.securityLevel)
+        self.assertEqual(usmNoAuthProtocol, result.authProtocol)
+        self.assertEqual(usmNoPrivProtocol, result.privProtocol)
+        self.assertEqual(security_engine_result._value, result.securityEngineId._value)
+        self.assertEqual("secret1", result.securityName)
+        self.assertEqual(1, result.authKeyType)
+        self.assertEqual(2, result.privKeyType)
+
+    @patch("os.path.exists")
+    @patch("splunk_connect_for_snmp.snmp.auth.get_secret_value")
+    def test_get_auth_v3_authnopriv(self, m_get_secret_value, m_exists):
+        m_exists.return_value = True
+        m_get_secret_value.side_effect = [
+            "secret1",
+            "secret2",
+            "",
+            "SHA224",
+            "AES192BLMT",
+            "1",
+            "2",
+        ]
+        logger = Mock()
+        snmpEngine = Mock()
+
+        result = get_auth_v3(logger, ir, snmpEngine)
+        security_engine_result = OctetString(hexValue="80003a8c04")
+        self.assertEqual("secret1", result.userName)
+        self.assertEqual("secret2", result.authKey)
+        self.assertEqual(None, result.privKey)
+        self.assertEqual("authNoPriv", result.securityLevel)
+        self.assertEqual(usmHMAC128SHA224AuthProtocol, result.authProtocol)
+        self.assertEqual(usmNoPrivProtocol, result.privProtocol)
+        self.assertEqual(security_engine_result._value, result.securityEngineId._value)
+        self.assertEqual("secret1", result.securityName)
+        self.assertEqual(1, result.authKeyType)
+        self.assertEqual(2, result.privKeyType)
+
     def test_get_auth_v2c(self):
         result = get_auth_v2c(ir)
         self.assertEqual("public", result.communityName)