Password store issue - ruleset v1 api

Hi,

I’m developing a special agent but am having a problem with the Password field and password store. I’ve got the field written like this:

                "password": DictElement(
                parameter_form=Password(
                    title=Title("Password or API key"),
                    migrate=migrate_to_password,
                ),

(Note that I’ve got the “migrate=migrate_to_password,” bit in there because I’ve seen it on other rules, but the same issue occurs with or without that line)

The form displays fine and the rule saves without any issue. I choose a stored password from the password store. When it comes to activating changes however, I get the error
Warnings:

  • check_mk: The stored password “stored_password” used by host “192.168.0.4” does not exist (anymore).

There is also the error in the Check MK service:

pwstore: Password ‘stored_password’ not found in /omd/sites/master/var/check_mk/core/helper_config/latest/stored_passwords

Obviously this is a bit perplexing, because the password is definitely in the password store, because I was able to select it in the rule?

Am I missing something? The relevant bit in rules.mk is:

special_agents['truenas'] = [
{'condition': {'host_folder': '/%s/' % FOLDER_PATH},
 'id': '750f1edb-9e13-426a-bc2f-49d053f1ef85',
 'options': {'disabled': False},
 'value': {'password': ('cmk_postprocessed',
                        'stored_password',
                        ('password_1', ''))}},
] + special_agents['truenas']

Any help would be appreciated :slight_smile:

P.S. I also get similar with Explicit password:

check_mk: The stored password "explicit_password" used by host "192.168.0.4" does not exist (anymore).

The important part is missing here.
The code for the generation of the special agent call.
I think the problem comes from there.
The rule inside the rules.mk looks fine.
There you should have something like this.

    if params.password is not None:
        command_arguments += ["-p", params.password.unsafe()]

If your special agent can handle the new passwords you can also use this.

    if params.password is not None:
        command_arguments += ["--password-id", params.password]

Booth are from the new server side calls files.
The password parameters is also here from the typ.

from cmk.server_side_calls.v1 import (
    Secret,
)

all the params are validated like this

class Params(BaseModel):
    """params validator"""
    user: str | None = None
    password: Secret | None = None
....
2 Likes

@andreas-doehler that was it, thank you! Another quick question, my special agent itself (the code that calls the truenas API) currently resides in local/share/check_mk/agents/special. Is this still the correct place?

If the whole thing is written with 2.3 syntax/API then no.
If it is 2.2 API then yes.
Have a look at my simple Huawei storage special agent.
This is in 2.3 format.

1 Like

Thanks Andreas, just had a look. What is the purpose of the little “stub” file in libexec? Is this needed or can the special agent just be called directly?

@andreas-doehler Well I’ve moved the special agent to the new location without needing to modify it. Had to create the libexec stub file, although I’m still not sure of the point of it :slight_smile:

It is also possible to place the special agent directly in the libexec folder. The name of this file is defined by your special agent rule name and so on and this file is the only that needs to be executable.
The real special agent than can consists of different files in different places as they are only Python imports.

1 Like