Icingadb/protect/variables wont work for me

TheCry · November 10, 2023, 10:49am

I have several variables for the hosts, the value of which should not be displayed. Before ICINGADb, for example, passwords were displayed with ***.
I looked at the page Security - Icinga DB Web and no variation brought the success.
The variable is below “host.vars.ILO_PASSWORD”
If I enter this under “icingadb/denylist/variables” the rule takes effect and the variable disappears. Why doesn’t this work with “icingadb/protect/variables”?

Icinga DB Web version (System - About):
Icinga Web 2 version (System - About): 2.12.0
Web browser: Chrone / Edge / FireFox actual version
Icinga 2 version (icinga2 --version): r2.14.0-1
Icinga DB version (icingadb --version): v1.1.1
PHP version used (php --version): 7.4
Server operating system and version: Debian 10

moreamazingnick · November 12, 2023, 8:54am

did you sign out and sign in again to check the vars after changing “icingadb/protect/variables”?

TheCry · November 13, 2023, 5:55am

Yes. I did also used another browser.

moreamazingnick · November 13, 2023, 9:00am

whats your version of icingadb-web.
the latest release is 1.1.0 and the deny works.

can you post a screenshot of the restriction entries and one a host/service this does not work with.

also recheck If your access role get appied correctly by maybe remove some module access
Is your role unrestricted
- this also shows denied or hidden vars

TheCry · November 13, 2023, 9:41am

First of all… I’m pretty sure that before 1.1.0 the rule worked. After updating to I also had a problem with other existing rules. I had also posted a ticket for this, where I was then informed that the RegExp had changed.
By coincidence, I noticed this with the “Protected Vars”.

The user I’m testing with only has access to one host group.
I have created a role “1_Remove_Variable_Rule” where I define the variables that should not be displayed. I enter these roles in every other role. That’s how it’s always worked.
Yes, we are using 1.1.0 and “icingadb/denylist/variables” also works.
Here are the screenshots
“1_Remove_Variable_Rule”

“Role of the user where the role “1_Remove_Variable_Rule” is entered in “Inheritance from””

moreamazingnick · November 13, 2023, 12:26pm

It is also wokring on my test machine…
how did you install icingadb-web? source or package?

are your libs uptodate?
icinga/icinga-php-thirdparty: 0.12.0
icinga/icinga-php-library: 0.13.0

TheCry · November 13, 2023, 12:41pm

icingadb-web is installed by package:

moreamazingnick · November 13, 2023, 2:55pm

deny and hidden work on my setup.

if I make the user unrestricted of course this rule does not apply

yhabteab · November 13, 2023, 4:29pm

Hi everyone, sorry for jumping in, but it’s a known bug and will be fixed with the next Icinga DB Web release.

TheCry · November 14, 2023, 6:14am

Thank you. That’s it… So i will wait for the fix… For now i will use the “icingadb/denylist/variables”

TheCry · November 16, 2023, 6:23am

Good morning… With the new version of icingadb-web (v1.1.1) everything works like before! Thank you