adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
265 Commits 1 Branch 2 Tags 7.1 MiB
main
Commit Graph

100 Commits

Author SHA1 Message Date
Admin MPCZ
2bf2fa5042 patch_history: tolere parametres vides dans les filtres (week=, source=, etc.) 2026-04-17 12:42:58 +00:00
Admin MPCZ
2ab2ceabba Historique patching : filtres OS/zone/domaine/intervenant + colonnes table 2026-04-17 12:10:45 +00:00
Admin MPCZ
4b1794d4d1 Add page Historique patching : vue unifiee import xlsx + campagnes + quickwin 2026-04-17 08:47:25 +00:00
Admin MPCZ
8b212df7a1 Qualys 'sans agent': match via server_id (couvre alias hostname Qualys != iTop) 2026-04-15 13:54:07 +02:00
Admin MPCZ
245777fd46 Qualys agents: exclut Win10/11/Workstation de la liste 'Sans agent' 2026-04-15 13:49:05 +02:00
Admin MPCZ
a3a1ec7e6d Qualys deploy: bouton 'Sauvegarder ces valeurs' (ActivationId/Customer/Uri persistes) 2026-04-15 13:34:24 +02:00
Admin MPCZ
5b6e113792 Qualys deploy: filtre s.os_family=linux + retire dropdown OS du UI 2026-04-15 13:18:09 +02:00
Admin MPCZ
55d08921f9 Qualys deploy: persiste activation_ids/customer/uri en secrets + selection auto Linux/Windows 2026-04-15 13:12:15 +02:00
Admin MPCZ
f59c6dcbdb Qualys deploy: 2 dropdowns ActivationId Linux et Windows (separes) 2026-04-15 13:04:34 +02:00
Admin MPCZ
0095f7914f Qualys deploy: POD SANEF = QG1 par defaut (pas QG2) 2026-04-15 13:00:45 +02:00
Admin MPCZ
2972baca1f Qualys deploy: dropdown ActivationId depuis API + ServerUri auto-deduit URL Qualys 2026-04-15 12:53:18 +02:00
Admin MPCZ
9e03fd84c0 Qualys tags page: bandeau sync en cours + bouton Resync API disable 2026-04-15 12:39:40 +02:00
Admin MPCZ
48249d1c82 Qualys agents page: bandeau sync en cours + boutons sync desactives + bouton Annuler 2026-04-15 12:37:49 +02:00
Admin MPCZ
1dc7560f44 Qualys tags resync: message clair si busy + erreur API detaillee 2026-04-15 12:35:34 +02:00
Admin MPCZ
a62f9a4146 Qualys sync dual mode: diff (rapide, lastCheckedIn) + full (complet) 
- refresh_all_agents accepte mode='diff'|'full' (defaut diff)
- Mode diff: filtre Qualys lastCheckedIn > qualys_last_diff_sync (settings)
- Mode full: pull tous les assets (comme avant)
- Skip early-exit en diff si dernier diff < 5 min
- 2 boutons UI: 'Sync rapide (diff)' et 'Sync complete'
- JS refreshAgents(mode) passe le mode en query param
 2026-04-15 12:33:48 +02:00
Admin MPCZ
2f880da275 Top bar: affiche display_name (Prenom NOM) + (AD) si LDAP + login en gris 2026-04-15 12:00:41 +02:00
Admin MPCZ
67fa28a2af Fix LDAP auto-provision: colonne display_name (pas full_name) 2026-04-15 11:52:20 +02:00
Admin MPCZ
f013aaaab6 LDAP auto-provision: user cree DESACTIVE par defaut + role viewer (admin doit l'activer) 2026-04-15 11:46:22 +02:00
Admin MPCZ
53d4f71607 LDAP: restriction groupe AD + auto-provisioning users (sans permissions) 
- Settings ldap_required_group (DN groupe autorise) + ldap_default_role
- ldap_authenticate verifie memberOf vs required_group avant bind
- auth.py: si user inconnu + LDAP + groupe OK -> auto-create user, role default,
  zero permission (admin doit assigner via /users)
 2026-04-15 11:45:33 +02:00
Admin MPCZ
d508072969 Add /qualys/tagsv3/catalog: page de reference nom/type/QQL/couleur par categorie 
- Template catalog.html affiche les 6 categories + prefixes
- Tags avec QQL en font mono user-select:all pour copy-paste facile
- Export JSON dispo via /qualys/tagsv3/catalog.json
- Navigation croisee entre Vue/Catalog/Gap
 2026-04-15 10:20:41 +02:00
Admin MPCZ
ec7712f0c9 Add module Qualys Tags V3: catalogue YAML + service + pages /qualys/tagsv3 et /gap 
- deploy/qualys_tags_v3.yaml: catalogue 19 DYN + 6 SPEC manuel + prefixes
- app/services/qualys_tags_service.py: list/analyze_gap/create_static/delete via API
- app/routers/qualys_tags.py: routes /qualys/tagsv3 et /gap
- templates: qualys_tagsv3.html (liste) + qualys_tagsv3_gap.html (diff catalogue)
- Route /qualys/tagsv3/create-all-static pour creer les STAT manquants en bulk
- DYN manquants affiches avec QQL copy-paste pour console Qualys (API ne permet pas)
- PyYAML ajoute aux requirements
 2026-04-15 10:14:10 +02:00
Admin MPCZ
2a10ec55ab Page /audit: liste les audits en cours avec bouton Reprendre 2026-04-15 00:22:22 +02:00
Admin MPCZ
3c4244597c Audit: ThreadPoolExecutor avec parallel borne (evite saturation DB/PSMP) 2026-04-15 00:20:12 +02:00
Admin MPCZ
48efb07b49 Audit exclusion: match par nom ET code (form UI envoie l'un ou l'autre) 2026-04-15 00:14:39 +02:00
Admin MPCZ
ca4f779e48 Fix audit exclusion: NULL domaine = exclu (evite audit de 690 serveurs non-tagges) 2026-04-15 00:05:16 +02:00
Admin MPCZ
69cedff0fe Fix audit exclusion: match sur servers.domaine OR d.name OR d.code, NULL = non-exclu 
Les serveurs sans domain_env_id (majorite) etaient exclus a tort car
d.code=NULL et 'NULL NOT IN (...)' = NULL. Utilise COALESCE avec la
colonne plain-text s.domaine en priorite.
 2026-04-14 23:59:36 +02:00
Admin MPCZ
09e92c8b70 Fix export CSV: colonne zone (alias dans SELECT = 'zone' pas 'zone_name') 2026-04-14 23:26:30 +02:00
Admin MPCZ
0be4849ef2 Fix filtres zone/licence perdus lors tri/pagination/export CSV 
Les macros sort_url et qs + le lien Export CSV ne propageaient pas les
parametres zone/licence ajoutes recemment. Ajout dans:
- servers.html (macros + export link)
- servers.py (endpoint export-csv: signature + filters dict)
 2026-04-14 22:25:57 +02:00
Admin MPCZ
e2b984c2c4 Servers: filtre licence (active/obsolete/els/sans licence) 2026-04-14 22:17:09 +02:00
Admin MPCZ
5e9625764a Dashboard: try/except autour KPIs DMZ/patch_history (resilient si table absente) 2026-04-14 21:47:41 +02:00
Admin MPCZ
6ec1c4575d Dashboard: KPIs DMZ + patching 2026 depuis patch_history 
- Stats DMZ (cliquable vers filtre zone)
- Patched 2026, never patched, last week (depuis patch_history Excel)
- Couverture patching = patched / patchable
- KPIs cards cliquables (lien vers /servers filtre pre-applique)
- Fix alias stats.eol -> stats.obsolete
 2026-04-14 21:45:36 +02:00
Admin MPCZ
3211b81e60 Servers: filtre zone (liste zones + DMZ + Sans zone) 2026-04-14 21:15:49 +02:00
Admin MPCZ
753d4076c9 Migre etat vers labels iTop verbatim (Production, Nouveau, etc.) 
Aligne la colonne servers.etat sur les valeurs iTop exactes au lieu
des codes lowercase internes.

Impact:
- servers.etat stocke: Production, Implémentation, Stock, Obsolète,
  EOL, prêt, tests, Nouveau, A récupérer, Cassé, Cédé, En panne,
  Perdu, Recyclé, Occasion, A détruire, Volé
- Remplace tous les 'production'/'obsolete'/'stock'/'eol'/'implementation'
  en WHERE/comparisons par les labels iTop verbatim (~10 fichiers)
- Templates badges/filtres: valeurs + labels iTop
- itop_service: maintient mapping iTop API internal code <-> DB label
- import_sanef_*: norm_etat retourne la valeur iTop verbatim ou None
  (plus de fallback silencieux sur 'production')

Ajoute:
- tools/import_etat_itop.py : migration lowercase -> iTop + re-import CSV
- tools/import_environnement.py : fix dry-run pour ADD COLUMN idempotent

Supprime:
- tools/fix_etat_extend.py (obsolete par import_etat_itop.py)
 2026-04-14 18:40:56 +02:00
Admin MPCZ
67287b8256 Qualys: cancel button for ongoing refresh 2026-04-14 16:12:44 +02:00
Admin MPCZ
69aeb0e77a Qualys agents page: sync route + drop LOWER (citext is case-insensitive) 2026-04-14 16:09:56 +02:00
Admin MPCZ
71f83d5d4f Qualys refresh: threading lock + 409 if already running 2026-04-14 15:20:17 +02:00
Admin MPCZ
e3bcf8fcc1 Qualys refresh: sync route so blocking requests run in threadpool 2026-04-14 15:18:16 +02:00
Admin MPCZ
053c9a3b59 Add Voir detail button and results route for realtime audit 2026-04-14 13:10:23 +02:00
Admin MPCZ
677f621c81 Admin applications + correspondance cleanup + tools presentation DSI 
- Admin applications: CRUD module (list/add/edit/delete/assign/multi-app)
  avec push iTop bidirectionnel (applications.py + 3 templates)
- Correspondance prod<->hors-prod: migration vers server_correspondance
  globale, suppression ancien code quickwin, ajout filtre environnement
  et solution applicative, colonne environnement dans builder
- Servers page: colonne application_name + equivalent(s) via get_links_bulk,
  filtre application_id, push iTop sur changement application
- Patching: bulk_update_application, bulk_update_excludes, validations
- Fix paramiko sftp.put (remote_path -> positional arg)
- Tools: wiki_to_pdf.py (DokuWiki -> PDF) + generate_ppt.py (PPTX 19 slides
  DSI patching) + contenu source (processus_patching.txt, script_presentation.txt)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-13 21:11:58 +02:00
Admin MPCZ
caa2be71a4 Misc: servers page (application + equivalent), campagne tweaks 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-12 18:51:36 +02:00
Admin MPCZ
a706e240ca Patching: exclusions + correspondance prod<->hors-prod + validations 
- /patching/config-exclusions: exclusions iTop par serveur + bulk + push iTop
- /quickwin/config: liste globale reboot packages (au lieu de per-server)
- /patching/correspondance: builder mark PROD/NON-PROD + bulk change env/app
  + auto-detect par nomenclature + exclut stock/obsolete
- /patching/validations: workflow post-patching (en_attente/OK/KO/force)
  validator obligatoire depuis contacts iTop
- /patching/validations/history/{id}: historique par serveur
- Auto creation patch_validation apres status='patched' dans QuickWin
- check_prod_validations: banniere rouge sur quickwin detail si non-prod non valides
- Menu: Correspondance sous Serveurs, Config exclusions+Validations sous Patching
- Colonne Equivalent(s) sur /servers + section Correspondance sur detail

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-12 18:51:30 +02:00
Admin MPCZ
ba0bff0f6e Remove: safe-patching (remplace par QuickWin) + audit-full 
- Safe Patching v1 redondant avec QuickWin, supprime
- audit-full: page supprimee, tables DB preservees
- menu + main.py nettoyes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-12 18:51:17 +02:00
Admin MPCZ
3f47fea8e6 Audit: jobs background paralleles + progression live 
- Audit global/realtime: threads paralleles, job_id retourne immediat
- /audit/realtime/progress/{job_id}: KPIs + barre progression + tableau live
- Polling AJAX toutes les 2s, etapes animees (DNS/SSH/Audit/OK)
- PRETTY_NAME correction: extraction via grep -E 'PRETTY_NAME' + cut
- OS version: normalisation lors de save_audit_to_db (Debian GNU/Linux -> Debian X (Bookworm))
- Mise a jour base: itop sync bidirectionnel avec push OS version

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-12 18:51:05 +02:00
Admin MPCZ
5ea4100f4c Qualys: deploy agent background jobs + upgrade/downgrade + AJAX overlays 
- Background job system pour deploiement (threads paralleles, progression live)
- Upgrade/downgrade: compare versions installee vs package, rpm -Uvh --oldpackage
- Checkbox "Forcer le downgrade" dans UI
- Choix auto DEB/RPM base sur os_version (centos/rhel/rocky/oracle -> RPM)
- Check agent: rpm -q / dpkg -s (evite faux positifs "agent installe mais inactif")
- Bouton "Rafraichir depuis Qualys" AJAX avec timer
- Agents page: colonne version installee + statut

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-12 18:50:56 +02:00
Admin MPCZ
8479d7280e Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 
- Users: 4 profils (admin/coordinator/operator/viewer) remplacent la matrix
- /users/add: picker contacts iTop (plus de creation libre)
- /me/change-password: flow force_password_change
- LDAP: service + section settings + option login
- Sync iTop contacts: filtre par teams (SecOps/iPOP/Externe/DSI/Admin DSI)
- Auto-desactivation users si contact inactif
- etat: alignement sur enum iTop (production/implementation/stock/obsolete)
- Menu: Contacts dans Administration, Serveurs en groupe repliable
- Audit bases: demo/prod via JWT mode

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-12 18:50:43 +02:00
Admin MPCZ
4fa5f67c32 Qualys agents: bouton Rafraichir + cron 6h 
- refresh_all_agents(): bulk sync tous les assets depuis API Qualys QPS
- Bouton "Rafraîchir depuis Qualys" sur la page agents
- Cron toutes les 6h: refresh_agents.py (prod + demo)
- Message de confirmation après refresh
 2026-04-11 21:56:59 +02:00
Admin MPCZ
3d053019e6 Deploiement Agent Qualys complet 
- Page /qualys/deploy: selection serveurs, config agent, choix package
- Deploiement SSH: copie package, install rpm/dpkg, activation, verification
- Verification agent: check status/version sur serveurs selectionnes
- Auto-detect OS (deb vs rpm)
- Packages stockes dans /opt/patchcenter/agents/
- Filtres: hostname, domaine, environnement, OS
- Log detaille du deploiement
- Menu "Deployer Agent" dans la navigation Qualys
 2026-04-11 21:26:45 +02:00
Admin MPCZ
b7b0965722 Fix: qualys/agents - convert rows to dicts pour compatibilite Jinja2 map/attribute 2026-04-11 21:07:44 +02:00
Admin MPCZ
3964dd2c89 Fix: page qualys/agents - try/except sur get_activation_keys et get_agents_summary 2026-04-11 21:04:47 +02:00
Admin MPCZ
29e5a28a27 Fix: KeyError 'updated' → 'servers_updated' dans sync_to route 2026-04-11 13:36:23 +02:00