Add SNMP credential profiles

backend/app/api/credentials.py

@@ -0,0 +1,101 @@
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy import select
+from sqlalchemy.orm import Session
+
+from app.auth.dependencies import get_current_user, require_role
+from app.core.secrets import encrypt_secret
+from app.db.session import get_db
+from app.models import Credential, User
+from app.schemas.core import SnmpCredentialProfileCreate, SnmpCredentialProfileRead, SnmpCredentialProfileUpdate
+
+router = APIRouter(prefix="/credentials", tags=["credentials"])
+
+SNMP_CREDENTIAL_TYPE = "snmp"
+
+
+def _snmp_profile_to_read(profile: Credential) -> SnmpCredentialProfileRead:
+    extra = dict(profile.extra or {})
+    return SnmpCredentialProfileRead(
+        id=profile.id,
+        name=profile.name,
+        credential_type=profile.credential_type,
+        version=str(extra.get("version") or "2c"),
+        port=int(extra.get("port") or 161),
+        timeout_seconds=int(extra.get("timeout_seconds") or 5),
+        retries=int(extra.get("retries") or 1),
+        has_secret=bool(profile.encrypted_secret),
+        created_at=profile.created_at,
+        updated_at=profile.updated_at,
+    )
+
+
+@router.get("/snmp", response_model=list[SnmpCredentialProfileRead])
+def list_snmp_profiles(_: User = Depends(get_current_user), db: Session = Depends(get_db)) -> list[SnmpCredentialProfileRead]:
+    profiles = db.scalars(
+        select(Credential).where(Credential.credential_type == SNMP_CREDENTIAL_TYPE).order_by(Credential.name)
+    ).all()
+    return [_snmp_profile_to_read(profile) for profile in profiles]
+
+
+@router.post("/snmp", response_model=SnmpCredentialProfileRead)
+def create_snmp_profile(
+    payload: SnmpCredentialProfileCreate,
+    _: User = Depends(require_role("admin")),
+    db: Session = Depends(get_db),
+) -> SnmpCredentialProfileRead:
+    profile = Credential(
+        name=payload.name,
+        credential_type=SNMP_CREDENTIAL_TYPE,
+        encrypted_secret=encrypt_secret(payload.community),
+        extra={
+            "version": payload.version,
+            "port": payload.port,
+            "timeout_seconds": payload.timeout_seconds,
+            "retries": payload.retries,
+        },
+    )
+    db.add(profile)
+    db.commit()
+    db.refresh(profile)
+    return _snmp_profile_to_read(profile)
+
+
+@router.patch("/snmp/{profile_id}", response_model=SnmpCredentialProfileRead)
+def update_snmp_profile(
+    profile_id: int,
+    payload: SnmpCredentialProfileUpdate,
+    _: User = Depends(require_role("admin")),
+    db: Session = Depends(get_db),
+) -> SnmpCredentialProfileRead:
+    profile = db.get(Credential, profile_id)
+    if profile is None or profile.credential_type != SNMP_CREDENTIAL_TYPE:
+        raise HTTPException(status_code=404, detail="SNMP credential profile not found")
+
+    changes = payload.model_dump(exclude_unset=True)
+    community = changes.pop("community", None)
+    if community is not None:
+        profile.encrypted_secret = encrypt_secret(community)
+    if "name" in changes:
+        profile.name = changes.pop("name")
+
+    next_extra = dict(profile.extra or {})
+    for field, value in changes.items():
+        next_extra[field] = value
+    profile.extra = next_extra
+
+    db.commit()
+    db.refresh(profile)
+    return _snmp_profile_to_read(profile)
+
+
+@router.delete("/snmp/{profile_id}", status_code=204)
+def delete_snmp_profile(
+    profile_id: int,
+    _: User = Depends(require_role("admin")),
+    db: Session = Depends(get_db),
+) -> None:
+    profile = db.get(Credential, profile_id)
+    if profile is None or profile.credential_type != SNMP_CREDENTIAL_TYPE:
+        raise HTTPException(status_code=404, detail="SNMP credential profile not found")
+    db.delete(profile)
+    db.commit()