Merge pull request #3 from NETWAYS/introduce_insecure_option

RincewindsHat · web-flow · commit 506fdabb3d3a · 2021-09-07T21:44:46.000+02:00
Introduce insecure option for usage with self-signed certificates
diff --git a/README.md b/README.md
@@ -43,6 +43,7 @@ optional arguments:
   --password PASSWORD, -p PASSWORD
                         Password for Basic Auth
   --mode MODE, -m MODE  Check mode
+  --insecure            Do not verify TLS certificate. Be careful with this option, please
 ```
 
 ```
diff --git a/check_vmware_nsxt.py b/check_vmware_nsxt.py
@@ -41,7 +41,7 @@
 from urllib.parse import urljoin
 
 
-VERSION = '0.1.0'
+VERSION = '0.1.1'
 
 OK       = 0
 WARNING  = 1
@@ -89,12 +89,13 @@ class Client:
 
     API_PREFIX = '/api/v1/'
 
-    def __init__(self, api, username, password, logger=None):
+    def __init__(self, api, username, password, logger=None, verify=True):
         # TODO: parse and validate url?
 
         self.api = api
         self.username = username
         self.password = password
+        self.verify = verify
 
         if logger is None:
             logger = logging.getLogger()
@@ -115,7 +116,7 @@ def request(self, url, method='GET', **kwargs):
         self.logger.debug("starting API %s request from: %s", method, url)
 
         try:
-            response = requests.request(method, request_url, auth=HTTPBasicAuth(self.username, self.password))
+            response = requests.request(method, request_url, auth=HTTPBasicAuth(self.username, self.password), verify=self.verify)
         except requests.exceptions.RequestException as e:
             raise CriticalException(e)
 
@@ -398,19 +399,24 @@ def parse_args():
 
     args.add_argument('--version', '-V', help='Print version', action='store_true')
 
+    args.add_argument('--insecure', help='Do not verify TLS certificate. Be careful with this option, please', action='store_true', required=False)
+
     return args.parse_args()
 
 
 def main():
     fix_tls_cert_store()
 
     args = parse_args()
+    if args.insecure:
+        import urllib3
+        urllib3.disable_warnings()
 
     if args.version:
         print("check_vmware_nsxt version %s" % VERSION)
         return 0
 
-    client = Client(args.api, args.username, args.password)
+    client = Client(args.api, args.username, args.password, verify=(not args.insecure))
 
     if args.mode == 'cluster-status':
         return client.get_cluster_status().print_and_return()
diff --git a/icinga2/command.conf b/icinga2/command.conf
@@ -8,6 +8,9 @@ object CheckCommand "vmware_nsxt" {
         "--mode" = "$vmware_nsx_mode$"
         "--password" = "$vmware_nsx_password$"
         "--username" = "$vmware_nsx_username$"
+        "--insecure" = {
+            set_if = "$vmware_nsx_insecure$"
+        }
     }
 
     vars.vmware_nsx_api = "https://$host.name$"

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,9 @@ object CheckCommand "vmware_nsxt" {`
`8`	`8`	`"--mode" = "$vmware_nsx_mode$"`
`9`	`9`	`"--password" = "$vmware_nsx_password$"`
`10`	`10`	`"--username" = "$vmware_nsx_username$"`
	`11`	`+ "--insecure" = {`
	`12`	`+ set_if = "$vmware_nsx_insecure$"`
	`13`	`+ }`
`11`	`14`	`}`
`12`	`15`
`13`	`16`	`vars.vmware_nsx_api = "https://$host.name$"`