Merge pull request #94 from ARGOeu/devel

Version 0.6.3

nagios-plugins-fedcloud.spec

@@ -4,7 +4,7 @@
 
 Summary:   Nagios plugins for EGI FedCloud services
 Name:      nagios-plugins-fedcloud
-Version:   0.6.2
+Version:   0.6.3
 Release:   1%{?dist}
 License:   ASL 2.0
 Group:     Network/Monitoring
@@ -49,6 +49,8 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Fri Jun 24 2022 Katarina Zailac <kzailac@srce.hr> - 0.6.3-1%{?dist}
+- Add second token argument to novaprobe and swiftprobe
 * Wed Jun 16 2021 Emir Imamagic <eimamagi@srce.hr> - 0.6.2-1%{?dist}
 - Fix robot cert path in check_perun
 * Tue Jun 15 2021 Katarina Zailac <kzailac@srce.hr> - 0.6.1-1%{?dist}

src/novaprobe.py

@@ -273,6 +273,7 @@ class ArgHolder(object):
     parser.add_argument("--image", dest="image", nargs="?")
     parser.add_argument("--cert", dest="cert", nargs="?")
     parser.add_argument("--access-token", dest="access_token", nargs="?")
+    parser.add_argument("--access-token-2", dest="access_token_2", nargs="?")
     parser.add_argument("-t", dest="timeout", type=int, nargs="?", default=120)
     parser.add_argument(
         "--vm-timeout", dest="vm_timeout", type=int, nargs="?", default=300
@@ -319,29 +320,44 @@ class ArgHolder(object):
 
     ks_token = None
     access_token = None
+    access_token_2 = None
     if argholder.access_token:
         access_file = open(argholder.access_token, "r")
         access_token = access_file.read().rstrip("\n")
         access_file.close()
 
+    if argholder.access_token_2:
+        access_file = open(argholder.access_token_2, "r")
+        access_token_2 = access_file.read().rstrip("\n")
+        access_file.close()
+
     region = argholder.region
 
     for auth_class in [helpers.OIDCAuth, helpers.X509V3Auth, helpers.X509V2Auth]:
-        try:
-            auth = auth_class(
-                argholder.endpoint,
-                argholder.timeout,
-                access_token=access_token,
-                identity_provider=argholder.identity_provider,
-                userca=argholder.cert,
-            )
-            ks_token = auth.authenticate()
-            tenant_id, nova_url, glance_url, neutron_url = auth.get_info(region)
-            helpers.debug("Authenticated with %s" % auth_class.name)
+        # this is meant to support several issues while Check-in is transitioning from
+        # MitreID to Keycloack
+        authenticated = False
+        for token in [access_token, access_token_2]:
+            try:
+                auth = auth_class(
+                    argholder.endpoint,
+                    argholder.timeout,
+                    access_token=token,
+                    identity_provider=argholder.identity_provider,
+                    userca=argholder.cert,
+                )
+                ks_token = auth.authenticate()
+                tenant_id, nova_url, glance_url, neutron_url = auth.get_info(region)
+                helpers.debug("Authenticated with %s" % auth_class.name)
+                authenticated = True
+                break
+            except helpers.AuthenticationException:
+                # just go ahead
+                helpers.debug("Authentication with %s failed" % auth_class.name)
+
+        if authenticated:
             break
-        except helpers.AuthenticationException:
-            # just go ahead
-            helpers.debug("Authentication with %s failed" % auth_class.name)
+
     else:
         helpers.nagios_out("Critical", "Unable to authenticate against Keystone", 2)
 

src/swiftprobe.py

@@ -166,6 +166,8 @@ def main():
     parser.add_argument(
         "--access-token", dest="access_token", type=str, help="Access token"
     )
+    parser.add_argument(
+        "--access-token-2", dest="access_token_2", type=str, help="Second access token")
     parser.add_argument(
         "-t", "--timeout", dest="timeout", type=int, default=120,
         help="The max timeout (in sec) before exiting. Default is '120'."
@@ -216,29 +218,43 @@ def main():
 
     ks_token = None
     access_token = None
+    access_token_2 = None
     if args.access_token:
         access_file = open(args.access_token, 'r')
         access_token = access_file.read().rstrip('\n')
         access_file.close()
 
+    if args.access_token_2:
+        access_file = open(args.access_token_2, "r")
+        access_token_2 = access_file.read().rstrip("\n")
+        access_file.close()
+
     for auth_class in [
         helpers.OIDCAuth, helpers.X509V3Auth, helpers.X509V2Auth
     ]:
-        try:
-            auth = auth_class(
-                args.endpoint,
-                args.timeout,
-                access_token=access_token,
-                identity_provider=args.identity_provider,
-                userca=args.cert
-            )
-            ks_token = auth.authenticate()
-            tenant_id, swift_endpoint = auth.get_swift_endpoint()
-            helpers.debug("Authenticated with %s" % auth_class.name)
-            break
+        # this is meant to support several issues while Check-in is transitioning from
+        # MitreID to Keycloack
+        authenticated = False
+        for token in [access_token, access_token_2]:
+            try:
+                auth = auth_class(
+                    args.endpoint,
+                    args.timeout,
+                    access_token=token,
+                    identity_provider=args.identity_provider,
+                    userca=args.cert
+                )
+                ks_token = auth.authenticate()
+                tenant_id, swift_endpoint = auth.get_swift_endpoint()
+                helpers.debug("Authenticated with %s" % auth_class.name)
+                authenticated = True
+                break
 
-        except helpers.AuthenticationException:
-            helpers.debug("Authentication with %s failed" % auth_class.name)
+            except helpers.AuthenticationException:
+                helpers.debug("Authentication with %s failed" % auth_class.name)
+
+        if authenticated:
+            break
 
     else:
         helpers.nagios_out(