Merge pull request #24 from ARGOeu/devel

Merge to master to deploy without hardcoded port check in token suffix
ARGOeu · Nov 21, 2017 · ded0085 · ded0085
2 parents 55b7ec7 + 0c141d0
commit ded0085
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 15 deletions.
diff --git a/nagios-plugins-fedcloud.spec b/nagios-plugins-fedcloud.spec
@@ -4,7 +4,7 @@
 
 Summary: Nagios plugins for EGI FedCloud services
 Name: nagios-plugins-fedcloud
-Version: 0.1.5
+Version: 0.1.6
 Release: 1%{?dist}
 License: ASL 2.0
 Group: Network/Monitoring
@@ -39,6 +39,9 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitelib}/nagios_plugins_fedcloud
 
 %changelog
+* Mon Nov 20 2017 Daniel Vrcic <dvrcic@srce.hr> - 0.1.6-1%{?dist}
+- novaprobe: remove hardcoded port check in token suffix
+- novaprobe: ARGO-948 Access token parameter should be file
 * Wed Aug 30 2017 Daniel Vrcic <dvrcic@srce.hr> - 0.1.5-1%{?dist}
 - novaprobe: use of ids insteads of urls for flavors and image by Enol Fernandez
 - novaprobe: added support for OIDC tokens by Enol Fernandez

diff --git a/pymodule/helpers.py b/pymodule/helpers.py
@@ -36,7 +36,9 @@ def get_keystone_oidc_token(host, usertoken, capath, timeout):
 
             headers.update({'Authorization': 'Bearer ' + usertoken})
             headers.update({'accept': 'application/json'})
-            response = requests.post(o.scheme+'://'+o.netloc+oidc_suffix, headers=headers, timeout=timeout)
+            response = requests.post(o.scheme+'://'+o.netloc+oidc_suffix,
+                                     headers=headers, timeout=timeout,
+                                     verify=False)
             response.raise_for_status()
             token = response.headers['X-Subject-Token']
         except(KeyError, IndexError) as e:
@@ -52,7 +54,7 @@ def get_keystone_oidc_token(host, usertoken, capath, timeout):
             headers = {'content-type': 'application/json', 'accept': 'application/json'}
             headers.update({'x-auth-token': token})
             response = requests.get(o.scheme+'://'+o.netloc+project_suffix, headers=headers,
-                                    data=None, timeout=timeout)
+                                    data=None, timeout=timeout, verify=False)
             response.raise_for_status()
             projects = response.json()['projects']
             project = ''
@@ -93,11 +95,7 @@ def get_keystone_token(host, userca, capath, timeout):
             nagios_out('Critical', 'Connection error %s - Probe expects HTTPS endpoint' % (o.scheme+'://'+o.netloc), 2)
         try:
             # fetch unscoped token
-            token_suffix = ''
-            if o.netloc.endswith('v2.0'):
-                token_suffix = token_suffix+'/tokens'
-            elif o.netloc.endswith('5000'):
-                token_suffix = token_suffix+'/v2.0/tokens'
+            token_suffix = o.path.rstrip('/') + '/tokens'
 
             headers, payload, token = {}, {}, None
             headers.update({'Accept': '*/*'})
@@ -116,11 +114,8 @@ def get_keystone_token(host, userca, capath, timeout):
         try:
             # use unscoped token to get a list of allowed tenants mapped to
             # ops VO from VOMS proxy cert
-            tenant_suffix= ''
-            if o.netloc.endswith("v2.0"):
-                tenant_suffix = tenant_suffix+'/tenants'
-            else:
-                tenant_suffix = tenant_suffix+'/v2.0/tenants'
+            tenant_suffix = o.path.rstrip('/') + '/tenants'
+
             headers = {'content-type': 'application/json', 'accept': 'application/json'}
             headers.update({'x-auth-token': token})
             response = requests.get(o.scheme+'://'+o.netloc+tenant_suffix, headers=headers,

diff --git a/src/novaprobe.py b/src/novaprobe.py
@@ -115,13 +115,18 @@ class ArgHolder(object):
                 or not os.path.isdir(argholder.capath):
             helpers.nagios_out('Unknown', 'command-line arguments are not correct', 3)
         if argholder.cert and not os.path.isfile(argholder.cert):
-            helpers.nagios_out('Unknown', 'command-line arguments are not correct', 3)
+            helpers.nagios_out('Unknown', 'cert file does not exist', 3)
+        if argholder.access_token and not os.path.isfile(argholder.access_token):
+            helpers.nagios_out('Unknown', 'access-token file does not exist', 3)
 
     if argholder.cert:
         ks_token, tenant, last_response = helpers.get_keystone_token(argholder.endpoint, argholder.cert, argholder.capath, argholder.timeout)
         tenant_id, nova_url = get_info_v2(tenant, last_response)
     else:
-        ks_token, tenant, last_response = helpers.get_keystone_oidc_token(argholder.endpoint, argholder.access_token, argholder.capath, argholder.timeout)
+        access_file = open(argholder.access_token, 'r')
+        access_token = access_file.read().rstrip("\n")
+        access_file.close()
+        ks_token, tenant, last_response = helpers.get_keystone_oidc_token(argholder.endpoint, access_token, argholder.capath, argholder.timeout)
         tenant_id, nova_url = get_info_v3(tenant, last_response)
 
     # remove once endpoints properly expose images openstackish way