From ef7bc8f1f026fe49be20c4bec678f07c731197b9 Mon Sep 17 00:00:00 2001 From: eimamagi Date: Tue, 17 Oct 2017 06:00:49 +0200 Subject: [PATCH 1/4] ARGO-948 Access token parameter should be file --- src/novaprobe.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/novaprobe.py b/src/novaprobe.py index 4d8ba80..c3d3689 100755 --- a/src/novaprobe.py +++ b/src/novaprobe.py @@ -115,13 +115,18 @@ class ArgHolder(object): or not os.path.isdir(argholder.capath): helpers.nagios_out('Unknown', 'command-line arguments are not correct', 3) if argholder.cert and not os.path.isfile(argholder.cert): - helpers.nagios_out('Unknown', 'command-line arguments are not correct', 3) + helpers.nagios_out('Unknown', 'cert file does not exist', 3) + if argholder.access_token and not os.path.isfile(argholder.access_token): + helpers.nagios_out('Unknown', 'access-token file does not exist', 3) if argholder.cert: ks_token, tenant, last_response = helpers.get_keystone_token(argholder.endpoint, argholder.cert, argholder.capath, argholder.timeout) tenant_id, nova_url = get_info_v2(tenant, last_response) else: - ks_token, tenant, last_response = helpers.get_keystone_oidc_token(argholder.endpoint, argholder.access_token, argholder.capath, argholder.timeout) + access_file = open(argholder.access_token, 'r') + access_token = access_file.read().rstrip("\n") + access_file.close() + ks_token, tenant, last_response = helpers.get_keystone_oidc_token(argholder.endpoint, access_token, argholder.capath, argholder.timeout) tenant_id, nova_url = get_info_v3(tenant, last_response) # remove once endpoints properly expose images openstackish way From 48aaa1ced36efd7053313010175234d36385577c Mon Sep 17 00:00:00 2001 From: Daniel Vrcic Date: Mon, 23 Oct 2017 16:37:30 +0200 Subject: [PATCH 2/4] no port check while forming token suffix --- pymodule/helpers.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/pymodule/helpers.py b/pymodule/helpers.py index 2f5f400..f226ef7 100644 --- a/pymodule/helpers.py +++ b/pymodule/helpers.py @@ -93,11 +93,7 @@ def get_keystone_token(host, userca, capath, timeout): nagios_out('Critical', 'Connection error %s - Probe expects HTTPS endpoint' % (o.scheme+'://'+o.netloc), 2) try: # fetch unscoped token - token_suffix = '' - if o.netloc.endswith('v2.0'): - token_suffix = token_suffix+'/tokens' - elif o.netloc.endswith('5000'): - token_suffix = token_suffix+'/v2.0/tokens' + token_suffix = o.path.rstrip('/') + '/tokens' headers, payload, token = {}, {}, None headers.update({'Accept': '*/*'}) @@ -116,11 +112,8 @@ def get_keystone_token(host, userca, capath, timeout): try: # use unscoped token to get a list of allowed tenants mapped to # ops VO from VOMS proxy cert - tenant_suffix= '' - if o.netloc.endswith("v2.0"): - tenant_suffix = tenant_suffix+'/tenants' - else: - tenant_suffix = tenant_suffix+'/v2.0/tenants' + tenant_suffix = o.path.rstrip('/') + '/tenants' + headers = {'content-type': 'application/json', 'accept': 'application/json'} headers.update({'x-auth-token': token}) response = requests.get(o.scheme+'://'+o.netloc+tenant_suffix, headers=headers, From aae347e240a491df4e4b100d539964e7488f3f99 Mon Sep 17 00:00:00 2001 From: Enol Fernandez Date: Tue, 14 Nov 2017 09:50:39 +0000 Subject: [PATCH 3/4] Do not verify in requests The server certificate is previously verified in verify_cert and requests v2.6.0 does not support a verification dir --- pymodule/helpers.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pymodule/helpers.py b/pymodule/helpers.py index 2f5f400..2148aac 100644 --- a/pymodule/helpers.py +++ b/pymodule/helpers.py @@ -36,7 +36,9 @@ def get_keystone_oidc_token(host, usertoken, capath, timeout): headers.update({'Authorization': 'Bearer ' + usertoken}) headers.update({'accept': 'application/json'}) - response = requests.post(o.scheme+'://'+o.netloc+oidc_suffix, headers=headers, timeout=timeout) + response = requests.post(o.scheme+'://'+o.netloc+oidc_suffix, + headers=headers, timeout=timeout, + verify=False) response.raise_for_status() token = response.headers['X-Subject-Token'] except(KeyError, IndexError) as e: @@ -52,7 +54,7 @@ def get_keystone_oidc_token(host, usertoken, capath, timeout): headers = {'content-type': 'application/json', 'accept': 'application/json'} headers.update({'x-auth-token': token}) response = requests.get(o.scheme+'://'+o.netloc+project_suffix, headers=headers, - data=None, timeout=timeout) + data=None, timeout=timeout, verify=False) response.raise_for_status() projects = response.json()['projects'] project = '' From 7fda1812d33a60c4a7e8f8c4f18a8045163bb2b6 Mon Sep 17 00:00:00 2001 From: Daniel Vrcic Date: Mon, 20 Nov 2017 21:28:30 +0100 Subject: [PATCH 4/4] spec bump for release --- nagios-plugins-fedcloud.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nagios-plugins-fedcloud.spec b/nagios-plugins-fedcloud.spec index 917f4ce..0eb770b 100644 --- a/nagios-plugins-fedcloud.spec +++ b/nagios-plugins-fedcloud.spec @@ -4,7 +4,7 @@ Summary: Nagios plugins for EGI FedCloud services Name: nagios-plugins-fedcloud -Version: 0.1.5 +Version: 0.1.6 Release: 1%{?dist} License: ASL 2.0 Group: Network/Monitoring @@ -39,6 +39,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitelib}/nagios_plugins_fedcloud %changelog +* Mon Nov 20 2017 Daniel Vrcic - 0.1.6-1%{?dist} +- novaprobe: remove hardcoded port check in token suffix +- novaprobe: ARGO-948 Access token parameter should be file * Wed Aug 30 2017 Daniel Vrcic - 0.1.5-1%{?dist} - novaprobe: use of ids insteads of urls for flavors and image by Enol Fernandez - novaprobe: added support for OIDC tokens by Enol Fernandez