Merge branch 'simple-task/7546-icinga-check-für-ablaufende-gitlab-tokens' into 'master'

OP#7562 Gitlb-token: Skip konfigurierbar machen  https://projects.iml.unibe.ch/work_packages/7562

See merge request !282

check_gitlab_tokens

@@ -5,24 +5,25 @@
 # It warns if tokens expire soon.
 #
 # requirements:
-# - inc/rest-api-client.sh
+# - rest-api-client - https://git-repo.iml.unibe.ch/iml-open-source/bash-rest-api-client
 # - curl
 #
 # ----------------------------------------------------------------------
-# 2024-10-29  v1.0  <axel.hahn@iml.unibe.ch>
+# 2024-10-29  v1.0  <axel.hahn@unibe.ch>
+# 2024-10-30  v1.1  <axel.hahn@unibe.ch>  GITLAB_TOKEN=SKIP responds OK without tests
 # ======================================================================
 
 cd "$( dirname "$0" )" || exit
 . "$( dirname $0 )/inc_pluginfunctions" || exit 1
 
-export self_APPVERSION=1.0
-
+export self_APPVERSION=1.1
 
+sSkipvalue="SKIP"
 GITLAB_API='https://gitlab.example.com/api/v4'
-GITLAB_TOKEN='glpat-12345678'
+GITLAB_TOKEN="$sSkipvalue"
 
 GITLAB_CONFIG=/etc/icinga2/gitlab.cfg
-REST_CLIENT="$( dirname $0 )/../inc/rest-api-client.sh"
+REST_CLIENT="/opt/rest-api-client/rest-api-client.sh"
 
 projectUrls=
 
@@ -75,7 +76,15 @@ OPTIONS:
     -c VALUE       critical level (default: $iCriticalLimit)
 
     -g FILE        path to GITLAB_CONFIG; default: $GITLAB_CONFIG
-    -r FILE        path to REST_CLIENT; default: $REST_CLIENT
+                   There you can set/ override:
+
+                     GITLAB_API='${GITLAB_API}'
+                     GITLAB_CONFIG=<TOKEN>
+                     REST_CLIENT="${REST_CLIENT}"
+
+    -r FILE        path to REST api client
+                   default: $REST_CLIENT
+                   The parameter overrides the variable REST_CLIENT.
 
     -s DAYS        Number of days for max age of token; default: $iSince
 
@@ -194,8 +203,14 @@ GITLAB_CONFIG=$( ph.getValueWithParam $GITLAB_CONFIG g "$@")
 
 # --- check requirements
 ph.require curl
-. "${GITLAB_CONFIG}" || ph.abort "UNKNOWN: Could not read gitlab config $GITLAB_CONFIG"
-. "${REST_CLIENT}"   || ph.abort "UNKNOWN: Could not read $REST_CLIENT"
+. "${GITLAB_CONFIG}" || ph.abort "UNKNOWN: Could not source gitlab config $GITLAB_CONFIG"
+
+if [ "$GITLAB_TOKEN" = "$sSkipvalue" ]; then
+    ph.status "The check was configured to skip: GITLAB_TOKEN=$sSkipvalue"
+    ph.exit
+fi
+
+. "${REST_CLIENT}"   || ph.abort "UNKNOWN: Could not source $REST_CLIENT"
 http.help >/dev/null || ph.abort "UNKNOWN: http functions not available. Check -r $REST_CLIENT."
 
 

docs/20_Checks/check_gitlab_tokens.md

@@ -24,16 +24,33 @@ Extract or Git pull the Bash REST API client somewhere in your filesystem. eg. /
 ## Configuration
 
 The script needs to connect to the Gitlab API.
-You need to create a token in a admin group to read all tokens of all projects.
+You need to create a token
 
-Put 2 bash variabbles into `/etc/icinga2/gitlab.cfg`:
+* as an admin user
+* with api-read role
+
+to read all tokens and all projects + users.
+
+Put 2 bash variables for gitlab access and optionally the rest client into `/etc/icinga2/gitlab.cfg`. This file needs read permissions for the icinga client user only.
+
+You can use another filename for this configuration - but then you need the parameter `-g <FILE>`to reference it.
+
+| variable     | Type   | Description                                                                          |
+| --           | --     | --                                                                                   |
+| GITLAB_API   | string | target url to the gitlab api                                                         |
+| GITLAB_TOKEN | string | token of an admin user to read the api                                               |
+| REST_CLIENT  | string | rest-api-client.sh as filename with full path or relative to the check_gitlab_tokens |
+
+Example:
 
 ```shell
+# Gitlab access:
 GITLAB_API='https://gitlab.example.com/api/v4'
 GITLAB_TOKEN='glpat-1234567890'
-```
 
-You can use another filename for this configuration - but then you need the parameter `-g <FILE>`to reference it.
+# Rest API client
+# REST_CLIENT='/some/where/rest-api-client.sh'
+```
 
 ## Syntax
 
@@ -72,8 +89,8 @@ OPTIONS:
     -c VALUE       critical level (default: 10)
 
     -g FILE        path to GITLAB_CONFIG; default: /etc/icinga2/gitlab.cfg
-    -r FILE        path to REST_CLIENT; default: ./../inc/rest-api-client.sh
-
+    -r FILE        path to REST client; default: ./../inc/rest-api-client.sh
+                   It overrides the variable REST_CLIENT.
     -s DAYS        Number of days for max age of token; default: 395
 
 PARAMETERS:
@@ -112,4 +129,4 @@ OK: 16 Gitlab Tokens (max 395 days old) .. critical: 0 (10 days) .. warnings: 0
 2025-01-23  OK        read_repo - demoproject <https://gitlab.example.com/test/demoproject/-/settings/access_tokens>
 2025-03-14  OK        api_token - admin <https://gitlab.example.com/admin/sysadminstuff/-/settings/access_tokens>
 ...
-```
\ No newline at end of file
+```

docs/_index.md

@@ -8,11 +8,10 @@ This is a collection of our checks. They are used on Linux systems (Debian, Cent
 
 We use Icinga graphite module to show performance data. The templates are located in a sister repository
 
-
 📃 Sources:
 
 * Checks: <https://git-repo.iml.unibe.ch/iml-open-source/icinga-checks>
 * Graphs (Graphite): <https://git-repo.iml.unibe.ch/iml-open-source/icinga-graphite-templates>
 
 📜 Licence: GNU GPL 3.0 \
-📗 Docs: <https://os-docs.iml.unibe.ch/icinga-checks/>
\ No newline at end of file
+📗 Docs: <https://os-docs.iml.unibe.ch/icinga-checks/>