diff --git a/check_gitlab_tokens b/check_gitlab_tokens
index 0d22f9c12075b857ba57a797b2d3f8e872188361..fb024567c8d152c0f94f799503a8337dfe96122c 100755
--- a/check_gitlab_tokens
+++ b/check_gitlab_tokens
@@ -5,24 +5,25 @@
# It warns if tokens expire soon.
#
# requirements:
-# - inc/rest-api-client.sh
+# - rest-api-client - https://git-repo.iml.unibe.ch/iml-open-source/bash-rest-api-client
# - curl
#
# ----------------------------------------------------------------------
-# 2024-10-29 v1.0 <axel.hahn@iml.unibe.ch>
+# 2024-10-29 v1.0 <axel.hahn@unibe.ch>
+# 2024-10-30 v1.1 <axel.hahn@unibe.ch> GITLAB_TOKEN=SKIP responds OK without tests
# ======================================================================
cd "$( dirname "$0" )" || exit
. "$( dirname $0 )/inc_pluginfunctions" || exit 1
-export self_APPVERSION=1.0
-
+export self_APPVERSION=1.1
+sSkipvalue="SKIP"
GITLAB_API='https://gitlab.example.com/api/v4'
-GITLAB_TOKEN='glpat-12345678'
+GITLAB_TOKEN="$sSkipvalue"
GITLAB_CONFIG=/etc/icinga2/gitlab.cfg
-REST_CLIENT="$( dirname $0 )/../inc/rest-api-client.sh"
+REST_CLIENT="/opt/rest-api-client/rest-api-client.sh"
projectUrls=
@@ -75,7 +76,15 @@ OPTIONS:
-c VALUE critical level (default: $iCriticalLimit)
-g FILE path to GITLAB_CONFIG; default: $GITLAB_CONFIG
- -r FILE path to REST_CLIENT; default: $REST_CLIENT
+ There you can set/ override:
+
+ GITLAB_API='${GITLAB_API}'
+ GITLAB_CONFIG=<TOKEN>
+ REST_CLIENT="${REST_CLIENT}"
+
+ -r FILE path to REST api client
+ default: $REST_CLIENT
+ The parameter overrides the variable REST_CLIENT.
-s DAYS Number of days for max age of token; default: $iSince
@@ -194,8 +203,14 @@ GITLAB_CONFIG=$( ph.getValueWithParam $GITLAB_CONFIG g "$@")
# --- check requirements
ph.require curl
-. "${GITLAB_CONFIG}" || ph.abort "UNKNOWN: Could not read gitlab config $GITLAB_CONFIG"
-. "${REST_CLIENT}" || ph.abort "UNKNOWN: Could not read $REST_CLIENT"
+. "${GITLAB_CONFIG}" || ph.abort "UNKNOWN: Could not source gitlab config $GITLAB_CONFIG"
+
+if [ "$GITLAB_TOKEN" = "$sSkipvalue" ]; then
+ ph.status "The check was configured to skip: GITLAB_TOKEN=$sSkipvalue"
+ ph.exit
+fi
+
+. "${REST_CLIENT}" || ph.abort "UNKNOWN: Could not source $REST_CLIENT"
http.help >/dev/null || ph.abort "UNKNOWN: http functions not available. Check -r $REST_CLIENT."
diff --git a/docs/20_Checks/check_gitlab_tokens.md b/docs/20_Checks/check_gitlab_tokens.md
index 50ac7121dab949f53847f0a21e4c652d4415b7ce..9f1959ce035050e35f1f8dcd0d154c36760a0b16 100644
--- a/docs/20_Checks/check_gitlab_tokens.md
+++ b/docs/20_Checks/check_gitlab_tokens.md
@@ -24,16 +24,33 @@ Extract or Git pull the Bash REST API client somewhere in your filesystem. eg. /
## Configuration
The script needs to connect to the Gitlab API.
-You need to create a token in a admin group to read all tokens of all projects.
+You need to create a token
-Put 2 bash variabbles into `/etc/icinga2/gitlab.cfg`:
+* as an admin user
+* with api-read role
+
+to read all tokens and all projects + users.
+
+Put 2 bash variables for gitlab access and optionally the rest client into `/etc/icinga2/gitlab.cfg`. This file needs read permissions for the icinga client user only.
+
+You can use another filename for this configuration - but then you need the parameter `-g <FILE>`to reference it.
+
+| variable | Type | Description |
+| -- | -- | -- |
+| GITLAB_API | string | target url to the gitlab api |
+| GITLAB_TOKEN | string | token of an admin user to read the api |
+| REST_CLIENT | string | rest-api-client.sh as filename with full path or relative to the check_gitlab_tokens |
+
+Example:
```shell
+# Gitlab access:
GITLAB_API='https://gitlab.example.com/api/v4'
GITLAB_TOKEN='glpat-1234567890'
-```
-You can use another filename for this configuration - but then you need the parameter `-g <FILE>`to reference it.
+# Rest API client
+# REST_CLIENT='/some/where/rest-api-client.sh'
+```
## Syntax
@@ -72,8 +89,8 @@ OPTIONS:
-c VALUE critical level (default: 10)
-g FILE path to GITLAB_CONFIG; default: /etc/icinga2/gitlab.cfg
- -r FILE path to REST_CLIENT; default: ./../inc/rest-api-client.sh
-
+ -r FILE path to REST client; default: ./../inc/rest-api-client.sh
+ It overrides the variable REST_CLIENT.
-s DAYS Number of days for max age of token; default: 395
PARAMETERS:
@@ -112,4 +129,4 @@ OK: 16 Gitlab Tokens (max 395 days old) .. critical: 0 (10 days) .. warnings: 0
2025-01-23 OK read_repo - demoproject <https://gitlab.example.com/test/demoproject/-/settings/access_tokens>
2025-03-14 OK api_token - admin <https://gitlab.example.com/admin/sysadminstuff/-/settings/access_tokens>
...
-```
\ No newline at end of file
+```
diff --git a/docs/_index.md b/docs/_index.md
index 7d306d9aa8292f24129bea32f56300ffea20aab3..8bf54d2f93ce8a6d894e9e2a85db5021cda49231 100644
--- a/docs/_index.md
+++ b/docs/_index.md
@@ -8,11 +8,10 @@ This is a collection of our checks. They are used on Linux systems (Debian, Cent
We use Icinga graphite module to show performance data. The templates are located in a sister repository
-
📃 Sources:
* Checks: <https://git-repo.iml.unibe.ch/iml-open-source/icinga-checks>
* Graphs (Graphite): <https://git-repo.iml.unibe.ch/iml-open-source/icinga-graphite-templates>
📜 Licence: GNU GPL 3.0 \
-📗 Docs: <https://os-docs.iml.unibe.ch/icinga-checks/>
\ No newline at end of file
+📗 Docs: <https://os-docs.iml.unibe.ch/icinga-checks/>