Skip to content
Snippets Groups Projects

OP#7562 Gitlb-token: Skip konfigurierbar machen https://projects.iml.unibe.ch/work_packages/7562

Merged OP#7562 Gitlb-token: Skip konfigurierbar machen https://projects.iml.unibe.ch/work_packages/7562
simple-task/7546-icinga-check-für-ablaufende-gitlab-tokens into master
Merged Hahn Axel (hahn) requested to merge simple-task/7546-icinga-check-für-ablaufende-gitlab-tokens into master
Viewing commit 8f4f269f
Prev
Show latest version
2 files
+ 25
9
Compare changes
  • Side-by-side
  • Inline

Files

docs/20_Checks/check_gitlab_tokens.md
+ 24
7
@@ -24,16 +24,33 @@ Extract or Git pull the Bash REST API client somewhere in your filesystem. eg. /
## Configuration
The script needs to connect to the Gitlab API.
You need to create a token in a admin group to read all tokens of all projects.
You need to create a token
Put 2 bash variabbles into `/etc/icinga2/gitlab.cfg`:
* as an admin user
* with api-read role
to read all tokens and all projects + users.
Put 2 bash variables for gitlab access and optionally the rest client into `/etc/icinga2/gitlab.cfg`. This file needs read permissions for the icinga client user only.
You can use another filename for this configuration - but then you need the parameter `-g <FILE>`to reference it.
| variable | Type | Description |
| -- | -- | -- |
| GITLAB_API | string | target url to the gitlab api |
| GITLAB_TOKEN | string | token of an admin user to read the api |
| REST_CLIENT | string | rest-api-client.sh as filename with full path or relative to the check_gitlab_tokens |
Example:
```shell
# Gitlab access:
GITLAB_API='https://gitlab.example.com/api/v4'
GITLAB_TOKEN='glpat-1234567890'
```
You can use another filename for this configuration - but then you need the parameter `-g <FILE>`to reference it.
# Rest API client
# REST_CLIENT='/some/where/rest-api-client.sh'
```
## Syntax
@@ -72,8 +89,8 @@ OPTIONS:
-c VALUE critical level (default: 10)
-g FILE path to GITLAB_CONFIG; default: /etc/icinga2/gitlab.cfg
-r FILE path to REST_CLIENT; default: ./../inc/rest-api-client.sh
-r FILE path to REST client; default: ./../inc/rest-api-client.sh
It overrides the variable REST_CLIENT.
-s DAYS Number of days for max age of token; default: 395
PARAMETERS:
@@ -112,4 +129,4 @@ OK: 16 Gitlab Tokens (max 395 days old) .. critical: 0 (10 days) .. warnings: 0
2025-01-23 OK read_repo - demoproject <https://gitlab.example.com/test/demoproject/-/settings/access_tokens>
2025-03-14 OK api_token - admin <https://gitlab.example.com/admin/sysadminstuff/-/settings/access_tokens>
...
```
\ No newline at end of file
```