mirror of
https://github.com/drewkerrigan/nagios-http-json.git
synced 2024-11-24 03:13:51 +01:00
Refactor for a leaner main function
- Also added tests for TLS options
This commit is contained in:
parent
d9ee817dfc
commit
e96bba0eb8
@ -528,6 +528,75 @@ def debugPrint(debug_flag, message, pretty_flag=False):
|
|||||||
print(message)
|
print(message)
|
||||||
|
|
||||||
|
|
||||||
|
def prepare_context(args):
|
||||||
|
"""
|
||||||
|
Prepare TLS Context
|
||||||
|
"""
|
||||||
|
nagios = NagiosHelper()
|
||||||
|
|
||||||
|
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||||
|
context.options |= ssl.OP_NO_SSLv2
|
||||||
|
context.options |= ssl.OP_NO_SSLv3
|
||||||
|
|
||||||
|
if args.insecure:
|
||||||
|
context.check_hostname = False
|
||||||
|
context.verify_mode = ssl.CERT_NONE
|
||||||
|
else:
|
||||||
|
context.verify_mode = ssl.CERT_OPTIONAL
|
||||||
|
context.load_default_certs()
|
||||||
|
if args.cacert:
|
||||||
|
try:
|
||||||
|
context.load_verify_locations(args.cacert)
|
||||||
|
except ssl.SSLError:
|
||||||
|
nagios.append_unknown('Error loading SSL CA cert "%s"!' % args.cacert)
|
||||||
|
if args.cert:
|
||||||
|
try:
|
||||||
|
context.load_cert_chain(args.cert, keyfile=args.key)
|
||||||
|
except ssl.SSLError:
|
||||||
|
if args.key:
|
||||||
|
nagios.append_unknown('Error loading SSL cert. Make sure key "%s" belongs to cert "%s"!' % (args.key, args.cert))
|
||||||
|
else:
|
||||||
|
nagios.append_unknown('Error loading SSL cert. Make sure "%s" contains the key as well!' % (args.cert))
|
||||||
|
|
||||||
|
if nagios.getCode() != OK_CODE:
|
||||||
|
print(nagios.getMessage())
|
||||||
|
sys.exit(nagios.getCode())
|
||||||
|
|
||||||
|
return context
|
||||||
|
|
||||||
|
|
||||||
|
def make_request(args, url, context):
|
||||||
|
"""
|
||||||
|
Performs the actual request to the given URL
|
||||||
|
"""
|
||||||
|
req = urllib.request.Request(url, method=args.method)
|
||||||
|
req.add_header("User-Agent", "check_http_json")
|
||||||
|
if args.auth:
|
||||||
|
authbytes = str(args.auth).encode()
|
||||||
|
base64str = base64.encodebytes(authbytes).decode().replace('\n', '')
|
||||||
|
req.add_header('Authorization', 'Basic %s' % base64str)
|
||||||
|
if args.headers:
|
||||||
|
headers = json.loads(args.headers)
|
||||||
|
debugPrint(args.debug, "Headers:\n %s" % headers)
|
||||||
|
for header in headers:
|
||||||
|
req.add_header(header, headers[header])
|
||||||
|
if args.timeout and args.data:
|
||||||
|
databytes = str(args.data).encode()
|
||||||
|
response = urllib.request.urlopen(req, timeout=args.timeout,
|
||||||
|
data=databytes, context=context)
|
||||||
|
elif args.timeout:
|
||||||
|
response = urllib.request.urlopen(req, timeout=args.timeout,
|
||||||
|
context=context)
|
||||||
|
elif args.data:
|
||||||
|
databytes = str(args.data).encode()
|
||||||
|
response = urllib.request.urlopen(req, data=databytes, context=context)
|
||||||
|
else:
|
||||||
|
# pylint: disable=consider-using-with
|
||||||
|
response = urllib.request.urlopen(req, context=context)
|
||||||
|
|
||||||
|
return response.read()
|
||||||
|
|
||||||
|
|
||||||
def main(cliargs):
|
def main(cliargs):
|
||||||
"""
|
"""
|
||||||
Main entrypoint for CLI
|
Main entrypoint for CLI
|
||||||
@ -543,42 +612,7 @@ def main(cliargs):
|
|||||||
|
|
||||||
if args.ssl:
|
if args.ssl:
|
||||||
url = "https://%s" % args.host
|
url = "https://%s" % args.host
|
||||||
|
context = prepare_context(args)
|
||||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
||||||
context.options |= ssl.OP_NO_SSLv2
|
|
||||||
context.options |= ssl.OP_NO_SSLv3
|
|
||||||
|
|
||||||
if args.insecure:
|
|
||||||
context.check_hostname = False
|
|
||||||
context.verify_mode = ssl.CERT_NONE
|
|
||||||
else:
|
|
||||||
context.verify_mode = ssl.CERT_OPTIONAL
|
|
||||||
context.load_default_certs()
|
|
||||||
if args.cacert:
|
|
||||||
try:
|
|
||||||
context.load_verify_locations(args.cacert)
|
|
||||||
except ssl.SSLError:
|
|
||||||
nagios.append_unknown(
|
|
||||||
'Error loading SSL CA cert "%s"!'
|
|
||||||
% args.cacert)
|
|
||||||
|
|
||||||
if args.cert:
|
|
||||||
try:
|
|
||||||
context.load_cert_chain(args.cert, keyfile=args.key)
|
|
||||||
except ssl.SSLError:
|
|
||||||
if args.key:
|
|
||||||
nagios.append_unknown(
|
|
||||||
'Error loading SSL cert. Make sure key "%s" belongs to cert "%s"!'
|
|
||||||
% (args.key, args.cert))
|
|
||||||
else:
|
|
||||||
nagios.append_unknown(
|
|
||||||
'Error loading SSL cert. Make sure "%s" contains the key as well!'
|
|
||||||
% (args.cert))
|
|
||||||
|
|
||||||
if nagios.getCode() != OK_CODE:
|
|
||||||
print(nagios.getMessage())
|
|
||||||
sys.exit(nagios.getCode())
|
|
||||||
|
|
||||||
else:
|
else:
|
||||||
url = "http://%s" % args.host
|
url = "http://%s" % args.host
|
||||||
if args.port:
|
if args.port:
|
||||||
@ -590,33 +624,7 @@ def main(cliargs):
|
|||||||
json_data = ''
|
json_data = ''
|
||||||
|
|
||||||
try:
|
try:
|
||||||
req = urllib.request.Request(url, method=args.method)
|
json_data = make_request(args, url, context)
|
||||||
req.add_header("User-Agent", "check_http_json")
|
|
||||||
if args.auth:
|
|
||||||
authbytes = str(args.auth).encode()
|
|
||||||
base64str = base64.encodebytes(authbytes).decode().replace('\n', '')
|
|
||||||
req.add_header('Authorization', 'Basic %s' % base64str)
|
|
||||||
if args.headers:
|
|
||||||
headers = json.loads(args.headers)
|
|
||||||
debugPrint(args.debug, "Headers:\n %s" % headers)
|
|
||||||
for header in headers:
|
|
||||||
req.add_header(header, headers[header])
|
|
||||||
if args.timeout and args.data:
|
|
||||||
databytes = str(args.data).encode()
|
|
||||||
response = urllib.request.urlopen(req, timeout=args.timeout,
|
|
||||||
data=databytes, context=context)
|
|
||||||
elif args.timeout:
|
|
||||||
response = urllib.request.urlopen(req, timeout=args.timeout,
|
|
||||||
context=context)
|
|
||||||
elif args.data:
|
|
||||||
databytes = str(args.data).encode()
|
|
||||||
response = urllib.request.urlopen(req, data=databytes, context=context)
|
|
||||||
else:
|
|
||||||
# pylint: disable=consider-using-with
|
|
||||||
response = urllib.request.urlopen(req, context=context)
|
|
||||||
|
|
||||||
json_data = response.read()
|
|
||||||
|
|
||||||
except HTTPError as e:
|
except HTTPError as e:
|
||||||
# Try to recover from HTTP Error, if there is JSON in the response
|
# Try to recover from HTTP Error, if there is JSON in the response
|
||||||
if "json" in e.info().get_content_subtype():
|
if "json" in e.info().get_content_subtype():
|
||||||
|
@ -95,3 +95,37 @@ class MainTest(unittest.TestCase):
|
|||||||
main(args)
|
main(args)
|
||||||
|
|
||||||
self.assertEqual(test.exception.code, 0)
|
self.assertEqual(test.exception.code, 0)
|
||||||
|
|
||||||
|
@mock.patch('builtins.print')
|
||||||
|
def test_main_with_tls(self, mock_print):
|
||||||
|
args = ['-H', 'localhost',
|
||||||
|
'--ssl',
|
||||||
|
'--cacert',
|
||||||
|
'test/tls/ca-root.pem',
|
||||||
|
'--cert',
|
||||||
|
'test/tls/cert.pem',
|
||||||
|
'--key',
|
||||||
|
'test/tls/key.pem']
|
||||||
|
|
||||||
|
with self.assertRaises(SystemExit) as test:
|
||||||
|
main(args)
|
||||||
|
|
||||||
|
self.assertTrue('https://localhost' in str(mock_print.call_args))
|
||||||
|
self.assertEqual(test.exception.code, 3)
|
||||||
|
|
||||||
|
@mock.patch('builtins.print')
|
||||||
|
def test_main_with_tls_wrong_ca(self, mock_print):
|
||||||
|
args = ['-H', 'localhost',
|
||||||
|
'--ssl',
|
||||||
|
'--cacert',
|
||||||
|
'test/tls/key.pem',
|
||||||
|
'--cert',
|
||||||
|
'test/tls/cert.pem',
|
||||||
|
'--key',
|
||||||
|
'test/tls/key.pem']
|
||||||
|
|
||||||
|
with self.assertRaises(SystemExit) as test:
|
||||||
|
main(args)
|
||||||
|
|
||||||
|
self.assertTrue('Error loading SSL CA' in str(mock_print.call_args))
|
||||||
|
self.assertEqual(test.exception.code, 3)
|
||||||
|
21
test/tls/ca-root.pem
Normal file
21
test/tls/ca-root.pem
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDbTCCAlWgAwIBAgIUB6EZDl3ajJgJsoLzyC9DrOQQpKowDQYJKoZIhvcNAQEN
|
||||||
|
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
|
||||||
|
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNDAzMTgwODE5MDhaGA8yMDUx
|
||||||
|
MDgwMzA4MTkwOFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
|
||||||
|
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
|
||||||
|
AQEBBQADggEPADCCAQoCggEBALVxioj+6zw6Snr+B1JOivC8Of6YptVYym5ICiHX
|
||||||
|
wjpbSVVe+Py/P2LDb/uQ1QkAENlpvChFqSaRBZU5keXYS/DaFb2Evb2/zf5qIdWU
|
||||||
|
2ju8B5V13gXSeaNNetyEn1Ivvk0lOCQo2RwEZXuStpLS4Q32rkRBvkoL+RXDc1NX
|
||||||
|
c3RwcU1p9ybgBqAC7FYdV82sgHGugIrbzkjfFREJXp1AnqvKAdk39b1CnPxfmPZC
|
||||||
|
nzPPetfr3iivH8yVO5rodU/LDtQNph22JR94YvPB89QO+bZ9bw2GHtPdAKFew9HF
|
||||||
|
UxM1fmy381Mq2iS3KUq5vsC1jMe8slUAIFYEDzoPvOz+MpcCAwEAAaNTMFEwHQYD
|
||||||
|
VR0OBBYEFOmCb+JnMzX29hwgtXSzrN+m6mTDMB8GA1UdIwQYMBaAFOmCb+JnMzX2
|
||||||
|
9hwgtXSzrN+m6mTDMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggEB
|
||||||
|
AAkTD8K4UO4uO4i6p2BCofbhVm9LYA0ulmLO8Uro0U491TeEDOQpgMFAK+b2gZIU
|
||||||
|
zvDHoCMn3UPVxHKl7XzDgLZVkYYEc2s9vArxk5vSnFmh3XvlDu2SO5gSLB2sf68A
|
||||||
|
2+Jz2x6z9tjWWdZCGJWU/iwMbG2Y3JMHyv1NMF8cyOclJaSDNBAwF5c5sdlGTLKb
|
||||||
|
WHGXzVqHSAFlGcHtQrcEKclHiuzw2G3LZzwghGk0XzxwvyKrnAEy408RY0mfNLtz
|
||||||
|
32KHqYtrip0RYlGWKP7/7q6i0D8muEFW/I4emFI0z0I/1CcYZZS8tQkWaPf/wCN0
|
||||||
|
llTD1kKJACsIMaqkkyy+EZM=
|
||||||
|
-----END CERTIFICATE-----
|
19
test/tls/cert.pem
Normal file
19
test/tls/cert.pem
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDDzCCAfcCFBOrBcHIH2x9xcUyUeDid0cvBxWtMA0GCSqGSIb3DQEBDQUAMEUx
|
||||||
|
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
|
||||||
|
cm5ldCBXaWRnaXRzIFB0eSBMdGQwIBcNMjQwMzE4MDgxOTM1WhgPMjA1MTA4MDMw
|
||||||
|
ODE5MzVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD
|
||||||
|
VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEeMA0GCSqGSIb3DQEBAQUA
|
||||||
|
A4IBCwAwggEGAoH+ALuzyIhEATF5YyAOsXKfr2mttF2HyJvEscGcoA7YetT57bjJ
|
||||||
|
5lg944kc3QH/wTEdrGda3cwh3OXdUuyR7Wrm9jPw38hMArx/fWPkiISOShrUSHGd
|
||||||
|
Qyy2bT+zxBaUo+pomyrlqlgwGlbxuwTAlTSFcI+i7yXrckl2HRj40EW4FNsYpPzv
|
||||||
|
maxRXs0kg0J2JLTYF+fHlqlYbSX/hRU9wz2DYfkRSS0+OYJNSmqK0jayUsdZYurG
|
||||||
|
gbPwOCgQ0QxLLh7P8z4sOanRowqUzqTI77cyUugEJRyoi+LJr4r0EwMTBX3STgPh
|
||||||
|
S9B78+LNvwOrLrZFUhr144RfO9QPLnz0uWcCAwEAATANBgkqhkiG9w0BAQ0FAAOC
|
||||||
|
AQEAeIR21PfLzgpL7WDBE2KgwI78nVc1wY9nwoAxSBzHjS0Olve3r9MaVzAKn5ZS
|
||||||
|
xHtv8oroXjhTcczCIzxii6Imp6u0iIr3QVBIceofxrH3aWmICURcC9l+dIiY6sk9
|
||||||
|
Ct8P8gm/Erv2iF/7bnsARwDnw0f41fC9eXtHZ7WLRQrc7tLHpjL0Z7bT77ysQJVK
|
||||||
|
C1SWtBnq3afmwH3R1wVHENn0JVFQpBp+vqWU5KIlvjcz49yPU+aNODk1rJsHMlgS
|
||||||
|
x2iddwF31GNOxNfXtw8fdw4UDUl2wYoZ45w2e2pXt4pbN43m0Wys1eQZdk3tyR6G
|
||||||
|
AZOLP05073mLtbVlFRmcTdXIGg==
|
||||||
|
-----END CERTIFICATE-----
|
27
test/tls/key.pem
Normal file
27
test/tls/key.pem
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEqAIBADANBgkqhkiG9w0BAQEFAASCBJIwggSOAgEAAoH+ALuzyIhEATF5YyAO
|
||||||
|
sXKfr2mttF2HyJvEscGcoA7YetT57bjJ5lg944kc3QH/wTEdrGda3cwh3OXdUuyR
|
||||||
|
7Wrm9jPw38hMArx/fWPkiISOShrUSHGdQyy2bT+zxBaUo+pomyrlqlgwGlbxuwTA
|
||||||
|
lTSFcI+i7yXrckl2HRj40EW4FNsYpPzvmaxRXs0kg0J2JLTYF+fHlqlYbSX/hRU9
|
||||||
|
wz2DYfkRSS0+OYJNSmqK0jayUsdZYurGgbPwOCgQ0QxLLh7P8z4sOanRowqUzqTI
|
||||||
|
77cyUugEJRyoi+LJr4r0EwMTBX3STgPhS9B78+LNvwOrLrZFUhr144RfO9QPLnz0
|
||||||
|
uWcCAwEAAQKB/UQAYzMy5/fDkWzoxdLQFV3E56ZG7h+4x+lr0/Ts6rtD/KLIyqHH
|
||||||
|
ciqXgV4bCSPBK1eabOZqkjvYzhUU3R2wpRu2NWy8VPVzfrr07ZyQbDqCE+jNX6vQ
|
||||||
|
P44nk2/W0/e1hBmrcOZYLwK2utmC58tKWLhBAEENpq8EkpAcfF/1y9aRHKYwNnH7
|
||||||
|
vouoQibN5NTs5m8s0VyjRTDwRZja98eWnn5NfU3orqYO8fSlF6CyzDtoyhMco6zR
|
||||||
|
0skBgMzRYCRTuJpV+KekC7XFYyiJ6XZN5DKLbbqP6Y7YR8wjyFEruoGCS0mZH2H0
|
||||||
|
9/rhTsJram1B2zohXHPsHJGGGv12/7kCfw5C7yda+8Yv0NmRp1F+EJYb75SCAWIP
|
||||||
|
kzN/xvjP2bMKa6oSzU0DOga3Wc4ijJHDaND8rqdPqQe3zXFr1nPdBrybLSJ6k5CN
|
||||||
|
4Dd6ENJWVWino0L460kpLtlBG6TsgmB8bkwhjWVE6Vgt4Vila+a3TGRXeniaRzdw
|
||||||
|
icNOtMrjYlUCfw0pWEvO2uFq0DbNZbmzC2j5ClFcU96CAl4AqKG2PiGnuSy9TKVZ
|
||||||
|
c5OiXFmyoig7v4LJzaKLSqVIN4hVBU80/MlhvG+dpeimvLaQKNtlZQethIs5hXlB
|
||||||
|
R1XfaPhq6BQiYmQ3tufyS/0Es2OY+Cs3LU1uDB8qVzonlmnIi69OwMsCfwRPISfJ
|
||||||
|
C+4UIIy8v8uVxbk1c6xxo61Xe2jCIQKo+uRoL6PRzoqIgQ3qdI4eTk70tkT/NF6F
|
||||||
|
aVNVrBOrO78Cd7ihQn/6fX/d/nOExHRpdaELlf70a1NNyEQIsiug8rvonQMP2ENT
|
||||||
|
ERZ9tmssgG/Tzpc6/1xVcVNFA7spmuL61YkCfwnu2zGTc0PO7kd96rkktIbL9YqD
|
||||||
|
6NQ0QH8bdildtjSGNc3bLB5ajUytq48Sryk4NogJr8Vt5K8q+qZMrE4kCmgd+C4w
|
||||||
|
x4b3V9Ncp0k1k/MgdLjyd5aUurbHfpyFapPPg3xpRAR3q/vP8WdIintrECiw1jsr
|
||||||
|
JFvChtVdQnbTM9MCfw41RcjNwCaIG+uXc8bD6Yf+NyXD8zP6ZDywmBlkMWlGSzx4
|
||||||
|
xM8J+wQiQsNWthDBbF7inJc+lbtJiEe4YOPkbjCYVZRHribL65HKJlEUv6M9bvQo
|
||||||
|
3P1DS5tDrwo6z9UPs4tD1SgF9fDu/xA7fwPF1RTvuW07MhFJWlDo4FSWS9c=
|
||||||
|
-----END PRIVATE KEY-----
|
Loading…
Reference in New Issue
Block a user