Adding --cert-file option for all the checks which use RestClient (#115)

* Adding cert option to all checks using RestClient * Adding --cert-file option to all checks which are using RestClient
sensu-plugins · May 23, 2018 · 93ed51d · 93ed51d
1 parent 8e5cbe5
commit 93ed51d
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins/community/blob/master/HOW_WE_CHANGELOG.md)
 
 ## [Unreleased]
+### Added
+- check-es-shard-allocation-status.rb, check-es-file-descriptors.rb, check-es-heap.rb: added `--cert-file` option which allows you to specify a ca-cert to be used to verify TLS (@vin01)
 
 ## [2.0.1] - 2018-03-27
 ### Security

diff --git a/bin/check-es-file-descriptors.rb b/bin/check-es-file-descriptors.rb
@@ -82,6 +82,10 @@ class ESFileDescriptors < Sensu::Plugin::Check::CLI
          short: '-e',
          long: '--https'
 
+  option :cert_file,
+         description: 'Cert file to use',
+         long: '--cert-file CERT'
+
   def get_es_resource(resource)
     headers = {}
     if config[:user] && config[:password]
@@ -95,7 +99,16 @@ def get_es_resource(resource)
                  'http'
                end
 
-    r = RestClient::Resource.new("#{protocol}://#{config[:host]}:#{config[:port]}#{resource}", timeout: config[:timeout], headers: headers)
+    r = if config[:cert_file]
+          RestClient::Resource.new("#{protocol}://#{config[:host]}:#{config[:port]}#{resource}",
+                                   ssl_ca_file: config[:cert_file].to_s,
+                                   timeout: config[:timeout],
+                                   headers: headers)
+        else
+          RestClient::Resource.new("#{protocol}://#{config[:host]}:#{config[:port]}#{resource}",
+                                   timeout: config[:timeout],
+                                   headers: headers)
+        end
     JSON.parse(r.get)
   rescue Errno::ECONNREFUSED
     warning 'Connection refused'

diff --git a/bin/check-es-heap.rb b/bin/check-es-heap.rb
@@ -90,6 +90,10 @@ class ESHeap < Sensu::Plugin::Check::CLI
          short: '-e',
          long: '--https'
 
+  option :cert_file,
+         description: 'Cert file to use',
+         long: '--cert-file CERT'
+
   option :all,
          description: 'Check all nodes in the ES cluster',
          short: '-a',
@@ -114,7 +118,16 @@ def acquire_es_resource(resource)
                  'http'
                end
 
-    r = RestClient::Resource.new("#{protocol}://#{config[:host]}:#{config[:port]}#{resource}", timeout: config[:timeout], headers: headers)
+    r = if config[:cert_file]
+          RestClient::Resource.new("#{protocol}://#{config[:host]}:#{config[:port]}#{resource}",
+                                   ssl_ca_file: config[:cert_file].to_s,
+                                   timeout: config[:timeout],
+                                   headers: headers)
+        else
+          RestClient::Resource.new("#{protocol}://#{config[:host]}:#{config[:port]}#{resource}",
+                                   timeout: config[:timeout],
+                                   headers: headers)
+        end
     JSON.parse(r.get)
   rescue Errno::ECONNREFUSED
     warning 'Connection refused'

diff --git a/bin/check-es-shard-allocation-status.rb b/bin/check-es-shard-allocation-status.rb
@@ -76,14 +76,27 @@ class ESShardAllocationStatus < Sensu::Plugin::Check::CLI
          short: '-P PASS',
          long: '--password PASS'
 
+  option :cert_file,
+         description: 'Cert file to use',
+         long: '--cert-file CERT'
+
   def get_es_resource(resource)
     headers = {}
     if config[:user] && config[:password]
       auth = 'Basic ' + Base64.strict_encode64("#{config[:user]}:#{config[:password]}").chomp
       headers = { 'Authorization' => auth }
     end
 
-    r = RestClient::Resource.new("#{config[:scheme]}://#{config[:server]}:#{config[:port]}#{resource}", timeout: config[:timeout], headers: headers)
+    r = if config[:cert_file]
+          RestClient::Resource.new("#{config[:scheme]}://#{config[:server]}:#{config[:port]}#{resource}",
+                                   ssl_ca_file: config[:cert_file].to_s,
+                                   timeout: config[:timeout],
+                                   headers: headers)
+        else
+          RestClient::Resource.new("#{config[:scheme]}://#{config[:server]}:#{config[:port]}#{resource}",
+                                   timeout: config[:timeout],
+                                   headers: headers)
+        end
     JSON.parse(r.get)
   rescue Errno::ECONNREFUSED
     warning 'Connection refused'