From d9701b4f6a60d545e9b5a16264ac1bc781ae9fb1 Mon Sep 17 00:00:00 2001 From: Andreas Perhab Date: Fri, 18 Feb 2022 09:39:34 +0100 Subject: [PATCH] certificate_file_expiry: add option to ignore unexpanded patterns this helps use the same configs on multiple nodes where not all the patterns expand to existing files on all of them or when files are not yet existing --- plugins/ssl/certificate_file_expiry | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/plugins/ssl/certificate_file_expiry b/plugins/ssl/certificate_file_expiry index c538cc5b..3a8faa9c 100755 --- a/plugins/ssl/certificate_file_expiry +++ b/plugins/ssl/certificate_file_expiry @@ -55,6 +55,9 @@ env.LOGARITHMIC "yes" enables the logarithmic display of values which is useful long lived in respect to the warning level. e.g. a ca.crt that is valid for 10 years together with a crl.pem that is valid for only a few months combined with warning levels of 5 days. default is "yes" to disable set it to "no". +env.IGNORE_UNEXPANDED_PATTERNS "yes" ignores patterns that did not expand to any files. this is useful to define one +config that handles multiple types of certs where only one pattern is used. default is "no". + =head1 Dependencies Dependencies: openssl @@ -72,6 +75,7 @@ GPLv2 . "$MUNIN_LIBDIR/plugins/plugin.sh" LOGARITHMIC=${LOGARITHMIC:-yes} +IGNORE_UNEXPANDED_PATTERNS=${IGNORE_UNEXPANDED_PATTERNS:-no} if [ "$1" = "config" ] ; then echo "graph_title Certificate validity" @@ -127,6 +131,16 @@ for cert in ${CERTS}; do cert_type=${cert%:*} cert_pattern=${cert#*:} for cert_file in $cert_pattern; do + # note: if file contains a * (e.g. /etc/letsencrypt/live/*/cert.pem) it might be an unexpanded pattern + # to supress errors see IGNORE_UNEXPANDED_PATTERNS above + # shellcheck disable=SC2063 + if [ "$IGNORE_UNEXPANDED_PATTERNS" = "yes" ] \ + && [ "$cert_file" = "$cert_pattern" ] \ + && ! [ -e "$cert_file" ] \ + && echo "$cert_file" | grep -q "*" ; then + # skip unexpanded patterns when IGNORE_UNEXPANDED_PATTERNS is set to yes + continue + fi if [ "$cert_type" = "openvpn_inline" ] ; then for type in "ca" "cert"; do cert_name=$(clean_fieldname "$cert_file-$type")