jpcw · voileux · Jul 18, 2020 · Jul 18, 2020 · Jul 20, 2020 · Jul 29, 2020
diff --git a/README.rst b/README.rst
@@ -40,9 +40,17 @@ sample outputs :
 + Ok
 
     ::
-
-      CHECKPKGAUDIT OK - 0 vulnerabilities found ! | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=0;;@1:;0 smtp=0;;@1:;0
 
+      $ check_pkgaudit  
+      CHECKPKGAUDIT OK - 0 vulnerabilities found ! | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=0;;@1:;0 smtp=0;;@1:;0 test=0;;@1:;0 tryjail=0;;@1:;0
+
+Sometimes you want ignore check on jails or host, and it's not critical. Typically a test jails without production code. You have an option '--ignore', the plugin will ignore the jail is in the list or the host, and no check was done on it.
+
+    ::
+
+      $ check_pkgaudit --ignore test try-jail host.domain.tld
+      CHECKPKGAUDIT OK - 0 vulnerabilities found ! | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=0;;@1:;0 smtp=0;;@1:;0
+
 
 + Critical
 
@@ -126,7 +134,7 @@ Command definition ::
 
     define command{
         command_name    check_ssh_pkgaudit
-        command_line    $USER1$/check_by_ssh -H $HOSTADDRESS$ -i /var/spool/icinga/.ssh/id_rsa -C "sudo /usr/local/bin/check_pkgaudit"
+        command_line    $USER1$/check_by_ssh -H $HOSTADDRESS$ -i /var/spool/icinga/.ssh/id_rsa -C "sudo /usr/local/bin/check_pkgaudit -i $ARGS1"
     }
 
 the service itself ::
@@ -176,7 +184,7 @@ nagios command definition ::
 
     define command{
         command_name    check_nrpe_pkgaudit
-        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_pkgaudit
+        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c "check_pkgaudit --ignore $ARGS1"
     }
 
 the service itself ::

diff --git a/docs/CHANGES.rst b/docs/CHANGES.rst
@@ -1,12 +1,18 @@
 Changelog
 =========
 
-0.7.3 (unreleased)
+0.7.4 (unreleased)
 ------------------
 
 - Nothing changed yet.
 
 
+0.7.3 (2020-07-29)
+------------------
+
+- add ignore option -- voileux
+
+
 0.7.2 (2017-06-05)
 ------------------
 

diff --git a/src/checkpkgaudit/checkpkgaudit.py b/src/checkpkgaudit/checkpkgaudit.py
@@ -31,7 +31,7 @@ def _popen(cmd):  # pragma: no cover
         raise nagiosplugin.CheckError(message)
 
 
-def _get_jails():
+def _get_jails(ignored_jails=[]):
     """Provides running jails."""
     jailargs = []
     jls = subprocess.check_output('jls')
@@ -42,7 +42,7 @@ def _get_jails():
         jailargs = list()
         for jail in jails:
             host_idx = 1 if len(jail.split()) == 3 else 2
-            if not jail.split()[host_idx].startswith('hastd:'):
+            if not jail.split()[host_idx].startswith('hastd:') and  jail.split()[host_idx] not in ignored_jails:
                 jailargs.append({'jid': jail.split()[0],
                                  'hostname': jail.split()[host_idx]})
     return jailargs
@@ -53,6 +53,15 @@ class CheckPkgAudit(nagiosplugin.Resource):
 
     hostname = platform.node()
 
+
+    def __init__(self, ignored_jails=[]):
+        """Create CheckPkgAudit Ressource.
+
+           Store ignored jails in ignored_jails list
+        """
+        self.ignored_jails = ignored_jails
+
+
     def pkg_audit(self, jail=None):
         """Run pkg audit.
 
@@ -91,11 +100,11 @@ def pkg_audit(self, jail=None):
 
     def probe(self):
         """Runs pkg audit over host and running jails."""
-
-        yield nagiosplugin.Metric(self.hostname, self.pkg_audit(),
-                                  min=0, context="pkg_audit")
+        if not self.hostname in self.ignored_jails:
+            yield nagiosplugin.Metric(self.hostname, self.pkg_audit(),
+                                      min=0, context="pkg_audit")
         # yield running jails
-        jails = _get_jails()
+        jails = _get_jails(self.ignored_jails)
         if jails:
             for jail in jails:
                 yield nagiosplugin.Metric(jail['hostname'],
@@ -136,6 +145,10 @@ def problem(self, results):
 def parse_args():  # pragma: no cover
     """Arguments parser."""
     argp = argparse.ArgumentParser(description=__doc__)
+    argp.add_argument('-i', '--ignore', nargs='*', default=[],
+                      metavar='ignored jails', dest='ignored_jails',
+                      help='ignored jail name or host hostname \n \
+                              ex : -i ns0 -i host')
     argp.add_argument('-v', '--verbose', action='count', default=0,
                       help='increase output verbosity (use up to 3 times)')
 
@@ -154,7 +167,7 @@ def main():  # pragma: no cover
     """
 
     args = parse_args()
-    check = nagiosplugin.Check(CheckPkgAudit(),
+    check = nagiosplugin.Check(CheckPkgAudit(args.ignored_jails),
                                nagiosplugin.ScalarContext('pkg_audit', None,
                                                           '@1:'),
                                AuditSummary())

diff --git a/src/checkpkgaudit/tests/test_checkauditpkg.py b/src/checkpkgaudit/tests/test_checkauditpkg.py
@@ -34,7 +34,7 @@ def test__get_jls_no_running_jails(self):
             subprocess.check_output.return_value = no_jails
             self.assertEqual(meth(), [])
 
-    def test__get_jls_running_jails(self):
+    def test__get_jls_running_jails_without_ignored(self):
         meth = checkpkgaudit._get_jails
         mocked = "checkpkgaudit.checkpkgaudit.subprocess"
         jls = [{'hostname': 'masterdns', 'jid': '50'},
@@ -48,6 +48,34 @@ def test__get_jls_running_jails(self):
             subprocess.check_output.return_value = ''.join(jails)
             self.assertEqual(meth(), jls)
 
+    def test__get_jls_running_jails_with_know_ignored(self):
+        meth = checkpkgaudit._get_jails
+        mocked = "checkpkgaudit.checkpkgaudit.subprocess"
+        jls = [{'hostname': 'masterdns', 'jid': '50'},
+               {'hostname': 'smtp', 'jid': '52'},
+               {'hostname': 'ns1', 'jid': '55'},
+               {'hostname': 'http', 'jid': '57'},
+               {'hostname': 'supervision', 'jid': '59'},
+               {'hostname': 'formationpy', 'jid': '61'}]
+        with mock.patch(mocked) as subprocess:
+            subprocess.check_output.return_value = ''.join(jails)
+            self.assertEqual(meth(ignored_jails=['ns0']), jls)
+
+    def test__get_jls_running_jails_with_unkown_ignored(self):
+        meth = checkpkgaudit._get_jails
+        mocked = "checkpkgaudit.checkpkgaudit.subprocess"
+        jls = [{'hostname': 'masterdns', 'jid': '50'},
+               {'hostname': 'smtp', 'jid': '52'},
+               {'hostname': 'ns0', 'jid': '54'},
+               {'hostname': 'ns1', 'jid': '55'},
+               {'hostname': 'http', 'jid': '57'},
+               {'hostname': 'supervision', 'jid': '59'},
+               {'hostname': 'formationpy', 'jid': '61'}]
+        with mock.patch(mocked) as subprocess:
+            subprocess.check_output.return_value = ''.join(jails)
+            self.assertEqual(meth(ignored_jails=['unknow']), jls)
+
+
 
 class Test_CheckPkgAudit(unittest.TestCase):