Icinga2Agent: Improved handling for Host API-Keys

Improved the handling to validate if a local host API-Key is still valid or deprecated. This will ensure proper error handling in case the local key is lost, the Director Key is dropped or one of both is not valid
2017-07-20 19:33:53 +02:00 · 2017-07-20 19:33:53 +02:00 · 56516cf572
parent 3062cf2ebd
commit 56516cf572
1 changed files with 56 additions and 25 deletions
--- a/contrib/windows-agent-installer/Icinga2Agent.psm1
+++ b/contrib/windows-agent-installer/Icinga2Agent.psm1
@ -1865,6 +1865,32 @@ object ApiListener "api" {
        return $jsonString;
    }

+    #
+    # Check if the local host key is still valid
+    #
+    $installer | Add-Member -membertype ScriptMethod -name 'isHostAPIKeyValid' -value {
+
+        # If no API key is yet defined, we will require to fetch one
+        if (-Not $this.getProperty('director_host_token')) {
+            return $FALSE;
+        }
+
+        # Check against the powershell-parameter URL if our host API key is valid
+        # If we receive content -> everything is ok
+        # If we receive any 4xx code, propably the API Key is invalid and we require to fetch a new one
+        [string]$url = $this.config('director_url') + 'self-service/powershell-parameters?key=' + $this.getProperty('director_host_token');
+        [string]$response = $this.createHTTPRequest($url, '', 'POST', 'application/json', $TRUE, $FALSE);
+        if ($this.isHTTPResponseCode($response)) {
+            if ($response[0] -eq '4') {
+                $this.info('Target host is already present inside Icinga Director without API-Key. Re-Creating key...');
+                return $FALSE;
+            }
+        }
+
+        $this.info('Host API-Key validation successfull.');
+        return $TRUE;
+    }
+
    #
    # This function will allow us to create a
    # host object directly inside the Icinga Director
@ -1875,7 +1901,13 @@ object ApiListener "api" {
        if ($this.config('director_url') -And $this.getProperty('local_hostname')) {
            if ($this.config('director_auth_token')) {
                if ($this.requireIcingaDirectorAPIVersion('1.4.0', '[Function::createHostInsideIcingaDirector]')) {
-                    if ($this.getProperty('director_host_token') -eq '') {
+
+                    # Check if our API Host-Key is present and valid
+                    if ($this.isHostAPIKeyValid()) {
+                        return;
+                    }
+
+                    # If not, try to create the host and fetch the API key
                    [string]$apiKey = $this.config('director_auth_token');
                    [string]$url = $this.config('director_url') + 'self-service/register-host?name=' + $this.getProperty('local_hostname') + '&key=' + $apiKey;
                    [string]$json = '';
@ -1903,7 +1935,6 @@ object ApiListener "api" {
                        }
                    }
                }
-                }
            } elseif ($this.config('director_host_object'))  {
                # Setup the url we need to call
                [string]$url = $this.config('director_url') + 'host';