1
0
mirror of https://github.com/thannaske/rspamd-influxdb.git synced 2023-10-10 13:36:59 +02:00

Adding --config parameter to provide a path to a configuration file for security reasons (issue #2)

This commit is contained in:
Tobias 2018-11-09 11:57:45 +01:00
parent 57c69cf072
commit 6ed06a53ac
2 changed files with 62 additions and 7 deletions

View File

@ -2,7 +2,20 @@
Quick and dirty approach to get stats of rspamd out of the webinterface's API into InfluxDB for visualizing using Grafana. Quick and dirty approach to get stats of rspamd out of the webinterface's API into InfluxDB for visualizing using Grafana.
## Usage ## Usage
`python3 rspamd-influxdb.py https://example.com:1337/ superSecretPassword` `python3 rspamd-influxdb.py --url "https://example.com:1337" --password "superSecretPassword"`
You may provide the URL and password by defining the path to a configuration file in order to prevent other users from reading the password in clear text from the process list. To do so you need to provide the `--config $path` argument, e.g.
`python3 rspamd-influxdb.py --config "~/config.json"`
The configuration file needs to contain the fields `url` and `password` as valid JSON. An example file could look like this:
```json
{
"url": "https://example.com",
"password": "superSecretPassword"
}
```
## Utilization ## Utilization
Use this script call within InfluxData's Telegraf Use this script call within InfluxData's Telegraf

View File

@ -5,16 +5,58 @@ import json
import urllib.request import urllib.request
parser = argparse.ArgumentParser(description="rspamd web interface statistic fetcher for InfluxDB usage") parser = argparse.ArgumentParser(description="rspamd web interface statistic fetcher for InfluxDB usage")
parser.add_argument("url", action="store", help="URL to rspamd web interface installation") parser.add_argument("--url", action="store", help="URL to rspamd web interface installation")
parser.add_argument("password", action="store", help="Password for API authentication (same as for graphical login)") parser.add_argument("--password", action="store", help="Password for API authentication (same as for graphical login)")
parser.add_argument("--config", action="store", help="Path to the configuration file for the application to use")
args = parser.parse_args() args = parser.parse_args()
# Make sure we got the trailing slash at the URL # Perform some stupid basic validation on the arguments
if str.endswith(args.url, "/"): if (args.url is None and args.password is None) and args.config is None:
fetch_url = args.url + "stat?password=" + urllib.parse.quote_plus(args.password) parser.error("Please provide --url and --password arguments or the path to a configuration file using --config")
if (args.url is None and args.password is not None) or (args.url is not None and args.password is None):
parser.error("Please use --url with the --password argument and way round. You may provide the path to a "
"configuration file by only using the --config argument.")
if args.url is not None and args.password is not None and args.config is not None:
parser.error("Please provide whether --url and --password arguments *or* --config argument.")
if args.config is not None and (args.url is not None or args.password is not None):
parser.error("Please provide whether --url and --password arguments *or* --config argument.")
# Basic variable initialization
url = None
password = None
# Read variables from file if necessary
if args.config is not None:
data = None
try:
fh = open(args.config, "r")
data = json.load(fh)
except IOError as e:
parser.error("Could not read JSON config from file. Received IOError: " + str(e))
if data is not None and ("url" not in data or "password" not in data):
parser.error("Could not read URL and password from JSON configuration. Please see documentation for correct "
"configuration file formatting.")
elif data is None:
parser.error("Something went wrong during parsing of JSON configuration file. Please check your configuration!")
else: else:
fetch_url = args.url + "/stat?password=" + urllib.parse.quote_plus(args.password) url = data['url']
password = data['password']
else:
# Read variable from args
url = args.url
password = args.password
# Make sure we got the trailing slash at the URL
if str.endswith(url, "/"):
fetch_url = url + "stat?password=" + urllib.parse.quote_plus(password)
else:
fetch_url = url + "/stat?password=" + urllib.parse.quote_plus(password)
try: try:
resp = urllib.request.urlopen(fetch_url) resp = urllib.request.urlopen(fetch_url)