check_vault_seal.py

#!/usr/bin/env python

"""

    Nagios plugin to check status of HashiCorp Vault service seals

"""

from optparse import OptionParser
import sys
import requests

pluginver = '0.1'

# Parse commandline options:
parser = OptionParser(usage="%prog -U <vault url> [ -h ]",version="%prog " + pluginver)
parser.add_option("-U", "--url",
    action="store", type="string", dest="url", help="Vault URL")
(options, args) = parser.parse_args()


def main():
    if not options.url:
        print "UNKNOWN: Missing Vault URL value (e.g. 'https://vault.yourdomain.com:8200')."
        sys.exit(3)

    method_url = "{}/v1/sys/seal-status".format(options.url)
    r = requests.get(method_url)
    if r.status_code == 400:
        j = r.json()
        print "WARNING: " + j['errors'][0]
        sys.exit(1)
    if r.status_code != 200:
        print "UNKNOWN: Vault returned unexpected HTTP status " + str(r.status_code)
        print r.text
        sys.exit(3)
    j = r.json()
    if j['sealed']:
        print "CRITICAL: Vault is sealed"
        sys.exit(2)
    else:
        print "OK: Vault is unsealed"
        sys.exit(0)

if __name__ == '__main__':
    main()