Add option to override exit code if iLo requries patch

README.md

@@ -35,12 +35,7 @@ the drive is patched with `firmware update applied`.
 
 ## HPE Integrated Lights-Out
 
-Multiple security vulnerabilities have been identified in Integrated Lights-Out 3 (iLO 3),
-Integrated Lights-Out 4 (iLO 4), and Integrated Lights-Out 5 (iLO 5) firmware. The vulnerabilities could be remotely
-exploited to execute code, cause denial of service, and expose sensitive information. HPE has released updated
-firmware to mitigate these vulnerabilities.
-
-The check will raise a CRITICAL when the Integrated Lights-Out needs to be updated. Below you will find a list with
+The check will raise a WARNING when the Integrated Lights-Out needs to be updated. Below you will find a list with
 the least version of each Integrated Lights-Out version:
 
 - HPE iLO 6 v1.56 or later
@@ -61,6 +56,7 @@ Arguments:
 -P, --protocol string        SNMP protocol (default "2c")
     --timeout int            SNMP timeout in seconds (default 15)
     --snmpwalk-file string   Read output from snmpwalk
+-e, --ilo-exit-state int     Exit with specified code if iLO requires patch (default 1)
 -I, --ignore-ilo-version     Don't check the ILO version
 -D, --ignore-drives          Don't check the drive firmware
 -C, --ignore-controller      Don't check the controller firmware

hp/ilo/firmware.go

@@ -53,7 +53,7 @@ func GetIloInformation(client gosnmp.Handler) (ilo *Ilo, err error) {
 
 // GetNagiosStatus validates the iLO's data against the known models
 // in this plugin.
-func (ilo *Ilo) GetNagiosStatus() (state int, output string) {
+func (ilo *Ilo) GetNagiosStatus(returnStateforPatch int) (state int, output string) {
 	// nolint: ineffassign
 	state = check.Unknown
 
@@ -78,8 +78,8 @@ func (ilo *Ilo) GetNagiosStatus() (state int, output string) {
 	output = fmt.Sprintf("Integrated Lights-Out %s revision %s ", modelInfo.Name, ilo.RomRevision)
 
 	if !isNewerVersion(modelInfo.FixedRelease, ilo.RomRevision) {
-		state = check.Critical
-		output += "- version too old, should be at least " + modelInfo.FixedRelease
+		state = returnStateforPatch
+		output += "- Patch available, should be at least " + modelInfo.FixedRelease
 	} else {
 		state = check.OK
 		output += "- version newer than affected"

hp/ilo/firmware_test.go

@@ -21,8 +21,8 @@ func TestIlo_GetNagiosStatus(t *testing.T) {
 				ModelID:     9,
 				RomRevision: "1.40",
 			},
-			expectedState:  check.Critical,
-			expectedOutput: "too old",
+			expectedState:  check.Warning,
+			expectedOutput: "Patch available",
 		},
 		"newer": {
 			ilo: Ilo{
@@ -55,7 +55,7 @@ func TestIlo_GetNagiosStatus(t *testing.T) {
 
 	for name, tc := range testcases {
 		t.Run(name, func(t *testing.T) {
-			state, output := tc.ilo.GetNagiosStatus()
+			state, output := tc.ilo.GetNagiosStatus(1)
 			assert.Equal(t, state, tc.expectedState)
 			assert.Contains(t, output, tc.expectedOutput)
 		})

main.go

@@ -53,6 +53,7 @@ func main() {
 		protocol         = fs.StringP("protocol", "P", "2c", "SNMP protocol")
 		port             = fs.Uint16P("port", "p", 161, "SNMP port")
 		file             = fs.String("snmpwalk-file", "", "Read output from snmpwalk")
+		iloExitState     = fs.IntP("ilo-exit-state", "e", 1, "Exit with specified code if iLO requires patch")
 		ignoreIlo        = fs.BoolP("ignore-ilo-version", "I", false, "Don't check the ILO version")
 		ignoreDrives     = fs.BoolP("ignore-drives", "D", false, "Don't check the drive firmware")
 		ignoreController = fs.BoolP("ignore-controller", "C", false, "Don't check the controller firmware")
@@ -122,7 +123,7 @@ func main() {
 			check.ExitError(err)
 		}
 		// Retrieve the status from the iLO and add the result
-		overall.Add(iloData.GetNagiosStatus())
+		overall.Add(iloData.GetNagiosStatus(*iloExitState))
 	}
 
 	// Load controller data