Fixes cert plugin CertStore enforcement

Author: LordHepipud

config/director/Invoke-IcingaCheckCertificate.json

@@ -63,7 +63,7 @@ object CheckCommand "Invoke-IcingaCheckCertificate" {
             order = 100
         }
         "-CertStore" = {
-            description = "Used to specify which CertStore to check. Valid choices are '*', 'LocalMachine', 'CurrentUser'"
+            description = "Used to specify which CertStore to check. Valid choices are 'None', '*', 'LocalMachine', 'CurrentUser'. Use 'None' if you do not want to check the certificate store (Default)"
             value = "$IcingaCheckCertificate_String_CertStore$"
             order = 5
         }

config/director/Plugins_Bundle.json

@@ -157,7 +157,7 @@ object CheckCommand "Invoke-IcingaCheckCertificate" {
             order = 100
         }
         "-CertStore" = {
-            description = "Used to specify which CertStore to check. Valid choices are '*', 'LocalMachine', 'CurrentUser'"
+            description = "Used to specify which CertStore to check. Valid choices are 'None', '*', 'LocalMachine', 'CurrentUser'. Use 'None' if you do not want to check the certificate store (Default)"
             value = "$IcingaCheckCertificate_String_CertStore$"
             order = 5
         }

config/icinga/Invoke-IcingaCheckCertificate.conf

@@ -14,6 +14,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 ## Bugfixes
 
 * [#246](https://github.com/Icinga/icinga-powershell-plugins/pull/246) Fixes wrong `UNKNOWN` on `Invoke-IcingaCheckService` while using service display name with the `-Service` argument instead of the service name
+* [#261](https://github.com/Icinga/icinga-powershell-plugins/issues/261) Fixes `Invoke-IcingaCheckCertificate` which always included the CertStore because no option to not check the certificate store was available
 * [#262](https://github.com/Icinga/icinga-powershell-plugins/pull/262) Fixes method NULL exception on empty EventLog entries for `Invoke-IcingaCheckEventLog`
 
 ## Enhancements

config/icinga/Plugins_Bundle.conf

@@ -22,7 +22,7 @@ No special permissions required.
 | CriticalStart | Object | false |  | Used to specify a date. The start date of the certificate has to be past the date specified, otherwise the check results in critical. Use carefully. Use format like: 'yyyy-MM-dd' |
 | WarningEnd | Object | false | 30d: | Used to specify a Warning range for the end date of an certificate. In this case a string. Allowed units include: ms, s, m, h, d, w, M, y |
 | CriticalEnd | Object | false | 10d: | Used to specify a Critical range for the end date of an certificate. In this case a string. Allowed units include: ms, s, m, h, d, w, M, y |
-| CertStore | String | false | * | Used to specify which CertStore to check. Valid choices are '*', 'LocalMachine', 'CurrentUser' |
+| CertStore | String | false | None | Used to specify which CertStore to check. Valid choices are 'None', '*', 'LocalMachine', 'CurrentUser'. Use 'None' if you do not want to check the certificate store (Default) |
 | CertThumbprint | Array | false |  | Used to specify an array of Thumbprints, which are used to determine what certificate to check, within the CertStore. |
 | CertSubject | Array | false |  | Used to specify an array of Subjects, which are used to determine what certificate to check, within the CertStore. |
 | ExcludePattern | Array | false |  | Used to specify an array of exclusions, tested against Subject, Subject Alternative Name and Issuer. |

doc/31-Changelog.md

@@ -52,7 +52,8 @@
    Allowed units include: ms, s, m, h, d, w, M, y
 
 .PARAMETER CertStore
-   Used to specify which CertStore to check. Valid choices are '*', 'LocalMachine', 'CurrentUser'
+   Used to specify which CertStore to check. Valid choices are 'None', '*', 'LocalMachine', 'CurrentUser'.
+   Use 'None' if you do not want to check the certificate store (Default)
 
  .PARAMETER CertThumbprint
    Used to specify an array of Thumbprints, which are used to determine what certificate to check, within the CertStore.
@@ -103,8 +104,8 @@ function Invoke-IcingaCheckCertificate()
         $WarningEnd            = '30d:',
         $CriticalEnd           = '10d:',
         #CertStore-Related Param
-        [ValidateSet('*', 'LocalMachine', 'CurrentUser')]
-        [string]$CertStore     = '*',
+        [ValidateSet('None', '*', 'LocalMachine', 'CurrentUser')]
+        [string]$CertStore     = 'None',
         [array]$CertThumbprint = $null,
         [array]$CertSubject    = $null,
         [array]$ExcludePattern = $null,

doc/plugins/02-Invoke-IcingaCheckCertificate.md

@@ -2,8 +2,8 @@ function Get-IcingaCertificateData()
 {
     param(
         #CertStore-Related Param
-        [ValidateSet('*', 'LocalMachine', 'CurrentUser')]
-        [string]$CertStore     = '*',
+        [ValidateSet('None', '*', 'LocalMachine', 'CurrentUser')]
+        [string]$CertStore     = 'None',
         [array]$CertThumbprint = $null,
         [array]$CertSubject    = $null,
         [array]$ExcludePattern = $null,
@@ -77,15 +77,20 @@ function Get-IcingaCertStoreCertificates()
 {
     param (
         #CertStore-Related Param
-        [ValidateSet('*', 'LocalMachine', 'CurrentUser')]
-        [string]$CertStore     = '*',
+        [ValidateSet('None', '*', 'LocalMachine', 'CurrentUser')]
+        [string]$CertStore     = 'None',
         [array]$CertThumbprint = @(),
         [array]$CertSubject    = @(),
         [array]$ExcludePattern = @(),
         $CertStorePath         = '*'
     );
 
     $CertStoreArray = @();
+
+    if ($CertStore -eq 'None') {
+        return $CertStoreArray;
+    }
+
     $CertStorePath  = [string]::Format('Cert:\{0}\{1}', $CertStore, $CertStorePath);
     $CertStoreCerts = Get-ChildItem -Path $CertStorePath -Recurse;