I had the same problem and fixed it by using an additional import to get all hosts from the director and use them to filter in the x509 import.
Below the basket “Director-Basket_x509_automation_85cc5b4.json”. Search for FIXME: and example . com and adapt them to your installation.
{
"ServiceTemplate": {
"116-tpl-service-x509": {
"check_command": "icingacli-x509",
"command_endpoint": "FIXME:icingaweb2.example.com",
"enable_notifications": false,
"fields": [],
"imports": [
"FIXME:tpl-service-generic"
],
"object_name": "116-tpl-service-x509",
"object_type": "template",
"use_agent": true,
"uuid": "8947920c-87ee-4560-844b-6842958c2ce7",
"vars": {
"icingacli_x509_critical": "3d",
"icingacli_x509_warning": "7d"
}
}
},
"ImportSource": {
"Director Hosts": {
"key_column": "object_name",
"modifiers": [
{
"priority": "1",
"property_name": "object_name",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
"settings": {
"filter_method": "regex",
"filter_string": "/.*example.com$|.*example2.com$/",
"policy": "keep"
}
},
{
"priority": "2",
"property_name": "object_name",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRegexReplace",
"settings": {
"pattern": "/^([^.]+).*/",
"replacement": "$1",
"when_not_matched": "keep"
},
"target_property": "short_name"
}
],
"provider_class": "Icinga\\Module\\Director\\Import\\ImportSourceDirectorObject",
"settings": {
"object_class": "host",
"object_type": "",
"resolved": "n",
"resource": "icinga_director"
},
"source_name": "Director Hosts"
},
"x509 Services only if host in director": {
"key_column": "host_name_ip_and_port",
"modifiers": [
{
"priority": "1",
"property_name": "host_name_ip_and_port",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierSkipDuplicates",
"settings": {}
},
{
"description": "only if it is a host name and not an IP address",
"priority": "2",
"property_name": "host_name",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
"settings": {
"filter_method": "regex",
"filter_string": "/(\\b25[0-5]|\\b2[0-4][0-9]|\\b[01]?[0-9][0-9]?)(\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}/",
"policy": "reject"
}
},
{
"description": "create a nicer name for the service object",
"priority": "4",
"property_name": "host_name_ip_and_port",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRegexReplace",
"settings": {
"pattern": "/^(.*)$/",
"replacement": "x509 - $1"
},
"target_property": "service_name"
},
{
"description": "Black List Ports",
"priority": "7",
"property_name": "host_port",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
"settings": {
"filter_method": "regex",
"filter_string": "/3389|5986/",
"policy": "reject"
}
},
{
"priority": "8",
"property_name": "host_ip",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierGetHostByAddr",
"settings": {
"on_failure": "null"
},
"target_property": "host_name_reverse"
},
{
"priority": "9",
"property_name": "arpa",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierDnsRecords",
"settings": {
"on_failure": "null",
"record_type": "PTR"
},
"target_property": "host_name_ptr"
},
{
"priority": "10",
"property_name": "host_ip",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRegexReplace",
"settings": {
"pattern": "/^([0-9]+)\\.([0-9]+)\\.([0-9]+)\\.([0-9]+)$/",
"replacement": "$4.$3.$2.$1.in-addr.arpa."
},
"target_property": "arpa"
},
{
"priority": "11",
"property_name": "host_name",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierGetPropertyFromOtherImportSource",
"settings": {
"foreign_property": "object_name",
"import_source": "Director Hosts"
},
"target_property": "director_host_name"
},
{
"priority": "12",
"property_name": "director_host_name",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
"settings": {
"filter_method": "is_null",
"policy": "reject"
}
},
{
"description": "Blocklist mirth-connect",
"priority": "13",
"property_name": "host_name_ip_and_port",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
"settings": {
"filter_method": "regex",
"filter_string": "/ictpwpsswp01\\.ms\\.example\\.com\\/10\\.5\\.77\\.153:8443|ictlogbwp01\\.ms\\.example\\.com\\/10\\.5\\.72\\.147:443|ictlufuwp02\\.ms\\.example\\.com\\/10\\.5\\.72\\.24:8443|ictviewptwp02\\.ms\\.example\\.com\\/10\\.5\\.72\\.219:8443/",
"policy": "reject"
}
},
{
"description": "Block",
"priority": "14",
"property_name": "host_name_ip_and_port",
"provider_class": "Icinga\\Module\\Director\\PropertyModifier\\PropertyModifierRejectOrSelect",
"settings": {
"filter_method": "wildcard",
"filter_string": "x509 - ictesdswp01.ms.example.com/10.5.77.145:8092",
"policy": "reject"
}
}
],
"provider_class": "Icinga\\Module\\X509\\ProvidedHook\\ServicesImportSource",
"settings": {},
"source_name": "x509 Services only if host in director"
}
},
"SyncRule": {
"x509 Services only if host in director": {
"object_type": "service",
"properties": [
{
"destination_field": "host",
"filter_expression": null,
"merge_policy": "override",
"priority": "1",
"source": "x509 Services only if host in director",
"source_expression": "${host_name}"
},
{
"destination_field": "import",
"filter_expression": null,
"merge_policy": "override",
"priority": "2",
"source": "x509 Services only if host in director",
"source_expression": "116-tpl-service-x509"
},
{
"destination_field": "vars.icingacli_x509_host",
"filter_expression": null,
"merge_policy": "override",
"priority": "3",
"source": "x509 Services only if host in director",
"source_expression": "${host_name}"
},
{
"destination_field": "vars.icingacli_x509_ip",
"filter_expression": null,
"merge_policy": "override",
"priority": "4",
"source": "x509 Services only if host in director",
"source_expression": "${host_ip}"
},
{
"destination_field": "vars.icingacli_x509_port",
"filter_expression": null,
"merge_policy": "override",
"priority": "5",
"source": "x509 Services only if host in director",
"source_expression": "${host_port}"
},
{
"destination_field": "object_name",
"filter_expression": null,
"merge_policy": "override",
"priority": "6",
"source": "x509 Services only if host in director",
"source_expression": "${service_name}"
}
],
"purge_action": "delete",
"purge_existing": true,
"rule_name": "x509 Services only if host in director",
"update_policy": "merge"
}
}
}