fluent-plugin-ssl-check 0.1.1 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +10 -1
- data/.ruby-version +1 -1
- data/Gemfile.lock +38 -28
- data/README.md +1 -1
- data/fluent-plugin-ssl-check.gemspec +12 -14
- data/lib/fluent/plugin/extensions/time.rb +11 -6
- data/lib/fluent/plugin/in_ssl_check.rb +110 -60
- metadata +48 -19
- data/test/fluent/plugin/test_in_ssl_check.rb +0 -171
- data/test/helper.rb +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: acb92c3a49bddffabb4e0c3a18903f4d1e4ebabb0a4bde9e4822fd4726c86bc7
|
4
|
+
data.tar.gz: a4490494cc312a493be34012b70ec1f0d584bc3461d969f7b4c22711a1f57727
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0c7eb0483748e41e824eceb5cdbeae2e6ec911b5ced44f3b3748bec530f095eee01a9ee2028731d6b80d2c7cedd2b57b831b7fc77ac2abc89c761a8bebe41aa8
|
7
|
+
data.tar.gz: 0b50f77e08b75158651b553f18c9acb1497bf4ced4d0b95862fd1f034fb67fa10b4df5cd261b1c2f15bdde2d3d300ff5712182b89115a2b897124910bcebedc1
|
data/.rubocop.yml
CHANGED
@@ -2,9 +2,17 @@ require:
|
|
2
2
|
- rubocop-rake
|
3
3
|
|
4
4
|
AllCops:
|
5
|
-
TargetRubyVersion: 2.
|
5
|
+
TargetRubyVersion: 2.7
|
6
6
|
NewCops: enable
|
7
7
|
|
8
|
+
Gemspec/DevelopmentDependencies:
|
9
|
+
Enabled: false
|
10
|
+
|
11
|
+
Metrics/AbcSize:
|
12
|
+
Max: 40
|
13
|
+
# Exclude:
|
14
|
+
# - lib/fluent/plugin/in_ssl_check.rb
|
15
|
+
|
8
16
|
Metrics/BlockLength:
|
9
17
|
Exclude:
|
10
18
|
- fluent-plugin-ssl-check.gemspec
|
@@ -13,6 +21,7 @@ Metrics/BlockLength:
|
|
13
21
|
Metrics/ClassLength:
|
14
22
|
Exclude:
|
15
23
|
- test/**/*.rb
|
24
|
+
- lib/fluent/plugin/in_ssl_check.rb
|
16
25
|
|
17
26
|
Metrics/MethodLength:
|
18
27
|
Max: 20
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.7.7
|
data/Gemfile.lock
CHANGED
@@ -1,85 +1,95 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
fluent-plugin-ssl-check (
|
4
|
+
fluent-plugin-ssl-check (1.1.0)
|
5
5
|
fluentd (>= 0.14.10, < 2)
|
6
6
|
|
7
7
|
GEM
|
8
8
|
remote: https://rubygems.org/
|
9
9
|
specs:
|
10
10
|
ast (2.4.2)
|
11
|
+
base64 (0.1.1)
|
11
12
|
bump (0.10.0)
|
12
13
|
byebug (11.1.3)
|
13
14
|
concurrent-ruby (1.2.2)
|
14
|
-
cool.io (1.
|
15
|
-
fluentd (1.16.
|
15
|
+
cool.io (1.8.0)
|
16
|
+
fluentd (1.16.2)
|
16
17
|
bundler
|
17
18
|
cool.io (>= 1.4.5, < 2.0.0)
|
18
19
|
http_parser.rb (>= 0.5.1, < 0.9.0)
|
19
20
|
msgpack (>= 1.3.1, < 2.0.0)
|
20
21
|
serverengine (>= 2.3.2, < 3.0.0)
|
21
|
-
sigdump (~> 0.2.
|
22
|
+
sigdump (~> 0.2.5)
|
22
23
|
strptime (>= 0.2.4, < 1.0.0)
|
23
24
|
tzinfo (>= 1.0, < 3.0)
|
24
25
|
tzinfo-data (~> 1.0)
|
25
26
|
webrick (~> 1.4)
|
26
27
|
yajl-ruby (~> 1.0)
|
27
28
|
http_parser.rb (0.8.0)
|
29
|
+
json (2.6.3)
|
28
30
|
kwalify (0.7.2)
|
29
|
-
|
30
|
-
|
31
|
-
|
31
|
+
language_server-protocol (3.17.0.3)
|
32
|
+
msgpack (1.7.2)
|
33
|
+
parallel (1.23.0)
|
34
|
+
parser (3.2.2.3)
|
32
35
|
ast (~> 2.4.1)
|
36
|
+
racc
|
33
37
|
power_assert (2.0.3)
|
38
|
+
racc (1.7.1)
|
34
39
|
rainbow (3.1.1)
|
35
40
|
rake (13.0.6)
|
36
|
-
reek (6.
|
41
|
+
reek (6.1.4)
|
37
42
|
kwalify (~> 0.7.0)
|
38
|
-
parser (~> 3.
|
43
|
+
parser (~> 3.2.0)
|
39
44
|
rainbow (>= 2.0, < 4.0)
|
40
45
|
regexp_parser (2.8.1)
|
41
|
-
rexml (3.2.
|
42
|
-
rubocop (1.
|
46
|
+
rexml (3.2.6)
|
47
|
+
rubocop (1.56.0)
|
48
|
+
base64 (~> 0.1.1)
|
49
|
+
json (~> 2.3)
|
50
|
+
language_server-protocol (>= 3.17.0)
|
43
51
|
parallel (~> 1.10)
|
44
|
-
parser (>= 3.
|
52
|
+
parser (>= 3.2.2.3)
|
45
53
|
rainbow (>= 2.2.2, < 4.0)
|
46
54
|
regexp_parser (>= 1.8, < 3.0)
|
47
|
-
rexml
|
48
|
-
rubocop-ast (>= 1.
|
55
|
+
rexml (>= 3.2.5, < 4.0)
|
56
|
+
rubocop-ast (>= 1.28.1, < 2.0)
|
49
57
|
ruby-progressbar (~> 1.7)
|
50
|
-
unicode-display_width (>=
|
51
|
-
rubocop-ast (1.
|
52
|
-
parser (>= 2.
|
53
|
-
rubocop-rake (0.
|
54
|
-
rubocop
|
58
|
+
unicode-display_width (>= 2.4.0, < 3.0)
|
59
|
+
rubocop-ast (1.29.0)
|
60
|
+
parser (>= 3.2.1.0)
|
61
|
+
rubocop-rake (0.6.0)
|
62
|
+
rubocop (~> 1.0)
|
55
63
|
ruby-progressbar (1.13.0)
|
56
64
|
serverengine (2.3.2)
|
57
65
|
sigdump (~> 0.2.2)
|
58
66
|
sigdump (0.2.5)
|
59
67
|
strptime (0.2.5)
|
60
|
-
test-unit (3.
|
68
|
+
test-unit (3.6.1)
|
61
69
|
power_assert
|
70
|
+
timecop (0.9.6)
|
62
71
|
tzinfo (2.0.6)
|
63
72
|
concurrent-ruby (~> 1.0)
|
64
73
|
tzinfo-data (1.2023.3)
|
65
74
|
tzinfo (>= 1.0.0)
|
66
75
|
unicode-display_width (2.4.2)
|
67
76
|
webrick (1.8.1)
|
68
|
-
yajl-ruby (1.4.
|
77
|
+
yajl-ruby (1.4.3)
|
69
78
|
|
70
79
|
PLATFORMS
|
71
80
|
x86_64-linux
|
72
81
|
|
73
82
|
DEPENDENCIES
|
74
83
|
bump (~> 0.10.0)
|
75
|
-
bundler (~> 2.
|
84
|
+
bundler (~> 2.4)
|
76
85
|
byebug (~> 11.1, >= 11.1.3)
|
77
86
|
fluent-plugin-ssl-check!
|
78
|
-
rake (~> 13.0.6)
|
79
|
-
reek (~> 6.
|
80
|
-
rubocop (~> 1.
|
81
|
-
rubocop-rake (~> 0.
|
82
|
-
test-unit (~> 3.
|
87
|
+
rake (~> 13.0, >= 13.0.6)
|
88
|
+
reek (~> 6.1, >= 6.1.4)
|
89
|
+
rubocop (~> 1.56)
|
90
|
+
rubocop-rake (~> 0.6.0)
|
91
|
+
test-unit (~> 3.6, >= 3.6.1)
|
92
|
+
timecop (~> 0.9.6)
|
83
93
|
|
84
94
|
BUNDLED WITH
|
85
|
-
2.
|
95
|
+
2.4.18
|
data/README.md
CHANGED
@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = 'fluent-plugin-ssl-check'
|
8
|
-
spec.version = '
|
8
|
+
spec.version = '1.1.0'
|
9
9
|
spec.authors = ['Thomas Tych']
|
10
10
|
spec.email = ['thomas.tych@gmail.com']
|
11
11
|
|
@@ -13,28 +13,26 @@ Gem::Specification.new do |spec|
|
|
13
13
|
spec.homepage = 'https://gitlab.com/ttych/fluent-plugin-ssl-check'
|
14
14
|
spec.license = 'Apache-2.0'
|
15
15
|
|
16
|
-
spec.required_ruby_version = '>= 2.
|
16
|
+
spec.required_ruby_version = '>= 2.7.0'
|
17
17
|
|
18
|
-
|
18
|
+
spec.metadata['rubygems_mfa_required'] = 'true'
|
19
|
+
|
20
|
+
_, files = `git ls-files -z`.split("\x0").partition do |f|
|
19
21
|
f.match(%r{^(test|spec|features)/})
|
20
22
|
end
|
21
23
|
spec.files = files
|
22
24
|
spec.executables = files.grep(%r{^bin/}) { |f| File.basename(f) }
|
23
|
-
spec.test_files = test_files
|
24
25
|
spec.require_paths = ['lib']
|
25
26
|
|
26
|
-
# commented dependency use blocked old versions
|
27
|
-
# for compatibility with ruby 2.4.10
|
28
|
-
# for old version of td-agent
|
29
|
-
|
30
27
|
spec.add_development_dependency 'bump', '~> 0.10.0'
|
31
|
-
spec.add_development_dependency 'bundler', '~> 2.
|
28
|
+
spec.add_development_dependency 'bundler', '~> 2.4'
|
32
29
|
spec.add_development_dependency 'byebug', '~> 11.1', '>= 11.1.3'
|
33
|
-
spec.add_development_dependency 'rake', '~> 13.0.6'
|
34
|
-
spec.add_development_dependency 'reek', '~> 6.
|
35
|
-
spec.add_development_dependency 'rubocop', '~> 1.
|
36
|
-
spec.add_development_dependency 'rubocop-rake', '~> 0.
|
37
|
-
spec.add_development_dependency 'test-unit', '~> 3.
|
30
|
+
spec.add_development_dependency 'rake', '~> 13.0', '>= 13.0.6'
|
31
|
+
spec.add_development_dependency 'reek', '~> 6.1', '>= 6.1.4'
|
32
|
+
spec.add_development_dependency 'rubocop', '~> 1.56'
|
33
|
+
spec.add_development_dependency 'rubocop-rake', '~> 0.6.0'
|
34
|
+
spec.add_development_dependency 'test-unit', '~> 3.6', '>= 3.6.1'
|
35
|
+
spec.add_development_dependency 'timecop', '~> 0.9.6'
|
38
36
|
|
39
37
|
spec.add_runtime_dependency 'fluentd', ['>= 0.14.10', '< 2']
|
40
38
|
end
|
@@ -1,10 +1,15 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
3
|
+
# extensions for Time class
|
4
|
+
# provides formater
|
5
|
+
# - to epoch millisecond format
|
6
|
+
# - to iso format with millisecond
|
7
|
+
class Time
|
8
|
+
def to_epochmillis
|
9
|
+
(to_f * 1000).to_i
|
10
|
+
end
|
11
|
+
|
12
|
+
def to_iso
|
13
|
+
iso8601(3)
|
9
14
|
end
|
10
15
|
end
|
@@ -37,6 +37,9 @@ module Fluent
|
|
37
37
|
DEFAULT_PORT = 443
|
38
38
|
DEFAULT_TIME = 600
|
39
39
|
DEFAULT_TIMEOUT = 5
|
40
|
+
DEFAULT_LOG_EVENTS = true
|
41
|
+
DEFAULT_METRIC_EVENTS = false
|
42
|
+
DEFAULT_EVENT_PREFIX = ''
|
40
43
|
|
41
44
|
desc 'Tag to emit events on'
|
42
45
|
config_param :tag, :string, default: DEFAULT_TAG
|
@@ -55,9 +58,18 @@ module Fluent
|
|
55
58
|
desc 'Timeout for check'
|
56
59
|
config_param :timeout, :integer, default: DEFAULT_TIMEOUT
|
57
60
|
|
61
|
+
desc 'Emit log events'
|
62
|
+
config_param :log_events, :bool, default: DEFAULT_LOG_EVENTS
|
63
|
+
desc 'Emit metric events'
|
64
|
+
config_param :metric_events, :bool, default: DEFAULT_METRIC_EVENTS
|
65
|
+
desc 'Event prefix'
|
66
|
+
config_param :event_prefix, :string, default: DEFAULT_EVENT_PREFIX
|
67
|
+
desc 'Timestamp format'
|
68
|
+
config_param :timestamp_format, :enum, list: %i[iso epochmillis], default: :iso
|
69
|
+
|
58
70
|
helpers :timer
|
59
71
|
|
60
|
-
# rubocop:disable Metrics/
|
72
|
+
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
61
73
|
def configure(conf)
|
62
74
|
super
|
63
75
|
|
@@ -74,7 +86,7 @@ module Fluent
|
|
74
86
|
timeout: timeout
|
75
87
|
)
|
76
88
|
end
|
77
|
-
# rubocop:enable Metrics/
|
89
|
+
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
78
90
|
|
79
91
|
def start
|
80
92
|
super
|
@@ -83,69 +95,108 @@ module Fluent
|
|
83
95
|
end
|
84
96
|
|
85
97
|
def check
|
86
|
-
time = now
|
87
|
-
|
88
98
|
ssl_info = fetch_ssl_info
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
router.emit(tag, time, event_status_failure(time))
|
99
|
+
|
100
|
+
emit_logs(ssl_info) if log_events
|
101
|
+
emit_metrics(ssl_info) if metric_events
|
93
102
|
end
|
94
103
|
|
95
104
|
def fetch_ssl_info
|
96
105
|
@ssl_client.ssl_info
|
97
106
|
end
|
98
107
|
|
99
|
-
def
|
100
|
-
{
|
101
|
-
'timestamp' => time.
|
102
|
-
'
|
103
|
-
'value' => 1,
|
108
|
+
def emit_logs(ssl_info)
|
109
|
+
record = {
|
110
|
+
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
111
|
+
'status' => ssl_info.status,
|
104
112
|
'host' => host,
|
105
113
|
'port' => port,
|
106
114
|
'ssl_version' => ssl_info.ssl_version,
|
107
|
-
'ssl_dn' => ssl_info.subject_s
|
115
|
+
'ssl_dn' => ssl_info.subject_s,
|
116
|
+
'ssl_not_after' => ssl_info.not_after,
|
117
|
+
'expire_in_days' => ssl_info.expire_in_days
|
108
118
|
}
|
119
|
+
record.update('error_class' => ssl_info.error_class) if ssl_info.error_class
|
120
|
+
router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
|
109
121
|
end
|
110
122
|
|
111
|
-
def
|
112
|
-
|
113
|
-
|
114
|
-
'name' => 'ssl_status',
|
115
|
-
'value' => 0,
|
116
|
-
'host' => host,
|
117
|
-
'port' => port
|
118
|
-
}
|
123
|
+
def emit_metrics(ssl_info)
|
124
|
+
emit_metric_status(ssl_info)
|
125
|
+
emit_metric_expirency(ssl_info)
|
119
126
|
end
|
120
127
|
|
121
|
-
def
|
122
|
-
{
|
123
|
-
'timestamp' => time.
|
124
|
-
'
|
125
|
-
'
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
128
|
+
def emit_metric_status(ssl_info)
|
129
|
+
record = {
|
130
|
+
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
131
|
+
'metric_name' => 'ssl_status',
|
132
|
+
'metric_value' => ssl_info.status,
|
133
|
+
"#{event_prefix}host" => host,
|
134
|
+
"#{event_prefix}port" => port,
|
135
|
+
"#{event_prefix}ssl_dn" => ssl_info.subject_s,
|
136
|
+
"#{event_prefix}ssl_version" => ssl_info.ssl_version,
|
137
|
+
"#{event_prefix}ssl_not_after" => ssl_info.not_after
|
130
138
|
}
|
139
|
+
router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
|
131
140
|
end
|
132
141
|
|
133
|
-
def
|
134
|
-
|
142
|
+
def emit_metric_expirency(ssl_info)
|
143
|
+
return if ssl_info.error
|
144
|
+
|
145
|
+
record = {
|
146
|
+
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
147
|
+
'metric_name' => 'ssl_expirency',
|
148
|
+
'metric_value' => ssl_info.expire_in_days,
|
149
|
+
"#{event_prefix}host" => host,
|
150
|
+
"#{event_prefix}port" => port,
|
151
|
+
"#{event_prefix}ssl_dn" => ssl_info.subject_s
|
152
|
+
}
|
153
|
+
router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
|
135
154
|
end
|
136
155
|
|
137
156
|
# ssl info
|
138
157
|
# to encapsulate extracted ssl information
|
139
|
-
SslInfo
|
158
|
+
class SslInfo
|
159
|
+
OK = 1
|
160
|
+
KO = 0
|
161
|
+
|
162
|
+
attr_reader :time
|
163
|
+
attr_accessor :cert, :cert_chain, :ssl_version, :error
|
164
|
+
|
165
|
+
def initialize(cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
|
166
|
+
@cert = cert
|
167
|
+
@cert_chain = cert_chain
|
168
|
+
@ssl_version = ssl_version
|
169
|
+
@error = error
|
170
|
+
@time = time
|
171
|
+
end
|
172
|
+
|
140
173
|
def subject_s
|
141
|
-
cert.subject.to_s
|
174
|
+
cert.subject.to_s if cert&.subject
|
175
|
+
end
|
176
|
+
|
177
|
+
def expire_in_days
|
178
|
+
return unless cert&.not_after
|
179
|
+
|
180
|
+
expire_in = cert.not_after
|
181
|
+
((expire_in - time) / 3600 / 24).to_i
|
142
182
|
end
|
143
183
|
|
144
|
-
def
|
145
|
-
|
146
|
-
expire_in = cert.not_after.to_date
|
184
|
+
def not_after
|
185
|
+
return unless cert
|
147
186
|
|
148
|
-
(
|
187
|
+
cert.not_after.iso8601(3)
|
188
|
+
end
|
189
|
+
|
190
|
+
def status
|
191
|
+
return KO if error
|
192
|
+
|
193
|
+
OK
|
194
|
+
end
|
195
|
+
|
196
|
+
def error_class
|
197
|
+
return unless error
|
198
|
+
|
199
|
+
error.class.to_s
|
149
200
|
end
|
150
201
|
end
|
151
202
|
|
@@ -163,32 +214,31 @@ module Fluent
|
|
163
214
|
end
|
164
215
|
|
165
216
|
def ssl_info
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
ssl_socket.peer_cert_chain
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
ssl_info
|
217
|
+
info = SslInfo.new
|
218
|
+
begin
|
219
|
+
Timeout.timeout(timeout) do
|
220
|
+
tcp_socket = TCPSocket.open(host, port)
|
221
|
+
ssl_socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ssl_context)
|
222
|
+
ssl_socket.connect
|
223
|
+
ssl_socket.sysclose
|
224
|
+
tcp_socket.close
|
225
|
+
|
226
|
+
# cert_store.verify(ssl_socket.peer_cert, ssl_socket.peer_cert_chain)
|
227
|
+
info.cert = ssl_socket.peer_cert
|
228
|
+
info.cert_chain = ssl_socket.peer_cert_chain
|
229
|
+
info.ssl_version = ssl_socket.ssl_version
|
230
|
+
end
|
231
|
+
rescue StandardError => e
|
232
|
+
info.error = e
|
183
233
|
end
|
234
|
+
info
|
184
235
|
end
|
185
236
|
|
186
237
|
def store
|
187
238
|
OpenSSL::X509::Store.new.tap do |store|
|
188
|
-
store.set_default_paths
|
189
|
-
|
190
|
-
|
191
|
-
cert_store.add_file(ca_file) if ca_file
|
239
|
+
store.set_default_paths
|
240
|
+
store.add_path(ca_path) if ca_path
|
241
|
+
store.add_file(ca_file) if ca_file
|
192
242
|
end
|
193
243
|
end
|
194
244
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-ssl-check
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thomas Tych
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-08-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bump
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '2.
|
33
|
+
version: '2.4'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '2.
|
40
|
+
version: '2.4'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: byebug
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -63,6 +63,9 @@ dependencies:
|
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
64
64
|
requirements:
|
65
65
|
- - "~>"
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '13.0'
|
68
|
+
- - ">="
|
66
69
|
- !ruby/object:Gem::Version
|
67
70
|
version: 13.0.6
|
68
71
|
type: :development
|
@@ -70,6 +73,9 @@ dependencies:
|
|
70
73
|
version_requirements: !ruby/object:Gem::Requirement
|
71
74
|
requirements:
|
72
75
|
- - "~>"
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '13.0'
|
78
|
+
- - ">="
|
73
79
|
- !ruby/object:Gem::Version
|
74
80
|
version: 13.0.6
|
75
81
|
- !ruby/object:Gem::Dependency
|
@@ -78,56 +84,82 @@ dependencies:
|
|
78
84
|
requirements:
|
79
85
|
- - "~>"
|
80
86
|
- !ruby/object:Gem::Version
|
81
|
-
version: 6.
|
87
|
+
version: '6.1'
|
88
|
+
- - ">="
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: 6.1.4
|
82
91
|
type: :development
|
83
92
|
prerelease: false
|
84
93
|
version_requirements: !ruby/object:Gem::Requirement
|
85
94
|
requirements:
|
86
95
|
- - "~>"
|
87
96
|
- !ruby/object:Gem::Version
|
88
|
-
version: 6.
|
97
|
+
version: '6.1'
|
98
|
+
- - ">="
|
99
|
+
- !ruby/object:Gem::Version
|
100
|
+
version: 6.1.4
|
89
101
|
- !ruby/object:Gem::Dependency
|
90
102
|
name: rubocop
|
91
103
|
requirement: !ruby/object:Gem::Requirement
|
92
104
|
requirements:
|
93
105
|
- - "~>"
|
94
106
|
- !ruby/object:Gem::Version
|
95
|
-
version: 1.
|
107
|
+
version: '1.56'
|
96
108
|
type: :development
|
97
109
|
prerelease: false
|
98
110
|
version_requirements: !ruby/object:Gem::Requirement
|
99
111
|
requirements:
|
100
112
|
- - "~>"
|
101
113
|
- !ruby/object:Gem::Version
|
102
|
-
version: 1.
|
114
|
+
version: '1.56'
|
103
115
|
- !ruby/object:Gem::Dependency
|
104
116
|
name: rubocop-rake
|
105
117
|
requirement: !ruby/object:Gem::Requirement
|
106
118
|
requirements:
|
107
119
|
- - "~>"
|
108
120
|
- !ruby/object:Gem::Version
|
109
|
-
version: 0.
|
121
|
+
version: 0.6.0
|
110
122
|
type: :development
|
111
123
|
prerelease: false
|
112
124
|
version_requirements: !ruby/object:Gem::Requirement
|
113
125
|
requirements:
|
114
126
|
- - "~>"
|
115
127
|
- !ruby/object:Gem::Version
|
116
|
-
version: 0.
|
128
|
+
version: 0.6.0
|
117
129
|
- !ruby/object:Gem::Dependency
|
118
130
|
name: test-unit
|
119
131
|
requirement: !ruby/object:Gem::Requirement
|
120
132
|
requirements:
|
121
133
|
- - "~>"
|
122
134
|
- !ruby/object:Gem::Version
|
123
|
-
version: 3.
|
135
|
+
version: '3.6'
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: 3.6.1
|
139
|
+
type: :development
|
140
|
+
prerelease: false
|
141
|
+
version_requirements: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '3.6'
|
146
|
+
- - ">="
|
147
|
+
- !ruby/object:Gem::Version
|
148
|
+
version: 3.6.1
|
149
|
+
- !ruby/object:Gem::Dependency
|
150
|
+
name: timecop
|
151
|
+
requirement: !ruby/object:Gem::Requirement
|
152
|
+
requirements:
|
153
|
+
- - "~>"
|
154
|
+
- !ruby/object:Gem::Version
|
155
|
+
version: 0.9.6
|
124
156
|
type: :development
|
125
157
|
prerelease: false
|
126
158
|
version_requirements: !ruby/object:Gem::Requirement
|
127
159
|
requirements:
|
128
160
|
- - "~>"
|
129
161
|
- !ruby/object:Gem::Version
|
130
|
-
version:
|
162
|
+
version: 0.9.6
|
131
163
|
- !ruby/object:Gem::Dependency
|
132
164
|
name: fluentd
|
133
165
|
requirement: !ruby/object:Gem::Requirement
|
@@ -166,12 +198,11 @@ files:
|
|
166
198
|
- fluent-plugin-ssl-check.gemspec
|
167
199
|
- lib/fluent/plugin/extensions/time.rb
|
168
200
|
- lib/fluent/plugin/in_ssl_check.rb
|
169
|
-
- test/fluent/plugin/test_in_ssl_check.rb
|
170
|
-
- test/helper.rb
|
171
201
|
homepage: https://gitlab.com/ttych/fluent-plugin-ssl-check
|
172
202
|
licenses:
|
173
203
|
- Apache-2.0
|
174
|
-
metadata:
|
204
|
+
metadata:
|
205
|
+
rubygems_mfa_required: 'true'
|
175
206
|
post_install_message:
|
176
207
|
rdoc_options: []
|
177
208
|
require_paths:
|
@@ -180,7 +211,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
180
211
|
requirements:
|
181
212
|
- - ">="
|
182
213
|
- !ruby/object:Gem::Version
|
183
|
-
version: 2.
|
214
|
+
version: 2.7.0
|
184
215
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
185
216
|
requirements:
|
186
217
|
- - ">="
|
@@ -191,6 +222,4 @@ rubygems_version: 3.1.6
|
|
191
222
|
signing_key:
|
192
223
|
specification_version: 4
|
193
224
|
summary: fluentd plugin to check ssl endpoint
|
194
|
-
test_files:
|
195
|
-
- test/fluent/plugin/test_in_ssl_check.rb
|
196
|
-
- test/helper.rb
|
225
|
+
test_files: []
|
@@ -1,171 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'helper'
|
4
|
-
require 'fluent/plugin/in_ssl_check'
|
5
|
-
|
6
|
-
# unit test for SslCheckInputTest / ssl_check input plugin
|
7
|
-
class SslCheckInputTest < Test::Unit::TestCase
|
8
|
-
setup do
|
9
|
-
Fluent::Test.setup
|
10
|
-
end
|
11
|
-
|
12
|
-
# configuration
|
13
|
-
sub_test_case 'configuration' do
|
14
|
-
test 'default configuration' do
|
15
|
-
driver = create_driver
|
16
|
-
input = driver.instance
|
17
|
-
|
18
|
-
assert_equal Fluent::Plugin::SslCheckInput::DEFAULT_TAG, input.tag
|
19
|
-
assert_equal Fluent::Plugin::SslCheckInput::DEFAULT_HOST, input.host
|
20
|
-
assert_equal Fluent::Plugin::SslCheckInput::DEFAULT_PORT, input.port
|
21
|
-
assert_equal Fluent::Plugin::SslCheckInput::DEFAULT_TIME, input.interval
|
22
|
-
assert_equal nil, input.ca_path
|
23
|
-
assert_equal nil, input.ca_file
|
24
|
-
assert_equal Fluent::Plugin::SslCheckInput::DEFAULT_TIMEOUT, input.timeout
|
25
|
-
end
|
26
|
-
|
27
|
-
test 'tag can not be empty' do
|
28
|
-
conf = %(
|
29
|
-
#{DEFAULT_CONF}
|
30
|
-
tag
|
31
|
-
)
|
32
|
-
assert_raise(Fluent::ConfigError) do
|
33
|
-
create_driver(conf)
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
test 'host can not be empty' do
|
38
|
-
conf = %(
|
39
|
-
#{DEFAULT_CONF}
|
40
|
-
host
|
41
|
-
)
|
42
|
-
assert_raise(Fluent::ConfigError) do
|
43
|
-
create_driver(conf)
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
test 'port can not be < 1' do
|
48
|
-
conf = %(
|
49
|
-
#{DEFAULT_CONF}
|
50
|
-
port 0
|
51
|
-
)
|
52
|
-
assert_raise(Fluent::ConfigError) do
|
53
|
-
create_driver(conf)
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
test 'interval can not be < 1' do
|
58
|
-
conf = %(
|
59
|
-
#{DEFAULT_CONF}
|
60
|
-
interval 0
|
61
|
-
)
|
62
|
-
assert_raise(Fluent::ConfigError) do
|
63
|
-
create_driver(conf)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
test 'ca_path should be a valid directory' do
|
68
|
-
conf = %(
|
69
|
-
#{DEFAULT_CONF}
|
70
|
-
ca_path /nonexistent/dir
|
71
|
-
)
|
72
|
-
assert_raise(Fluent::ConfigError) do
|
73
|
-
create_driver(conf)
|
74
|
-
end
|
75
|
-
end
|
76
|
-
|
77
|
-
test 'ca_file should be a valid file' do
|
78
|
-
conf = %(
|
79
|
-
#{DEFAULT_CONF}
|
80
|
-
ca_file /nonexistent/file
|
81
|
-
)
|
82
|
-
assert_raise(Fluent::ConfigError) do
|
83
|
-
create_driver(conf)
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
# check
|
89
|
-
sub_test_case 'check' do
|
90
|
-
# test 'check non existing service' do
|
91
|
-
# conf = %(
|
92
|
-
# #{DEFAULT_CONF}
|
93
|
-
# host 127.0.0.2
|
94
|
-
# port 1272
|
95
|
-
# interval 1
|
96
|
-
# )
|
97
|
-
# driver = create_driver(conf)
|
98
|
-
# mock_driver_timer(driver)
|
99
|
-
# # driver.run(expect_emits: 1, timeout: 5)
|
100
|
-
# driver.instance.check
|
101
|
-
|
102
|
-
# events = driver.events
|
103
|
-
|
104
|
-
# assert_equal 1, events.size
|
105
|
-
# assert_equal Fluent::Plugin::SslCheckInput::DEFAULT_TAG, events.first.first
|
106
|
-
# assert_equal({"host" => "127.0.0.2",
|
107
|
-
# "name" => "ssl_status",
|
108
|
-
# "port" => 1272,
|
109
|
-
# "timestamp" => 1688680800000,
|
110
|
-
# "value" => 0}, events.first.last)
|
111
|
-
# end
|
112
|
-
|
113
|
-
test 'check with fake ssl_info' do
|
114
|
-
driver = create_driver
|
115
|
-
mock_driver_timer(driver)
|
116
|
-
mock_driver_ssl_info(driver)
|
117
|
-
|
118
|
-
# driver.run(expect_emits: 2, timeout: 5)
|
119
|
-
driver.instance.check
|
120
|
-
|
121
|
-
events = driver.events
|
122
|
-
|
123
|
-
assert_equal 2, events.size
|
124
|
-
assert_equal Fluent::Plugin::SslCheckInput::DEFAULT_TAG, events[0].first
|
125
|
-
assert_equal({ 'host' => 'localhost',
|
126
|
-
'name' => 'ssl_status',
|
127
|
-
'port' => 443,
|
128
|
-
'timestamp' => 1_688_680_800_000,
|
129
|
-
'value' => 1,
|
130
|
-
'ssl_dn' => '/CN=TEST',
|
131
|
-
'ssl_version' => 'ssl_version' }, events[0].last)
|
132
|
-
assert_equal Fluent::Plugin::SslCheckInput::DEFAULT_TAG, events[1].first
|
133
|
-
assert_equal({ 'host' => 'localhost',
|
134
|
-
'name' => 'ssl_expirency',
|
135
|
-
'port' => 443,
|
136
|
-
'timestamp' => 1_688_680_800_000,
|
137
|
-
'value' => 729,
|
138
|
-
'ssl_dn' => '/CN=TEST',
|
139
|
-
'ssl_version' => 'ssl_version' }, events[1].last)
|
140
|
-
end
|
141
|
-
end
|
142
|
-
|
143
|
-
private
|
144
|
-
|
145
|
-
DEFAULT_CONF = %()
|
146
|
-
MOCKED_TIME = Time.parse('2023-07-07')
|
147
|
-
def create_driver(conf = DEFAULT_CONF)
|
148
|
-
Fluent::Test::Driver::Input.new(Fluent::Plugin::SslCheckInput).configure(conf)
|
149
|
-
end
|
150
|
-
|
151
|
-
def mock_driver_timer(driver)
|
152
|
-
driver.instance.define_singleton_method :now do
|
153
|
-
Fluent::EventTime.from_time(MOCKED_TIME)
|
154
|
-
end
|
155
|
-
end
|
156
|
-
|
157
|
-
def mock_driver_ssl_info(driver)
|
158
|
-
driver.instance.define_singleton_method :fetch_ssl_info do
|
159
|
-
certificate = OpenSSL::X509::Certificate.new.tap do |cert|
|
160
|
-
cert.subject = OpenSSL::X509::Name.parse '/CN=TEST'
|
161
|
-
cert.not_after = MOCKED_TIME + 2 * 365 * 24 * 60 * 60 # 2 years
|
162
|
-
end
|
163
|
-
|
164
|
-
Fluent::Plugin::SslCheckInput::SslInfo.new(
|
165
|
-
certificate,
|
166
|
-
nil,
|
167
|
-
'ssl_version'
|
168
|
-
)
|
169
|
-
end
|
170
|
-
end
|
171
|
-
end
|
data/test/helper.rb
DELETED