fluent-plugin-ssl-check 1.0.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +5 -0
- data/Gemfile.lock +1 -1
- data/README.md +5 -6
- data/fluent-plugin-ssl-check.gemspec +1 -1
- data/lib/fluent/plugin/extensions/time.rb +4 -1
- data/lib/fluent/plugin/in_ssl_check.rb +42 -33
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b2f7b5486c0f7706d4894b8095fdb61bae4ef4c13f737c50b0bd27c84f38d53d
|
|
4
|
+
data.tar.gz: '0186c6d987c747656417d61517e49d45de4a871e2a58dbb27c39aefedd0f1760'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6001e67a1e89cfad9cb37cc826e21b7af532c4ec12d2966fe3e0a3c790cec50ec5d028cd103b7bf105f0f38060db2e8de6f1eb285714d597b01dfe2e47f00a4d
|
|
7
|
+
data.tar.gz: c61103f0171fda24ef6f8323a018f7c012795e258993e46132940b69bcb152e1fdba80ec416105eec93debfe542895a8d1211da006cbaab5d0a28eb3bd4ca233
|
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -15,8 +15,7 @@ Example:
|
|
|
15
15
|
@type ssl_check
|
|
16
16
|
tag ssl_check
|
|
17
17
|
|
|
18
|
-
|
|
19
|
-
port 443
|
|
18
|
+
hosts my-service.com:4443
|
|
20
19
|
|
|
21
20
|
interval 600
|
|
22
21
|
|
|
@@ -27,12 +26,12 @@ Example:
|
|
|
27
26
|
|
|
28
27
|
Options are:
|
|
29
28
|
* tag: Tag to emit events on
|
|
30
|
-
*
|
|
31
|
-
* port: port of the service to check
|
|
29
|
+
* hosts: list of <host>:<port> to check
|
|
32
30
|
* interval: check every X seconds
|
|
33
31
|
* ca_path: directory that contains CA files
|
|
34
32
|
* ca_file: specify a CA file directly
|
|
35
33
|
|
|
34
|
+
If no port is specified with host, default port is 443.
|
|
36
35
|
|
|
37
36
|
## Installation
|
|
38
37
|
|
|
@@ -48,8 +47,8 @@ Add to Gemfile with:
|
|
|
48
47
|
## Compatibility
|
|
49
48
|
|
|
50
49
|
plugin in 1.x.x will work with:
|
|
51
|
-
- ruby >= 2.
|
|
52
|
-
- td-agent >=
|
|
50
|
+
- ruby >= 2.7.7
|
|
51
|
+
- td-agent >= 4.0.0
|
|
53
52
|
|
|
54
53
|
|
|
55
54
|
## Copyright
|
|
@@ -45,9 +45,7 @@ module Fluent
|
|
|
45
45
|
config_param :tag, :string, default: DEFAULT_TAG
|
|
46
46
|
|
|
47
47
|
desc 'Host of the service to check'
|
|
48
|
-
config_param :
|
|
49
|
-
desc 'Port of the service to check'
|
|
50
|
-
config_param :port, :integer, default: DEFAULT_PORT
|
|
48
|
+
config_param :hosts, :array, default: [], value_type: :string
|
|
51
49
|
desc 'Interval for the check execution'
|
|
52
50
|
config_param :interval, :time, default: DEFAULT_TIME
|
|
53
51
|
desc 'CA path to load'
|
|
@@ -69,24 +67,17 @@ module Fluent
|
|
|
69
67
|
|
|
70
68
|
helpers :timer
|
|
71
69
|
|
|
72
|
-
# rubocop:disable Metrics/
|
|
70
|
+
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
|
73
71
|
def configure(conf)
|
|
74
72
|
super
|
|
75
73
|
|
|
76
74
|
raise Fluent::ConfigError, 'tag can not be empty.' if !tag || tag.empty?
|
|
77
|
-
raise Fluent::ConfigError, '
|
|
78
|
-
raise Fluent::ConfigError, 'port can not be < 1' if !port || port < 1
|
|
75
|
+
raise Fluent::ConfigError, 'hosts can not be empty.' if !hosts || hosts.empty?
|
|
79
76
|
raise Fluent::ConfigError, 'interval can not be < 1.' if !interval || interval < 1
|
|
80
77
|
raise Fluent::ConfigError, 'ca_path should be a dir.' if ca_path && !File.directory?(ca_path)
|
|
81
78
|
raise Fluent::ConfigError, 'ca_file should be a file.' if ca_file && !File.file?(ca_file)
|
|
82
|
-
|
|
83
|
-
@ssl_client = SslClient.new(
|
|
84
|
-
host: host, port: port,
|
|
85
|
-
ca_path: ca_path, ca_file: ca_file,
|
|
86
|
-
timeout: timeout
|
|
87
|
-
)
|
|
88
79
|
end
|
|
89
|
-
# rubocop:enable Metrics/
|
|
80
|
+
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
|
90
81
|
|
|
91
82
|
def start
|
|
92
83
|
super
|
|
@@ -94,28 +85,40 @@ module Fluent
|
|
|
94
85
|
timer_execute(:ssl_check_timer, interval, repeat: true, &method(:check))
|
|
95
86
|
end
|
|
96
87
|
|
|
88
|
+
# rubocop:disable Lint/SuppressedException
|
|
97
89
|
def check
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
90
|
+
hosts.each do |host_full|
|
|
91
|
+
host, port = host_full.split(':')
|
|
92
|
+
port = (port || DEFAULT_PORT).to_i
|
|
93
|
+
ssl_info = fetch_ssl_info(host, port)
|
|
94
|
+
emit_logs(ssl_info) if log_events
|
|
95
|
+
emit_metrics(ssl_info) if metric_events
|
|
96
|
+
rescue StandardError
|
|
97
|
+
end
|
|
102
98
|
end
|
|
99
|
+
# rubocop:enable Lint/SuppressedException
|
|
103
100
|
|
|
104
|
-
def fetch_ssl_info
|
|
105
|
-
|
|
101
|
+
def fetch_ssl_info(host, port)
|
|
102
|
+
ssl_client = SslClient.new(
|
|
103
|
+
host: host, port: port,
|
|
104
|
+
ca_path: ca_path, ca_file: ca_file,
|
|
105
|
+
timeout: timeout
|
|
106
|
+
)
|
|
107
|
+
ssl_client.ssl_info
|
|
106
108
|
end
|
|
107
109
|
|
|
108
110
|
def emit_logs(ssl_info)
|
|
109
111
|
record = {
|
|
110
112
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
|
111
113
|
'status' => ssl_info.status,
|
|
112
|
-
'host' => host,
|
|
113
|
-
'port' => port,
|
|
114
|
+
'host' => ssl_info.host,
|
|
115
|
+
'port' => ssl_info.port,
|
|
114
116
|
'ssl_version' => ssl_info.ssl_version,
|
|
115
117
|
'ssl_dn' => ssl_info.subject_s,
|
|
116
118
|
'ssl_not_after' => ssl_info.not_after,
|
|
117
119
|
'expire_in_days' => ssl_info.expire_in_days
|
|
118
120
|
}
|
|
121
|
+
record.update('error_class' => ssl_info.error_class) if ssl_info.error_class
|
|
119
122
|
router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
|
|
120
123
|
end
|
|
121
124
|
|
|
@@ -124,21 +127,19 @@ module Fluent
|
|
|
124
127
|
emit_metric_expirency(ssl_info)
|
|
125
128
|
end
|
|
126
129
|
|
|
127
|
-
# rubocop:disable Metrics/AbcSize
|
|
128
130
|
def emit_metric_status(ssl_info)
|
|
129
131
|
record = {
|
|
130
132
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
|
131
133
|
'metric_name' => 'ssl_status',
|
|
132
134
|
'metric_value' => ssl_info.status,
|
|
133
|
-
"#{event_prefix}host" => host,
|
|
134
|
-
"#{event_prefix}port" => port,
|
|
135
|
+
"#{event_prefix}host" => ssl_info.host,
|
|
136
|
+
"#{event_prefix}port" => ssl_info.port,
|
|
135
137
|
"#{event_prefix}ssl_dn" => ssl_info.subject_s,
|
|
136
138
|
"#{event_prefix}ssl_version" => ssl_info.ssl_version,
|
|
137
139
|
"#{event_prefix}ssl_not_after" => ssl_info.not_after
|
|
138
140
|
}
|
|
139
141
|
router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
|
|
140
142
|
end
|
|
141
|
-
# rubocop:enable Metrics/AbcSize
|
|
142
143
|
|
|
143
144
|
def emit_metric_expirency(ssl_info)
|
|
144
145
|
return if ssl_info.error
|
|
@@ -147,8 +148,8 @@ module Fluent
|
|
|
147
148
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
|
148
149
|
'metric_name' => 'ssl_expirency',
|
|
149
150
|
'metric_value' => ssl_info.expire_in_days,
|
|
150
|
-
"#{event_prefix}host" => host,
|
|
151
|
-
"#{event_prefix}port" => port,
|
|
151
|
+
"#{event_prefix}host" => ssl_info.host,
|
|
152
|
+
"#{event_prefix}port" => ssl_info.port,
|
|
152
153
|
"#{event_prefix}ssl_dn" => ssl_info.subject_s
|
|
153
154
|
}
|
|
154
155
|
router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
|
|
@@ -161,15 +162,19 @@ module Fluent
|
|
|
161
162
|
KO = 0
|
|
162
163
|
|
|
163
164
|
attr_reader :time
|
|
164
|
-
attr_accessor :cert, :cert_chain, :ssl_version, :error
|
|
165
|
+
attr_accessor :host, :port, :cert, :cert_chain, :ssl_version, :error
|
|
165
166
|
|
|
166
|
-
|
|
167
|
+
# rubocop:disable Metrics/ParameterLists
|
|
168
|
+
def initialize(host: nil, port: nil, cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
|
|
169
|
+
@host = host
|
|
170
|
+
@port = port
|
|
167
171
|
@cert = cert
|
|
168
172
|
@cert_chain = cert_chain
|
|
169
173
|
@ssl_version = ssl_version
|
|
170
174
|
@error = error
|
|
171
175
|
@time = time
|
|
172
176
|
end
|
|
177
|
+
# rubocop:enable Metrics/ParameterLists
|
|
173
178
|
|
|
174
179
|
def subject_s
|
|
175
180
|
cert.subject.to_s if cert&.subject
|
|
@@ -193,6 +198,12 @@ module Fluent
|
|
|
193
198
|
|
|
194
199
|
OK
|
|
195
200
|
end
|
|
201
|
+
|
|
202
|
+
def error_class
|
|
203
|
+
return unless error
|
|
204
|
+
|
|
205
|
+
error.class.to_s
|
|
206
|
+
end
|
|
196
207
|
end
|
|
197
208
|
|
|
198
209
|
# ssl client
|
|
@@ -208,9 +219,8 @@ module Fluent
|
|
|
208
219
|
@timeout = timeout
|
|
209
220
|
end
|
|
210
221
|
|
|
211
|
-
# rubocop:disable Metrics/AbcSize
|
|
212
222
|
def ssl_info
|
|
213
|
-
info = SslInfo.new
|
|
223
|
+
info = SslInfo.new(host: host, port: port)
|
|
214
224
|
begin
|
|
215
225
|
Timeout.timeout(timeout) do
|
|
216
226
|
tcp_socket = TCPSocket.open(host, port)
|
|
@@ -225,11 +235,10 @@ module Fluent
|
|
|
225
235
|
info.ssl_version = ssl_socket.ssl_version
|
|
226
236
|
end
|
|
227
237
|
rescue StandardError => e
|
|
228
|
-
info.error = e
|
|
238
|
+
info.error = e
|
|
229
239
|
end
|
|
230
240
|
info
|
|
231
241
|
end
|
|
232
|
-
# rubocop:enable Metrics/AbcSize
|
|
233
242
|
|
|
234
243
|
def store
|
|
235
244
|
OpenSSL::X509::Store.new.tap do |store|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-ssl-check
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Tych
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-08-
|
|
11
|
+
date: 2023-08-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bump
|