fluent-plugin-ssl-check 1.0.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db98f212ffba0fa6f4caad4e3dcedb88da99d298f1ee2f2e71a42374fdca90df
-  data.tar.gz: 301dcadeb5f03df68afab76dd3a8c170fea09cb6bd5e5eab5a7d79aa204cf794
+  metadata.gz: b2f7b5486c0f7706d4894b8095fdb61bae4ef4c13f737c50b0bd27c84f38d53d
+  data.tar.gz: '0186c6d987c747656417d61517e49d45de4a871e2a58dbb27c39aefedd0f1760'
 SHA512:
-  metadata.gz: 1efffe3228c31202824cbfb64e85b9c0a72cb54ecf618b23f5270c6f834b41005134df4f2c6880ba53fa84f2aac4763e05084f34dae35c7ee2e964c13e6f2a42
-  data.tar.gz: 2d993e6609baccf618080b6ec80d764db82a81e5321f6485687ac874c16ab483f0c288a96c8f71ca6a0a3fcf4d68d37bdd1ed26afcb1621ae6b6c42912cbe8bf
+  metadata.gz: 6001e67a1e89cfad9cb37cc826e21b7af532c4ec12d2966fe3e0a3c790cec50ec5d028cd103b7bf105f0f38060db2e8de6f1eb285714d597b01dfe2e47f00a4d
+  data.tar.gz: c61103f0171fda24ef6f8323a018f7c012795e258993e46132940b69bcb152e1fdba80ec416105eec93debfe542895a8d1211da006cbaab5d0a28eb3bd4ca233

data/.rubocop.yml

@@ -8,6 +8,11 @@ AllCops:
 Gemspec/DevelopmentDependencies:
   Enabled: false
 
+Metrics/AbcSize:
+  Max: 40
+  # Exclude:
+  #   - lib/fluent/plugin/in_ssl_check.rb
+
 Metrics/BlockLength:
   Exclude:
     - fluent-plugin-ssl-check.gemspec

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-ssl-check (1.0.0)
+    fluent-plugin-ssl-check (2.0.0)
       fluentd (>= 0.14.10, < 2)
 
 GEM

data/README.md

@@ -15,8 +15,7 @@ Example:
   @type ssl_check
   tag ssl_check
 
-  host my-service.com
-  port 443
+  hosts my-service.com:4443
 
   interval 600
 
@@ -27,12 +26,12 @@ Example:
 
 Options are:
 * tag: Tag to emit events on
-* host: host of the service to check
-* port: port of the service to check
+* hosts: list of <host>:<port> to check
 * interval: check every X seconds
 * ca_path: directory that contains CA files
 * ca_file: specify a CA file directly
 
+If no port is specified with host, default port is 443.
 
 ## Installation
 
@@ -48,8 +47,8 @@ Add to Gemfile with:
 ## Compatibility
 
 plugin in 1.x.x will work with:
-- ruby >= 2.4.10
-- td-agent >= 3.8.1-0
+- ruby >= 2.7.7
+- td-agent >= 4.0.0
 
 
 ## Copyright

data/fluent-plugin-ssl-check.gemspec

@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name    = 'fluent-plugin-ssl-check'
-  spec.version = '1.0.0'
+  spec.version = '2.0.0'
   spec.authors = ['Thomas Tych']
   spec.email   = ['thomas.tych@gmail.com']
 

data/lib/fluent/plugin/extensions/time.rb

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
-
+# extensions for Time class
+#   provides formater
+#   - to epoch millisecond format
+#   - to iso format with millisecond
 class Time
   def to_epochmillis
     (to_f * 1000).to_i

data/lib/fluent/plugin/in_ssl_check.rb

@@ -45,9 +45,7 @@ module Fluent
       config_param :tag, :string, default: DEFAULT_TAG
 
       desc 'Host of the service to check'
-      config_param :host, :string, default: DEFAULT_HOST
-      desc 'Port of the service to check'
-      config_param :port, :integer, default: DEFAULT_PORT
+      config_param :hosts, :array, default: [], value_type: :string
       desc 'Interval for the check execution'
       config_param :interval, :time, default: DEFAULT_TIME
       desc 'CA path to load'
@@ -69,24 +67,17 @@ module Fluent
 
       helpers :timer
 
-      # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
       def configure(conf)
         super
 
         raise Fluent::ConfigError, 'tag can not be empty.' if !tag || tag.empty?
-        raise Fluent::ConfigError, 'host can not be empty.' if !host || host.empty?
-        raise Fluent::ConfigError, 'port can not be < 1' if !port || port < 1
+        raise Fluent::ConfigError, 'hosts can not be empty.' if !hosts || hosts.empty?
         raise Fluent::ConfigError, 'interval can not be < 1.' if !interval || interval < 1
         raise Fluent::ConfigError, 'ca_path should be a dir.' if ca_path && !File.directory?(ca_path)
         raise Fluent::ConfigError, 'ca_file should be a file.' if ca_file && !File.file?(ca_file)
-
-        @ssl_client = SslClient.new(
-          host: host, port: port,
-          ca_path: ca_path, ca_file: ca_file,
-          timeout: timeout
-        )
       end
-      # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
 
       def start
         super
@@ -94,28 +85,40 @@ module Fluent
         timer_execute(:ssl_check_timer, interval, repeat: true, &method(:check))
       end
 
+      # rubocop:disable Lint/SuppressedException
       def check
-        ssl_info = fetch_ssl_info
-
-        emit_logs(ssl_info) if log_events
-        emit_metrics(ssl_info) if metric_events
+        hosts.each do |host_full|
+          host, port = host_full.split(':')
+          port = (port || DEFAULT_PORT).to_i
+          ssl_info = fetch_ssl_info(host, port)
+          emit_logs(ssl_info) if log_events
+          emit_metrics(ssl_info) if metric_events
+        rescue StandardError
+        end
       end
+      # rubocop:enable Lint/SuppressedException
 
-      def fetch_ssl_info
-        @ssl_client.ssl_info
+      def fetch_ssl_info(host, port)
+        ssl_client = SslClient.new(
+          host: host, port: port,
+          ca_path: ca_path, ca_file: ca_file,
+          timeout: timeout
+        )
+        ssl_client.ssl_info
       end
 
       def emit_logs(ssl_info)
         record = {
           'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
           'status' => ssl_info.status,
-          'host' => host,
-          'port' => port,
+          'host' => ssl_info.host,
+          'port' => ssl_info.port,
           'ssl_version' => ssl_info.ssl_version,
           'ssl_dn' => ssl_info.subject_s,
           'ssl_not_after' => ssl_info.not_after,
           'expire_in_days' => ssl_info.expire_in_days
         }
+        record.update('error_class' => ssl_info.error_class) if ssl_info.error_class
         router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
       end
 
@@ -124,21 +127,19 @@ module Fluent
         emit_metric_expirency(ssl_info)
       end
 
-      # rubocop:disable Metrics/AbcSize
       def emit_metric_status(ssl_info)
         record = {
           'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
           'metric_name' => 'ssl_status',
           'metric_value' => ssl_info.status,
-          "#{event_prefix}host" => host,
-          "#{event_prefix}port" => port,
+          "#{event_prefix}host" => ssl_info.host,
+          "#{event_prefix}port" => ssl_info.port,
           "#{event_prefix}ssl_dn" => ssl_info.subject_s,
           "#{event_prefix}ssl_version" => ssl_info.ssl_version,
           "#{event_prefix}ssl_not_after" => ssl_info.not_after
         }
         router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
       end
-      # rubocop:enable Metrics/AbcSize
 
       def emit_metric_expirency(ssl_info)
         return if ssl_info.error
@@ -147,8 +148,8 @@ module Fluent
           'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
           'metric_name' => 'ssl_expirency',
           'metric_value' => ssl_info.expire_in_days,
-          "#{event_prefix}host" => host,
-          "#{event_prefix}port" => port,
+          "#{event_prefix}host" => ssl_info.host,
+          "#{event_prefix}port" => ssl_info.port,
           "#{event_prefix}ssl_dn" => ssl_info.subject_s
         }
         router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
@@ -161,15 +162,19 @@ module Fluent
         KO = 0
 
         attr_reader :time
-        attr_accessor :cert, :cert_chain, :ssl_version, :error
+        attr_accessor :host, :port, :cert, :cert_chain, :ssl_version, :error
 
-        def initialize(cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
+        # rubocop:disable Metrics/ParameterLists
+        def initialize(host: nil, port: nil, cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
+          @host = host
+          @port = port
           @cert = cert
           @cert_chain = cert_chain
           @ssl_version = ssl_version
           @error = error
           @time = time
         end
+        # rubocop:enable Metrics/ParameterLists
 
         def subject_s
           cert.subject.to_s if cert&.subject
@@ -193,6 +198,12 @@ module Fluent
 
           OK
         end
+
+        def error_class
+          return unless error
+
+          error.class.to_s
+        end
       end
 
       # ssl client
@@ -208,9 +219,8 @@ module Fluent
           @timeout = timeout
         end
 
-        # rubocop:disable Metrics/AbcSize
         def ssl_info
-          info = SslInfo.new
+          info = SslInfo.new(host: host, port: port)
           begin
             Timeout.timeout(timeout) do
               tcp_socket = TCPSocket.open(host, port)
@@ -225,11 +235,10 @@ module Fluent
               info.ssl_version = ssl_socket.ssl_version
             end
           rescue StandardError => e
-            info.error = e.to_s
+            info.error = e
           end
           info
         end
-        # rubocop:enable Metrics/AbcSize
 
         def store
           OpenSSL::X509::Store.new.tap do |store|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-ssl-check
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Thomas Tych
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-12 00:00:00.000000000 Z
+date: 2023-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bump